[2012/02/20 14:52:03.617617, 1] smbd/service.c:1081(make_connection_snum) hestia (10.10.20.205) connect to service winguest initially as user winguest (uid=7000, gid=1001) (pid 27737) [2012/02/20 14:52:33.586458, 5] ../lib/util/debug.c:330(debug_dump_status) INFO: Current debug levels: all: 10 tdb: 10 printdrivers: 10 lanman: 10 smb: 10 rpc_parse: 10 rpc_srv: 10 rpc_cli: 10 passdb: 10 sam: 10 auth: 10 winbind: 10 vfs: 10 idmap: 10 quota: 10 acls: 10 locking: 10 msdfs: 10 dmapi: 10 registry: 10 [2012/02/20 14:52:42.036663, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 76 [2012/02/20 14:52:42.036881, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x4c [2012/02/20 14:52:42.036991, 3] smbd/process.c:1662(process_smb) Transaction 29 of length 80 (0 toread) [2012/02/20 14:52:42.037078, 5] lib/util.c:332(show_msg) [2012/02/20 14:52:42.037128, 5] lib/util.c:342(show_msg) size=76 smb_com=0x75 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=0 smb_pid=65279 smb_uid=100 smb_mid=22337 smt_wct=4 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 76 (0x4C) smb_vwv[ 2]= 8 (0x8) smb_vwv[ 3]= 1 (0x1) smb_bcc=33 [2012/02/20 14:52:42.037756, 10] ../lib/util/util.c:415(dump_data) [0000] 00 5C 00 5C 00 45 00 41 00 52 00 54 00 48 00 5C .\.\.E.A .R.T.H.\ [0010] 00 49 00 50 00 43 00 24 00 00 00 3F 3F 3F 3F 3F .I.P.C.$ ...????? [0020] 00 . [2012/02/20 14:52:42.038041, 3] smbd/process.c:1467(switch_message) switch message SMBtconX (pid 27737) conn 0x0 [2012/02/20 14:52:42.038131, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2012/02/20 14:52:42.038223, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2012/02/20 14:52:42.038309, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2012/02/20 14:52:42.038454, 5] smbd/uid.c:400(change_to_root_user) change_to_root_user: now uid=(0,0) gid=(0,0) [2012/02/20 14:52:42.038564, 4] smbd/reply.c:794(reply_tcon_and_X) Client requested device type [?????] for share [IPC$] [2012/02/20 14:52:42.038701, 5] smbd/service.c:1321(make_connection) making a connection to 'normal' service ipc$ [2012/02/20 14:52:42.038804, 3] lib/access.c:338(allow_access) Allowed connection from 10.10.20.205 (10.10.20.205) [2012/02/20 14:52:42.038904, 10] smbd/share_access.c:241(user_ok_token) user_ok_token: share IPC$ is ok for unix user winguest [2012/02/20 14:52:42.039027, 5] lib/username.c:171(Get_Pwnam_alloc) Finding user winguest [2012/02/20 14:52:42.039125, 5] lib/username.c:116(Get_Pwnam_internals) Trying _Get_Pwnam(), username as lowercase is winguest [2012/02/20 14:52:42.039272, 5] lib/username.c:149(Get_Pwnam_internals) Get_Pwnam_internals did find user [winguest]! [2012/02/20 14:52:42.039415, 10] smbd/service.c:162(set_conn_connectpath) set_conn_connectpath: service IPC$, connectpath = /tmp [2012/02/20 14:52:42.039509, 3] smbd/service.c:837(make_connection_snum) Connect path is '/tmp' for service [IPC$] [2012/02/20 14:52:42.039633, 10] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0x10000000 to 0x001f01ff [2012/02/20 14:52:42.039730, 10] ../libcli/security/access_check.c:178(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0x101f01ff, remaining = 0x101f01ff [2012/02/20 14:52:42.039822, 3] smbd/vfs.c:102(vfs_init_default) Initialising default vfs hooks [2012/02/20 14:52:42.039908, 3] smbd/vfs.c:128(vfs_init_custom) Initialising custom vfs hooks from [/[Default VFS]/] [2012/02/20 14:52:42.040007, 10] smbd/vfs.c:53(vfs_find_backend_entry) vfs_find_backend_entry called for /[Default VFS]/ Successfully loaded vfs module [/[Default VFS]/] with the new modules system [2012/02/20 14:52:42.040136, 5] smbd/connection.c:134(claim_connection) claiming [IPC$] [2012/02/20 14:52:42.040404, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 596C0000FFFFFFFFB31B [2012/02/20 14:52:42.040511, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x96ad1e0 [2012/02/20 14:52:42.040657, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 596C0000FFFFFFFFB31B [2012/02/20 14:52:42.040893, 10] smbd/service.c:162(set_conn_connectpath) set_conn_connectpath: service IPC$, connectpath = /tmp [2012/02/20 14:52:42.041002, 10] smbd/share_access.c:241(user_ok_token) user_ok_token: share IPC$ is ok for unix user winguest [2012/02/20 14:52:42.041113, 10] smbd/share_access.c:286(is_share_read_only_for_token) is_share_read_only_for_user: share IPC$ is read-only for unix user winguest [2012/02/20 14:52:42.041230, 10] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0x10000000 to 0x001f01ff [2012/02/20 14:52:42.041349, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (7000, 1001) - sec_ctx_stack_ndx = 0 [2012/02/20 14:52:42.041442, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (7): SID[ 0]: S-1-5-21-2426356435-4251213716-997332971-501 SID[ 1]: S-1-5-21-2426356435-4251213716-997332971-513 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-22-1-7000 SID[ 6]: S-1-22-2-1001 Privileges (0x 0): Rights (0x 0): [2012/02/20 14:52:42.041874, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 7000 Primary group is 1001 and contains 1 supplementary groups Group[ 0]: 1001 [2012/02/20 14:52:42.042063, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,7000), gid=(0,1001) [2012/02/20 14:52:42.042184, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2012/02/20 14:52:42.042272, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2012/02/20 14:52:42.042357, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2012/02/20 14:52:42.042496, 5] smbd/uid.c:400(change_to_root_user) change_to_root_user: now uid=(0,0) gid=(0,0) [2012/02/20 14:52:42.042600, 10] smbd/service.c:162(set_conn_connectpath) set_conn_connectpath: service IPC$, connectpath = /tmp [2012/02/20 14:52:42.042708, 10] modules/vfs_default.c:160(vfswrap_fs_capabilities) vfswrap_fs_capabilities: timestamp resolution of msec available on share IPC$, directory /tmp [2012/02/20 14:52:42.042801, 3] smbd/service.c:1081(make_connection_snum) hestia (10.10.20.205) connect to service IPC$ initially as user winguest (uid=7000, gid=1001) (pid 27737) [2012/02/20 14:52:42.042912, 3] smbd/reply.c:871(reply_tcon_and_X) tconX service=IPC$ [2012/02/20 14:52:42.043407, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 102 [2012/02/20 14:52:42.043550, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x66 [2012/02/20 14:52:42.043638, 3] smbd/process.c:1662(process_smb) Transaction 30 of length 106 (0 toread) [2012/02/20 14:52:42.043726, 5] lib/util.c:332(show_msg) [2012/02/20 14:52:42.043775, 5] lib/util.c:342(show_msg) size=102 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=1620 smb_uid=100 smb_mid=22401 smt_wct=24 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 4096 (0x1000) smb_vwv[ 3]= 4096 (0x1000) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]=40704 (0x9F00) smb_vwv[ 8]= 4609 (0x1201) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 1792 (0x700) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 256 (0x100) smb_vwv[18]= 0 (0x0) smb_vwv[19]=16384 (0x4000) smb_vwv[20]=16384 (0x4000) smb_vwv[21]= 512 (0x200) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 768 (0x300) smb_bcc=19 [2012/02/20 14:52:42.045126, 10] ../lib/util/util.c:415(dump_data) [0000] 00 5C 00 73 00 70 00 6F 00 6F 00 6C 00 73 00 73 .\.s.p.o .o.l.s.s [0010] 00 00 00 ... [2012/02/20 14:52:42.045313, 3] smbd/process.c:1467(switch_message) switch message SMBntcreateX (pid 27737) conn 0x9697a50 [2012/02/20 14:52:42.045410, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (7000, 1001) - sec_ctx_stack_ndx = 0 [2012/02/20 14:52:42.045502, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (7): SID[ 0]: S-1-5-21-2426356435-4251213716-997332971-501 SID[ 1]: S-1-5-21-2426356435-4251213716-997332971-513 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-22-1-7000 SID[ 6]: S-1-22-2-1001 Privileges (0x 0): Rights (0x 0): [2012/02/20 14:52:42.045928, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 7000 Primary group is 1001 and contains 1 supplementary groups Group[ 0]: 1001 [2012/02/20 14:52:42.046118, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,7000), gid=(0,1001) [2012/02/20 14:52:42.046215, 4] smbd/vfs.c:780(vfs_ChDir) vfs_ChDir to /tmp [2012/02/20 14:52:42.046317, 10] smbd/nttrans.c:505(reply_ntcreate_and_X) reply_ntcreate_and_X: flags = 0x10, access_mask = 0x12019f file_attributes = 0x0, share_access = 0x7, create_disposition = 0x1 create_options = 0x400040 root_dir_fid = 0x0, fname = spoolss [2012/02/20 14:52:42.046428, 4] smbd/nttrans.c:293(nt_open_pipe) nt_open_pipe: Opening pipe \spoolss. [2012/02/20 14:52:42.046528, 5] smbd/files.c:126(file_new) allocated file structure 11488, fnum = 15584 (2 used) [2012/02/20 14:52:42.046624, 10] smbd/files.c:618(file_name_hash) file_name_hash: /tmp/spoolss hash 0x7d4e46e5 [2012/02/20 14:52:42.046750, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) Create pipe requested \spoolss [2012/02/20 14:52:42.046882, 10] rpc_server/rpc_handles.c:116(init_pipe_handles) init_pipe_handle_list: created handle list for pipe \spoolss [2012/02/20 14:52:42.046982, 10] rpc_server/rpc_handles.c:133(init_pipe_handles) init_pipe_handle_list: pipe_handles ref count = 1 for pipe \spoolss [2012/02/20 14:52:42.047085, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) Created internal pipe \spoolss (pipes_open=0) [2012/02/20 14:52:42.047179, 5] smbd/nttrans.c:382(do_ntcreate_pipe_open) do_ntcreate_pipe_open: open pipe = \spoolss [2012/02/20 14:52:42.047490, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 72 [2012/02/20 14:52:42.047602, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x48 [2012/02/20 14:52:42.047690, 3] smbd/process.c:1662(process_smb) Transaction 31 of length 76 (0 toread) [2012/02/20 14:52:42.047776, 5] lib/util.c:332(show_msg) [2012/02/20 14:52:42.047826, 5] lib/util.c:342(show_msg) size=72 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=1620 smb_uid=100 smb_mid=22465 smt_wct=15 smb_vwv[ 0]= 4 (0x4) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 2 (0x2) smb_vwv[ 3]= 24 (0x18) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 4 (0x4) smb_vwv[10]= 68 (0x44) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 1 (0x1) smb_vwv[14]= 7 (0x7) smb_bcc=7 [2012/02/20 14:52:42.048806, 10] ../lib/util/util.c:415(dump_data) [0000] 00 00 00 E0 3C ED 03 ....<.. [2012/02/20 14:52:42.048926, 3] smbd/process.c:1467(switch_message) switch message SMBtrans2 (pid 27737) conn 0x9697a50 [2012/02/20 14:52:42.049059, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/02/20 14:52:42.049158, 9] smbd/trans2.c:941(send_trans2_replies) t2_rep: params_sent_thistime = 2, data_sent_thistime = 24, useable_space = 131010 [2012/02/20 14:52:42.049293, 9] smbd/trans2.c:943(send_trans2_replies) t2_rep: params_to_send = 2, data_to_send = 24, paramsize = 2, datasize = 24 [2012/02/20 14:52:42.049383, 5] lib/util.c:332(show_msg) [2012/02/20 14:52:42.049433, 5] lib/util.c:342(show_msg) size=84 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=2 smb_pid=1620 smb_uid=100 smb_mid=22465 smt_wct=10 smb_vwv[ 0]= 2 (0x2) smb_vwv[ 1]= 24 (0x18) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 2 (0x2) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 24 (0x18) smb_vwv[ 7]= 60 (0x3C) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=29 [2012/02/20 14:52:42.050244, 10] ../lib/util/util.c:415(dump_data) [0000] 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 ........ ........ [0010] 00 00 00 00 00 01 00 00 00 01 00 00 00 ........ ..... [2012/02/20 14:52:42.053079, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 180 [2012/02/20 14:52:42.053191, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0xb4 [2012/02/20 14:52:42.053279, 3] smbd/process.c:1662(process_smb) Transaction 32 of length 184 (0 toread) [2012/02/20 14:52:42.053365, 5] lib/util.c:332(show_msg) [2012/02/20 14:52:42.053415, 5] lib/util.c:342(show_msg) size=180 smb_com=0x2f smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=65279 smb_uid=100 smb_mid=22529 smt_wct=14 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]=15584 (0x3CE0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]=65535 (0xFFFF) smb_vwv[ 6]=65535 (0xFFFF) smb_vwv[ 7]= 8 (0x8) smb_vwv[ 8]= 116 (0x74) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 116 (0x74) smb_vwv[11]= 64 (0x40) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_bcc=117 [2012/02/20 14:52:42.054365, 10] ../lib/util/util.c:415(dump_data) [0000] EE 05 00 0B 03 10 00 00 00 74 00 00 00 02 00 00 ........ .t...... [0010] 00 B8 10 B8 10 00 00 00 00 02 00 00 00 00 00 01 ........ ........ [0020] 00 78 56 34 12 34 12 CD AB EF 00 01 23 45 67 89 .xV4.4.. ....#Eg. [0030] AB 01 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 ......]. ........ [0040] 00 2B 10 48 60 02 00 00 00 01 00 01 00 78 56 34 .+.H`... .....xV4 [0050] 12 34 12 CD AB EF 00 01 23 45 67 89 AB 01 00 00 .4...... #Eg..... [0060] 00 2C 1C B7 6C 12 98 40 45 03 00 00 00 00 00 00 .,..l..@ E....... [0070] 00 01 00 00 00 ..... [2012/02/20 14:52:42.055085, 3] smbd/process.c:1467(switch_message) switch message SMBwriteX (pid 27737) conn 0x9697a50 [2012/02/20 14:52:42.055195, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/02/20 14:52:42.055304, 6] smbd/pipes.c:300(reply_pipe_write_and_X) reply_pipe_write_and_X: 3ce0 name: spoolss len: 116 [2012/02/20 14:52:42.055395, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 116 [2012/02/20 14:52:42.055485, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 116 [2012/02/20 14:52:42.055572, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 116 [2012/02/20 14:52:42.055662, 10] rpc_server/srv_pipe_hnd.c:50(fill_rpc_header) fill_rpc_header: data_to_copy = 116, len_needed_to_complete_hdr = 16, receive_len = 0 [2012/02/20 14:52:42.055752, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 16 [2012/02/20 14:52:42.055838, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 100 [2012/02/20 14:52:42.055923, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 100 [2012/02/20 14:52:42.056032, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 0 [2012/02/20 14:52:42.056117, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 100 [2012/02/20 14:52:42.056233, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 100, incoming data = 100 [2012/02/20 14:52:42.056333, 10] rpc_server/srv_pipe.c:1877(process_complete_pdu) PDU is in Little Endian format! [2012/02/20 14:52:42.056470, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_BIND (11) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0074 (116) auth_length : 0x0000 (0) call_id : 0x00000002 (2) u : union dcerpc_payload(case 11) bind: struct dcerpc_bind max_xmit_frag : 0x10b8 (4280) max_recv_frag : 0x10b8 (4280) assoc_group_id : 0x00000000 (0) num_contexts : 0x02 (2) ctx_list: ARRAY(2) ctx_list: struct dcerpc_ctx_list context_id : 0x0000 (0) num_transfer_syntaxes : 0x01 (1) abstract_syntax: struct ndr_syntax_id uuid : 12345678-1234-abcd-ef00-0123456789ab if_version : 0x00000001 (1) transfer_syntaxes: ARRAY(1) transfer_syntaxes: struct ndr_syntax_id uuid : 8a885d04-1ceb-11c9-9fe8-08002b104860 if_version : 0x00000002 (2) ctx_list: struct dcerpc_ctx_list context_id : 0x0001 (1) num_transfer_syntaxes : 0x01 (1) abstract_syntax: struct ndr_syntax_id uuid : 12345678-1234-abcd-ef00-0123456789ab if_version : 0x00000001 (1) transfer_syntaxes: ARRAY(1) transfer_syntaxes: struct ndr_syntax_id uuid : 6cb71c2c-9812-4540-0300-000000000000 if_version : 0x00000001 (1) auth_info : DATA_BLOB length=0 [2012/02/20 14:52:42.058257, 10] rpc_server/srv_pipe.c:1890(process_complete_pdu) Processing packet type 11 [2012/02/20 14:52:42.058359, 3] rpc_server/srv_pipe.c:889(api_pipe_bind_req) api_pipe_bind_req: \PIPE\spoolss -> \PIPE\spoolss [2012/02/20 14:52:42.058452, 5] rpc_server/srv_pipe.c:923(api_pipe_bind_req) api_pipe_bind_req: make response. 923 [2012/02/20 14:52:42.058538, 3] rpc_server/srv_pipe.c:339(check_bind_req) check_bind_req for \spoolss [2012/02/20 14:52:42.058630, 3] rpc_server/srv_pipe.c:346(check_bind_req) check_bind_req: \PIPE\spoolss -> \PIPE\spoolss [2012/02/20 14:52:42.058753, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) &r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_BIND_ACK (12) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0044 (68) auth_length : 0x0000 (0) call_id : 0x00000002 (2) u : union dcerpc_payload(case 12) bind_ack: struct dcerpc_bind_ack max_xmit_frag : 0x10b8 (4280) max_recv_frag : 0x10b8 (4280) assoc_group_id : 0x000053f0 (21488) secondary_address_size : 0x000e (14) secondary_address : '\PIPE\spoolss' _pad1 : DATA_BLOB length=0 num_results : 0x01 (1) ctx_list: ARRAY(1) ctx_list: struct dcerpc_ack_ctx result : 0x0000 (0) reason : 0x0000 (0) syntax: struct ndr_syntax_id uuid : 8a885d04-1ceb-11c9-9fe8-08002b104860 if_version : 0x00000002 (2) auth_info : DATA_BLOB length=0 [2012/02/20 14:52:42.060097, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 100 [2012/02/20 14:52:42.060266, 3] smbd/pipes.c:361(pipe_write_andx_done) writeX-IPC nwritten=116 [2012/02/20 14:52:42.060677, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 59 [2012/02/20 14:52:42.060792, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x3b [2012/02/20 14:52:42.060881, 3] smbd/process.c:1662(process_smb) Transaction 33 of length 63 (0 toread) [2012/02/20 14:52:42.060980, 5] lib/util.c:332(show_msg) [2012/02/20 14:52:42.061030, 5] lib/util.c:342(show_msg) size=59 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=65279 smb_uid=100 smb_mid=22593 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]=15584 (0x3CE0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 1024 (0x400) smb_vwv[ 6]= 1024 (0x400) smb_vwv[ 7]=65535 (0xFFFF) smb_vwv[ 8]=65535 (0xFFFF) smb_vwv[ 9]= 1024 (0x400) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=0 [2012/02/20 14:52:42.061926, 10] ../lib/util/util.c:415(dump_data) [2012/02/20 14:52:42.061994, 3] smbd/process.c:1467(switch_message) switch message SMBreadX (pid 27737) conn 0x9697a50 [2012/02/20 14:52:42.062086, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/02/20 14:52:42.062188, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) name: \spoolss len: 1024 [2012/02/20 14:52:42.062282, 10] rpc_server/srv_pipe_hnd.c:325(read_from_internal_pipe) read_from_pipe: \spoolss: current_pdu_len = 68, current_pdu_sent = 0 returning 68 bytes. [2012/02/20 14:52:42.062376, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) free_pipe_context: destroying talloc pool of size 24 [2012/02/20 14:52:42.062499, 10] rpc_server/srv_pipe_hnd.c:788(np_read_recv) Received 68 bytes. There is no more data outstanding [2012/02/20 14:52:42.062590, 3] smbd/pipes.c:485(pipe_read_andx_done) readX-IPC min=1024 max=1024 nread=68 [2012/02/20 14:52:42.062929, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 274 [2012/02/20 14:52:42.063067, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x112 [2012/02/20 14:52:42.063155, 3] smbd/process.c:1662(process_smb) Transaction 34 of length 278 (0 toread) [2012/02/20 14:52:42.063265, 5] lib/util.c:332(show_msg) [2012/02/20 14:52:42.063316, 5] lib/util.c:342(show_msg) size=274 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=1620 smb_uid=100 smb_mid=22657 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 190 (0xBE) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 190 (0xBE) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=15584 (0x3CE0) smb_bcc=207 [2012/02/20 14:52:42.064387, 10] ../lib/util/util.c:415(dump_data) [0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [0010] 00 05 00 00 03 10 00 00 00 BE 00 00 00 02 00 00 ........ ........ [0020] 00 A6 00 00 00 00 00 45 00 00 00 02 00 0C 00 00 .......E ........ [0030] 00 00 00 00 00 0C 00 00 00 5C 00 5C 00 65 00 61 ........ .\.\.e.a [0040] 00 72 00 74 00 68 00 5C 00 70 00 6F 00 65 00 00 .r.t.h.\ .p.o.e.. [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0060] 00 01 00 00 00 01 00 00 00 04 00 02 00 1C 00 00 ........ ........ [0070] 00 08 00 02 00 0C 00 02 00 B1 1D 00 00 03 00 00 ........ ........ [0080] 00 00 00 00 00 00 00 00 00 07 00 00 00 00 00 00 ........ ........ [0090] 00 07 00 00 00 48 00 45 00 53 00 54 00 49 00 41 .....H.E .S.T.I.A [00A0] 00 00 00 00 00 0F 00 00 00 00 00 00 00 0F 00 00 ........ ........ [00B0] 00 43 00 4F 00 2D 00 52 00 41 00 5C 00 77 00 69 .C.O.-.R .A.\.w.i [00C0] 00 6E 00 67 00 75 00 65 00 73 00 74 00 00 00 .n.g.u.e .s.t... [2012/02/20 14:52:42.065405, 3] smbd/process.c:1467(switch_message) switch message SMBtrans (pid 27737) conn 0x9697a50 [2012/02/20 14:52:42.065496, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/02/20 14:52:42.065607, 3] smbd/ipc.c:560(handle_trans) trans <\PIPE\> data=190 params=0 setup=2 [2012/02/20 14:52:42.065701, 5] smbd/ipc.c:593(handle_trans) calling named_pipe [2012/02/20 14:52:42.065785, 3] smbd/ipc.c:511(named_pipe) named pipe command on <> name [2012/02/20 14:52:42.065870, 5] smbd/ipc.c:434(api_fd_reply) api_fd_reply [2012/02/20 14:52:42.065969, 3] smbd/ipc.c:475(api_fd_reply) Got API command 0x26 on pipe "spoolss" (pnum 3ce0) [2012/02/20 14:52:42.066067, 10] smbd/ipc.c:477(api_fd_reply) api_fd_reply: p:0x9617028 max_trans_reply: 1024 [2012/02/20 14:52:42.066155, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 190 [2012/02/20 14:52:42.066244, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 190 [2012/02/20 14:52:42.066331, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 190 [2012/02/20 14:52:42.066420, 10] rpc_server/srv_pipe_hnd.c:50(fill_rpc_header) fill_rpc_header: data_to_copy = 190, len_needed_to_complete_hdr = 16, receive_len = 0 [2012/02/20 14:52:42.066509, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 16 [2012/02/20 14:52:42.066593, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 174 [2012/02/20 14:52:42.066683, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 174 [2012/02/20 14:52:42.066810, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 0 [2012/02/20 14:52:42.066894, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 174 [2012/02/20 14:52:42.066987, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 174, incoming data = 174 [2012/02/20 14:52:42.067076, 10] rpc_server/srv_pipe.c:1877(process_complete_pdu) PDU is in Little Endian format! [2012/02/20 14:52:42.067173, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_REQUEST (0) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x00be (190) auth_length : 0x0000 (0) call_id : 0x00000002 (2) u : union dcerpc_payload(case 0) request: struct dcerpc_request alloc_hint : 0x000000a6 (166) context_id : 0x0000 (0) opnum : 0x0045 (69) object : union dcerpc_object(case 0) empty: struct dcerpc_empty _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=166 [0000] 00 00 02 00 0C 00 00 00 00 00 00 00 0C 00 00 00 ........ ........ [0010] 5C 00 5C 00 65 00 61 00 72 00 74 00 68 00 5C 00 \.\.e.a. r.t.h.\. [0020] 70 00 6F 00 65 00 00 00 00 00 00 00 00 00 00 00 p.o.e... ........ [0030] 00 00 00 00 00 00 00 00 01 00 00 00 01 00 00 00 ........ ........ [0040] 04 00 02 00 1C 00 00 00 08 00 02 00 0C 00 02 00 ........ ........ [0050] B1 1D 00 00 03 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0060] 07 00 00 00 00 00 00 00 07 00 00 00 48 00 45 00 ........ ....H.E. [0070] 53 00 54 00 49 00 41 00 00 00 00 00 0F 00 00 00 S.T.I.A. ........ [0080] 00 00 00 00 0F 00 00 00 43 00 4F 00 2D 00 52 00 ........ C.O.-.R. [0090] 41 00 5C 00 77 00 69 00 6E 00 67 00 75 00 65 00 A.\.w.i. n.g.u.e. [00A0] 73 00 74 00 00 00 s.t... [2012/02/20 14:52:42.069253, 10] rpc_server/srv_pipe.c:1890(process_complete_pdu) Processing packet type 0 [2012/02/20 14:52:42.069347, 10] rpc_server/srv_pipe.c:1734(dcesrv_auth_request) Checking request auth. [2012/02/20 14:52:42.069441, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) Requested \PIPE\\spoolss [2012/02/20 14:52:42.069566, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) api_rpcTNP: \spoolss op 0x45 - api_rpcTNP: rpc command: SPOOLSS_OPENPRINTEREX [2012/02/20 14:52:42.069730, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) api_rpc_cmds[69].fn == 0x4473d0 [2012/02/20 14:52:42.069892, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) spoolss_OpenPrinterEx: struct spoolss_OpenPrinterEx in: struct spoolss_OpenPrinterEx printername : * printername : '\\earth\poe' datatype : NULL devmode_ctr: struct spoolss_DevmodeContainer _ndr_size : 0x00000000 (0) devmode : NULL access_mask : 0x00000000 (0) 0: SERVER_ACCESS_ADMINISTER 0: SERVER_ACCESS_ENUMERATE 0: PRINTER_ACCESS_ADMINISTER 0: PRINTER_ACCESS_USE 0: JOB_ACCESS_ADMINISTER 0: JOB_ACCESS_READ level : 0x00000001 (1) userlevel : union spoolss_UserLevel(case 1) level1 : * level1: struct spoolss_UserLevel1 size : 0x0000001c (28) client : * client : 'HESTIA' user : * user : 'CO-RA\winguest' build : 0x00001db1 (7601) major : UNKNOWN_ENUM_VALUE (3) minor : SPOOLSS_MINOR_VERSION_0 (0) processor : PROCESSOR_ARCHITECTURE_INTEL (0) checking name: \\earth\poe [2012/02/20 14:52:42.071190, 10] rpc_server/spoolss/srv_spoolss_nt.c:752(open_printer_hnd) open_printer_hnd: name [\\earth\poe] [2012/02/20 14:52:42.071304, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[1] [0000] 00 00 00 00 0D 00 00 00 00 00 00 00 42 4F AA C0 ........ ....BO.. [0010] 59 6C 00 00 Yl.. [2012/02/20 14:52:42.071507, 3] rpc_server/spoolss/srv_spoolss_nt.c:521(set_printer_hnd_printertype) Setting printer type=\\earth\poe Printer is a printer [2012/02/20 14:52:42.071661, 4] rpc_server/spoolss/srv_spoolss_nt.c:581(set_printer_hnd_name) Setting printer name=\\earth\poe (len=11) searching for [poe] [2012/02/20 14:52:42.071869, 10] lib/gencache.c:183(gencache_set_data_blob) Adding cache entry with key = PRINTERNAME/poe and timeout = Mon Feb 20 14:57:42 2012 (300 seconds ahead) set_printer_hnd_name: Printer found: poe -> poe [2012/02/20 14:52:42.072158, 5] rpc_server/spoolss/srv_spoolss_nt.c:788(open_printer_hnd) 1 printer handles active [2012/02/20 14:52:42.072268, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 0D 00 00 00 00 00 00 00 42 4F AA C0 ........ ....BO.. [0010] 59 6C 00 00 Yl.. [2012/02/20 14:52:42.072464, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 0D 00 00 00 00 00 00 00 42 4F AA C0 ........ ....BO.. [0010] 59 6C 00 00 Yl.. [2012/02/20 14:52:42.072653, 4] rpc_server/spoolss/srv_spoolss_nt.c:504(get_printer_snum) short name:poe [2012/02/20 14:52:42.072771, 3] lib/access.c:338(allow_access) Allowed connection from 10.10.20.205 (10.10.20.205) [2012/02/20 14:52:42.074487, 10] smbd/share_access.c:241(user_ok_token) user_ok_token: share poe is ok for unix user winguest [2012/02/20 14:52:42.074701, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) Create pipe requested \winreg [2012/02/20 14:52:42.074814, 10] rpc_server/rpc_handles.c:116(init_pipe_handles) init_pipe_handle_list: created handle list for pipe \winreg [2012/02/20 14:52:42.074903, 10] rpc_server/rpc_handles.c:133(init_pipe_handles) init_pipe_handle_list: pipe_handles ref count = 1 for pipe \winreg [2012/02/20 14:52:42.075076, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) Created internal pipe \winreg (pipes_open=0) [2012/02/20 14:52:42.075263, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM in: struct winreg_OpenHKLM system_name : NULL access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2012/02/20 14:52:42.075829, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2012/02/20 14:52:42.075945, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(7000, 1001) : sec_ctx_stack_ndx = 1 [2012/02/20 14:52:42.076046, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(100) : conn_ctx_stack_ndx = 0 [2012/02/20 14:52:42.076132, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2012/02/20 14:52:42.076219, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2012/02/20 14:52:42.076305, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2012/02/20 14:52:42.076615, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (7000, 1001) - sec_ctx_stack_ndx = 0 [2012/02/20 14:52:42.076718, 10] registry/reg_backend_db.c:602(regdb_open) regdb_open: registry db opened. refcount reset (1) [2012/02/20 14:52:42.076823, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM] [2012/02/20 14:52:42.076911, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM] [2012/02/20 14:52:42.077013, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/02/20 14:52:42.077100, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0xb037c0 for key [\HKLM] [2012/02/20 14:52:42.077311, 10] registry/reg_backend_db.c:1871(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM] [2012/02/20 14:52:42.077455, 10] ../libcli/security/access_check.c:178(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2012/02/20 14:52:42.077557, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[1] [0000] 00 00 00 00 0E 00 00 00 00 00 00 00 42 4F AA C0 ........ ....BO.. [0010] 59 6C 00 00 Yl.. [2012/02/20 14:52:42.077768, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM out: struct winreg_OpenHKLM handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000000e-0000-0000-424f-aac0596c0000 result : WERR_OK [2012/02/20 14:52:42.078475, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey in: struct winreg_OpenKey parent_handle : * parent_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000000e-0000-0000-424f-aac0596c0000 keyname: struct winreg_String name_len : 0x0080 (128) name_size : 0x0080 (128) name : * name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\poe' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2012/02/20 14:52:42.079602, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 0E 00 00 00 00 00 00 00 42 4F AA C0 ........ ....BO.. [0010] 59 6C 00 00 Yl.. [2012/02/20 14:52:42.079799, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2012/02/20 14:52:42.079894, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (1->2) [2012/02/20 14:52:42.079999, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] [2012/02/20 14:52:42.080085, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE] [2012/02/20 14:52:42.080175, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/02/20 14:52:42.080260, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0xb037c0 for key [\HKLM\SOFTWARE] [2012/02/20 14:52:42.080431, 10] registry/reg_backend_db.c:1871(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE] [2012/02/20 14:52:42.080567, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2012/02/20 14:52:42.080664, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (2->3) [2012/02/20 14:52:42.080757, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] [2012/02/20 14:52:42.080845, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] [2012/02/20 14:52:42.081006, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/02/20 14:52:42.081142, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0xb037c0 for key [\HKLM\SOFTWARE\Microsoft] [2012/02/20 14:52:42.081304, 10] registry/reg_backend_db.c:1871(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft] [2012/02/20 14:52:42.081440, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (3->2) [2012/02/20 14:52:42.081532, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2012/02/20 14:52:42.081624, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (2->3) [2012/02/20 14:52:42.081720, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] [2012/02/20 14:52:42.081808, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] [2012/02/20 14:52:42.081897, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/02/20 14:52:42.081999, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0xb037c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] [2012/02/20 14:52:42.082141, 10] registry/reg_backend_db.c:1871(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT] [2012/02/20 14:52:42.082273, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (3->2) [2012/02/20 14:52:42.082364, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2012/02/20 14:52:42.082456, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (2->3) [2012/02/20 14:52:42.082550, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2012/02/20 14:52:42.082638, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2012/02/20 14:52:42.082730, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/02/20 14:52:42.082816, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0xb03a20 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2012/02/20 14:52:42.083048, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (3->2) [2012/02/20 14:52:42.083205, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2012/02/20 14:52:42.083302, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (2->3) [2012/02/20 14:52:42.083399, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2012/02/20 14:52:42.083489, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2012/02/20 14:52:42.083582, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/02/20 14:52:42.083669, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0xb03a20 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2012/02/20 14:52:42.083829, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (3->2) [2012/02/20 14:52:42.083922, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2012/02/20 14:52:42.084028, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (2->3) [2012/02/20 14:52:42.084124, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2012/02/20 14:52:42.084214, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2012/02/20 14:52:42.084336, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/02/20 14:52:42.084446, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0xb037c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2012/02/20 14:52:42.084611, 10] registry/reg_backend_db.c:1871(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2012/02/20 14:52:42.084752, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (3->2) [2012/02/20 14:52:42.084843, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [poe] [2012/02/20 14:52:42.084935, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (2->3) [2012/02/20 14:52:42.085044, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\poe] [2012/02/20 14:52:42.085133, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\poe] [2012/02/20 14:52:42.085226, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/02/20 14:52:42.085311, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0xb037c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\poe] [2012/02/20 14:52:42.085457, 10] registry/reg_backend_db.c:1871(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\poe] [2012/02/20 14:52:42.085595, 10] ../libcli/security/access_check.c:178(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2012/02/20 14:52:42.085693, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (3->2) [2012/02/20 14:52:42.085787, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[2] [0000] 00 00 00 00 0F 00 00 00 00 00 00 00 42 4F AA C0 ........ ....BO.. [0010] 59 6C 00 00 Yl.. [2012/02/20 14:52:42.085990, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey out: struct winreg_OpenKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000000f-0000-0000-424f-aac0596c0000 result : WERR_OK [2012/02/20 14:52:42.086433, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000000f-0000-0000-424f-aac0596c0000 value_name : * value_name: struct winreg_String name_len : 0x0012 (18) name_size : 0x0012 (18) name : * name : 'Security' type : * type : REG_NONE (0) data : NULL data_size : * data_size : 0x00000000 (0) data_length : * data_length : 0x00000000 (0) [2012/02/20 14:52:42.087292, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 0F 00 00 00 00 00 00 00 42 4F AA C0 ........ ....BO.. [0010] 59 6C 00 00 Yl.. [2012/02/20 14:52:42.087536, 7] rpc_server/winreg/srv_winreg_nt.c:262(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\poe] [2012/02/20 14:52:42.087631, 7] rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2012/02/20 14:52:42.087726, 10] registry/reg_dispatcher.c:150(fetch_reg_values) fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\poe' (ops 0xb037c0) [2012/02/20 14:52:42.087819, 10] registry/reg_backend_db.c:1764(regdb_fetch_values_internal) regdb_fetch_values: Looking for value of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\poe] [2012/02/20 14:52:42.087980, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) specific: [Attributes], len: 4 [2012/02/20 14:52:42.088076, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) specific: [Description], len: 2 [2012/02/20 14:52:42.088166, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) specific: [Datatype], len: 8 [2012/02/20 14:52:42.088257, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) specific: [Default Priority], len: 4 [2012/02/20 14:52:42.088347, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) specific: [Port], len: 38 [2012/02/20 14:52:42.088437, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) specific: [Name], len: 8 [2012/02/20 14:52:42.088527, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) specific: [Print Processor], len: 18 [2012/02/20 14:52:42.088617, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) specific: [Priority], len: 4 [2012/02/20 14:52:42.088709, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) specific: [Security], len: 248 [2012/02/20 14:52:42.088799, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) specific: [Share Name], len: 8 [2012/02/20 14:52:42.088889, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) specific: [StartTime], len: 4 [2012/02/20 14:52:42.088989, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) specific: [UntilTime], len: 4 [2012/02/20 14:52:42.089100, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) specific: [ChangeID], len: 4 [2012/02/20 14:52:42.089199, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_BINARY (3) data : NULL data_size : * data_size : 0x000000f8 (248) data_length : * data_length : 0x00000000 (0) result : WERR_OK [2012/02/20 14:52:42.089697, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000000f-0000-0000-424f-aac0596c0000 value_name : * value_name: struct winreg_String name_len : 0x0012 (18) name_size : 0x0012 (18) name : * name : 'Security' type : * type : REG_BINARY (3) data : * data: ARRAY(0) data_size : * data_size : 0x000000f8 (248) data_length : * data_length : 0x00000000 (0) [2012/02/20 14:52:42.090594, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 0F 00 00 00 00 00 00 00 42 4F AA C0 ........ ....BO.. [0010] 59 6C 00 00 Yl.. [2012/02/20 14:52:42.090819, 7] rpc_server/winreg/srv_winreg_nt.c:262(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\poe] [2012/02/20 14:52:42.090912, 7] rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2012/02/20 14:52:42.091015, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_BINARY (3) data : * data: ARRAY(248) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x04 (4) [3] : 0x80 (128) [4] : 0x14 (20) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) [8] : 0x24 (36) [9] : 0x00 (0) [10] : 0x00 (0) [11] : 0x00 (0) [12] : 0x00 (0) [13] : 0x00 (0) [14] : 0x00 (0) [15] : 0x00 (0) [16] : 0x34 (52) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) [20] : 0x01 (1) [21] : 0x02 (2) [22] : 0x00 (0) [23] : 0x00 (0) [24] : 0x00 (0) [25] : 0x00 (0) [26] : 0x00 (0) [27] : 0x05 (5) [28] : 0x20 (32) [29] : 0x00 (0) [30] : 0x00 (0) [31] : 0x00 (0) [32] : 0x20 (32) [33] : 0x02 (2) [34] : 0x00 (0) [35] : 0x00 (0) [36] : 0x01 (1) [37] : 0x02 (2) [38] : 0x00 (0) [39] : 0x00 (0) [40] : 0x00 (0) [41] : 0x00 (0) [42] : 0x00 (0) [43] : 0x05 (5) [44] : 0x20 (32) [45] : 0x00 (0) [46] : 0x00 (0) [47] : 0x00 (0) [48] : 0x20 (32) [49] : 0x02 (2) [50] : 0x00 (0) [51] : 0x00 (0) [52] : 0x02 (2) [53] : 0x00 (0) [54] : 0xc4 (196) [55] : 0x00 (0) [56] : 0x07 (7) [57] : 0x00 (0) [58] : 0x00 (0) [59] : 0x00 (0) [60] : 0x00 (0) [61] : 0x02 (2) [62] : 0x14 (20) [63] : 0x00 (0) [64] : 0x08 (8) [65] : 0x00 (0) [66] : 0x02 (2) [67] : 0x20 (32) [68] : 0x01 (1) [69] : 0x01 (1) [70] : 0x00 (0) [71] : 0x00 (0) [72] : 0x00 (0) [73] : 0x00 (0) [74] : 0x00 (0) [75] : 0x01 (1) [76] : 0x00 (0) [77] : 0x00 (0) [78] : 0x00 (0) [79] : 0x00 (0) [80] : 0x00 (0) [81] : 0x09 (9) [82] : 0x24 (36) [83] : 0x00 (0) [84] : 0x0c (12) [85] : 0x00 (0) [86] : 0x0f (15) [87] : 0x10 (16) [88] : 0x01 (1) [89] : 0x05 (5) [90] : 0x00 (0) [91] : 0x00 (0) [92] : 0x00 (0) [93] : 0x00 (0) [94] : 0x00 (0) [95] : 0x05 (5) [96] : 0x15 (21) [97] : 0x00 (0) [98] : 0x00 (0) [99] : 0x00 (0) [100] : 0xd3 (211) [101] : 0x42 (66) [102] : 0x9f (159) [103] : 0x90 (144) [104] : 0x94 (148) [105] : 0x5f (95) [106] : 0x64 (100) [107] : 0xfd (253) [108] : 0xeb (235) [109] : 0x17 (23) [110] : 0x72 (114) [111] : 0x3b (59) [112] : 0x00 (0) [113] : 0x02 (2) [114] : 0x00 (0) [115] : 0x00 (0) [116] : 0x00 (0) [117] : 0x02 (2) [118] : 0x24 (36) [119] : 0x00 (0) [120] : 0x0c (12) [121] : 0x00 (0) [122] : 0x0f (15) [123] : 0x10 (16) [124] : 0x01 (1) [125] : 0x05 (5) [126] : 0x00 (0) [127] : 0x00 (0) [128] : 0x00 (0) [129] : 0x00 (0) [130] : 0x00 (0) [131] : 0x05 (5) [132] : 0x15 (21) [133] : 0x00 (0) [134] : 0x00 (0) [135] : 0x00 (0) [136] : 0xd3 (211) [137] : 0x42 (66) [138] : 0x9f (159) [139] : 0x90 (144) [140] : 0x94 (148) [141] : 0x5f (95) [142] : 0x64 (100) [143] : 0xfd (253) [144] : 0xeb (235) [145] : 0x17 (23) [146] : 0x72 (114) [147] : 0x3b (59) [148] : 0x00 (0) [149] : 0x02 (2) [150] : 0x00 (0) [151] : 0x00 (0) [152] : 0x00 (0) [153] : 0x09 (9) [154] : 0x18 (24) [155] : 0x00 (0) [156] : 0x0c (12) [157] : 0x00 (0) [158] : 0x0f (15) [159] : 0x10 (16) [160] : 0x01 (1) [161] : 0x02 (2) [162] : 0x00 (0) [163] : 0x00 (0) [164] : 0x00 (0) [165] : 0x00 (0) [166] : 0x00 (0) [167] : 0x05 (5) [168] : 0x20 (32) [169] : 0x00 (0) [170] : 0x00 (0) [171] : 0x00 (0) [172] : 0x20 (32) [173] : 0x02 (2) [174] : 0x00 (0) [175] : 0x00 (0) [176] : 0x00 (0) [177] : 0x02 (2) [178] : 0x18 (24) [179] : 0x00 (0) [180] : 0x0c (12) [181] : 0x00 (0) [182] : 0x0f (15) [183] : 0x10 (16) [184] : 0x01 (1) [185] : 0x02 (2) [186] : 0x00 (0) [187] : 0x00 (0) [188] : 0x00 (0) [189] : 0x00 (0) [190] : 0x00 (0) [191] : 0x05 (5) [192] : 0x20 (32) [193] : 0x00 (0) [194] : 0x00 (0) [195] : 0x00 (0) [196] : 0x20 (32) [197] : 0x02 (2) [198] : 0x00 (0) [199] : 0x00 (0) [200] : 0x00 (0) [201] : 0x09 (9) [202] : 0x18 (24) [203] : 0x00 (0) [204] : 0x0c (12) [205] : 0x00 (0) [206] : 0x0f (15) [207] : 0x10 (16) [208] : 0x01 (1) [209] : 0x02 (2) [210] : 0x00 (0) [211] : 0x00 (0) [212] : 0x00 (0) [213] : 0x00 (0) [214] : 0x00 (0) [215] : 0x05 (5) [216] : 0x20 (32) [217] : 0x00 (0) [218] : 0x00 (0) [219] : 0x00 (0) [220] : 0x26 (38) [221] : 0x02 (2) [222] : 0x00 (0) [223] : 0x00 (0) [224] : 0x00 (0) [225] : 0x02 (2) [226] : 0x18 (24) [227] : 0x00 (0) [228] : 0x0c (12) [229] : 0x00 (0) [230] : 0x0f (15) [231] : 0x10 (16) [232] : 0x01 (1) [233] : 0x02 (2) [234] : 0x00 (0) [235] : 0x00 (0) [236] : 0x00 (0) [237] : 0x00 (0) [238] : 0x00 (0) [239] : 0x05 (5) [240] : 0x20 (32) [241] : 0x00 (0) [242] : 0x00 (0) [243] : 0x00 (0) [244] : 0x26 (38) [245] : 0x02 (2) [246] : 0x00 (0) [247] : 0x00 (0) data_size : * data_size : 0x000000f8 (248) data_length : * data_length : 0x000000f8 (248) result : WERR_OK [2012/02/20 14:52:42.102162, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000000f-0000-0000-424f-aac0596c0000 [2012/02/20 14:52:42.102490, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 0F 00 00 00 00 00 00 00 42 4F AA C0 ........ ....BO.. [0010] 59 6C 00 00 Yl.. [2012/02/20 14:52:42.102680, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 0F 00 00 00 00 00 00 00 42 4F AA C0 ........ ....BO.. [0010] 59 6C 00 00 Yl.. [2012/02/20 14:52:42.102891, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/02/20 14:52:42.103030, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (2->1) [2012/02/20 14:52:42.103136, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2012/02/20 14:52:42.103508, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000000e-0000-0000-424f-aac0596c0000 [2012/02/20 14:52:42.103808, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 0E 00 00 00 00 00 00 00 42 4F AA C0 ........ ....BO.. [0010] 59 6C 00 00 Yl.. [2012/02/20 14:52:42.104001, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 0E 00 00 00 00 00 00 00 42 4F AA C0 ........ ....BO.. [0010] 59 6C 00 00 Yl.. [2012/02/20 14:52:42.104180, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/02/20 14:52:42.104266, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (1->0) [2012/02/20 14:52:42.104385, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2012/02/20 14:52:42.104747, 10] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0x20020008 to 0x00020008 [2012/02/20 14:52:42.104837, 10] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0x100f000c to 0x000f000c [2012/02/20 14:52:42.104923, 10] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0x100f000c to 0x000f000c [2012/02/20 14:52:42.105021, 10] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0x100f000c to 0x000f000c [2012/02/20 14:52:42.105106, 10] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0x100f000c to 0x000f000c [2012/02/20 14:52:42.105192, 10] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0x100f000c to 0x000f000c [2012/02/20 14:52:42.105277, 10] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0x100f000c to 0x000f000c [2012/02/20 14:52:42.105365, 4] printing/nt_printing.c:1793(print_access_check) access check was SUCCESS [2012/02/20 14:52:42.105453, 10] rpc_server/rpc_handles.c:307(close_policy_by_pipe) close_policy_by_pipe: deleted handle list for pipe \winreg [2012/02/20 14:52:42.105551, 4] rpc_server/spoolss/srv_spoolss_nt.c:1923(_spoolss_OpenPrinterEx) Setting printer access = PRINTER_ACCESS_USE [2012/02/20 14:52:42.105654, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) Create pipe requested \winreg [2012/02/20 14:52:42.105751, 10] rpc_server/rpc_handles.c:116(init_pipe_handles) init_pipe_handle_list: created handle list for pipe \winreg [2012/02/20 14:52:42.105840, 10] rpc_server/rpc_handles.c:133(init_pipe_handles) init_pipe_handle_list: pipe_handles ref count = 1 for pipe \winreg [2012/02/20 14:52:42.105986, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) Created internal pipe \winreg (pipes_open=0) [2012/02/20 14:52:42.106106, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM in: struct winreg_OpenHKLM system_name : NULL access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2012/02/20 14:52:42.106630, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2012/02/20 14:52:42.106726, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(7000, 1001) : sec_ctx_stack_ndx = 1 [2012/02/20 14:52:42.106820, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(100) : conn_ctx_stack_ndx = 0 [2012/02/20 14:52:42.106906, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2012/02/20 14:52:42.107002, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2012/02/20 14:52:42.107087, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2012/02/20 14:52:42.107361, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (7000, 1001) - sec_ctx_stack_ndx = 0 [2012/02/20 14:52:42.107463, 10] registry/reg_backend_db.c:602(regdb_open) regdb_open: registry db opened. refcount reset (1) [2012/02/20 14:52:42.107557, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM] [2012/02/20 14:52:42.107645, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM] [2012/02/20 14:52:42.107734, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/02/20 14:52:42.107819, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0xb037c0 for key [\HKLM] [2012/02/20 14:52:42.108020, 10] registry/reg_backend_db.c:1871(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM] [2012/02/20 14:52:42.108169, 10] ../libcli/security/access_check.c:178(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2012/02/20 14:52:42.108270, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[1] [0000] 00 00 00 00 10 00 00 00 00 00 00 00 42 4F AA C0 ........ ....BO.. [0010] 59 6C 00 00 Yl.. [2012/02/20 14:52:42.108529, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM out: struct winreg_OpenHKLM handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000010-0000-0000-424f-aac0596c0000 result : WERR_OK [2012/02/20 14:52:42.108961, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey in: struct winreg_OpenKey parent_handle : * parent_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000010-0000-0000-424f-aac0596c0000 keyname: struct winreg_String name_len : 0x0080 (128) name_size : 0x0080 (128) name : * name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\poe' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2012/02/20 14:52:42.110345, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 10 00 00 00 00 00 00 00 42 4F AA C0 ........ ....BO.. [0010] 59 6C 00 00 Yl.. [2012/02/20 14:52:42.110559, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2012/02/20 14:52:42.110658, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (1->2) [2012/02/20 14:52:42.110757, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] [2012/02/20 14:52:42.110844, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE] [2012/02/20 14:52:42.110934, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/02/20 14:52:42.111031, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0xb037c0 for key [\HKLM\SOFTWARE] [2012/02/20 14:52:42.111209, 10] registry/reg_backend_db.c:1871(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE] [2012/02/20 14:52:42.111347, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2012/02/20 14:52:42.111443, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (2->3) [2012/02/20 14:52:42.111537, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] [2012/02/20 14:52:42.111626, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] [2012/02/20 14:52:42.111715, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/02/20 14:52:42.111801, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0xb037c0 for key [\HKLM\SOFTWARE\Microsoft] [2012/02/20 14:52:42.111954, 10] registry/reg_backend_db.c:1871(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft] [2012/02/20 14:52:42.112091, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (3->2) [2012/02/20 14:52:42.112182, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2012/02/20 14:52:42.112275, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (2->3) [2012/02/20 14:52:42.112369, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] [2012/02/20 14:52:42.112458, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] [2012/02/20 14:52:42.112547, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/02/20 14:52:42.112633, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0xb037c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] [2012/02/20 14:52:42.112772, 10] registry/reg_backend_db.c:1871(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT] [2012/02/20 14:52:42.112903, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (3->2) [2012/02/20 14:52:42.113004, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2012/02/20 14:52:42.113097, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (2->3) [2012/02/20 14:52:42.113219, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2012/02/20 14:52:42.113309, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2012/02/20 14:52:42.113399, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/02/20 14:52:42.113485, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0xb03a20 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2012/02/20 14:52:42.113655, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (3->2) [2012/02/20 14:52:42.113748, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2012/02/20 14:52:42.113839, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (2->3) [2012/02/20 14:52:42.113934, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2012/02/20 14:52:42.114033, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2012/02/20 14:52:42.114125, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/02/20 14:52:42.114210, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0xb03a20 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2012/02/20 14:52:42.114360, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (3->2) [2012/02/20 14:52:42.114451, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2012/02/20 14:52:42.114542, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (2->3) [2012/02/20 14:52:42.114637, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2012/02/20 14:52:42.114729, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2012/02/20 14:52:42.114820, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/02/20 14:52:42.114905, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0xb037c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2012/02/20 14:52:42.115146, 10] registry/reg_backend_db.c:1871(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2012/02/20 14:52:42.115311, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (3->2) [2012/02/20 14:52:42.115403, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [poe] [2012/02/20 14:52:42.115497, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (2->3) [2012/02/20 14:52:42.115594, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\poe] [2012/02/20 14:52:42.115687, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\poe] [2012/02/20 14:52:42.115780, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/02/20 14:52:42.115866, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0xb037c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\poe] [2012/02/20 14:52:42.116025, 10] registry/reg_backend_db.c:1871(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\poe] [2012/02/20 14:52:42.116163, 10] ../libcli/security/access_check.c:178(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2012/02/20 14:52:42.116292, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (3->2) [2012/02/20 14:52:42.116387, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[2] [0000] 00 00 00 00 11 00 00 00 00 00 00 00 42 4F AA C0 ........ ....BO.. [0010] 59 6C 00 00 Yl.. [2012/02/20 14:52:42.116576, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey out: struct winreg_OpenKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000011-0000-0000-424f-aac0596c0000 result : WERR_OK [2012/02/20 14:52:42.116969, 2] rpc_client/cli_winreg_spoolss.c:898(winreg_create_printer) winreg_create_printer: Skipping, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\poe already exists [2012/02/20 14:52:42.117102, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000011-0000-0000-424f-aac0596c0000 [2012/02/20 14:52:42.117405, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 11 00 00 00 00 00 00 00 42 4F AA C0 ........ ....BO.. [0010] 59 6C 00 00 Yl.. [2012/02/20 14:52:42.117595, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 11 00 00 00 00 00 00 00 42 4F AA C0 ........ ....BO.. [0010] 59 6C 00 00 Yl.. [2012/02/20 14:52:42.117782, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/02/20 14:52:42.117870, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (2->1) [2012/02/20 14:52:42.117965, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2012/02/20 14:52:42.118335, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000010-0000-0000-424f-aac0596c0000 [2012/02/20 14:52:42.118641, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 10 00 00 00 00 00 00 00 42 4F AA C0 ........ ....BO.. [0010] 59 6C 00 00 Yl.. [2012/02/20 14:52:42.118831, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 10 00 00 00 00 00 00 00 42 4F AA C0 ........ ....BO.. [0010] 59 6C 00 00 Yl.. [2012/02/20 14:52:42.119052, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/02/20 14:52:42.119141, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (1->0) [2012/02/20 14:52:42.119261, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2012/02/20 14:52:42.119678, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) spoolss_OpenPrinterEx: struct spoolss_OpenPrinterEx out: struct spoolss_OpenPrinterEx handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000000d-0000-0000-424f-aac0596c0000 result : WERR_OK [2012/02/20 14:52:42.120052, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP) api_rpcTNP: called \spoolss successfully [2012/02/20 14:52:42.120153, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 174 [2012/02/20 14:52:42.120278, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) name: \spoolss len: 1024 [2012/02/20 14:52:42.120371, 10] rpc_server/srv_pipe_hnd.c:346(read_from_internal_pipe) read_from_pipe: \spoolss: fault_state = 0 : data_sent_length = 0, p->out_data.rdata.length = 24. [2012/02/20 14:52:42.120480, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) &r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_RESPONSE (2) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0030 (48) auth_length : 0x0000 (0) call_id : 0x00000002 (2) u : union dcerpc_payload(case 2) response: struct dcerpc_response alloc_hint : 0x00000018 (24) context_id : 0x0000 (0) cancel_count : 0x00 (0) _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=24 [0000] 00 00 00 00 0D 00 00 00 00 00 00 00 42 4F AA C0 ........ ....BO.. [0010] 59 6C 00 00 00 00 00 00 Yl...... [2012/02/20 14:52:42.121503, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) free_pipe_context: destroying talloc pool of size 1341 [2012/02/20 14:52:42.121596, 10] rpc_server/rpc_handles.c:307(close_policy_by_pipe) close_policy_by_pipe: deleted handle list for pipe \winreg [2012/02/20 14:52:42.121708, 10] rpc_server/srv_pipe_hnd.c:788(np_read_recv) Received 48 bytes. There is no more data outstanding [2012/02/20 14:52:42.121801, 5] smbd/ipc.c:62(copy_trans_params_and_data) copy_trans_params_and_data: params[0..0] data[0..48] (align 0) [2012/02/20 14:52:42.121891, 5] lib/util.c:332(show_msg) [2012/02/20 14:52:42.121948, 5] lib/util.c:342(show_msg) size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=2 smb_pid=1620 smb_uid=100 smb_mid=22657 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [2012/02/20 14:52:42.122756, 10] ../lib/util/util.c:415(dump_data) [0000] 00 05 00 02 03 10 00 00 00 30 00 00 00 02 00 00 ........ .0...... [0010] 00 18 00 00 00 00 00 00 00 00 00 00 00 0D 00 00 ........ ........ [0020] 00 00 00 00 00 42 4F AA C0 59 6C 00 00 00 00 00 .....BO. .Yl..... [0030] 00 . [2012/02/20 14:52:42.123180, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 76 [2012/02/20 14:52:42.123301, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x4c [2012/02/20 14:52:42.123422, 3] smbd/process.c:1662(process_smb) Transaction 35 of length 80 (0 toread) [2012/02/20 14:52:42.123508, 5] lib/util.c:332(show_msg) [2012/02/20 14:52:42.123558, 5] lib/util.c:342(show_msg) size=76 smb_com=0x75 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=0 smb_pid=65279 smb_uid=100 smb_mid=22722 smt_wct=4 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 76 (0x4C) smb_vwv[ 2]= 8 (0x8) smb_vwv[ 3]= 1 (0x1) smb_bcc=33 [2012/02/20 14:52:42.124227, 10] ../lib/util/util.c:415(dump_data) [0000] 00 5C 00 5C 00 45 00 41 00 52 00 54 00 48 00 5C .\.\.E.A .R.T.H.\ [0010] 00 4D 00 49 00 52 00 4F 00 00 00 3F 3F 3F 3F 3F .M.I.R.O ...????? [0020] 00 . [2012/02/20 14:52:42.124486, 3] smbd/process.c:1467(switch_message) switch message SMBtconX (pid 27737) conn 0x0 [2012/02/20 14:52:42.124576, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2012/02/20 14:52:42.124666, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2012/02/20 14:52:42.124752, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2012/02/20 14:52:42.124901, 5] smbd/uid.c:400(change_to_root_user) change_to_root_user: now uid=(0,0) gid=(0,0) [2012/02/20 14:52:42.125020, 4] smbd/reply.c:794(reply_tcon_and_X) Client requested device type [?????] for share [MIRO] [2012/02/20 14:52:42.125132, 5] smbd/service.c:1321(make_connection) making a connection to 'normal' service miro [2012/02/20 14:52:42.125233, 3] lib/access.c:338(allow_access) Allowed connection from 10.10.20.205 (10.10.20.205) [2012/02/20 14:52:42.125324, 10] smbd/share_access.c:241(user_ok_token) user_ok_token: share miro is ok for unix user winguest [2012/02/20 14:52:42.125432, 5] lib/username.c:171(Get_Pwnam_alloc) Finding user winguest [2012/02/20 14:52:42.125522, 5] lib/username.c:116(Get_Pwnam_internals) Trying _Get_Pwnam(), username as lowercase is winguest [2012/02/20 14:52:42.125613, 5] lib/username.c:149(Get_Pwnam_internals) Get_Pwnam_internals did find user [winguest]! [2012/02/20 14:52:42.125717, 10] smbd/service.c:162(set_conn_connectpath) set_conn_connectpath: service miro, connectpath = /var/spool/samba [2012/02/20 14:52:42.125810, 3] smbd/service.c:837(make_connection_snum) Connect path is '/var/spool/samba' for service [miro] [2012/02/20 14:52:42.125931, 10] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0x10000000 to 0x001f01ff [2012/02/20 14:52:42.126039, 10] ../libcli/security/access_check.c:178(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0x101f01ff, remaining = 0x101f01ff [2012/02/20 14:52:42.126130, 3] smbd/vfs.c:102(vfs_init_default) Initialising default vfs hooks [2012/02/20 14:52:42.126216, 3] smbd/vfs.c:128(vfs_init_custom) Initialising custom vfs hooks from [/[Default VFS]/] [2012/02/20 14:52:42.126303, 10] smbd/vfs.c:53(vfs_find_backend_entry) vfs_find_backend_entry called for /[Default VFS]/ Successfully loaded vfs module [/[Default VFS]/] with the new modules system [2012/02/20 14:52:42.126432, 5] smbd/connection.c:134(claim_connection) claiming [miro] [2012/02/20 14:52:42.126649, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 596C0000FFFFFFFFB31B [2012/02/20 14:52:42.126753, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x96ad180 [2012/02/20 14:52:42.126873, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 596C0000FFFFFFFFB31B [2012/02/20 14:52:42.127137, 10] smbd/service.c:162(set_conn_connectpath) set_conn_connectpath: service miro, connectpath = /var/spool/samba [2012/02/20 14:52:42.127235, 10] smbd/share_access.c:241(user_ok_token) user_ok_token: share miro is ok for unix user winguest [2012/02/20 14:52:42.127332, 3] ../libcli/security/dom_sid.c:208(dom_sid_parse_endp) string_to_sid: SID @Domain is not in a valid format [2012/02/20 14:52:42.127548, 5] auth/user_util.c:148(user_in_netgroup) Unable to get default yp domain, let's try without specifying it [2012/02/20 14:52:42.127663, 5] auth/user_util.c:152(user_in_netgroup) looking for user winguest of domain (ANY) in netgroup Domain [2012/02/20 14:52:42.130117, 10] passdb/lookup_sid.c:76(lookup_name) lookup_name: CO-RA\Domain => domain=[CO-RA], name=[Domain] [2012/02/20 14:52:42.130378, 10] passdb/lookup_sid.c:77(lookup_name) lookup_name: flags = 0x077 [2012/02/20 14:52:42.130530, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2012/02/20 14:52:42.130678, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2012/02/20 14:52:42.130815, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2012/02/20 14:52:42.130966, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2012/02/20 14:52:42.131101, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2012/02/20 14:52:42.131355, 5] lib/smbldap.c:1439(smbldap_search_ext) smbldap_search_ext: base => [dc=nwra,dc=com], filter => [(&(objectClass=sambaGroupMapping)(|(displayName=Domain)(cn=Domain)))], scope => [2] [2012/02/20 14:52:42.134324, 4] passdb/pdb_ldap.c:2543(ldapsam_getgroup) ldapsam_getgroup: Did not find group, filter was (&(objectClass=sambaGroupMapping)(|(displayName=Domain)(cn=Domain))) [2012/02/20 14:52:42.134643, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2012/02/20 14:52:42.134818, 10] passdb/lookup_sid.c:76(lookup_name) lookup_name: Unix Group\Domain => domain=[Unix Group], name=[Domain] [2012/02/20 14:52:42.134971, 10] passdb/lookup_sid.c:77(lookup_name) lookup_name: flags = 0x077 [2012/02/20 14:52:42.143244, 5] smbd/share_access.c:120(token_contains_name) lookup_name Domain failed [2012/02/20 14:52:42.143606, 3] ../libcli/security/dom_sid.c:208(dom_sid_parse_endp) string_to_sid: SID Admins is not in a valid format [2012/02/20 14:52:42.143777, 10] passdb/lookup_sid.c:76(lookup_name) lookup_name: CO-RA\Admins => domain=[CO-RA], name=[Admins] [2012/02/20 14:52:42.143905, 10] passdb/lookup_sid.c:77(lookup_name) lookup_name: flags = 0x073 [2012/02/20 14:52:42.144051, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2012/02/20 14:52:42.144149, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2012/02/20 14:52:42.144236, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2012/02/20 14:52:42.144322, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2012/02/20 14:52:42.144408, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2012/02/20 14:52:42.144598, 5] lib/smbldap.c:1439(smbldap_search_ext) smbldap_search_ext: base => [dc=nwra,dc=com], filter => [(&(uid=Admins)(objectclass=sambaSamAccount))], scope => [2] [2012/02/20 14:52:42.146693, 4] passdb/pdb_ldap.c:1581(ldapsam_getsampwnam) ldapsam_getsampwnam: Unable to locate user [Admins] count=0 [2012/02/20 14:52:42.147045, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2012/02/20 14:52:42.147213, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2012/02/20 14:52:42.147362, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2012/02/20 14:52:42.147492, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2012/02/20 14:52:42.147622, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2012/02/20 14:52:42.147752, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2012/02/20 14:52:42.148010, 5] lib/smbldap.c:1439(smbldap_search_ext) smbldap_search_ext: base => [dc=nwra,dc=com], filter => [(&(objectClass=sambaGroupMapping)(|(displayName=Admins)(cn=Admins)))], scope => [2] [2012/02/20 14:52:42.151569, 4] passdb/pdb_ldap.c:2543(ldapsam_getgroup) ldapsam_getgroup: Did not find group, filter was (&(objectClass=sambaGroupMapping)(|(displayName=Admins)(cn=Admins))) [2012/02/20 14:52:42.151905, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2012/02/20 14:52:42.152083, 10] passdb/lookup_sid.c:76(lookup_name) lookup_name: Unix User\Admins => domain=[Unix User], name=[Admins] [2012/02/20 14:52:42.152220, 10] passdb/lookup_sid.c:77(lookup_name) lookup_name: flags = 0x073 [2012/02/20 14:52:42.152395, 5] lib/username.c:171(Get_Pwnam_alloc) Finding user Admins [2012/02/20 14:52:42.152541, 5] lib/username.c:116(Get_Pwnam_internals) Trying _Get_Pwnam(), username as lowercase is admins [2012/02/20 14:52:42.157548, 5] lib/username.c:124(Get_Pwnam_internals) Trying _Get_Pwnam(), username as given is Admins [2012/02/20 14:52:42.162316, 5] lib/username.c:134(Get_Pwnam_internals) Trying _Get_Pwnam(), username as uppercase is ADMINS [2012/02/20 14:52:42.167066, 5] lib/username.c:143(Get_Pwnam_internals) Checking combinations of 0 uppercase letters in admins [2012/02/20 14:52:42.167335, 5] lib/username.c:149(Get_Pwnam_internals) Get_Pwnam_internals didn't find user [Admins]! [2012/02/20 14:52:42.167476, 5] smbd/share_access.c:104(token_contains_name) lookup_name Admins failed [2012/02/20 14:52:42.167610, 10] smbd/share_access.c:286(is_share_read_only_for_token) is_share_read_only_for_user: share miro is read-write for unix user winguest [2012/02/20 14:52:42.167811, 10] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0x10000000 to 0x001f01ff [2012/02/20 14:52:42.168009, 10] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0x10000000 to 0x001f01ff [2012/02/20 14:52:42.168223, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (7000, 1001) - sec_ctx_stack_ndx = 0 [2012/02/20 14:52:42.168376, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (7): SID[ 0]: S-1-5-21-2426356435-4251213716-997332971-501 SID[ 1]: S-1-5-21-2426356435-4251213716-997332971-513 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-22-1-7000 SID[ 6]: S-1-22-2-1001 Privileges (0x 0): Rights (0x 0): [2012/02/20 14:52:42.169102, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 7000 Primary group is 1001 and contains 1 supplementary groups Group[ 0]: 1001 [2012/02/20 14:52:42.169379, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,7000), gid=(0,1001) [2012/02/20 14:52:42.169494, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2012/02/20 14:52:42.169584, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2012/02/20 14:52:42.169670, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2012/02/20 14:52:42.169809, 5] smbd/uid.c:400(change_to_root_user) change_to_root_user: now uid=(0,0) gid=(0,0) [2012/02/20 14:52:42.169932, 10] smbd/service.c:162(set_conn_connectpath) set_conn_connectpath: service miro, connectpath = /var/spool/samba [2012/02/20 14:52:42.170060, 1] smbd/service.c:1081(make_connection_snum) hestia (10.10.20.205) connect to service miro initially as user winguest (uid=7000, gid=1001) (pid 27737) [2012/02/20 14:52:42.170176, 3] smbd/reply.c:871(reply_tcon_and_X) tconX service=MIRO [2012/02/20 14:52:42.170354, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 4240 [2012/02/20 14:52:42.170474, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x1090 [2012/02/20 14:52:42.170563, 3] smbd/process.c:1662(process_smb) Transaction 36 of length 4244 (0 toread) [2012/02/20 14:52:42.170689, 5] lib/util.c:332(show_msg) [2012/02/20 14:52:42.170740, 5] lib/util.c:342(show_msg) size=4240 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=1620 smb_uid=100 smb_mid=22785 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 4156 (0x103C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 4156 (0x103C) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=15584 (0x3CE0) smb_bcc=4173 [2012/02/20 14:52:42.171797, 10] ../lib/util/util.c:415(dump_data) [0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [0010] 00 05 00 00 03 10 00 00 00 3C 10 00 00 03 00 00 ........ .<...... [0020] 00 24 10 00 00 00 00 08 00 00 00 00 00 0D 00 00 .$...... ........ [0030] 00 00 00 00 00 42 4F AA C0 59 6C 00 00 02 00 00 .....BO. .Yl..... [0040] 00 00 00 02 00 00 10 00 00 00 00 00 00 00 00 00 ........ ........ [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [2012/02/20 14:52:42.174253, 3] smbd/process.c:1467(switch_message) switch message SMBtrans (pid 27737) conn 0x9697a50 [2012/02/20 14:52:42.174351, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (7000, 1001) - sec_ctx_stack_ndx = 0 [2012/02/20 14:52:42.174443, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (7): SID[ 0]: S-1-5-21-2426356435-4251213716-997332971-501 SID[ 1]: S-1-5-21-2426356435-4251213716-997332971-513 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-22-1-7000 SID[ 6]: S-1-22-2-1001 Privileges (0x 0): Rights (0x 0): [2012/02/20 14:52:42.174876, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 7000 Primary group is 1001 and contains 1 supplementary groups Group[ 0]: 1001 [2012/02/20 14:52:42.175094, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,7000), gid=(0,1001) [2012/02/20 14:52:42.175209, 3] smbd/ipc.c:560(handle_trans) trans <\PIPE\> data=4156 params=0 setup=2 [2012/02/20 14:52:42.175303, 5] smbd/ipc.c:593(handle_trans) calling named_pipe [2012/02/20 14:52:42.175387, 3] smbd/ipc.c:511(named_pipe) named pipe command on <> name [2012/02/20 14:52:42.175473, 5] smbd/ipc.c:434(api_fd_reply) api_fd_reply [2012/02/20 14:52:42.175557, 3] smbd/ipc.c:475(api_fd_reply) Got API command 0x26 on pipe "spoolss" (pnum 3ce0) [2012/02/20 14:52:42.175645, 10] smbd/ipc.c:477(api_fd_reply) api_fd_reply: p:0x9617028 max_trans_reply: 1024 [2012/02/20 14:52:42.175737, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 4156 [2012/02/20 14:52:42.175827, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 4156 [2012/02/20 14:52:42.175914, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 4156 [2012/02/20 14:52:42.176011, 10] rpc_server/srv_pipe_hnd.c:50(fill_rpc_header) fill_rpc_header: data_to_copy = 4156, len_needed_to_complete_hdr = 16, receive_len = 0 [2012/02/20 14:52:42.176101, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 16 [2012/02/20 14:52:42.176186, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 4140 [2012/02/20 14:52:42.176272, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 4140 [2012/02/20 14:52:42.176362, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 0 [2012/02/20 14:52:42.176447, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 4140 [2012/02/20 14:52:42.176532, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 4140, incoming data = 4140 [2012/02/20 14:52:42.176627, 10] rpc_server/srv_pipe.c:1877(process_complete_pdu) PDU is in Little Endian format! [2012/02/20 14:52:42.176730, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_REQUEST (0) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x103c (4156) auth_length : 0x0000 (0) call_id : 0x00000003 (3) u : union dcerpc_payload(case 0) request: struct dcerpc_request alloc_hint : 0x00001024 (4132) context_id : 0x0000 (0) opnum : 0x0008 (8) object : union dcerpc_object(case 0) empty: struct dcerpc_empty _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=4132 [0000] 00 00 00 00 0D 00 00 00 00 00 00 00 42 4F AA C0 ........ ....BO.. [0010] 59 6C 00 00 02 00 00 00 00 00 02 00 00 10 00 00 Yl...... ........ [0020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0040] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0200] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0210] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0220] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0230] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0240] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0250] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0260] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0270] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0280] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0290] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0300] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0310] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0320] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0330] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0340] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0350] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0360] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0370] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0380] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0390] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0400] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0410] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0420] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0430] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0440] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0450] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0460] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0470] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0480] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0490] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0500] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0510] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0520] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0530] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0540] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0550] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0560] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0570] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0580] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0590] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0600] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0610] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0620] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0630] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0640] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0650] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0660] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0670] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0680] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0690] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0700] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0710] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0720] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0730] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0740] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0750] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0760] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0770] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0780] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0790] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0800] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0810] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0820] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0830] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0840] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0850] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0860] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0870] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0880] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0890] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0900] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0910] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0920] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0930] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0940] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0950] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0960] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0970] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0980] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0990] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0ED0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1010] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1020] 00 10 00 00 .... [2012/02/20 14:52:42.204428, 10] rpc_server/srv_pipe.c:1890(process_complete_pdu) Processing packet type 0 [2012/02/20 14:52:42.204543, 10] rpc_server/srv_pipe.c:1734(dcesrv_auth_request) Checking request auth. [2012/02/20 14:52:42.204647, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) Requested \PIPE\\spoolss [2012/02/20 14:52:42.204795, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) api_rpcTNP: \spoolss op 0x8 - api_rpcTNP: rpc command: SPOOLSS_GETPRINTER [2012/02/20 14:52:42.204891, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) api_rpc_cmds[8].fn == 0x442b10 [2012/02/20 14:52:42.205015, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) spoolss_GetPrinter: struct spoolss_GetPrinter in: struct spoolss_GetPrinter handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000000d-0000-0000-424f-aac0596c0000 level : 0x00000002 (2) buffer : * buffer : DATA_BLOB length=4096 [0000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0010] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0040] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0200] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0210] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0220] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0230] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0240] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0250] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0260] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0270] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0280] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0290] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0300] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0310] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0320] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0330] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0340] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0350] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0360] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0370] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0380] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0390] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0400] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0410] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0420] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0430] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0440] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0450] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0460] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0470] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0480] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0490] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0500] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0510] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0520] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0530] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0540] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0550] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0560] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0570] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0580] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0590] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0600] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0610] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0620] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0630] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0640] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0650] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0660] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0670] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0680] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0690] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0700] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0710] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0720] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0730] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0740] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0750] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0760] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0770] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0780] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0790] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0800] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0810] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0820] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0830] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0840] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0850] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0860] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0870] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0880] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0890] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0900] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0910] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0920] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0930] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0940] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0950] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0960] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0970] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0980] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0990] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0ED0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ offered : 0x00001000 (4096) [2012/02/20 14:52:42.231083, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 0D 00 00 00 00 00 00 00 42 4F AA C0 ........ ....BO.. [0010] 59 6C 00 00 Yl.. [2012/02/20 14:52:42.231297, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 0D 00 00 00 00 00 00 00 42 4F AA C0 ........ ....BO.. [0010] 59 6C 00 00 Yl.. [2012/02/20 14:52:42.231485, 4] rpc_server/spoolss/srv_spoolss_nt.c:504(get_printer_snum) short name:poe [2012/02/20 14:52:42.231589, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) Create pipe requested \winreg [2012/02/20 14:52:42.231692, 10] rpc_server/rpc_handles.c:116(init_pipe_handles) init_pipe_handle_list: created handle list for pipe \winreg [2012/02/20 14:52:42.231784, 10] rpc_server/rpc_handles.c:133(init_pipe_handles) init_pipe_handle_list: pipe_handles ref count = 1 for pipe \winreg [2012/02/20 14:52:42.231893, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) Created internal pipe \winreg (pipes_open=0) [2012/02/20 14:52:42.232058, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM in: struct winreg_OpenHKLM system_name : NULL access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2012/02/20 14:52:42.232592, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2012/02/20 14:52:42.232690, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(7000, 1001) : sec_ctx_stack_ndx = 1 [2012/02/20 14:52:42.232785, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(100) : conn_ctx_stack_ndx = 0 [2012/02/20 14:52:42.232870, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2012/02/20 14:52:42.232965, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2012/02/20 14:52:42.233051, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2012/02/20 14:52:42.233330, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (7000, 1001) - sec_ctx_stack_ndx = 0 [2012/02/20 14:52:42.233432, 10] registry/reg_backend_db.c:602(regdb_open) regdb_open: registry db opened. refcount reset (1) [2012/02/20 14:52:42.233527, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM] [2012/02/20 14:52:42.233615, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM] [2012/02/20 14:52:42.233704, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/02/20 14:52:42.233791, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0xb037c0 for key [\HKLM] [2012/02/20 14:52:42.233966, 10] registry/reg_backend_db.c:1871(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM] [2012/02/20 14:52:42.234147, 10] ../libcli/security/access_check.c:178(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2012/02/20 14:52:42.234252, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[1] [0000] 00 00 00 00 12 00 00 00 00 00 00 00 42 4F AA C0 ........ ....BO.. [0010] 59 6C 00 00 Yl.. [2012/02/20 14:52:42.234484, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM out: struct winreg_OpenHKLM handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000012-0000-0000-424f-aac0596c0000 result : WERR_OK [2012/02/20 14:52:42.234893, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey in: struct winreg_OpenKey parent_handle : * parent_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000012-0000-0000-424f-aac0596c0000 keyname: struct winreg_String name_len : 0x0080 (128) name_size : 0x0080 (128) name : * name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\poe' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2012/02/20 14:52:42.236173, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 12 00 00 00 00 00 00 00 42 4F AA C0 ........ ....BO.. [0010] 59 6C 00 00 Yl.. [2012/02/20 14:52:42.236381, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2012/02/20 14:52:42.236475, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (1->2) [2012/02/20 14:52:42.236573, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] [2012/02/20 14:52:42.236663, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE] [2012/02/20 14:52:42.236753, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/02/20 14:52:42.236839, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0xb037c0 for key [\HKLM\SOFTWARE] [2012/02/20 14:52:42.237018, 10] registry/reg_backend_db.c:1871(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE] [2012/02/20 14:52:42.237161, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2012/02/20 14:52:42.237256, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (2->3) [2012/02/20 14:52:42.237350, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] [2012/02/20 14:52:42.237440, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] [2012/02/20 14:52:42.237530, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/02/20 14:52:42.237616, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0xb037c0 for key [\HKLM\SOFTWARE\Microsoft] [2012/02/20 14:52:42.237764, 10] registry/reg_backend_db.c:1871(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft] [2012/02/20 14:52:42.237900, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (3->2) [2012/02/20 14:52:42.238077, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2012/02/20 14:52:42.238177, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (2->3) [2012/02/20 14:52:42.238273, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] [2012/02/20 14:52:42.238362, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] [2012/02/20 14:52:42.238452, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/02/20 14:52:42.238538, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0xb037c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] [2012/02/20 14:52:42.238689, 10] registry/reg_backend_db.c:1871(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT] [2012/02/20 14:52:42.238828, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (3->2) [2012/02/20 14:52:42.238922, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2012/02/20 14:52:42.239054, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (2->3) [2012/02/20 14:52:42.239152, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2012/02/20 14:52:42.239241, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2012/02/20 14:52:42.239333, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/02/20 14:52:42.239419, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0xb03a20 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2012/02/20 14:52:42.239632, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (3->2) [2012/02/20 14:52:42.239753, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2012/02/20 14:52:42.239847, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (2->3) [2012/02/20 14:52:42.239944, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2012/02/20 14:52:42.240042, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2012/02/20 14:52:42.240134, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/02/20 14:52:42.240220, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0xb03a20 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2012/02/20 14:52:42.240373, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (3->2) [2012/02/20 14:52:42.240466, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2012/02/20 14:52:42.240555, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (2->3) [2012/02/20 14:52:42.240651, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2012/02/20 14:52:42.240741, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2012/02/20 14:52:42.240832, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/02/20 14:52:42.240918, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0xb037c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2012/02/20 14:52:42.241076, 10] registry/reg_backend_db.c:1871(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2012/02/20 14:52:42.241275, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (3->2) [2012/02/20 14:52:42.241373, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [poe] [2012/02/20 14:52:42.241464, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (2->3) [2012/02/20 14:52:42.241559, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\poe] [2012/02/20 14:52:42.241652, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\poe] [2012/02/20 14:52:42.241744, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/02/20 14:52:42.241904, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0xb037c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\poe] [2012/02/20 14:52:42.242077, 10] registry/reg_backend_db.c:1871(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\poe] [2012/02/20 14:52:42.242219, 10] ../libcli/security/access_check.c:178(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2012/02/20 14:52:42.242319, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (3->2) [2012/02/20 14:52:42.242414, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[2] [0000] 00 00 00 00 13 00 00 00 00 00 00 00 42 4F AA C0 ........ ....BO.. [0010] 59 6C 00 00 Yl.. [2012/02/20 14:52:42.242606, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey out: struct winreg_OpenKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000013-0000-0000-424f-aac0596c0000 result : WERR_OK [2012/02/20 14:52:42.243017, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_QueryInfoKey: struct winreg_QueryInfoKey in: struct winreg_QueryInfoKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000013-0000-0000-424f-aac0596c0000 classname : * classname: struct winreg_String name_len : 0x0000 (0) name_size : 0x0000 (0) name : NULL [2012/02/20 14:52:42.243527, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 13 00 00 00 00 00 00 00 42 4F AA C0 ........ ....BO.. [0010] 59 6C 00 00 Yl.. [2012/02/20 14:52:42.243820, 10] registry/reg_dispatcher.c:150(fetch_reg_values) fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\poe' (ops 0xb037c0) [2012/02/20 14:52:42.243925, 10] registry/reg_backend_db.c:1764(regdb_fetch_values_internal) regdb_fetch_values: Looking for value of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\poe] [2012/02/20 14:52:42.244073, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) specific: [Attributes], len: 4 [2012/02/20 14:52:42.244166, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) specific: [Description], len: 2 [2012/02/20 14:52:42.244256, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) specific: [Datatype], len: 8 [2012/02/20 14:52:42.244370, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) specific: [Default Priority], len: 4 [2012/02/20 14:52:42.244460, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) specific: [Port], len: 38 [2012/02/20 14:52:42.244585, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) specific: [Name], len: 8 [2012/02/20 14:52:42.244678, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) specific: [Print Processor], len: 18 [2012/02/20 14:52:42.244768, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) specific: [Priority], len: 4 [2012/02/20 14:52:42.244859, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) specific: [Security], len: 248 [2012/02/20 14:52:42.244960, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) specific: [Share Name], len: 8 [2012/02/20 14:52:42.245052, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) specific: [StartTime], len: 4 [2012/02/20 14:52:42.245186, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) specific: [UntilTime], len: 4 [2012/02/20 14:52:42.245280, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) specific: [ChangeID], len: 4 [2012/02/20 14:52:42.245373, 10] registry/reg_backend_db.c:1871(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\poe] [2012/02/20 14:52:42.245526, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_QueryInfoKey: struct winreg_QueryInfoKey out: struct winreg_QueryInfoKey classname : * classname: struct winreg_String name_len : 0x0000 (0) name_size : 0x0000 (0) name : NULL num_subkeys : * num_subkeys : 0x00000003 (3) max_subkeylen : * max_subkeylen : 0x00000022 (34) max_classlen : * max_classlen : 0x00000000 (0) num_values : * num_values : 0x0000000d (13) max_valnamelen : * max_valnamelen : 0x00000022 (34) max_valbufsize : * max_valbufsize : 0x000000f8 (248) secdescsize : * secdescsize : 0x00000078 (120) last_changed_time : * last_changed_time : NTTIME(0) result : WERR_OK [2012/02/20 14:52:42.246663, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000013-0000-0000-424f-aac0596c0000 enum_index : 0x00000000 (0) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2012/02/20 14:52:42.247663, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 13 00 00 00 00 00 00 00 42 4F AA C0 ........ ....BO.. [0010] 59 6C 00 00 Yl.. [2012/02/20 14:52:42.247858, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\poe] [2012/02/20 14:52:42.247997, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0016 (22) size : 0x0024 (36) name : * name : 'Attributes' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x48 (72) [1] : 0x10 (16) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2012/02/20 14:52:42.249039, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000013-0000-0000-424f-aac0596c0000 enum_index : 0x00000001 (1) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2012/02/20 14:52:42.250020, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 13 00 00 00 00 00 00 00 42 4F AA C0 ........ ....BO.. [0010] 59 6C 00 00 Yl.. [2012/02/20 14:52:42.250212, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\poe] [2012/02/20 14:52:42.250309, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0018 (24) size : 0x0024 (36) name : * name : 'Description' type : * type : REG_SZ (1) value : * value: ARRAY(2) [0] : 0x00 (0) [1] : 0x00 (0) size : * size : 0x00000002 (2) length : * length : 0x00000002 (2) result : WERR_OK [2012/02/20 14:52:42.251228, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000013-0000-0000-424f-aac0596c0000 enum_index : 0x00000002 (2) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2012/02/20 14:52:42.252226, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 13 00 00 00 00 00 00 00 42 4F AA C0 ........ ....BO.. [0010] 59 6C 00 00 Yl.. [2012/02/20 14:52:42.252417, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\poe] [2012/02/20 14:52:42.252514, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0024 (36) name : * name : 'Datatype' type : * type : REG_SZ (1) value : * value: ARRAY(8) [0] : 0x52 (82) [1] : 0x00 (0) [2] : 0x41 (65) [3] : 0x00 (0) [4] : 0x57 (87) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) size : * size : 0x00000008 (8) length : * length : 0x00000008 (8) result : WERR_OK [2012/02/20 14:52:42.253798, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000013-0000-0000-424f-aac0596c0000 enum_index : 0x00000003 (3) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2012/02/20 14:52:42.254847, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 13 00 00 00 00 00 00 00 42 4F AA C0 ........ ....BO.. [0010] 59 6C 00 00 Yl.. [2012/02/20 14:52:42.255115, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\poe] [2012/02/20 14:52:42.255218, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0022 (34) size : 0x0024 (36) name : * name : 'Default Priority' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2012/02/20 14:52:42.256224, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000013-0000-0000-424f-aac0596c0000 enum_index : 0x00000004 (4) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2012/02/20 14:52:42.257225, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 13 00 00 00 00 00 00 00 42 4F AA C0 ........ ....BO.. [0010] 59 6C 00 00 Yl.. [2012/02/20 14:52:42.257450, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\poe] [2012/02/20 14:52:42.257550, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x000a (10) size : 0x0024 (36) name : * name : 'Port' type : * type : REG_SZ (1) value : * value: ARRAY(38) [0] : 0x53 (83) [1] : 0x00 (0) [2] : 0x61 (97) [3] : 0x00 (0) [4] : 0x6d (109) [5] : 0x00 (0) [6] : 0x62 (98) [7] : 0x00 (0) [8] : 0x61 (97) [9] : 0x00 (0) [10] : 0x20 (32) [11] : 0x00 (0) [12] : 0x50 (80) [13] : 0x00 (0) [14] : 0x72 (114) [15] : 0x00 (0) [16] : 0x69 (105) [17] : 0x00 (0) [18] : 0x6e (110) [19] : 0x00 (0) [20] : 0x74 (116) [21] : 0x00 (0) [22] : 0x65 (101) [23] : 0x00 (0) [24] : 0x72 (114) [25] : 0x00 (0) [26] : 0x20 (32) [27] : 0x00 (0) [28] : 0x50 (80) [29] : 0x00 (0) [30] : 0x6f (111) [31] : 0x00 (0) [32] : 0x72 (114) [33] : 0x00 (0) [34] : 0x74 (116) [35] : 0x00 (0) [36] : 0x00 (0) [37] : 0x00 (0) size : * size : 0x00000026 (38) length : * length : 0x00000026 (38) result : WERR_OK [2012/02/20 14:52:42.260178, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000013-0000-0000-424f-aac0596c0000 enum_index : 0x00000005 (5) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2012/02/20 14:52:42.261151, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 13 00 00 00 00 00 00 00 42 4F AA C0 ........ ....BO.. [0010] 59 6C 00 00 Yl.. [2012/02/20 14:52:42.261345, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\poe] [2012/02/20 14:52:42.261443, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x000a (10) size : 0x0024 (36) name : * name : 'Name' type : * type : REG_SZ (1) value : * value: ARRAY(8) [0] : 0x70 (112) [1] : 0x00 (0) [2] : 0x6f (111) [3] : 0x00 (0) [4] : 0x65 (101) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) size : * size : 0x00000008 (8) length : * length : 0x00000008 (8) result : WERR_OK [2012/02/20 14:52:42.262773, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000013-0000-0000-424f-aac0596c0000 enum_index : 0x00000006 (6) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2012/02/20 14:52:42.263750, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 13 00 00 00 00 00 00 00 42 4F AA C0 ........ ....BO.. [0010] 59 6C 00 00 Yl.. [2012/02/20 14:52:42.263945, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\poe] [2012/02/20 14:52:42.264050, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0020 (32) size : 0x0024 (36) name : * name : 'Print Processor' type : * type : REG_SZ (1) value : * value: ARRAY(18) [0] : 0x77 (119) [1] : 0x00 (0) [2] : 0x69 (105) [3] : 0x00 (0) [4] : 0x6e (110) [5] : 0x00 (0) [6] : 0x70 (112) [7] : 0x00 (0) [8] : 0x72 (114) [9] : 0x00 (0) [10] : 0x69 (105) [11] : 0x00 (0) [12] : 0x6e (110) [13] : 0x00 (0) [14] : 0x74 (116) [15] : 0x00 (0) [16] : 0x00 (0) [17] : 0x00 (0) size : * size : 0x00000012 (18) length : * length : 0x00000012 (18) result : WERR_OK [2012/02/20 14:52:42.265646, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000013-0000-0000-424f-aac0596c0000 enum_index : 0x00000007 (7) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2012/02/20 14:52:42.266621, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 13 00 00 00 00 00 00 00 42 4F AA C0 ........ ....BO.. [0010] 59 6C 00 00 Yl.. [2012/02/20 14:52:42.266811, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\poe] [2012/02/20 14:52:42.266907, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0024 (36) name : * name : 'Priority' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2012/02/20 14:52:42.268083, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000013-0000-0000-424f-aac0596c0000 enum_index : 0x00000008 (8) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2012/02/20 14:52:42.269099, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 13 00 00 00 00 00 00 00 42 4F AA C0 ........ ....BO.. [0010] 59 6C 00 00 Yl.. [2012/02/20 14:52:42.269291, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\poe] [2012/02/20 14:52:42.269392, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0024 (36) name : * name : 'Security' type : * type : REG_BINARY (3) value : * value: ARRAY(248) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x04 (4) [3] : 0x80 (128) [4] : 0x14 (20) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) [8] : 0x24 (36) [9] : 0x00 (0) [10] : 0x00 (0) [11] : 0x00 (0) [12] : 0x00 (0) [13] : 0x00 (0) [14] : 0x00 (0) [15] : 0x00 (0) [16] : 0x34 (52) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) [20] : 0x01 (1) [21] : 0x02 (2) [22] : 0x00 (0) [23] : 0x00 (0) [24] : 0x00 (0) [25] : 0x00 (0) [26] : 0x00 (0) [27] : 0x05 (5) [28] : 0x20 (32) [29] : 0x00 (0) [30] : 0x00 (0) [31] : 0x00 (0) [32] : 0x20 (32) [33] : 0x02 (2) [34] : 0x00 (0) [35] : 0x00 (0) [36] : 0x01 (1) [37] : 0x02 (2) [38] : 0x00 (0) [39] : 0x00 (0) [40] : 0x00 (0) [41] : 0x00 (0) [42] : 0x00 (0) [43] : 0x05 (5) [44] : 0x20 (32) [45] : 0x00 (0) [46] : 0x00 (0) [47] : 0x00 (0) [48] : 0x20 (32) [49] : 0x02 (2) [50] : 0x00 (0) [51] : 0x00 (0) [52] : 0x02 (2) [53] : 0x00 (0) [54] : 0xc4 (196) [55] : 0x00 (0) [56] : 0x07 (7) [57] : 0x00 (0) [58] : 0x00 (0) [59] : 0x00 (0) [60] : 0x00 (0) [61] : 0x02 (2) [62] : 0x14 (20) [63] : 0x00 (0) [64] : 0x08 (8) [65] : 0x00 (0) [66] : 0x02 (2) [67] : 0x20 (32) [68] : 0x01 (1) [69] : 0x01 (1) [70] : 0x00 (0) [71] : 0x00 (0) [72] : 0x00 (0) [73] : 0x00 (0) [74] : 0x00 (0) [75] : 0x01 (1) [76] : 0x00 (0) [77] : 0x00 (0) [78] : 0x00 (0) [79] : 0x00 (0) [80] : 0x00 (0) [81] : 0x09 (9) [82] : 0x24 (36) [83] : 0x00 (0) [84] : 0x0c (12) [85] : 0x00 (0) [86] : 0x0f (15) [87] : 0x10 (16) [88] : 0x01 (1) [89] : 0x05 (5) [90] : 0x00 (0) [91] : 0x00 (0) [92] : 0x00 (0) [93] : 0x00 (0) [94] : 0x00 (0) [95] : 0x05 (5) [96] : 0x15 (21) [97] : 0x00 (0) [98] : 0x00 (0) [99] : 0x00 (0) [100] : 0xd3 (211) [101] : 0x42 (66) [102] : 0x9f (159) [103] : 0x90 (144) [104] : 0x94 (148) [105] : 0x5f (95) [106] : 0x64 (100) [107] : 0xfd (253) [108] : 0xeb (235) [109] : 0x17 (23) [110] : 0x72 (114) [111] : 0x3b (59) [112] : 0x00 (0) [113] : 0x02 (2) [114] : 0x00 (0) [115] : 0x00 (0) [116] : 0x00 (0) [117] : 0x02 (2) [118] : 0x24 (36) [119] : 0x00 (0) [120] : 0x0c (12) [121] : 0x00 (0) [122] : 0x0f (15) [123] : 0x10 (16) [124] : 0x01 (1) [125] : 0x05 (5) [126] : 0x00 (0) [127] : 0x00 (0) [128] : 0x00 (0) [129] : 0x00 (0) [130] : 0x00 (0) [131] : 0x05 (5) [132] : 0x15 (21) [133] : 0x00 (0) [134] : 0x00 (0) [135] : 0x00 (0) [136] : 0xd3 (211) [137] : 0x42 (66) [138] : 0x9f (159) [139] : 0x90 (144) [140] : 0x94 (148) [141] : 0x5f (95) [142] : 0x64 (100) [143] : 0xfd (253) [144] : 0xeb (235) [145] : 0x17 (23) [146] : 0x72 (114) [147] : 0x3b (59) [148] : 0x00 (0) [149] : 0x02 (2) [150] : 0x00 (0) [151] : 0x00 (0) [152] : 0x00 (0) [153] : 0x09 (9) [154] : 0x18 (24) [155] : 0x00 (0) [156] : 0x0c (12) [157] : 0x00 (0) [158] : 0x0f (15) [159] : 0x10 (16) [160] : 0x01 (1) [161] : 0x02 (2) [162] : 0x00 (0) [163] : 0x00 (0) [164] : 0x00 (0) [165] : 0x00 (0) [166] : 0x00 (0) [167] : 0x05 (5) [168] : 0x20 (32) [169] : 0x00 (0) [170] : 0x00 (0) [171] : 0x00 (0) [172] : 0x20 (32) [173] : 0x02 (2) [174] : 0x00 (0) [175] : 0x00 (0) [176] : 0x00 (0) [177] : 0x02 (2) [178] : 0x18 (24) [179] : 0x00 (0) [180] : 0x0c (12) [181] : 0x00 (0) [182] : 0x0f (15) [183] : 0x10 (16) [184] : 0x01 (1) [185] : 0x02 (2) [186] : 0x00 (0) [187] : 0x00 (0) [188] : 0x00 (0) [189] : 0x00 (0) [190] : 0x00 (0) [191] : 0x05 (5) [192] : 0x20 (32) [193] : 0x00 (0) [194] : 0x00 (0) [195] : 0x00 (0) [196] : 0x20 (32) [197] : 0x02 (2) [198] : 0x00 (0) [199] : 0x00 (0) [200] : 0x00 (0) [201] : 0x09 (9) [202] : 0x18 (24) [203] : 0x00 (0) [204] : 0x0c (12) [205] : 0x00 (0) [206] : 0x0f (15) [207] : 0x10 (16) [208] : 0x01 (1) [209] : 0x02 (2) [210] : 0x00 (0) [211] : 0x00 (0) [212] : 0x00 (0) [213] : 0x00 (0) [214] : 0x00 (0) [215] : 0x05 (5) [216] : 0x20 (32) [217] : 0x00 (0) [218] : 0x00 (0) [219] : 0x00 (0) [220] : 0x26 (38) [221] : 0x02 (2) [222] : 0x00 (0) [223] : 0x00 (0) [224] : 0x00 (0) [225] : 0x02 (2) [226] : 0x18 (24) [227] : 0x00 (0) [228] : 0x0c (12) [229] : 0x00 (0) [230] : 0x0f (15) [231] : 0x10 (16) [232] : 0x01 (1) [233] : 0x02 (2) [234] : 0x00 (0) [235] : 0x00 (0) [236] : 0x00 (0) [237] : 0x00 (0) [238] : 0x00 (0) [239] : 0x05 (5) [240] : 0x20 (32) [241] : 0x00 (0) [242] : 0x00 (0) [243] : 0x00 (0) [244] : 0x26 (38) [245] : 0x02 (2) [246] : 0x00 (0) [247] : 0x00 (0) size : * size : 0x000000f8 (248) length : * length : 0x000000f8 (248) result : WERR_OK [2012/02/20 14:52:42.281816, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000013-0000-0000-424f-aac0596c0000 enum_index : 0x00000009 (9) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2012/02/20 14:52:42.282816, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 13 00 00 00 00 00 00 00 42 4F AA C0 ........ ....BO.. [0010] 59 6C 00 00 Yl.. [2012/02/20 14:52:42.283017, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\poe] [2012/02/20 14:52:42.283115, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0016 (22) size : 0x0024 (36) name : * name : 'Share Name' type : * type : REG_SZ (1) value : * value: ARRAY(8) [0] : 0x70 (112) [1] : 0x00 (0) [2] : 0x6f (111) [3] : 0x00 (0) [4] : 0x65 (101) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) size : * size : 0x00000008 (8) length : * length : 0x00000008 (8) result : WERR_OK [2012/02/20 14:52:42.284305, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000013-0000-0000-424f-aac0596c0000 enum_index : 0x0000000a (10) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2012/02/20 14:52:42.285298, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 13 00 00 00 00 00 00 00 42 4F AA C0 ........ ....BO.. [0010] 59 6C 00 00 Yl.. [2012/02/20 14:52:42.285490, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\poe] [2012/02/20 14:52:42.285586, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0014 (20) size : 0x0024 (36) name : * name : 'StartTime' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x00 (0) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2012/02/20 14:52:42.287001, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000013-0000-0000-424f-aac0596c0000 enum_index : 0x0000000b (11) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2012/02/20 14:52:42.288113, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 13 00 00 00 00 00 00 00 42 4F AA C0 ........ ....BO.. [0010] 59 6C 00 00 Yl.. [2012/02/20 14:52:42.288358, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\poe] [2012/02/20 14:52:42.288461, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0014 (20) size : 0x0024 (36) name : * name : 'UntilTime' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x00 (0) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2012/02/20 14:52:42.289577, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000013-0000-0000-424f-aac0596c0000 enum_index : 0x0000000c (12) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2012/02/20 14:52:42.290588, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 13 00 00 00 00 00 00 00 42 4F AA C0 ........ ....BO.. [0010] 59 6C 00 00 Yl.. [2012/02/20 14:52:42.290784, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\poe] [2012/02/20 14:52:42.290882, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0024 (36) name : * name : 'ChangeID' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x6e (110) [1] : 0xef (239) [2] : 0xbe (190) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2012/02/20 14:52:42.292051, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000013-0000-0000-424f-aac0596c0000 value_name : * value_name: struct winreg_String name_len : 0x0020 (32) name_size : 0x0020 (32) name : * name : 'Default DevMode' type : * type : REG_NONE (0) data : NULL data_size : * data_size : 0x00000000 (0) data_length : * data_length : 0x00000000 (0) [2012/02/20 14:52:42.292912, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 13 00 00 00 00 00 00 00 42 4F AA C0 ........ ....BO.. [0010] 59 6C 00 00 Yl.. [2012/02/20 14:52:42.293108, 7] rpc_server/winreg/srv_winreg_nt.c:262(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\poe] [2012/02/20 14:52:42.293199, 7] rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2012/02/20 14:52:42.293294, 10] rpc_server/winreg/srv_winreg_nt.c:315(_winreg_QueryValue) _winreg_QueryValue: reg_queryvalue failed with: WERR_BADFILE [2012/02/20 14:52:42.293381, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_NONE (0) data : NULL data_size : * data_size : 0x00000000 (0) data_length : * data_length : 0x00000000 (0) result : WERR_BADFILE [2012/02/20 14:52:42.293895, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM in: struct winreg_OpenHKLM system_name : NULL access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2012/02/20 14:52:42.294441, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2012/02/20 14:52:42.294536, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (2->3) [2012/02/20 14:52:42.294630, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM] [2012/02/20 14:52:42.294718, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM] [2012/02/20 14:52:42.294806, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/02/20 14:52:42.294892, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0xb037c0 for key [\HKLM] [2012/02/20 14:52:42.295054, 10] registry/reg_backend_db.c:1871(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM] [2012/02/20 14:52:42.295186, 10] ../libcli/security/access_check.c:178(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2012/02/20 14:52:42.295287, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[3] [0000] 00 00 00 00 14 00 00 00 00 00 00 00 42 4F AA C0 ........ ....BO.. [0010] 59 6C 00 00 Yl.. [2012/02/20 14:52:42.295480, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM out: struct winreg_OpenHKLM handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000014-0000-0000-424f-aac0596c0000 result : WERR_OK [2012/02/20 14:52:42.295897, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey in: struct winreg_OpenKey parent_handle : * parent_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000014-0000-0000-424f-aac0596c0000 keyname: struct winreg_String name_len : 0x0080 (128) name_size : 0x0080 (128) name : * name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\poe' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2012/02/20 14:52:42.297176, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 14 00 00 00 00 00 00 00 42 4F AA C0 ........ ....BO.. [0010] 59 6C 00 00 Yl.. [2012/02/20 14:52:42.297386, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2012/02/20 14:52:42.297482, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (3->4) [2012/02/20 14:52:42.297577, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] [2012/02/20 14:52:42.297669, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE] [2012/02/20 14:52:42.297758, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/02/20 14:52:42.297843, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0xb037c0 for key [\HKLM\SOFTWARE] [2012/02/20 14:52:42.298012, 10] registry/reg_backend_db.c:1871(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE] [2012/02/20 14:52:42.298151, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2012/02/20 14:52:42.298246, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (4->5) [2012/02/20 14:52:42.298340, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] [2012/02/20 14:52:42.298428, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] [2012/02/20 14:52:42.298517, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/02/20 14:52:42.298601, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0xb037c0 for key [\HKLM\SOFTWARE\Microsoft] [2012/02/20 14:52:42.298737, 10] registry/reg_backend_db.c:1871(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft] [2012/02/20 14:52:42.298869, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (5->4) [2012/02/20 14:52:42.299063, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2012/02/20 14:52:42.299242, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (4->5) [2012/02/20 14:52:42.299407, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] [2012/02/20 14:52:42.299527, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] [2012/02/20 14:52:42.299659, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/02/20 14:52:42.299746, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0xb037c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] [2012/02/20 14:52:42.299904, 10] registry/reg_backend_db.c:1871(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT] [2012/02/20 14:52:42.300077, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (5->4) [2012/02/20 14:52:42.300174, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2012/02/20 14:52:42.300268, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (4->5) [2012/02/20 14:52:42.300363, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2012/02/20 14:52:42.300452, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2012/02/20 14:52:42.300543, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/02/20 14:52:42.300630, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0xb03a20 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2012/02/20 14:52:42.300791, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (5->4) [2012/02/20 14:52:42.300883, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2012/02/20 14:52:42.301005, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (4->5) [2012/02/20 14:52:42.301129, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2012/02/20 14:52:42.301220, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2012/02/20 14:52:42.301313, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/02/20 14:52:42.301398, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0xb03a20 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2012/02/20 14:52:42.301546, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (5->4) [2012/02/20 14:52:42.301641, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2012/02/20 14:52:42.301732, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (4->5) [2012/02/20 14:52:42.301828, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2012/02/20 14:52:42.301918, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2012/02/20 14:52:42.302017, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/02/20 14:52:42.302104, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0xb037c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2012/02/20 14:52:42.302252, 10] registry/reg_backend_db.c:1871(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2012/02/20 14:52:42.302390, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (5->4) [2012/02/20 14:52:42.302480, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [poe] [2012/02/20 14:52:42.302572, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (4->5) [2012/02/20 14:52:42.302666, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\poe] [2012/02/20 14:52:42.302783, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\poe] [2012/02/20 14:52:42.302876, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/02/20 14:52:42.302971, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0xb037c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\poe] [2012/02/20 14:52:42.303120, 10] registry/reg_backend_db.c:1871(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\poe] [2012/02/20 14:52:42.303260, 10] ../libcli/security/access_check.c:178(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2012/02/20 14:52:42.303355, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (5->4) [2012/02/20 14:52:42.303449, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[4] [0000] 00 00 00 00 15 00 00 00 00 00 00 00 42 4F AA C0 ........ ....BO.. [0010] 59 6C 00 00 Yl.. [2012/02/20 14:52:42.303636, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey out: struct winreg_OpenKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000015-0000-0000-424f-aac0596c0000 result : WERR_OK [2012/02/20 14:52:42.304134, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000015-0000-0000-424f-aac0596c0000 value_name : * value_name: struct winreg_String name_len : 0x0012 (18) name_size : 0x0012 (18) name : * name : 'Security' type : * type : REG_NONE (0) data : NULL data_size : * data_size : 0x00000000 (0) data_length : * data_length : 0x00000000 (0) [2012/02/20 14:52:42.305077, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 15 00 00 00 00 00 00 00 42 4F AA C0 ........ ....BO.. [0010] 59 6C 00 00 Yl.. [2012/02/20 14:52:42.305268, 7] rpc_server/winreg/srv_winreg_nt.c:262(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\poe] [2012/02/20 14:52:42.305360, 7] rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2012/02/20 14:52:42.305450, 10] registry/reg_dispatcher.c:150(fetch_reg_values) fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\poe' (ops 0xb037c0) [2012/02/20 14:52:42.305543, 10] registry/reg_backend_db.c:1764(regdb_fetch_values_internal) regdb_fetch_values: Looking for value of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\poe] [2012/02/20 14:52:42.305728, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) specific: [Attributes], len: 4 [2012/02/20 14:52:42.305849, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) specific: [Description], len: 2 [2012/02/20 14:52:42.305945, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) specific: [Datatype], len: 8 [2012/02/20 14:52:42.306083, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) specific: [Default Priority], len: 4 [2012/02/20 14:52:42.306174, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) specific: [Port], len: 38 [2012/02/20 14:52:42.306265, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) specific: [Name], len: 8 [2012/02/20 14:52:42.306355, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) specific: [Print Processor], len: 18 [2012/02/20 14:52:42.306445, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) specific: [Priority], len: 4 [2012/02/20 14:52:42.306536, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) specific: [Security], len: 248 [2012/02/20 14:52:42.306627, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) specific: [Share Name], len: 8 [2012/02/20 14:52:42.306717, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) specific: [StartTime], len: 4 [2012/02/20 14:52:42.306808, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) specific: [UntilTime], len: 4 [2012/02/20 14:52:42.306898, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) specific: [ChangeID], len: 4 [2012/02/20 14:52:42.307118, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_BINARY (3) data : NULL data_size : * data_size : 0x000000f8 (248) data_length : * data_length : 0x00000000 (0) result : WERR_OK [2012/02/20 14:52:42.307749, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000015-0000-0000-424f-aac0596c0000 value_name : * value_name: struct winreg_String name_len : 0x0012 (18) name_size : 0x0012 (18) name : * name : 'Security' type : * type : REG_BINARY (3) data : * data: ARRAY(0) data_size : * data_size : 0x000000f8 (248) data_length : * data_length : 0x00000000 (0) [2012/02/20 14:52:42.308662, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 15 00 00 00 00 00 00 00 42 4F AA C0 ........ ....BO.. [0010] 59 6C 00 00 Yl.. [2012/02/20 14:52:42.308853, 7] rpc_server/winreg/srv_winreg_nt.c:262(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\poe] [2012/02/20 14:52:42.308945, 7] rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2012/02/20 14:52:42.309049, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_BINARY (3) data : * data: ARRAY(248) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x04 (4) [3] : 0x80 (128) [4] : 0x14 (20) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) [8] : 0x24 (36) [9] : 0x00 (0) [10] : 0x00 (0) [11] : 0x00 (0) [12] : 0x00 (0) [13] : 0x00 (0) [14] : 0x00 (0) [15] : 0x00 (0) [16] : 0x34 (52) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) [20] : 0x01 (1) [21] : 0x02 (2) [22] : 0x00 (0) [23] : 0x00 (0) [24] : 0x00 (0) [25] : 0x00 (0) [26] : 0x00 (0) [27] : 0x05 (5) [28] : 0x20 (32) [29] : 0x00 (0) [30] : 0x00 (0) [31] : 0x00 (0) [32] : 0x20 (32) [33] : 0x02 (2) [34] : 0x00 (0) [35] : 0x00 (0) [36] : 0x01 (1) [37] : 0x02 (2) [38] : 0x00 (0) [39] : 0x00 (0) [40] : 0x00 (0) [41] : 0x00 (0) [42] : 0x00 (0) [43] : 0x05 (5) [44] : 0x20 (32) [45] : 0x00 (0) [46] : 0x00 (0) [47] : 0x00 (0) [48] : 0x20 (32) [49] : 0x02 (2) [50] : 0x00 (0) [51] : 0x00 (0) [52] : 0x02 (2) [53] : 0x00 (0) [54] : 0xc4 (196) [55] : 0x00 (0) [56] : 0x07 (7) [57] : 0x00 (0) [58] : 0x00 (0) [59] : 0x00 (0) [60] : 0x00 (0) [61] : 0x02 (2) [62] : 0x14 (20) [63] : 0x00 (0) [64] : 0x08 (8) [65] : 0x00 (0) [66] : 0x02 (2) [67] : 0x20 (32) [68] : 0x01 (1) [69] : 0x01 (1) [70] : 0x00 (0) [71] : 0x00 (0) [72] : 0x00 (0) [73] : 0x00 (0) [74] : 0x00 (0) [75] : 0x01 (1) [76] : 0x00 (0) [77] : 0x00 (0) [78] : 0x00 (0) [79] : 0x00 (0) [80] : 0x00 (0) [81] : 0x09 (9) [82] : 0x24 (36) [83] : 0x00 (0) [84] : 0x0c (12) [85] : 0x00 (0) [86] : 0x0f (15) [87] : 0x10 (16) [88] : 0x01 (1) [89] : 0x05 (5) [90] : 0x00 (0) [91] : 0x00 (0) [92] : 0x00 (0) [93] : 0x00 (0) [94] : 0x00 (0) [95] : 0x05 (5) [96] : 0x15 (21) [97] : 0x00 (0) [98] : 0x00 (0) [99] : 0x00 (0) [100] : 0xd3 (211) [101] : 0x42 (66) [102] : 0x9f (159) [103] : 0x90 (144) [104] : 0x94 (148) [105] : 0x5f (95) [106] : 0x64 (100) [107] : 0xfd (253) [108] : 0xeb (235) [109] : 0x17 (23) [110] : 0x72 (114) [111] : 0x3b (59) [112] : 0x00 (0) [113] : 0x02 (2) [114] : 0x00 (0) [115] : 0x00 (0) [116] : 0x00 (0) [117] : 0x02 (2) [118] : 0x24 (36) [119] : 0x00 (0) [120] : 0x0c (12) [121] : 0x00 (0) [122] : 0x0f (15) [123] : 0x10 (16) [124] : 0x01 (1) [125] : 0x05 (5) [126] : 0x00 (0) [127] : 0x00 (0) [128] : 0x00 (0) [129] : 0x00 (0) [130] : 0x00 (0) [131] : 0x05 (5) [132] : 0x15 (21) [133] : 0x00 (0) [134] : 0x00 (0) [135] : 0x00 (0) [136] : 0xd3 (211) [137] : 0x42 (66) [138] : 0x9f (159) [139] : 0x90 (144) [140] : 0x94 (148) [141] : 0x5f (95) [142] : 0x64 (100) [143] : 0xfd (253) [144] : 0xeb (235) [145] : 0x17 (23) [146] : 0x72 (114) [147] : 0x3b (59) [148] : 0x00 (0) [149] : 0x02 (2) [150] : 0x00 (0) [151] : 0x00 (0) [152] : 0x00 (0) [153] : 0x09 (9) [154] : 0x18 (24) [155] : 0x00 (0) [156] : 0x0c (12) [157] : 0x00 (0) [158] : 0x0f (15) [159] : 0x10 (16) [160] : 0x01 (1) [161] : 0x02 (2) [162] : 0x00 (0) [163] : 0x00 (0) [164] : 0x00 (0) [165] : 0x00 (0) [166] : 0x00 (0) [167] : 0x05 (5) [168] : 0x20 (32) [169] : 0x00 (0) [170] : 0x00 (0) [171] : 0x00 (0) [172] : 0x20 (32) [173] : 0x02 (2) [174] : 0x00 (0) [175] : 0x00 (0) [176] : 0x00 (0) [177] : 0x02 (2) [178] : 0x18 (24) [179] : 0x00 (0) [180] : 0x0c (12) [181] : 0x00 (0) [182] : 0x0f (15) [183] : 0x10 (16) [184] : 0x01 (1) [185] : 0x02 (2) [186] : 0x00 (0) [187] : 0x00 (0) [188] : 0x00 (0) [189] : 0x00 (0) [190] : 0x00 (0) [191] : 0x05 (5) [192] : 0x20 (32) [193] : 0x00 (0) [194] : 0x00 (0) [195] : 0x00 (0) [196] : 0x20 (32) [197] : 0x02 (2) [198] : 0x00 (0) [199] : 0x00 (0) [200] : 0x00 (0) [201] : 0x09 (9) [202] : 0x18 (24) [203] : 0x00 (0) [204] : 0x0c (12) [205] : 0x00 (0) [206] : 0x0f (15) [207] : 0x10 (16) [208] : 0x01 (1) [209] : 0x02 (2) [210] : 0x00 (0) [211] : 0x00 (0) [212] : 0x00 (0) [213] : 0x00 (0) [214] : 0x00 (0) [215] : 0x05 (5) [216] : 0x20 (32) [217] : 0x00 (0) [218] : 0x00 (0) [219] : 0x00 (0) [220] : 0x26 (38) [221] : 0x02 (2) [222] : 0x00 (0) [223] : 0x00 (0) [224] : 0x00 (0) [225] : 0x02 (2) [226] : 0x18 (24) [227] : 0x00 (0) [228] : 0x0c (12) [229] : 0x00 (0) [230] : 0x0f (15) [231] : 0x10 (16) [232] : 0x01 (1) [233] : 0x02 (2) [234] : 0x00 (0) [235] : 0x00 (0) [236] : 0x00 (0) [237] : 0x00 (0) [238] : 0x00 (0) [239] : 0x05 (5) [240] : 0x20 (32) [241] : 0x00 (0) [242] : 0x00 (0) [243] : 0x00 (0) [244] : 0x26 (38) [245] : 0x02 (2) [246] : 0x00 (0) [247] : 0x00 (0) data_size : * data_size : 0x000000f8 (248) data_length : * data_length : 0x000000f8 (248) result : WERR_OK [2012/02/20 14:52:42.320149, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000015-0000-0000-424f-aac0596c0000 [2012/02/20 14:52:42.320472, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 15 00 00 00 00 00 00 00 42 4F AA C0 ........ ....BO.. [0010] 59 6C 00 00 Yl.. [2012/02/20 14:52:42.320662, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 15 00 00 00 00 00 00 00 42 4F AA C0 ........ ....BO.. [0010] 59 6C 00 00 Yl.. [2012/02/20 14:52:42.320849, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/02/20 14:52:42.320942, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (4->3) [2012/02/20 14:52:42.321042, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2012/02/20 14:52:42.321417, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000014-0000-0000-424f-aac0596c0000 [2012/02/20 14:52:42.321754, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 14 00 00 00 00 00 00 00 42 4F AA C0 ........ ....BO.. [0010] 59 6C 00 00 Yl.. [2012/02/20 14:52:42.321941, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 14 00 00 00 00 00 00 00 42 4F AA C0 ........ ....BO.. [0010] 59 6C 00 00 Yl.. [2012/02/20 14:52:42.322149, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/02/20 14:52:42.322236, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (3->2) [2012/02/20 14:52:42.322325, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2012/02/20 14:52:42.322708, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000013-0000-0000-424f-aac0596c0000 [2012/02/20 14:52:42.323049, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 13 00 00 00 00 00 00 00 42 4F AA C0 ........ ....BO.. [0010] 59 6C 00 00 Yl.. [2012/02/20 14:52:42.323239, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 13 00 00 00 00 00 00 00 42 4F AA C0 ........ ....BO.. [0010] 59 6C 00 00 Yl.. [2012/02/20 14:52:42.323424, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/02/20 14:52:42.323519, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (2->1) [2012/02/20 14:52:42.323612, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2012/02/20 14:52:42.323991, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000012-0000-0000-424f-aac0596c0000 [2012/02/20 14:52:42.324300, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 12 00 00 00 00 00 00 00 42 4F AA C0 ........ ....BO.. [0010] 59 6C 00 00 Yl.. [2012/02/20 14:52:42.324485, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 12 00 00 00 00 00 00 00 42 4F AA C0 ........ ....BO.. [0010] 59 6C 00 00 Yl.. [2012/02/20 14:52:42.324669, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/02/20 14:52:42.324757, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (1->0) [2012/02/20 14:52:42.324879, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2012/02/20 14:52:42.325351, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(7000, 1001) : sec_ctx_stack_ndx = 1 [2012/02/20 14:52:42.325459, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(100) : conn_ctx_stack_ndx = 0 [2012/02/20 14:52:42.325546, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2012/02/20 14:52:42.325634, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2012/02/20 14:52:42.325720, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2012/02/20 14:52:42.325987, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (7000, 1001) - sec_ctx_stack_ndx = 0 [2012/02/20 14:52:42.326115, 4] printing/printing.c:1288(print_cache_expired) print_cache_expired: cache expired for queue poe (last_qscan_time = 1329774490, time now = 1329774762, qcachetime = 30) [2012/02/20 14:52:42.326265, 10] printing/printing.c:1815(print_queue_update) print_queue_update: Sending message -> printer = poe, type = 8, lpq command = [poe] lprm command = [] [2012/02/20 14:52:42.326428, 10] lib/messages_local.c:255(messaging_tdb_store) messaging_tdb_store: [2012/02/20 14:52:42.326519, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) array: struct messaging_array num_messages : 0x00000001 (1) messages: ARRAY(1) messages: struct messaging_rec msg_version : 0x00000002 (2) msg_type : MSG_PRINTER_UPDATE (517) dest: struct server_id pid : 0x00000611 (1553) vnn : 0xffffffff (4294967295) unique_id : 0x0d94bc75dd341bb3 (978614233454615475) src: struct server_id pid : 0x00006c59 (27737) vnn : 0xffffffff (4294967295) unique_id : 0x0d94bc75dd341bb3 (978614233454615475) buf : DATA_BLOB length=13 [0000] 70 6F 65 00 08 00 00 00 70 6F 65 00 00 poe..... poe.. [2012/02/20 14:52:42.327597, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) spoolss_GetPrinter: struct spoolss_GetPrinter out: struct spoolss_GetPrinter info : * info : union spoolss_PrinterInfo(case 2) info2: struct spoolss_PrinterInfo2 servername : * servername : '\\earth' printername : * printername : '\\earth\poe' sharename : * sharename : 'poe' portname : * portname : 'Samba Printer Port' drivername : * drivername : '' comment : * comment : 'Double sided LaserJet 5m by fax machine' location : * location : 'Fax Machine' devmode : * devmode: struct spoolss_DeviceMode devicename : '\\earth\poe' specversion : DMSPEC_NT4_AND_ABOVE (1025) driverversion : 0x0400 (1024) size : 0x00dc (220) __driverextra_length : 0x0000 (0) fields : 0x00014713 (83731) 1: DEVMODE_ORIENTATION 1: DEVMODE_PAPERSIZE 0: DEVMODE_PAPERLENGTH 0: DEVMODE_PAPERWIDTH 1: DEVMODE_SCALE 0: DEVMODE_POSITION 0: DEVMODE_NUP 1: DEVMODE_COPIES 1: DEVMODE_DEFAULTSOURCE 1: DEVMODE_PRINTQUALITY 0: DEVMODE_COLOR 0: DEVMODE_DUPLEX 0: DEVMODE_YRESOLUTION 1: DEVMODE_TTOPTION 0: DEVMODE_COLLATE 1: DEVMODE_FORMNAME 0: DEVMODE_LOGPIXELS 0: DEVMODE_BITSPERPEL 0: DEVMODE_PELSWIDTH 0: DEVMODE_PELSHEIGHT 0: DEVMODE_DISPLAYFLAGS 0: DEVMODE_DISPLAYFREQUENCY 0: DEVMODE_ICMMETHOD 0: DEVMODE_ICMINTENT 0: DEVMODE_MEDIATYPE 0: DEVMODE_DITHERTYPE 0: DEVMODE_PANNINGWIDTH 0: DEVMODE_PANNINGHEIGHT orientation : DMORIENT_PORTRAIT (1) papersize : DMPAPER_LETTER (1) paperlength : 0x0000 (0) paperwidth : 0x0000 (0) scale : 0x0064 (100) copies : 0x0001 (1) defaultsource : DMBIN_FORMSOURCE (15) printquality : DMRES_HIGH (65532) color : DMRES_MONOCHROME (1) duplex : DMDUP_SIMPLEX (1) yresolution : 0x0000 (0) ttoption : DMTT_SUBDEV (3) collate : DMCOLLATE_FALSE (0) formname : 'Letter' logpixels : 0x0000 (0) bitsperpel : 0x00000000 (0) pelswidth : 0x00000000 (0) pelsheight : 0x00000000 (0) displayflags : UNKNOWN_ENUM_VALUE (0) displayfrequency : 0x00000000 (0) icmmethod : UNKNOWN_ENUM_VALUE (0) icmintent : UNKNOWN_ENUM_VALUE (0) mediatype : UNKNOWN_ENUM_VALUE (0) dithertype : UNKNOWN_ENUM_VALUE (0) reserved1 : 0x00000000 (0) reserved2 : 0x00000000 (0) panningwidth : 0x00000000 (0) panningheight : 0x00000000 (0) driverextra_data : DATA_BLOB length=0 sepfile : * sepfile : '' printprocessor : * printprocessor : 'winprint' datatype : * datatype : 'RAW' parameters : * parameters : '' secdesc : * secdesc: struct security_descriptor revision : SECURITY_DESCRIPTOR_REVISION_1 (1) type : 0x8004 (32772) 0: SEC_DESC_OWNER_DEFAULTED 0: SEC_DESC_GROUP_DEFAULTED 1: SEC_DESC_DACL_PRESENT 0: SEC_DESC_DACL_DEFAULTED 0: SEC_DESC_SACL_PRESENT 0: SEC_DESC_SACL_DEFAULTED 0: SEC_DESC_DACL_TRUSTED 0: SEC_DESC_SERVER_SECURITY 0: SEC_DESC_DACL_AUTO_INHERIT_REQ 0: SEC_DESC_SACL_AUTO_INHERIT_REQ 0: SEC_DESC_DACL_AUTO_INHERITED 0: SEC_DESC_SACL_AUTO_INHERITED 0: SEC_DESC_DACL_PROTECTED 0: SEC_DESC_SACL_PROTECTED 0: SEC_DESC_RM_CONTROL_VALID 1: SEC_DESC_SELF_RELATIVE owner_sid : * owner_sid : S-1-5-32-544 group_sid : * group_sid : S-1-5-32-544 sacl : NULL dacl : * dacl: struct security_acl revision : SECURITY_ACL_REVISION_NT4 (2) size : 0x00c4 (196) num_aces : 0x00000007 (7) aces: ARRAY(7) aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x02 (2) 0: SEC_ACE_FLAG_OBJECT_INHERIT 1: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 0: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0014 (20) access_mask : 0x20020008 (537001992) object : union security_ace_object_ctr(case 0) trustee : S-1-1-0 aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x09 (9) 1: SEC_ACE_FLAG_OBJECT_INHERIT 0: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 1: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x09: SEC_ACE_FLAG_VALID_INHERIT (9) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0024 (36) access_mask : 0x100f000c (269418508) object : union security_ace_object_ctr(case 0) trustee : S-1-5-21-2426356435-4251213716-997332971-512 aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x02 (2) 0: SEC_ACE_FLAG_OBJECT_INHERIT 1: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 0: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0024 (36) access_mask : 0x100f000c (269418508) object : union security_ace_object_ctr(case 0) trustee : S-1-5-21-2426356435-4251213716-997332971-512 aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x09 (9) 1: SEC_ACE_FLAG_OBJECT_INHERIT 0: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 1: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x09: SEC_ACE_FLAG_VALID_INHERIT (9) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0018 (24) access_mask : 0x100f000c (269418508) object : union security_ace_object_ctr(case 0) trustee : S-1-5-32-544 aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x02 (2) 0: SEC_ACE_FLAG_OBJECT_INHERIT 1: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 0: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0018 (24) access_mask : 0x100f000c (269418508) object : union security_ace_object_ctr(case 0) trustee : S-1-5-32-544 aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x09 (9) 1: SEC_ACE_FLAG_OBJECT_INHERIT 0: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 1: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x09: SEC_ACE_FLAG_VALID_INHERIT (9) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0018 (24) access_mask : 0x100f000c (269418508) object : union security_ace_object_ctr(case 0) trustee : S-1-5-32-550 aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x02 (2) 0: SEC_ACE_FLAG_OBJECT_INHERIT 1: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 0: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0018 (24) access_mask : 0x100f000c (269418508) object : union security_ace_object_ctr(case 0) trustee : S-1-5-32-550 attributes : 0x00001048 (4168) 0: PRINTER_ATTRIBUTE_QUEUED 0: PRINTER_ATTRIBUTE_DIRECT 0: PRINTER_ATTRIBUTE_DEFAULT 1: PRINTER_ATTRIBUTE_SHARED 0: PRINTER_ATTRIBUTE_NETWORK 0: PRINTER_ATTRIBUTE_HIDDEN 1: PRINTER_ATTRIBUTE_LOCAL 0: PRINTER_ATTRIBUTE_ENABLE_DEVQ 0: PRINTER_ATTRIBUTE_KEEPPRINTEDJOBS 0: PRINTER_ATTRIBUTE_DO_COMPLETE_FIRST 0: PRINTER_ATTRIBUTE_WORK_OFFLINE 0: PRINTER_ATTRIBUTE_ENABLE_BIDI 1: PRINTER_ATTRIBUTE_RAW_ONLY 0: PRINTER_ATTRIBUTE_PUBLISHED 0: PRINTER_ATTRIBUTE_FAX 0: PRINTER_ATTRIBUTE_TS priority : 0x00000001 (1) defaultpriority : 0x00000001 (1) starttime : 0x00000000 (0) untiltime : 0x00000000 (0) status : 0x00000000 (0) 0: PRINTER_STATUS_PAUSED 0: PRINTER_STATUS_ERROR 0: PRINTER_STATUS_PENDING_DELETION 0: PRINTER_STATUS_PAPER_JAM 0: PRINTER_STATUS_PAPER_OUT 0: PRINTER_STATUS_MANUAL_FEED 0: PRINTER_STATUS_PAPER_PROBLEM 0: PRINTER_STATUS_OFFLINE 0: PRINTER_STATUS_IO_ACTIVE 0: PRINTER_STATUS_BUSY 0: PRINTER_STATUS_PRINTING 0: PRINTER_STATUS_OUTPUT_BIN_FULL 0: PRINTER_STATUS_NOT_AVAILABLE 0: PRINTER_STATUS_WAITING 0: PRINTER_STATUS_PROCESSING 0: PRINTER_STATUS_INITIALIZING 0: PRINTER_STATUS_WARMING_UP 0: PRINTER_STATUS_TONER_LOW 0: PRINTER_STATUS_NO_TONER 0: PRINTER_STATUS_PAGE_PUNT 0: PRINTER_STATUS_USER_INTERVENTION 0: PRINTER_STATUS_OUT_OF_MEMORY 0: PRINTER_STATUS_DOOR_OPEN 0: PRINTER_STATUS_SERVER_UNKNOWN 0: PRINTER_STATUS_POWER_SAVE cjobs : 0x00000000 (0) averageppm : 0x00000000 (0) needed : * needed : 0x00000328 (808) result : WERR_OK [2012/02/20 14:52:42.342260, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP) api_rpcTNP: called \spoolss successfully [2012/02/20 14:52:42.342465, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 4140 [2012/02/20 14:52:42.342589, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) name: \spoolss len: 1024 [2012/02/20 14:52:42.342683, 10] rpc_server/srv_pipe_hnd.c:346(read_from_internal_pipe) read_from_pipe: \spoolss: fault_state = 0 : data_sent_length = 0, p->out_data.rdata.length = 4112. [2012/02/20 14:52:42.342792, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) &r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_RESPONSE (2) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x1028 (4136) auth_length : 0x0000 (0) call_id : 0x00000003 (3) u : union dcerpc_payload(case 2) response: struct dcerpc_response alloc_hint : 0x00001010 (4112) context_id : 0x0000 (0) cancel_count : 0x00 (0) _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=4112 [0000] 04 00 02 00 00 10 00 00 F0 0F 00 00 D8 0F 00 00 ........ ........ [0010] D0 0F 00 00 AA 0F 00 00 A8 0F 00 00 58 0F 00 00 ........ ....X... [0020] 40 0F 00 00 44 0E 00 00 3E 0F 00 00 2C 0F 00 00 @...D... >...,... [0030] 24 0F 00 00 22 0F 00 00 4C 0D 00 00 48 10 00 00 $..."... L...H... [0040] 01 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0200] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0210] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0220] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0230] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0240] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0250] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0260] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0270] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0280] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0290] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0300] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0310] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0320] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0330] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0340] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0350] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0360] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0370] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0380] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0390] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0400] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0410] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0420] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0430] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0440] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0450] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0460] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0470] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0480] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0490] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0500] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0510] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0520] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0530] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0540] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0550] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0560] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0570] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0580] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0590] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0600] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0610] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0620] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0630] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0640] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0650] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0660] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0670] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0680] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0690] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0700] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0710] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0720] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0730] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0740] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0750] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0760] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0770] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0780] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0790] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0800] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0810] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0820] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0830] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0840] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0850] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0860] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0870] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0880] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0890] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0900] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0910] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0920] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0930] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0940] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0950] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0960] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0970] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0980] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0990] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D50] 00 00 00 00 01 00 04 80 D8 00 00 00 E8 00 00 00 ........ ........ [0D60] 00 00 00 00 14 00 00 00 02 00 C4 00 07 00 00 00 ........ ........ [0D70] 00 02 14 00 08 00 02 20 01 01 00 00 00 00 00 01 ....... ........ [0D80] 00 00 00 00 00 09 24 00 0C 00 0F 10 01 05 00 00 ......$. ........ [0D90] 00 00 00 05 15 00 00 00 D3 42 9F 90 94 5F 64 FD ........ .B..._d. [0DA0] EB 17 72 3B 00 02 00 00 00 02 24 00 0C 00 0F 10 ..r;.... ..$..... [0DB0] 01 05 00 00 00 00 00 05 15 00 00 00 D3 42 9F 90 ........ .....B.. [0DC0] 94 5F 64 FD EB 17 72 3B 00 02 00 00 00 09 18 00 ._d...r; ........ [0DD0] 0C 00 0F 10 01 02 00 00 00 00 00 05 20 00 00 00 ........ .... ... [0DE0] 20 02 00 00 00 02 18 00 0C 00 0F 10 01 02 00 00 ....... ........ [0DF0] 00 00 00 05 20 00 00 00 20 02 00 00 00 09 18 00 .... ... ....... [0E00] 0C 00 0F 10 01 02 00 00 00 00 00 05 20 00 00 00 ........ .... ... [0E10] 26 02 00 00 00 02 18 00 0C 00 0F 10 01 02 00 00 &....... ........ [0E20] 00 00 00 05 20 00 00 00 26 02 00 00 01 02 00 00 .... ... &....... [0E30] 00 00 00 05 20 00 00 00 20 02 00 00 01 02 00 00 .... ... ....... [0E40] 00 00 00 05 20 00 00 00 20 02 00 00 5C 00 5C 00 .... ... ...\.\. [0E50] 65 00 61 00 72 00 74 00 68 00 5C 00 70 00 6F 00 e.a.r.t. h.\.p.o. [0E60] 65 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e....... ........ [0E70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E80] 00 00 00 00 00 00 00 00 00 00 00 00 01 04 00 04 ........ ........ [0E90] DC 00 00 00 13 47 01 00 01 00 01 00 00 00 00 00 .....G.. ........ [0EA0] 64 00 01 00 0F 00 FC FF 01 00 01 00 00 00 03 00 d....... ........ [0EB0] 00 00 4C 00 65 00 74 00 74 00 65 00 72 00 00 00 ..L.e.t. t.e.r... [0EC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0ED0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F20] 00 00 00 00 00 00 00 00 00 00 00 00 52 00 41 00 ........ ....R.A. [0F30] 57 00 00 00 77 00 69 00 6E 00 70 00 72 00 69 00 W...w.i. n.p.r.i. [0F40] 6E 00 74 00 00 00 00 00 46 00 61 00 78 00 20 00 n.t..... F.a.x. . [0F50] 4D 00 61 00 63 00 68 00 69 00 6E 00 65 00 00 00 M.a.c.h. i.n.e... [0F60] 44 00 6F 00 75 00 62 00 6C 00 65 00 20 00 73 00 D.o.u.b. l.e. .s. [0F70] 69 00 64 00 65 00 64 00 20 00 4C 00 61 00 73 00 i.d.e.d. .L.a.s. [0F80] 65 00 72 00 4A 00 65 00 74 00 20 00 35 00 6D 00 e.r.J.e. t. .5.m. [0F90] 20 00 62 00 79 00 20 00 66 00 61 00 78 00 20 00 .b.y. . f.a.x. . [0FA0] 6D 00 61 00 63 00 68 00 69 00 6E 00 65 00 00 00 m.a.c.h. i.n.e... [0FB0] 00 00 53 00 61 00 6D 00 62 00 61 00 20 00 50 00 ..S.a.m. b.a. .P. [0FC0] 72 00 69 00 6E 00 74 00 65 00 72 00 20 00 50 00 r.i.n.t. e.r. .P. [0FD0] 6F 00 72 00 74 00 00 00 70 00 6F 00 65 00 00 00 o.r.t... p.o.e... [0FE0] 5C 00 5C 00 65 00 61 00 72 00 74 00 68 00 5C 00 \.\.e.a. r.t.h.\. [0FF0] 70 00 6F 00 65 00 00 00 5C 00 5C 00 65 00 61 00 p.o.e... \.\.e.a. [1000] 72 00 74 00 68 00 00 00 28 03 00 00 00 00 00 00 r.t.h... (....... [2012/02/20 14:52:42.368967, 10] rpc_server/srv_pipe_hnd.c:788(np_read_recv) Received 1024 bytes. There is more data outstanding [2012/02/20 14:52:42.369162, 5] smbd/ipc.c:103(send_trans_reply) send_trans_reply: buffer 1024 too large [2012/02/20 14:52:42.369270, 5] smbd/ipc.c:62(copy_trans_params_and_data) copy_trans_params_and_data: params[0..0] data[0..1024] (align 0) [2012/02/20 14:52:42.369383, 3] smbd/error.c:81(error_packet_set) error packet at smbd/ipc.c(137) cmd=37 (SMBtrans) STATUS_BUFFER_OVERFLOW [2012/02/20 14:52:42.369493, 5] lib/util.c:332(show_msg) [2012/02/20 14:52:42.369546, 5] lib/util.c:342(show_msg) size=1080 smb_com=0x25 smb_rcls=5 smb_reh=0 smb_err=32768 smb_flg=136 smb_flg2=51203 smb_tid=2 smb_pid=1620 smb_uid=100 smb_mid=22785 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 1024 (0x400) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 1024 (0x400) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=1025 [2012/02/20 14:52:42.370454, 10] ../lib/util/util.c:415(dump_data) [0000] 00 05 00 02 03 10 00 00 00 28 10 00 00 03 00 00 ........ .(...... [0010] 00 10 10 00 00 00 00 00 00 04 00 02 00 00 10 00 ........ ........ [0020] 00 F0 0F 00 00 D8 0F 00 00 D0 0F 00 00 AA 0F 00 ........ ........ [0030] 00 A8 0F 00 00 58 0F 00 00 40 0F 00 00 44 0E 00 .....X.. .@...D.. [0040] 00 3E 0F 00 00 2C 0F 00 00 24 0F 00 00 22 0F 00 .>...,.. .$...".. [0050] 00 4C 0D 00 00 48 10 00 00 01 00 00 00 01 00 00 .L...H.. ........ [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [2012/02/20 14:52:42.373426, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 58 [2012/02/20 14:52:42.373561, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x3a [2012/02/20 14:52:42.373702, 3] smbd/process.c:1662(process_smb) Transaction 37 of length 62 (0 toread) [2012/02/20 14:52:42.373798, 5] lib/util.c:332(show_msg) [2012/02/20 14:52:42.373848, 5] lib/util.c:342(show_msg) size=58 smb_com=0xc0 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=3 smb_pid=1620 smb_uid=100 smb_mid=22850 smt_wct=2 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 1 (0x1) smb_bcc=19 [2012/02/20 14:52:42.374398, 10] ../lib/util/util.c:415(dump_data) [0000] 04 57 00 49 00 4E 00 47 00 55 00 45 00 53 00 54 .W.I.N.G .U.E.S.T [0010] 00 00 00 ... [2012/02/20 14:52:42.374587, 3] smbd/process.c:1467(switch_message) switch message SMBsplopen (pid 27737) conn 0x96a9508 [2012/02/20 14:52:42.374687, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (7000, 1001) - sec_ctx_stack_ndx = 0 [2012/02/20 14:52:42.374780, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (7): SID[ 0]: S-1-5-21-2426356435-4251213716-997332971-501 SID[ 1]: S-1-5-21-2426356435-4251213716-997332971-513 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-22-1-7000 SID[ 6]: S-1-22-2-1001 Privileges (0x 0): Rights (0x 0): [2012/02/20 14:52:42.375350, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 7000 Primary group is 1001 and contains 1 supplementary groups Group[ 0]: 1001 [2012/02/20 14:52:42.375605, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,7000), gid=(0,1001) [2012/02/20 14:52:42.375772, 4] smbd/vfs.c:780(vfs_ChDir) vfs_ChDir to /var/spool/samba [2012/02/20 14:52:42.375975, 5] smbd/files.c:126(file_new) allocated file structure 11489, fnum = 15585 (3 used) [2012/02/20 14:52:42.376835, 5] rpc_server/rpc_ncacn_np.c:883(rpc_pipe_open_interface) Connecting to spoolss pipe. [2012/02/20 14:52:42.377041, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) Create pipe requested \spoolss [2012/02/20 14:52:42.377148, 10] rpc_server/rpc_handles.c:133(init_pipe_handles) init_pipe_handle_list: pipe_handles ref count = 2 for pipe \spoolss [2012/02/20 14:52:42.377254, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) Created internal pipe \spoolss (pipes_open=0) [2012/02/20 14:52:42.377414, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) spoolss_OpenPrinter: struct spoolss_OpenPrinter in: struct spoolss_OpenPrinter printername : * printername : 'miro' datatype : * datatype : 'RAW' devmode_ctr: struct spoolss_DevmodeContainer _ndr_size : 0x00000000 (0) devmode : NULL access_mask : 0x02000000 (33554432) 0: SERVER_ACCESS_ADMINISTER 0: SERVER_ACCESS_ENUMERATE 0: PRINTER_ACCESS_ADMINISTER 0: PRINTER_ACCESS_USE 0: JOB_ACCESS_ADMINISTER 0: JOB_ACCESS_READ checking name: miro [2012/02/20 14:52:42.378150, 10] rpc_server/spoolss/srv_spoolss_nt.c:752(open_printer_hnd) open_printer_hnd: name [miro] [2012/02/20 14:52:42.378242, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[2] [0000] 00 00 00 00 16 00 00 00 00 00 00 00 42 4F AA C0 ........ ....BO.. [0010] 59 6C 00 00 Yl.. [2012/02/20 14:52:42.378432, 3] rpc_server/spoolss/srv_spoolss_nt.c:521(set_printer_hnd_printertype) Setting printer type=miro Printer is a printer [2012/02/20 14:52:42.378552, 4] rpc_server/spoolss/srv_spoolss_nt.c:581(set_printer_hnd_name) Setting printer name=miro (len=4) searching for [miro] [2012/02/20 14:52:42.378732, 10] lib/gencache.c:183(gencache_set_data_blob) Adding cache entry with key = PRINTERNAME/miro and timeout = Mon Feb 20 14:57:42 2012 (300 seconds ahead) set_printer_hnd_name: Printer found: miro -> miro [2012/02/20 14:52:42.379068, 5] rpc_server/spoolss/srv_spoolss_nt.c:788(open_printer_hnd) 2 printer handles active [2012/02/20 14:52:42.379165, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 16 00 00 00 00 00 00 00 42 4F AA C0 ........ ....BO.. [0010] 59 6C 00 00 Yl.. [2012/02/20 14:52:42.379376, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 16 00 00 00 00 00 00 00 42 4F AA C0 ........ ....BO.. [0010] 59 6C 00 00 Yl.. [2012/02/20 14:52:42.379560, 4] rpc_server/spoolss/srv_spoolss_nt.c:504(get_printer_snum) short name:miro [2012/02/20 14:52:42.379687, 3] lib/access.c:338(allow_access) Allowed connection from 10.10.20.205 (10.10.20.205) [2012/02/20 14:52:42.381455, 10] smbd/share_access.c:241(user_ok_token) user_ok_token: share miro is ok for unix user winguest [2012/02/20 14:52:42.381667, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) Create pipe requested \winreg [2012/02/20 14:52:42.381788, 10] rpc_server/rpc_handles.c:133(init_pipe_handles) init_pipe_handle_list: pipe_handles ref count = 2 for pipe \winreg [2012/02/20 14:52:42.381917, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) Created internal pipe \winreg (pipes_open=0) [2012/02/20 14:52:42.382060, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM in: struct winreg_OpenHKLM system_name : NULL access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2012/02/20 14:52:42.382590, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2012/02/20 14:52:42.382689, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(7000, 1001) : sec_ctx_stack_ndx = 1 [2012/02/20 14:52:42.382799, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(100) : conn_ctx_stack_ndx = 0 [2012/02/20 14:52:42.382891, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2012/02/20 14:52:42.382989, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2012/02/20 14:52:42.383077, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2012/02/20 14:52:42.383374, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (7000, 1001) - sec_ctx_stack_ndx = 0 [2012/02/20 14:52:42.383482, 10] registry/reg_backend_db.c:602(regdb_open) regdb_open: registry db opened. refcount reset (1) [2012/02/20 14:52:42.383577, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM] [2012/02/20 14:52:42.383668, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM] [2012/02/20 14:52:42.383756, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/02/20 14:52:42.383841, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0xb037c0 for key [\HKLM] [2012/02/20 14:52:42.384022, 10] registry/reg_backend_db.c:1871(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM] [2012/02/20 14:52:42.384169, 10] ../libcli/security/access_check.c:178(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2012/02/20 14:52:42.384271, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[1] [0000] 00 00 00 00 17 00 00 00 00 00 00 00 42 4F AA C0 ........ ....BO.. [0010] 59 6C 00 00 Yl.. [2012/02/20 14:52:42.384507, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM out: struct winreg_OpenHKLM handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000017-0000-0000-424f-aac0596c0000 result : WERR_OK [2012/02/20 14:52:42.384916, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey in: struct winreg_OpenKey parent_handle : * parent_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000017-0000-0000-424f-aac0596c0000 keyname: struct winreg_String name_len : 0x0082 (130) name_size : 0x0082 (130) name : * name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\miro' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2012/02/20 14:52:42.386008, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 17 00 00 00 00 00 00 00 42 4F AA C0 ........ ....BO.. [0010] 59 6C 00 00 Yl.. [2012/02/20 14:52:42.386195, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2012/02/20 14:52:42.386287, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (1->2) [2012/02/20 14:52:42.386381, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] [2012/02/20 14:52:42.386467, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE] [2012/02/20 14:52:42.386557, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/02/20 14:52:42.386643, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0xb037c0 for key [\HKLM\SOFTWARE] [2012/02/20 14:52:42.386822, 10] registry/reg_backend_db.c:1871(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE] [2012/02/20 14:52:42.386976, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2012/02/20 14:52:42.387074, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (2->3) [2012/02/20 14:52:42.387169, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] [2012/02/20 14:52:42.387257, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] [2012/02/20 14:52:42.387345, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/02/20 14:52:42.387430, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0xb037c0 for key [\HKLM\SOFTWARE\Microsoft] [2012/02/20 14:52:42.387571, 10] registry/reg_backend_db.c:1871(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft] [2012/02/20 14:52:42.387706, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (3->2) [2012/02/20 14:52:42.387830, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2012/02/20 14:52:42.387922, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (2->3) [2012/02/20 14:52:42.388031, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] [2012/02/20 14:52:42.388118, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] [2012/02/20 14:52:42.388207, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/02/20 14:52:42.388292, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0xb037c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] [2012/02/20 14:52:42.388433, 10] registry/reg_backend_db.c:1871(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT] [2012/02/20 14:52:42.388567, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (3->2) [2012/02/20 14:52:42.388659, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2012/02/20 14:52:42.388751, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (2->3) [2012/02/20 14:52:42.388845, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2012/02/20 14:52:42.388933, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2012/02/20 14:52:42.389056, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/02/20 14:52:42.389144, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0xb03a20 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2012/02/20 14:52:42.389336, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (3->2) [2012/02/20 14:52:42.389440, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2012/02/20 14:52:42.389538, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (2->3) [2012/02/20 14:52:42.389635, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2012/02/20 14:52:42.389724, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2012/02/20 14:52:42.389815, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/02/20 14:52:42.389900, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0xb03a20 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2012/02/20 14:52:42.390088, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (3->2) [2012/02/20 14:52:42.390183, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2012/02/20 14:52:42.390274, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (2->3) [2012/02/20 14:52:42.390369, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2012/02/20 14:52:42.390458, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2012/02/20 14:52:42.390550, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/02/20 14:52:42.390635, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0xb037c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2012/02/20 14:52:42.390784, 10] registry/reg_backend_db.c:1871(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2012/02/20 14:52:42.390985, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (3->2) [2012/02/20 14:52:42.391083, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [miro] [2012/02/20 14:52:42.391175, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (2->3) [2012/02/20 14:52:42.391270, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\miro] [2012/02/20 14:52:42.391360, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\miro] [2012/02/20 14:52:42.391452, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/02/20 14:52:42.391537, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0xb037c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\miro] [2012/02/20 14:52:42.391684, 10] registry/reg_backend_db.c:1871(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\miro] [2012/02/20 14:52:42.391841, 10] ../libcli/security/access_check.c:178(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2012/02/20 14:52:42.391944, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (3->2) [2012/02/20 14:52:42.392057, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[2] [0000] 00 00 00 00 18 00 00 00 00 00 00 00 42 4F AA C0 ........ ....BO.. [0010] 59 6C 00 00 Yl.. [2012/02/20 14:52:42.392257, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey out: struct winreg_OpenKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000018-0000-0000-424f-aac0596c0000 result : WERR_OK [2012/02/20 14:52:42.392664, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000018-0000-0000-424f-aac0596c0000 value_name : * value_name: struct winreg_String name_len : 0x0012 (18) name_size : 0x0012 (18) name : * name : 'Security' type : * type : REG_NONE (0) data : NULL data_size : * data_size : 0x00000000 (0) data_length : * data_length : 0x00000000 (0) [2012/02/20 14:52:42.393492, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 18 00 00 00 00 00 00 00 42 4F AA C0 ........ ....BO.. [0010] 59 6C 00 00 Yl.. [2012/02/20 14:52:42.393675, 7] rpc_server/winreg/srv_winreg_nt.c:262(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\miro] [2012/02/20 14:52:42.393766, 7] rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2012/02/20 14:52:42.393854, 10] registry/reg_dispatcher.c:150(fetch_reg_values) fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\miro' (ops 0xb037c0) [2012/02/20 14:52:42.393984, 10] registry/reg_backend_db.c:1764(regdb_fetch_values_internal) regdb_fetch_values: Looking for value of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\miro] [2012/02/20 14:52:42.394164, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) specific: [Attributes], len: 4 [2012/02/20 14:52:42.394267, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) specific: [Description], len: 14 [2012/02/20 14:52:42.394357, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) specific: [Datatype], len: 8 [2012/02/20 14:52:42.394446, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) specific: [Default Priority], len: 4 [2012/02/20 14:52:42.394537, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) specific: [Default DevMode], len: 220 [2012/02/20 14:52:42.394629, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) specific: [Printer Driver], len: 56 [2012/02/20 14:52:42.394719, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) specific: [Location], len: 26 [2012/02/20 14:52:42.394809, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) specific: [Parameters], len: 2 [2012/02/20 14:52:42.394898, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) specific: [Port], len: 38 [2012/02/20 14:52:42.395000, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) specific: [Name], len: 10 [2012/02/20 14:52:42.395090, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) specific: [Print Processor], len: 42 [2012/02/20 14:52:42.395181, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) specific: [Priority], len: 4 [2012/02/20 14:52:42.395272, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) specific: [Separator File], len: 2 [2012/02/20 14:52:42.395418, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) specific: [Share Name], len: 10 [2012/02/20 14:52:42.395510, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) specific: [StartTime], len: 4 [2012/02/20 14:52:42.395602, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) specific: [Status], len: 4 [2012/02/20 14:52:42.395694, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) specific: [UntilTime], len: 4 [2012/02/20 14:52:42.395786, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) specific: [Security], len: 232 [2012/02/20 14:52:42.395906, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) specific: [ChangeID], len: 4 [2012/02/20 14:52:42.396025, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_BINARY (3) data : NULL data_size : * data_size : 0x000000e8 (232) data_length : * data_length : 0x00000000 (0) result : WERR_OK [2012/02/20 14:52:42.396559, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000018-0000-0000-424f-aac0596c0000 value_name : * value_name: struct winreg_String name_len : 0x0012 (18) name_size : 0x0012 (18) name : * name : 'Security' type : * type : REG_BINARY (3) data : * data: ARRAY(0) data_size : * data_size : 0x000000e8 (232) data_length : * data_length : 0x00000000 (0) [2012/02/20 14:52:42.397828, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 18 00 00 00 00 00 00 00 42 4F AA C0 ........ ....BO.. [0010] 59 6C 00 00 Yl.. [2012/02/20 14:52:42.398095, 7] rpc_server/winreg/srv_winreg_nt.c:262(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\miro] [2012/02/20 14:52:42.398190, 7] rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2012/02/20 14:52:42.398294, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_BINARY (3) data : * data: ARRAY(232) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x0c (12) [3] : 0x80 (128) [4] : 0x14 (20) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) [8] : 0x20 (32) [9] : 0x00 (0) [10] : 0x00 (0) [11] : 0x00 (0) [12] : 0x00 (0) [13] : 0x00 (0) [14] : 0x00 (0) [15] : 0x00 (0) [16] : 0x2c (44) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) [20] : 0x01 (1) [21] : 0x01 (1) [22] : 0x00 (0) [23] : 0x00 (0) [24] : 0x00 (0) [25] : 0x00 (0) [26] : 0x00 (0) [27] : 0x05 (5) [28] : 0x12 (18) [29] : 0x00 (0) [30] : 0x00 (0) [31] : 0x00 (0) [32] : 0x01 (1) [33] : 0x01 (1) [34] : 0x00 (0) [35] : 0x00 (0) [36] : 0x00 (0) [37] : 0x00 (0) [38] : 0x00 (0) [39] : 0x05 (5) [40] : 0x12 (18) [41] : 0x00 (0) [42] : 0x00 (0) [43] : 0x00 (0) [44] : 0x02 (2) [45] : 0x00 (0) [46] : 0xbc (188) [47] : 0x00 (0) [48] : 0x07 (7) [49] : 0x00 (0) [50] : 0x00 (0) [51] : 0x00 (0) [52] : 0x00 (0) [53] : 0x00 (0) [54] : 0x24 (36) [55] : 0x00 (0) [56] : 0x0c (12) [57] : 0x00 (0) [58] : 0x0f (15) [59] : 0x00 (0) [60] : 0x01 (1) [61] : 0x05 (5) [62] : 0x00 (0) [63] : 0x00 (0) [64] : 0x00 (0) [65] : 0x00 (0) [66] : 0x00 (0) [67] : 0x05 (5) [68] : 0x15 (21) [69] : 0x00 (0) [70] : 0x00 (0) [71] : 0x00 (0) [72] : 0xd3 (211) [73] : 0x42 (66) [74] : 0x9f (159) [75] : 0x90 (144) [76] : 0x94 (148) [77] : 0x5f (95) [78] : 0x64 (100) [79] : 0xfd (253) [80] : 0xeb (235) [81] : 0x17 (23) [82] : 0x72 (114) [83] : 0x3b (59) [84] : 0x9a (154) [85] : 0x3a (58) [86] : 0x00 (0) [87] : 0x00 (0) [88] : 0x00 (0) [89] : 0x09 (9) [90] : 0x24 (36) [91] : 0x00 (0) [92] : 0x30 (48) [93] : 0x00 (0) [94] : 0x0f (15) [95] : 0x00 (0) [96] : 0x01 (1) [97] : 0x05 (5) [98] : 0x00 (0) [99] : 0x00 (0) [100] : 0x00 (0) [101] : 0x00 (0) [102] : 0x00 (0) [103] : 0x05 (5) [104] : 0x15 (21) [105] : 0x00 (0) [106] : 0x00 (0) [107] : 0x00 (0) [108] : 0xd3 (211) [109] : 0x42 (66) [110] : 0x9f (159) [111] : 0x90 (144) [112] : 0x94 (148) [113] : 0x5f (95) [114] : 0x64 (100) [115] : 0xfd (253) [116] : 0xeb (235) [117] : 0x17 (23) [118] : 0x72 (114) [119] : 0x3b (59) [120] : 0x9a (154) [121] : 0x3a (58) [122] : 0x00 (0) [123] : 0x00 (0) [124] : 0x00 (0) [125] : 0x09 (9) [126] : 0x14 (20) [127] : 0x00 (0) [128] : 0x00 (0) [129] : 0x00 (0) [130] : 0x00 (0) [131] : 0x10 (16) [132] : 0x01 (1) [133] : 0x01 (1) [134] : 0x00 (0) [135] : 0x00 (0) [136] : 0x00 (0) [137] : 0x00 (0) [138] : 0x00 (0) [139] : 0x03 (3) [140] : 0x00 (0) [141] : 0x00 (0) [142] : 0x00 (0) [143] : 0x00 (0) [144] : 0x00 (0) [145] : 0x00 (0) [146] : 0x14 (20) [147] : 0x00 (0) [148] : 0x08 (8) [149] : 0x00 (0) [150] : 0x02 (2) [151] : 0x00 (0) [152] : 0x01 (1) [153] : 0x01 (1) [154] : 0x00 (0) [155] : 0x00 (0) [156] : 0x00 (0) [157] : 0x00 (0) [158] : 0x00 (0) [159] : 0x01 (1) [160] : 0x00 (0) [161] : 0x00 (0) [162] : 0x00 (0) [163] : 0x00 (0) [164] : 0x00 (0) [165] : 0x0a (10) [166] : 0x14 (20) [167] : 0x00 (0) [168] : 0x00 (0) [169] : 0x00 (0) [170] : 0x00 (0) [171] : 0x20 (32) [172] : 0x01 (1) [173] : 0x01 (1) [174] : 0x00 (0) [175] : 0x00 (0) [176] : 0x00 (0) [177] : 0x00 (0) [178] : 0x00 (0) [179] : 0x01 (1) [180] : 0x00 (0) [181] : 0x00 (0) [182] : 0x00 (0) [183] : 0x00 (0) [184] : 0x00 (0) [185] : 0x00 (0) [186] : 0x18 (24) [187] : 0x00 (0) [188] : 0x0c (12) [189] : 0x00 (0) [190] : 0x0f (15) [191] : 0x00 (0) [192] : 0x01 (1) [193] : 0x02 (2) [194] : 0x00 (0) [195] : 0x00 (0) [196] : 0x00 (0) [197] : 0x00 (0) [198] : 0x00 (0) [199] : 0x05 (5) [200] : 0x20 (32) [201] : 0x00 (0) [202] : 0x00 (0) [203] : 0x00 (0) [204] : 0x20 (32) [205] : 0x02 (2) [206] : 0x00 (0) [207] : 0x00 (0) [208] : 0x00 (0) [209] : 0x0b (11) [210] : 0x18 (24) [211] : 0x00 (0) [212] : 0x00 (0) [213] : 0x00 (0) [214] : 0x00 (0) [215] : 0x10 (16) [216] : 0x01 (1) [217] : 0x02 (2) [218] : 0x00 (0) [219] : 0x00 (0) [220] : 0x00 (0) [221] : 0x00 (0) [222] : 0x00 (0) [223] : 0x05 (5) [224] : 0x20 (32) [225] : 0x00 (0) [226] : 0x00 (0) [227] : 0x00 (0) [228] : 0x20 (32) [229] : 0x02 (2) [230] : 0x00 (0) [231] : 0x00 (0) data_size : * data_size : 0x000000e8 (232) data_length : * data_length : 0x000000e8 (232) result : WERR_OK [2012/02/20 14:52:42.408631, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000018-0000-0000-424f-aac0596c0000 [2012/02/20 14:52:42.408968, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 18 00 00 00 00 00 00 00 42 4F AA C0 ........ ....BO.. [0010] 59 6C 00 00 Yl.. [2012/02/20 14:52:42.409181, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 18 00 00 00 00 00 00 00 42 4F AA C0 ........ ....BO.. [0010] 59 6C 00 00 Yl.. [2012/02/20 14:52:42.409366, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/02/20 14:52:42.409462, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (2->1) [2012/02/20 14:52:42.409551, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2012/02/20 14:52:42.409986, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000017-0000-0000-424f-aac0596c0000 [2012/02/20 14:52:42.410320, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 17 00 00 00 00 00 00 00 42 4F AA C0 ........ ....BO.. [0010] 59 6C 00 00 Yl.. [2012/02/20 14:52:42.410653, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 17 00 00 00 00 00 00 00 42 4F AA C0 ........ ....BO.. [0010] 59 6C 00 00 Yl.. [2012/02/20 14:52:42.410984, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/02/20 14:52:42.411087, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (1->0) [2012/02/20 14:52:42.411211, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2012/02/20 14:52:42.411596, 10] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0x10000000 to 0x000f000c [2012/02/20 14:52:42.411691, 10] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0x20000000 to 0x00020008 [2012/02/20 14:52:42.411778, 10] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0x10000000 to 0x000f000c [2012/02/20 14:52:42.411867, 4] printing/nt_printing.c:1793(print_access_check) access check was FAILURE [2012/02/20 14:52:42.413505, 3] rpc_server/spoolss/srv_spoolss_nt.c:1904(_spoolss_OpenPrinterEx) access DENIED for printer open [2012/02/20 14:52:42.413684, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 16 00 00 00 00 00 00 00 42 4F AA C0 ........ ....BO.. [0010] 59 6C 00 00 Yl.. [2012/02/20 14:52:42.413872, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 16 00 00 00 00 00 00 00 42 4F AA C0 ........ ....BO.. [0010] 59 6C 00 00 Yl.. [2012/02/20 14:52:42.414117, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/02/20 14:52:42.414217, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) spoolss_OpenPrinter: struct spoolss_OpenPrinter out: struct spoolss_OpenPrinter handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_ACCESS_DENIED [2012/02/20 14:52:42.414623, 5] smbd/files.c:464(file_free) freed files structure 15585 (2 used) [2012/02/20 14:52:42.414725, 3] smbd/error.c:81(error_packet_set) error packet at smbd/reply.c(5215) cmd=192 (SMBsplopen) NT_STATUS_ACCESS_DENIED [2012/02/20 14:52:42.414819, 5] lib/util.c:332(show_msg) [2012/02/20 14:52:42.414871, 5] lib/util.c:342(show_msg) size=35 smb_com=0xc0 smb_rcls=34 smb_reh=0 smb_err=49152 smb_flg=136 smb_flg2=51203 smb_tid=3 smb_pid=1620 smb_uid=100 smb_mid=22850 smt_wct=0 smb_bcc=0 [2012/02/20 14:52:42.415350, 10] ../lib/util/util.c:415(dump_data) [2012/02/20 14:52:42.415472, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 59 [2012/02/20 14:52:42.415633, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x3b [2012/02/20 14:52:42.415722, 3] smbd/process.c:1662(process_smb) Transaction 38 of length 63 (0 toread) [2012/02/20 14:52:42.415810, 5] lib/util.c:332(show_msg) [2012/02/20 14:52:42.415860, 5] lib/util.c:342(show_msg) size=59 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=65279 smb_uid=100 smb_mid=22913 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]=15584 (0x3CE0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 3112 (0xC28) smb_vwv[ 6]= 3112 (0xC28) smb_vwv[ 7]=65535 (0xFFFF) smb_vwv[ 8]=65535 (0xFFFF) smb_vwv[ 9]= 3112 (0xC28) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=0 [2012/02/20 14:52:42.416787, 10] ../lib/util/util.c:415(dump_data) [2012/02/20 14:52:42.416848, 3] smbd/process.c:1467(switch_message) switch message SMBreadX (pid 27737) conn 0x9697a50 [2012/02/20 14:52:42.416953, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (7000, 1001) - sec_ctx_stack_ndx = 0 [2012/02/20 14:52:42.417074, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (7): SID[ 0]: S-1-5-21-2426356435-4251213716-997332971-501 SID[ 1]: S-1-5-21-2426356435-4251213716-997332971-513 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-22-1-7000 SID[ 6]: S-1-22-2-1001 Privileges (0x 0): Rights (0x 0): [2012/02/20 14:52:42.417520, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 7000 Primary group is 1001 and contains 1 supplementary groups Group[ 0]: 1001 [2012/02/20 14:52:42.417715, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,7000), gid=(0,1001) [2012/02/20 14:52:42.417814, 4] smbd/vfs.c:780(vfs_ChDir) vfs_ChDir to /tmp [2012/02/20 14:52:42.417918, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) name: \spoolss len: 3112 [2012/02/20 14:52:42.418068, 10] rpc_server/srv_pipe_hnd.c:325(read_from_internal_pipe) read_from_pipe: \spoolss: current_pdu_len = 4136, current_pdu_sent = 1024 returning 3112 bytes. [2012/02/20 14:52:42.418178, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) free_pipe_context: destroying talloc pool of size 4092 [2012/02/20 14:52:42.418292, 10] rpc_server/rpc_handles.c:307(close_policy_by_pipe) close_policy_by_pipe: deleted handle list for pipe \winreg [2012/02/20 14:52:42.418412, 10] rpc_server/srv_pipe_hnd.c:788(np_read_recv) Received 3112 bytes. There is more data outstanding [2012/02/20 14:52:42.418506, 3] smbd/pipes.c:485(pipe_read_andx_done) readX-IPC min=3112 max=3112 nread=3112 [2012/02/20 14:52:42.419736, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 4240 [2012/02/20 14:52:42.420076, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x1090 [2012/02/20 14:52:42.420292, 3] smbd/process.c:1662(process_smb) Transaction 39 of length 4244 (0 toread) [2012/02/20 14:52:42.420433, 5] lib/util.c:332(show_msg) [2012/02/20 14:52:42.420509, 5] lib/util.c:342(show_msg) size=4240 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=1620 smb_uid=100 smb_mid=22977 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 4156 (0x103C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4136 (0x1028) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 4156 (0x103C) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=15584 (0x3CE0) smb_bcc=4173 [2012/02/20 14:52:42.421775, 10] ../lib/util/util.c:415(dump_data) [0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [0010] 00 05 00 00 03 10 00 00 00 3C 10 00 00 04 00 00 ........ .<...... [0020] 00 24 10 00 00 00 00 08 00 00 00 00 00 0D 00 00 .$...... ........ [0030] 00 00 00 00 00 42 4F AA C0 59 6C 00 00 02 00 00 .....BO. .Yl..... [0040] 00 00 00 02 00 00 10 00 00 00 00 00 00 00 00 00 ........ ........ [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [2012/02/20 14:52:42.424297, 3] smbd/process.c:1467(switch_message) switch message SMBtrans (pid 27737) conn 0x9697a50 [2012/02/20 14:52:42.424394, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/02/20 14:52:42.424532, 3] smbd/ipc.c:560(handle_trans) trans <\PIPE\> data=4156 params=0 setup=2 [2012/02/20 14:52:42.424654, 5] smbd/ipc.c:593(handle_trans) calling named_pipe [2012/02/20 14:52:42.424741, 3] smbd/ipc.c:511(named_pipe) named pipe command on <> name [2012/02/20 14:52:42.424828, 5] smbd/ipc.c:434(api_fd_reply) api_fd_reply [2012/02/20 14:52:42.424912, 3] smbd/ipc.c:475(api_fd_reply) Got API command 0x26 on pipe "spoolss" (pnum 3ce0) [2012/02/20 14:52:42.425010, 10] smbd/ipc.c:477(api_fd_reply) api_fd_reply: p:0x9617028 max_trans_reply: 4136 [2012/02/20 14:52:42.425131, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 4156 [2012/02/20 14:52:42.425223, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 4156 [2012/02/20 14:52:42.425310, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 4156 [2012/02/20 14:52:42.425400, 10] rpc_server/srv_pipe_hnd.c:50(fill_rpc_header) fill_rpc_header: data_to_copy = 4156, len_needed_to_complete_hdr = 16, receive_len = 0 [2012/02/20 14:52:42.425490, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 16 [2012/02/20 14:52:42.425576, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 4140 [2012/02/20 14:52:42.425664, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 4140 [2012/02/20 14:52:42.425811, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 0 [2012/02/20 14:52:42.425898, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 4140 [2012/02/20 14:52:42.426009, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 4140, incoming data = 4140 [2012/02/20 14:52:42.426112, 10] rpc_server/srv_pipe.c:1877(process_complete_pdu) PDU is in Little Endian format! [2012/02/20 14:52:42.426219, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_REQUEST (0) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x103c (4156) auth_length : 0x0000 (0) call_id : 0x00000004 (4) u : union dcerpc_payload(case 0) request: struct dcerpc_request alloc_hint : 0x00001024 (4132) context_id : 0x0000 (0) opnum : 0x0008 (8) object : union dcerpc_object(case 0) empty: struct dcerpc_empty _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=4132 [0000] 00 00 00 00 0D 00 00 00 00 00 00 00 42 4F AA C0 ........ ....BO.. [0010] 59 6C 00 00 02 00 00 00 00 00 02 00 00 10 00 00 Yl...... ........ [0020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0040] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0200] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0210] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0220] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0230] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0240] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0250] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0260] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0270] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0280] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0290] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0300] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0310] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0320] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0330] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0340] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0350] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0360] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0370] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0380] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0390] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0400] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0410] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0420] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0430] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0440] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0450] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0460] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0470] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0480] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0490] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0500] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0510] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0520] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0530] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0540] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0550] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0560] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0570] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0580] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0590] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0600] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0610] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0620] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0630] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0640] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0650] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0660] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0670] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0680] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0690] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0700] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0710] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0720] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0730] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0740] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0750] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0760] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0770] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0780] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0790] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0800] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0810] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0820] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0830] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0840] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0850] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0860] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0870] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0880] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0890] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0900] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0910] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0920] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0930] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0940] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0950] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0960] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0970] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0980] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0990] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0ED0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1010] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1020] 00 10 00 00 .... [2012/02/20 14:52:42.454527, 10] rpc_server/srv_pipe.c:1890(process_complete_pdu) Processing packet type 0 [2012/02/20 14:52:42.454644, 10] rpc_server/srv_pipe.c:1734(dcesrv_auth_request) Checking request auth. [2012/02/20 14:52:42.454746, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) Requested \PIPE\\spoolss [2012/02/20 14:52:42.454887, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) api_rpcTNP: \spoolss op 0x8 - api_rpcTNP: rpc command: SPOOLSS_GETPRINTER [2012/02/20 14:52:42.454995, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) api_rpc_cmds[8].fn == 0x442b10 [2012/02/20 14:52:42.455097, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) spoolss_GetPrinter: struct spoolss_GetPrinter in: struct spoolss_GetPrinter handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000000d-0000-0000-424f-aac0596c0000 level : 0x00000002 (2) buffer : * buffer : DATA_BLOB length=4096 [0000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0010] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0040] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0200] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0210] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0220] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0230] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0240] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0250] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0260] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0270] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0280] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0290] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0300] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0310] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0320] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0330] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0340] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0350] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0360] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0370] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0380] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0390] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0400] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0410] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0420] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0430] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0440] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0450] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0460] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0470] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0480] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0490] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0500] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0510] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0520] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0530] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0540] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0550] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0560] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0570] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0580] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0590] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0600] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0610] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0620] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0630] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0640] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0650] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0660] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0670] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0680] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0690] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0700] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0710] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0720] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0730] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0740] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0750] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0760] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0770] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0780] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0790] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0800] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0810] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0820] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0830] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0840] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0850] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0860] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0870] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0880] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0890] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0900] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0910] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0920] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0930] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0940] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0950] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0960] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0970] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0980] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0990] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0ED0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ offered : 0x00001000 (4096) [2012/02/20 14:52:42.480443, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 0D 00 00 00 00 00 00 00 42 4F AA C0 ........ ....BO.. [0010] 59 6C 00 00 Yl.. [2012/02/20 14:52:42.480651, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 0D 00 00 00 00 00 00 00 42 4F AA C0 ........ ....BO.. [0010] 59 6C 00 00 Yl.. [2012/02/20 14:52:42.480833, 4] rpc_server/spoolss/srv_spoolss_nt.c:504(get_printer_snum) short name:poe [2012/02/20 14:52:42.480938, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) Create pipe requested \winreg [2012/02/20 14:52:42.481050, 10] rpc_server/rpc_handles.c:116(init_pipe_handles) init_pipe_handle_list: created handle list for pipe \winreg [2012/02/20 14:52:42.481143, 10] rpc_server/rpc_handles.c:133(init_pipe_handles) init_pipe_handle_list: pipe_handles ref count = 1 for pipe \winreg [2012/02/20 14:52:42.481255, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) Created internal pipe \winreg (pipes_open=0) [2012/02/20 14:52:42.481380, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM in: struct winreg_OpenHKLM system_name : NULL access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2012/02/20 14:52:42.481948, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2012/02/20 14:52:42.482056, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(7000, 1001) : sec_ctx_stack_ndx = 1 [2012/02/20 14:52:42.482153, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(100) : conn_ctx_stack_ndx = 0 [2012/02/20 14:52:42.482239, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2012/02/20 14:52:42.482326, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2012/02/20 14:52:42.482411, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2012/02/20 14:52:42.482690, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (7000, 1001) - sec_ctx_stack_ndx = 0 [2012/02/20 14:52:42.482791, 10] registry/reg_backend_db.c:602(regdb_open) regdb_open: registry db opened. refcount reset (1) [2012/02/20 14:52:42.482904, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM] [2012/02/20 14:52:42.483046, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM] [2012/02/20 14:52:42.483164, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/02/20 14:52:42.483252, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0xb037c0 for key [\HKLM] [2012/02/20 14:52:42.483427, 10] registry/reg_backend_db.c:1871(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM] [2012/02/20 14:52:42.483605, 10] ../libcli/security/access_check.c:178(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2012/02/20 14:52:42.483835, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[1] [0000] 00 00 00 00 19 00 00 00 00 00 00 00 42 4F AA C0 ........ ....BO.. [0010] 59 6C 00 00 Yl.. [2012/02/20 14:52:42.484111, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM out: struct winreg_OpenHKLM handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000019-0000-0000-424f-aac0596c0000 result : WERR_OK [2012/02/20 14:52:42.484533, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey in: struct winreg_OpenKey parent_handle : * parent_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000019-0000-0000-424f-aac0596c0000 keyname: struct winreg_String name_len : 0x0080 (128) name_size : 0x0080 (128) name : * name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\poe' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2012/02/20 14:52:42.485644, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 19 00 00 00 00 00 00 00 42 4F AA C0 ........ ....BO.. [0010] 59 6C 00 00 Yl.. [2012/02/20 14:52:42.485832, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2012/02/20 14:52:42.485925, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (1->2) [2012/02/20 14:52:42.486055, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] [2012/02/20 14:52:42.486144, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE] [2012/02/20 14:52:42.486234, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/02/20 14:52:42.486320, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0xb037c0 for key [\HKLM\SOFTWARE] [2012/02/20 14:52:42.486493, 10] registry/reg_backend_db.c:1871(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE] [2012/02/20 14:52:42.486631, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2012/02/20 14:52:42.486727, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (2->3) [2012/02/20 14:52:42.486819, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] [2012/02/20 14:52:42.486907, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] [2012/02/20 14:52:42.487027, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/02/20 14:52:42.487114, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0xb037c0 for key [\HKLM\SOFTWARE\Microsoft] [2012/02/20 14:52:42.487261, 10] registry/reg_backend_db.c:1871(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft] [2012/02/20 14:52:42.487395, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (3->2) [2012/02/20 14:52:42.487487, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2012/02/20 14:52:42.487578, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (2->3) [2012/02/20 14:52:42.487673, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] [2012/02/20 14:52:42.487760, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] [2012/02/20 14:52:42.487848, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/02/20 14:52:42.487933, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0xb037c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] [2012/02/20 14:52:42.488083, 10] registry/reg_backend_db.c:1871(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT] [2012/02/20 14:52:42.488215, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (3->2) [2012/02/20 14:52:42.488306, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2012/02/20 14:52:42.488398, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (2->3) [2012/02/20 14:52:42.488492, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2012/02/20 14:52:42.488583, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2012/02/20 14:52:42.488673, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/02/20 14:52:42.488795, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0xb03a20 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2012/02/20 14:52:42.488983, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (3->2) [2012/02/20 14:52:42.489095, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2012/02/20 14:52:42.489188, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (2->3) [2012/02/20 14:52:42.489283, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2012/02/20 14:52:42.489373, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2012/02/20 14:52:42.489465, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/02/20 14:52:42.489551, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0xb03a20 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2012/02/20 14:52:42.489704, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (3->2) [2012/02/20 14:52:42.489796, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2012/02/20 14:52:42.489887, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (2->3) [2012/02/20 14:52:42.489992, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2012/02/20 14:52:42.490082, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2012/02/20 14:52:42.490173, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/02/20 14:52:42.490258, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0xb037c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2012/02/20 14:52:42.490407, 10] registry/reg_backend_db.c:1871(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2012/02/20 14:52:42.490545, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (3->2) [2012/02/20 14:52:42.490637, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [poe] [2012/02/20 14:52:42.490728, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (2->3) [2012/02/20 14:52:42.490822, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\poe] [2012/02/20 14:52:42.490912, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\poe] [2012/02/20 14:52:42.491012, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/02/20 14:52:42.491098, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0xb037c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\poe] [2012/02/20 14:52:42.491244, 10] registry/reg_backend_db.c:1871(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\poe] [2012/02/20 14:52:42.491381, 10] ../libcli/security/access_check.c:178(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2012/02/20 14:52:42.491477, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (3->2) [2012/02/20 14:52:42.491570, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[2] [0000] 00 00 00 00 1A 00 00 00 00 00 00 00 42 4F AA C0 ........ ....BO.. [0010] 59 6C 00 00 Yl.. [2012/02/20 14:52:42.491788, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey out: struct winreg_OpenKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000001a-0000-0000-424f-aac0596c0000 result : WERR_OK [2012/02/20 14:52:42.492193, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_QueryInfoKey: struct winreg_QueryInfoKey in: struct winreg_QueryInfoKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000001a-0000-0000-424f-aac0596c0000 classname : * classname: struct winreg_String name_len : 0x0000 (0) name_size : 0x0000 (0) name : NULL [2012/02/20 14:52:42.492695, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 1A 00 00 00 00 00 00 00 42 4F AA C0 ........ ....BO.. [0010] 59 6C 00 00 Yl.. [2012/02/20 14:52:42.492952, 10] registry/reg_dispatcher.c:150(fetch_reg_values) fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\poe' (ops 0xb037c0) [2012/02/20 14:52:42.493057, 10] registry/reg_backend_db.c:1764(regdb_fetch_values_internal) regdb_fetch_values: Looking for value of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\poe] [2012/02/20 14:52:42.493194, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) specific: [Attributes], len: 4 [2012/02/20 14:52:42.493412, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) specific: [Description], len: 2 [2012/02/20 14:52:42.493547, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) specific: [Datatype], len: 8 [2012/02/20 14:52:42.493640, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) specific: [Default Priority], len: 4 [2012/02/20 14:52:42.493730, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) specific: [Port], len: 38 [2012/02/20 14:52:42.493821, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) specific: [Name], len: 8 [2012/02/20 14:52:42.493911, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) specific: [Print Processor], len: 18 [2012/02/20 14:52:42.494011, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) specific: [Priority], len: 4 [2012/02/20 14:52:42.494102, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) specific: [Security], len: 248 [2012/02/20 14:52:42.494192, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) specific: [Share Name], len: 8 [2012/02/20 14:52:42.494281, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) specific: [StartTime], len: 4 [2012/02/20 14:52:42.494371, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) specific: [UntilTime], len: 4 [2012/02/20 14:52:42.494460, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) specific: [ChangeID], len: 4 [2012/02/20 14:52:42.494554, 10] registry/reg_backend_db.c:1871(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\poe] [2012/02/20 14:52:42.494711, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_QueryInfoKey: struct winreg_QueryInfoKey out: struct winreg_QueryInfoKey classname : * classname: struct winreg_String name_len : 0x0000 (0) name_size : 0x0000 (0) name : NULL num_subkeys : * num_subkeys : 0x00000003 (3) max_subkeylen : * max_subkeylen : 0x00000022 (34) max_classlen : * max_classlen : 0x00000000 (0) num_values : * num_values : 0x0000000d (13) max_valnamelen : * max_valnamelen : 0x00000022 (34) max_valbufsize : * max_valbufsize : 0x000000f8 (248) secdescsize : * secdescsize : 0x00000078 (120) last_changed_time : * last_changed_time : NTTIME(0) result : WERR_OK [2012/02/20 14:52:42.495817, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000001a-0000-0000-424f-aac0596c0000 enum_index : 0x00000000 (0) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2012/02/20 14:52:42.496777, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 1A 00 00 00 00 00 00 00 42 4F AA C0 ........ ....BO.. [0010] 59 6C 00 00 Yl.. [2012/02/20 14:52:42.496975, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\poe] [2012/02/20 14:52:42.497074, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0016 (22) size : 0x0024 (36) name : * name : 'Attributes' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x48 (72) [1] : 0x10 (16) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2012/02/20 14:52:42.498075, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000001a-0000-0000-424f-aac0596c0000 enum_index : 0x00000001 (1) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2012/02/20 14:52:42.499090, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 1A 00 00 00 00 00 00 00 42 4F AA C0 ........ ....BO.. [0010] 59 6C 00 00 Yl.. [2012/02/20 14:52:42.499283, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\poe] [2012/02/20 14:52:42.499380, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0018 (24) size : 0x0024 (36) name : * name : 'Description' type : * type : REG_SZ (1) value : * value: ARRAY(2) [0] : 0x00 (0) [1] : 0x00 (0) size : * size : 0x00000002 (2) length : * length : 0x00000002 (2) result : WERR_OK [2012/02/20 14:52:42.500402, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000001a-0000-0000-424f-aac0596c0000 enum_index : 0x00000002 (2) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2012/02/20 14:52:42.501373, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 1A 00 00 00 00 00 00 00 42 4F AA C0 ........ ....BO.. [0010] 59 6C 00 00 Yl.. [2012/02/20 14:52:42.501564, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\poe] [2012/02/20 14:52:42.501663, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0024 (36) name : * name : 'Datatype' type : * type : REG_SZ (1) value : * value: ARRAY(8) [0] : 0x52 (82) [1] : 0x00 (0) [2] : 0x41 (65) [3] : 0x00 (0) [4] : 0x57 (87) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) size : * size : 0x00000008 (8) length : * length : 0x00000008 (8) result : WERR_OK [2012/02/20 14:52:42.502879, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000001a-0000-0000-424f-aac0596c0000 enum_index : 0x00000003 (3) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2012/02/20 14:52:42.503834, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 1A 00 00 00 00 00 00 00 42 4F AA C0 ........ ....BO.. [0010] 59 6C 00 00 Yl.. [2012/02/20 14:52:42.504033, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\poe] [2012/02/20 14:52:42.504130, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0022 (34) size : 0x0024 (36) name : * name : 'Default Priority' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2012/02/20 14:52:42.505173, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000001a-0000-0000-424f-aac0596c0000 enum_index : 0x00000004 (4) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2012/02/20 14:52:42.506203, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 1A 00 00 00 00 00 00 00 42 4F AA C0 ........ ....BO.. [0010] 59 6C 00 00 Yl.. [2012/02/20 14:52:42.506392, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\poe] [2012/02/20 14:52:42.506490, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x000a (10) size : 0x0024 (36) name : * name : 'Port' type : * type : REG_SZ (1) value : * value: ARRAY(38) [0] : 0x53 (83) [1] : 0x00 (0) [2] : 0x61 (97) [3] : 0x00 (0) [4] : 0x6d (109) [5] : 0x00 (0) [6] : 0x62 (98) [7] : 0x00 (0) [8] : 0x61 (97) [9] : 0x00 (0) [10] : 0x20 (32) [11] : 0x00 (0) [12] : 0x50 (80) [13] : 0x00 (0) [14] : 0x72 (114) [15] : 0x00 (0) [16] : 0x69 (105) [17] : 0x00 (0) [18] : 0x6e (110) [19] : 0x00 (0) [20] : 0x74 (116) [21] : 0x00 (0) [22] : 0x65 (101) [23] : 0x00 (0) [24] : 0x72 (114) [25] : 0x00 (0) [26] : 0x20 (32) [27] : 0x00 (0) [28] : 0x50 (80) [29] : 0x00 (0) [30] : 0x6f (111) [31] : 0x00 (0) [32] : 0x72 (114) [33] : 0x00 (0) [34] : 0x74 (116) [35] : 0x00 (0) [36] : 0x00 (0) [37] : 0x00 (0) size : * size : 0x00000026 (38) length : * length : 0x00000026 (38) result : WERR_OK [2012/02/20 14:52:42.509268, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000001a-0000-0000-424f-aac0596c0000 enum_index : 0x00000005 (5) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2012/02/20 14:52:42.510244, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 1A 00 00 00 00 00 00 00 42 4F AA C0 ........ ....BO.. [0010] 59 6C 00 00 Yl.. [2012/02/20 14:52:42.510436, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\poe] [2012/02/20 14:52:42.510535, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x000a (10) size : 0x0024 (36) name : * name : 'Name' type : * type : REG_SZ (1) value : * value: ARRAY(8) [0] : 0x70 (112) [1] : 0x00 (0) [2] : 0x6f (111) [3] : 0x00 (0) [4] : 0x65 (101) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) size : * size : 0x00000008 (8) length : * length : 0x00000008 (8) result : WERR_OK [2012/02/20 14:52:42.511712, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000001a-0000-0000-424f-aac0596c0000 enum_index : 0x00000006 (6) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2012/02/20 14:52:42.512792, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 1A 00 00 00 00 00 00 00 42 4F AA C0 ........ ....BO.. [0010] 59 6C 00 00 Yl.. [2012/02/20 14:52:42.513027, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\poe] [2012/02/20 14:52:42.513134, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0020 (32) size : 0x0024 (36) name : * name : 'Print Processor' type : * type : REG_SZ (1) value : * value: ARRAY(18) [0] : 0x77 (119) [1] : 0x00 (0) [2] : 0x69 (105) [3] : 0x00 (0) [4] : 0x6e (110) [5] : 0x00 (0) [6] : 0x70 (112) [7] : 0x00 (0) [8] : 0x72 (114) [9] : 0x00 (0) [10] : 0x69 (105) [11] : 0x00 (0) [12] : 0x6e (110) [13] : 0x00 (0) [14] : 0x74 (116) [15] : 0x00 (0) [16] : 0x00 (0) [17] : 0x00 (0) size : * size : 0x00000012 (18) length : * length : 0x00000012 (18) result : WERR_OK [2012/02/20 14:52:42.514668, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000001a-0000-0000-424f-aac0596c0000 enum_index : 0x00000007 (7) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2012/02/20 14:52:42.515671, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 1A 00 00 00 00 00 00 00 42 4F AA C0 ........ ....BO.. [0010] 59 6C 00 00 Yl.. [2012/02/20 14:52:42.515891, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\poe] [2012/02/20 14:52:42.515993, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0024 (36) name : * name : 'Priority' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2012/02/20 14:52:42.517034, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000001a-0000-0000-424f-aac0596c0000 enum_index : 0x00000008 (8) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2012/02/20 14:52:42.518064, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 1A 00 00 00 00 00 00 00 42 4F AA C0 ........ ....BO.. [0010] 59 6C 00 00 Yl.. [2012/02/20 14:52:42.518258, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\poe] [2012/02/20 14:52:42.518358, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0024 (36) name : * name : 'Security' type : * type : REG_BINARY (3) value : * value: ARRAY(248) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x04 (4) [3] : 0x80 (128) [4] : 0x14 (20) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) [8] : 0x24 (36) [9] : 0x00 (0) [10] : 0x00 (0) [11] : 0x00 (0) [12] : 0x00 (0) [13] : 0x00 (0) [14] : 0x00 (0) [15] : 0x00 (0) [16] : 0x34 (52) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) [20] : 0x01 (1) [21] : 0x02 (2) [22] : 0x00 (0) [23] : 0x00 (0) [24] : 0x00 (0) [25] : 0x00 (0) [26] : 0x00 (0) [27] : 0x05 (5) [28] : 0x20 (32) [29] : 0x00 (0) [30] : 0x00 (0) [31] : 0x00 (0) [32] : 0x20 (32) [33] : 0x02 (2) [34] : 0x00 (0) [35] : 0x00 (0) [36] : 0x01 (1) [37] : 0x02 (2) [38] : 0x00 (0) [39] : 0x00 (0) [40] : 0x00 (0) [41] : 0x00 (0) [42] : 0x00 (0) [43] : 0x05 (5) [44] : 0x20 (32) [45] : 0x00 (0) [46] : 0x00 (0) [47] : 0x00 (0) [48] : 0x20 (32) [49] : 0x02 (2) [50] : 0x00 (0) [51] : 0x00 (0) [52] : 0x02 (2) [53] : 0x00 (0) [54] : 0xc4 (196) [55] : 0x00 (0) [56] : 0x07 (7) [57] : 0x00 (0) [58] : 0x00 (0) [59] : 0x00 (0) [60] : 0x00 (0) [61] : 0x02 (2) [62] : 0x14 (20) [63] : 0x00 (0) [64] : 0x08 (8) [65] : 0x00 (0) [66] : 0x02 (2) [67] : 0x20 (32) [68] : 0x01 (1) [69] : 0x01 (1) [70] : 0x00 (0) [71] : 0x00 (0) [72] : 0x00 (0) [73] : 0x00 (0) [74] : 0x00 (0) [75] : 0x01 (1) [76] : 0x00 (0) [77] : 0x00 (0) [78] : 0x00 (0) [79] : 0x00 (0) [80] : 0x00 (0) [81] : 0x09 (9) [82] : 0x24 (36) [83] : 0x00 (0) [84] : 0x0c (12) [85] : 0x00 (0) [86] : 0x0f (15) [87] : 0x10 (16) [88] : 0x01 (1) [89] : 0x05 (5) [90] : 0x00 (0) [91] : 0x00 (0) [92] : 0x00 (0) [93] : 0x00 (0) [94] : 0x00 (0) [95] : 0x05 (5) [96] : 0x15 (21) [97] : 0x00 (0) [98] : 0x00 (0) [99] : 0x00 (0) [100] : 0xd3 (211) [101] : 0x42 (66) [102] : 0x9f (159) [103] : 0x90 (144) [104] : 0x94 (148) [105] : 0x5f (95) [106] : 0x64 (100) [107] : 0xfd (253) [108] : 0xeb (235) [109] : 0x17 (23) [110] : 0x72 (114) [111] : 0x3b (59) [112] : 0x00 (0) [113] : 0x02 (2) [114] : 0x00 (0) [115] : 0x00 (0) [116] : 0x00 (0) [117] : 0x02 (2) [118] : 0x24 (36) [119] : 0x00 (0) [120] : 0x0c (12) [121] : 0x00 (0) [122] : 0x0f (15) [123] : 0x10 (16) [124] : 0x01 (1) [125] : 0x05 (5) [126] : 0x00 (0) [127] : 0x00 (0) [128] : 0x00 (0) [129] : 0x00 (0) [130] : 0x00 (0) [131] : 0x05 (5) [132] : 0x15 (21) [133] : 0x00 (0) [134] : 0x00 (0) [135] : 0x00 (0) [136] : 0xd3 (211) [137] : 0x42 (66) [138] : 0x9f (159) [139] : 0x90 (144) [140] : 0x94 (148) [141] : 0x5f (95) [142] : 0x64 (100) [143] : 0xfd (253) [144] : 0xeb (235) [145] : 0x17 (23) [146] : 0x72 (114) [147] : 0x3b (59) [148] : 0x00 (0) [149] : 0x02 (2) [150] : 0x00 (0) [151] : 0x00 (0) [152] : 0x00 (0) [153] : 0x09 (9) [154] : 0x18 (24) [155] : 0x00 (0) [156] : 0x0c (12) [157] : 0x00 (0) [158] : 0x0f (15) [159] : 0x10 (16) [160] : 0x01 (1) [161] : 0x02 (2) [162] : 0x00 (0) [163] : 0x00 (0) [164] : 0x00 (0) [165] : 0x00 (0) [166] : 0x00 (0) [167] : 0x05 (5) [168] : 0x20 (32) [169] : 0x00 (0) [170] : 0x00 (0) [171] : 0x00 (0) [172] : 0x20 (32) [173] : 0x02 (2) [174] : 0x00 (0) [175] : 0x00 (0) [176] : 0x00 (0) [177] : 0x02 (2) [178] : 0x18 (24) [179] : 0x00 (0) [180] : 0x0c (12) [181] : 0x00 (0) [182] : 0x0f (15) [183] : 0x10 (16) [184] : 0x01 (1) [185] : 0x02 (2) [186] : 0x00 (0) [187] : 0x00 (0) [188] : 0x00 (0) [189] : 0x00 (0) [190] : 0x00 (0) [191] : 0x05 (5) [192] : 0x20 (32) [193] : 0x00 (0) [194] : 0x00 (0) [195] : 0x00 (0) [196] : 0x20 (32) [197] : 0x02 (2) [198] : 0x00 (0) [199] : 0x00 (0) [200] : 0x00 (0) [201] : 0x09 (9) [202] : 0x18 (24) [203] : 0x00 (0) [204] : 0x0c (12) [205] : 0x00 (0) [206] : 0x0f (15) [207] : 0x10 (16) [208] : 0x01 (1) [209] : 0x02 (2) [210] : 0x00 (0) [211] : 0x00 (0) [212] : 0x00 (0) [213] : 0x00 (0) [214] : 0x00 (0) [215] : 0x05 (5) [216] : 0x20 (32) [217] : 0x00 (0) [218] : 0x00 (0) [219] : 0x00 (0) [220] : 0x26 (38) [221] : 0x02 (2) [222] : 0x00 (0) [223] : 0x00 (0) [224] : 0x00 (0) [225] : 0x02 (2) [226] : 0x18 (24) [227] : 0x00 (0) [228] : 0x0c (12) [229] : 0x00 (0) [230] : 0x0f (15) [231] : 0x10 (16) [232] : 0x01 (1) [233] : 0x02 (2) [234] : 0x00 (0) [235] : 0x00 (0) [236] : 0x00 (0) [237] : 0x00 (0) [238] : 0x00 (0) [239] : 0x05 (5) [240] : 0x20 (32) [241] : 0x00 (0) [242] : 0x00 (0) [243] : 0x00 (0) [244] : 0x26 (38) [245] : 0x02 (2) [246] : 0x00 (0) [247] : 0x00 (0) size : * size : 0x000000f8 (248) length : * length : 0x000000f8 (248) result : WERR_OK [2012/02/20 14:52:42.530726, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000001a-0000-0000-424f-aac0596c0000 enum_index : 0x00000009 (9) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2012/02/20 14:52:42.531707, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 1A 00 00 00 00 00 00 00 42 4F AA C0 ........ ....BO.. [0010] 59 6C 00 00 Yl.. [2012/02/20 14:52:42.531900, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\poe] [2012/02/20 14:52:42.532036, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0016 (22) size : 0x0024 (36) name : * name : 'Share Name' type : * type : REG_SZ (1) value : * value: ARRAY(8) [0] : 0x70 (112) [1] : 0x00 (0) [2] : 0x6f (111) [3] : 0x00 (0) [4] : 0x65 (101) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) size : * size : 0x00000008 (8) length : * length : 0x00000008 (8) result : WERR_OK [2012/02/20 14:52:42.533344, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000001a-0000-0000-424f-aac0596c0000 enum_index : 0x0000000a (10) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2012/02/20 14:52:42.534319, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 1A 00 00 00 00 00 00 00 42 4F AA C0 ........ ....BO.. [0010] 59 6C 00 00 Yl.. [2012/02/20 14:52:42.534511, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\poe] [2012/02/20 14:52:42.534611, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0014 (20) size : 0x0024 (36) name : * name : 'StartTime' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x00 (0) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2012/02/20 14:52:42.535667, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000001a-0000-0000-424f-aac0596c0000 enum_index : 0x0000000b (11) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2012/02/20 14:52:42.536619, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 1A 00 00 00 00 00 00 00 42 4F AA C0 ........ ....BO.. [0010] 59 6C 00 00 Yl.. [2012/02/20 14:52:42.536807, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\poe] [2012/02/20 14:52:42.536903, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0014 (20) size : 0x0024 (36) name : * name : 'UntilTime' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x00 (0) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2012/02/20 14:52:42.537896, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000001a-0000-0000-424f-aac0596c0000 enum_index : 0x0000000c (12) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2012/02/20 14:52:42.539090, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 1A 00 00 00 00 00 00 00 42 4F AA C0 ........ ....BO.. [0010] 59 6C 00 00 Yl.. [2012/02/20 14:52:42.539298, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\poe] [2012/02/20 14:52:42.539400, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0024 (36) name : * name : 'ChangeID' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x6e (110) [1] : 0xef (239) [2] : 0xbe (190) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2012/02/20 14:52:42.540479, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000001a-0000-0000-424f-aac0596c0000 value_name : * value_name: struct winreg_String name_len : 0x0020 (32) name_size : 0x0020 (32) name : * name : 'Default DevMode' type : * type : REG_NONE (0) data : NULL data_size : * data_size : 0x00000000 (0) data_length : * data_length : 0x00000000 (0) [2012/02/20 14:52:42.541308, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 1A 00 00 00 00 00 00 00 42 4F AA C0 ........ ....BO.. [0010] 59 6C 00 00 Yl.. [2012/02/20 14:52:42.541492, 7] rpc_server/winreg/srv_winreg_nt.c:262(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\poe] [2012/02/20 14:52:42.541582, 7] rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2012/02/20 14:52:42.541675, 10] rpc_server/winreg/srv_winreg_nt.c:315(_winreg_QueryValue) _winreg_QueryValue: reg_queryvalue failed with: WERR_BADFILE [2012/02/20 14:52:42.541762, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_NONE (0) data : NULL data_size : * data_size : 0x00000000 (0) data_length : * data_length : 0x00000000 (0) result : WERR_BADFILE [2012/02/20 14:52:42.542392, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM in: struct winreg_OpenHKLM system_name : NULL access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2012/02/20 14:52:42.542942, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2012/02/20 14:52:42.543047, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (2->3) [2012/02/20 14:52:42.543141, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM] [2012/02/20 14:52:42.543229, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM] [2012/02/20 14:52:42.543317, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/02/20 14:52:42.543403, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0xb037c0 for key [\HKLM] [2012/02/20 14:52:42.543558, 10] registry/reg_backend_db.c:1871(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM] [2012/02/20 14:52:42.543690, 10] ../libcli/security/access_check.c:178(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2012/02/20 14:52:42.543790, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[3] [0000] 00 00 00 00 1B 00 00 00 00 00 00 00 42 4F AA C0 ........ ....BO.. [0010] 59 6C 00 00 Yl.. [2012/02/20 14:52:42.543989, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM out: struct winreg_OpenHKLM handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000001b-0000-0000-424f-aac0596c0000 result : WERR_OK [2012/02/20 14:52:42.544379, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey in: struct winreg_OpenKey parent_handle : * parent_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000001b-0000-0000-424f-aac0596c0000 keyname: struct winreg_String name_len : 0x0080 (128) name_size : 0x0080 (128) name : * name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\poe' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2012/02/20 14:52:42.545472, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 1B 00 00 00 00 00 00 00 42 4F AA C0 ........ ....BO.. [0010] 59 6C 00 00 Yl.. [2012/02/20 14:52:42.545702, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2012/02/20 14:52:42.545795, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (3->4) [2012/02/20 14:52:42.545889, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] [2012/02/20 14:52:42.545983, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE] [2012/02/20 14:52:42.546072, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/02/20 14:52:42.546157, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0xb037c0 for key [\HKLM\SOFTWARE] [2012/02/20 14:52:42.546310, 10] registry/reg_backend_db.c:1871(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE] [2012/02/20 14:52:42.546441, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2012/02/20 14:52:42.546535, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (4->5) [2012/02/20 14:52:42.546627, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] [2012/02/20 14:52:42.546714, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] [2012/02/20 14:52:42.546802, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/02/20 14:52:42.546887, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0xb037c0 for key [\HKLM\SOFTWARE\Microsoft] [2012/02/20 14:52:42.547033, 10] registry/reg_backend_db.c:1871(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft] [2012/02/20 14:52:42.547164, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (5->4) [2012/02/20 14:52:42.547255, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2012/02/20 14:52:42.547435, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (4->5) [2012/02/20 14:52:42.547565, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] [2012/02/20 14:52:42.547654, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] [2012/02/20 14:52:42.547745, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/02/20 14:52:42.547831, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0xb037c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] [2012/02/20 14:52:42.547987, 10] registry/reg_backend_db.c:1871(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT] [2012/02/20 14:52:42.548126, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (5->4) [2012/02/20 14:52:42.548234, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2012/02/20 14:52:42.548338, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (4->5) [2012/02/20 14:52:42.548433, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2012/02/20 14:52:42.548521, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2012/02/20 14:52:42.548612, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/02/20 14:52:42.548699, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0xb03a20 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2012/02/20 14:52:42.548864, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (5->4) [2012/02/20 14:52:42.548967, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2012/02/20 14:52:42.549060, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (4->5) [2012/02/20 14:52:42.549189, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2012/02/20 14:52:42.549279, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2012/02/20 14:52:42.549371, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/02/20 14:52:42.549457, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0xb03a20 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2012/02/20 14:52:42.549601, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (5->4) [2012/02/20 14:52:42.549693, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2012/02/20 14:52:42.549783, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (4->5) [2012/02/20 14:52:42.549877, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2012/02/20 14:52:42.549975, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2012/02/20 14:52:42.550067, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/02/20 14:52:42.550153, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0xb037c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2012/02/20 14:52:42.550301, 10] registry/reg_backend_db.c:1871(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2012/02/20 14:52:42.550438, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (5->4) [2012/02/20 14:52:42.550527, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [poe] [2012/02/20 14:52:42.550620, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (4->5) [2012/02/20 14:52:42.550714, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\poe] [2012/02/20 14:52:42.550802, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\poe] [2012/02/20 14:52:42.550893, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/02/20 14:52:42.550985, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0xb037c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\poe] [2012/02/20 14:52:42.551131, 10] registry/reg_backend_db.c:1871(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\poe] [2012/02/20 14:52:42.551268, 10] ../libcli/security/access_check.c:178(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2012/02/20 14:52:42.551362, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (5->4) [2012/02/20 14:52:42.551454, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[4] [0000] 00 00 00 00 1C 00 00 00 00 00 00 00 42 4F AA C0 ........ ....BO.. [0010] 59 6C 00 00 Yl.. [2012/02/20 14:52:42.551639, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey out: struct winreg_OpenKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000001c-0000-0000-424f-aac0596c0000 result : WERR_OK [2012/02/20 14:52:42.552166, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000001c-0000-0000-424f-aac0596c0000 value_name : * value_name: struct winreg_String name_len : 0x0012 (18) name_size : 0x0012 (18) name : * name : 'Security' type : * type : REG_NONE (0) data : NULL data_size : * data_size : 0x00000000 (0) data_length : * data_length : 0x00000000 (0) [2012/02/20 14:52:42.553045, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 1C 00 00 00 00 00 00 00 42 4F AA C0 ........ ....BO.. [0010] 59 6C 00 00 Yl.. [2012/02/20 14:52:42.553238, 7] rpc_server/winreg/srv_winreg_nt.c:262(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\poe] [2012/02/20 14:52:42.553328, 7] rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2012/02/20 14:52:42.553417, 10] registry/reg_dispatcher.c:150(fetch_reg_values) fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\poe' (ops 0xb037c0) [2012/02/20 14:52:42.553509, 10] registry/reg_backend_db.c:1764(regdb_fetch_values_internal) regdb_fetch_values: Looking for value of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\poe] [2012/02/20 14:52:42.553664, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) specific: [Attributes], len: 4 [2012/02/20 14:52:42.553758, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) specific: [Description], len: 2 [2012/02/20 14:52:42.553848, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) specific: [Datatype], len: 8 [2012/02/20 14:52:42.553938, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) specific: [Default Priority], len: 4 [2012/02/20 14:52:42.554036, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) specific: [Port], len: 38 [2012/02/20 14:52:42.554126, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) specific: [Name], len: 8 [2012/02/20 14:52:42.554215, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) specific: [Print Processor], len: 18 [2012/02/20 14:52:42.554306, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) specific: [Priority], len: 4 [2012/02/20 14:52:42.554396, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) specific: [Security], len: 248 [2012/02/20 14:52:42.554487, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) specific: [Share Name], len: 8 [2012/02/20 14:52:42.554577, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) specific: [StartTime], len: 4 [2012/02/20 14:52:42.554667, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) specific: [UntilTime], len: 4 [2012/02/20 14:52:42.554757, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) specific: [ChangeID], len: 4 [2012/02/20 14:52:42.554851, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_BINARY (3) data : NULL data_size : * data_size : 0x000000f8 (248) data_length : * data_length : 0x00000000 (0) result : WERR_OK [2012/02/20 14:52:42.555388, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000001c-0000-0000-424f-aac0596c0000 value_name : * value_name: struct winreg_String name_len : 0x0012 (18) name_size : 0x0012 (18) name : * name : 'Security' type : * type : REG_BINARY (3) data : * data: ARRAY(0) data_size : * data_size : 0x000000f8 (248) data_length : * data_length : 0x00000000 (0) [2012/02/20 14:52:42.556284, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 1C 00 00 00 00 00 00 00 42 4F AA C0 ........ ....BO.. [0010] 59 6C 00 00 Yl.. [2012/02/20 14:52:42.556472, 7] rpc_server/winreg/srv_winreg_nt.c:262(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\poe] [2012/02/20 14:52:42.556672, 7] rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2012/02/20 14:52:42.556827, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_BINARY (3) data : * data: ARRAY(248) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x04 (4) [3] : 0x80 (128) [4] : 0x14 (20) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) [8] : 0x24 (36) [9] : 0x00 (0) [10] : 0x00 (0) [11] : 0x00 (0) [12] : 0x00 (0) [13] : 0x00 (0) [14] : 0x00 (0) [15] : 0x00 (0) [16] : 0x34 (52) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) [20] : 0x01 (1) [21] : 0x02 (2) [22] : 0x00 (0) [23] : 0x00 (0) [24] : 0x00 (0) [25] : 0x00 (0) [26] : 0x00 (0) [27] : 0x05 (5) [28] : 0x20 (32) [29] : 0x00 (0) [30] : 0x00 (0) [31] : 0x00 (0) [32] : 0x20 (32) [33] : 0x02 (2) [34] : 0x00 (0) [35] : 0x00 (0) [36] : 0x01 (1) [37] : 0x02 (2) [38] : 0x00 (0) [39] : 0x00 (0) [40] : 0x00 (0) [41] : 0x00 (0) [42] : 0x00 (0) [43] : 0x05 (5) [44] : 0x20 (32) [45] : 0x00 (0) [46] : 0x00 (0) [47] : 0x00 (0) [48] : 0x20 (32) [49] : 0x02 (2) [50] : 0x00 (0) [51] : 0x00 (0) [52] : 0x02 (2) [53] : 0x00 (0) [54] : 0xc4 (196) [55] : 0x00 (0) [56] : 0x07 (7) [57] : 0x00 (0) [58] : 0x00 (0) [59] : 0x00 (0) [60] : 0x00 (0) [61] : 0x02 (2) [62] : 0x14 (20) [63] : 0x00 (0) [64] : 0x08 (8) [65] : 0x00 (0) [66] : 0x02 (2) [67] : 0x20 (32) [68] : 0x01 (1) [69] : 0x01 (1) [70] : 0x00 (0) [71] : 0x00 (0) [72] : 0x00 (0) [73] : 0x00 (0) [74] : 0x00 (0) [75] : 0x01 (1) [76] : 0x00 (0) [77] : 0x00 (0) [78] : 0x00 (0) [79] : 0x00 (0) [80] : 0x00 (0) [81] : 0x09 (9) [82] : 0x24 (36) [83] : 0x00 (0) [84] : 0x0c (12) [85] : 0x00 (0) [86] : 0x0f (15) [87] : 0x10 (16) [88] : 0x01 (1) [89] : 0x05 (5) [90] : 0x00 (0) [91] : 0x00 (0) [92] : 0x00 (0) [93] : 0x00 (0) [94] : 0x00 (0) [95] : 0x05 (5) [96] : 0x15 (21) [97] : 0x00 (0) [98] : 0x00 (0) [99] : 0x00 (0) [100] : 0xd3 (211) [101] : 0x42 (66) [102] : 0x9f (159) [103] : 0x90 (144) [104] : 0x94 (148) [105] : 0x5f (95) [106] : 0x64 (100) [107] : 0xfd (253) [108] : 0xeb (235) [109] : 0x17 (23) [110] : 0x72 (114) [111] : 0x3b (59) [112] : 0x00 (0) [113] : 0x02 (2) [114] : 0x00 (0) [115] : 0x00 (0) [116] : 0x00 (0) [117] : 0x02 (2) [118] : 0x24 (36) [119] : 0x00 (0) [120] : 0x0c (12) [121] : 0x00 (0) [122] : 0x0f (15) [123] : 0x10 (16) [124] : 0x01 (1) [125] : 0x05 (5) [126] : 0x00 (0) [127] : 0x00 (0) [128] : 0x00 (0) [129] : 0x00 (0) [130] : 0x00 (0) [131] : 0x05 (5) [132] : 0x15 (21) [133] : 0x00 (0) [134] : 0x00 (0) [135] : 0x00 (0) [136] : 0xd3 (211) [137] : 0x42 (66) [138] : 0x9f (159) [139] : 0x90 (144) [140] : 0x94 (148) [141] : 0x5f (95) [142] : 0x64 (100) [143] : 0xfd (253) [144] : 0xeb (235) [145] : 0x17 (23) [146] : 0x72 (114) [147] : 0x3b (59) [148] : 0x00 (0) [149] : 0x02 (2) [150] : 0x00 (0) [151] : 0x00 (0) [152] : 0x00 (0) [153] : 0x09 (9) [154] : 0x18 (24) [155] : 0x00 (0) [156] : 0x0c (12) [157] : 0x00 (0) [158] : 0x0f (15) [159] : 0x10 (16) [160] : 0x01 (1) [161] : 0x02 (2) [162] : 0x00 (0) [163] : 0x00 (0) [164] : 0x00 (0) [165] : 0x00 (0) [166] : 0x00 (0) [167] : 0x05 (5) [168] : 0x20 (32) [169] : 0x00 (0) [170] : 0x00 (0) [171] : 0x00 (0) [172] : 0x20 (32) [173] : 0x02 (2) [174] : 0x00 (0) [175] : 0x00 (0) [176] : 0x00 (0) [177] : 0x02 (2) [178] : 0x18 (24) [179] : 0x00 (0) [180] : 0x0c (12) [181] : 0x00 (0) [182] : 0x0f (15) [183] : 0x10 (16) [184] : 0x01 (1) [185] : 0x02 (2) [186] : 0x00 (0) [187] : 0x00 (0) [188] : 0x00 (0) [189] : 0x00 (0) [190] : 0x00 (0) [191] : 0x05 (5) [192] : 0x20 (32) [193] : 0x00 (0) [194] : 0x00 (0) [195] : 0x00 (0) [196] : 0x20 (32) [197] : 0x02 (2) [198] : 0x00 (0) [199] : 0x00 (0) [200] : 0x00 (0) [201] : 0x09 (9) [202] : 0x18 (24) [203] : 0x00 (0) [204] : 0x0c (12) [205] : 0x00 (0) [206] : 0x0f (15) [207] : 0x10 (16) [208] : 0x01 (1) [209] : 0x02 (2) [210] : 0x00 (0) [211] : 0x00 (0) [212] : 0x00 (0) [213] : 0x00 (0) [214] : 0x00 (0) [215] : 0x05 (5) [216] : 0x20 (32) [217] : 0x00 (0) [218] : 0x00 (0) [219] : 0x00 (0) [220] : 0x26 (38) [221] : 0x02 (2) [222] : 0x00 (0) [223] : 0x00 (0) [224] : 0x00 (0) [225] : 0x02 (2) [226] : 0x18 (24) [227] : 0x00 (0) [228] : 0x0c (12) [229] : 0x00 (0) [230] : 0x0f (15) [231] : 0x10 (16) [232] : 0x01 (1) [233] : 0x02 (2) [234] : 0x00 (0) [235] : 0x00 (0) [236] : 0x00 (0) [237] : 0x00 (0) [238] : 0x00 (0) [239] : 0x05 (5) [240] : 0x20 (32) [241] : 0x00 (0) [242] : 0x00 (0) [243] : 0x00 (0) [244] : 0x26 (38) [245] : 0x02 (2) [246] : 0x00 (0) [247] : 0x00 (0) data_size : * data_size : 0x000000f8 (248) data_length : * data_length : 0x000000f8 (248) result : WERR_OK [2012/02/20 14:52:42.568292, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000001c-0000-0000-424f-aac0596c0000 [2012/02/20 14:52:42.568685, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 1C 00 00 00 00 00 00 00 42 4F AA C0 ........ ....BO.. [0010] 59 6C 00 00 Yl.. [2012/02/20 14:52:42.568911, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 1C 00 00 00 00 00 00 00 42 4F AA C0 ........ ....BO.. [0010] 59 6C 00 00 Yl.. [2012/02/20 14:52:42.569141, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/02/20 14:52:42.569247, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (4->3) [2012/02/20 14:52:42.569347, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2012/02/20 14:52:42.569772, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000001b-0000-0000-424f-aac0596c0000 [2012/02/20 14:52:42.570274, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 1B 00 00 00 00 00 00 00 42 4F AA C0 ........ ....BO.. [0010] 59 6C 00 00 Yl.. [2012/02/20 14:52:42.570585, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 1B 00 00 00 00 00 00 00 42 4F AA C0 ........ ....BO.. [0010] 59 6C 00 00 Yl.. [2012/02/20 14:52:42.570777, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/02/20 14:52:42.570865, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (3->2) [2012/02/20 14:52:42.570956, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2012/02/20 14:52:42.571354, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000001a-0000-0000-424f-aac0596c0000 [2012/02/20 14:52:42.571692, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 1A 00 00 00 00 00 00 00 42 4F AA C0 ........ ....BO.. [0010] 59 6C 00 00 Yl.. [2012/02/20 14:52:42.571876, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 1A 00 00 00 00 00 00 00 42 4F AA C0 ........ ....BO.. [0010] 59 6C 00 00 Yl.. [2012/02/20 14:52:42.572065, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/02/20 14:52:42.572160, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (2->1) [2012/02/20 14:52:42.572249, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2012/02/20 14:52:42.572617, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000019-0000-0000-424f-aac0596c0000 [2012/02/20 14:52:42.572917, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 19 00 00 00 00 00 00 00 42 4F AA C0 ........ ....BO.. [0010] 59 6C 00 00 Yl.. [2012/02/20 14:52:42.573135, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 19 00 00 00 00 00 00 00 42 4F AA C0 ........ ....BO.. [0010] 59 6C 00 00 Yl.. [2012/02/20 14:52:42.573322, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/02/20 14:52:42.573409, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (1->0) [2012/02/20 14:52:42.573530, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2012/02/20 14:52:42.574089, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) spoolss_GetPrinter: struct spoolss_GetPrinter out: struct spoolss_GetPrinter info : * info : union spoolss_PrinterInfo(case 2) info2: struct spoolss_PrinterInfo2 servername : * servername : '\\earth' printername : * printername : '\\earth\poe' sharename : * sharename : 'poe' portname : * portname : 'Samba Printer Port' drivername : * drivername : '' comment : * comment : 'Double sided LaserJet 5m by fax machine' location : * location : 'Fax Machine' devmode : * devmode: struct spoolss_DeviceMode devicename : '\\earth\poe' specversion : DMSPEC_NT4_AND_ABOVE (1025) driverversion : 0x0400 (1024) size : 0x00dc (220) __driverextra_length : 0x0000 (0) fields : 0x00014713 (83731) 1: DEVMODE_ORIENTATION 1: DEVMODE_PAPERSIZE 0: DEVMODE_PAPERLENGTH 0: DEVMODE_PAPERWIDTH 1: DEVMODE_SCALE 0: DEVMODE_POSITION 0: DEVMODE_NUP 1: DEVMODE_COPIES 1: DEVMODE_DEFAULTSOURCE 1: DEVMODE_PRINTQUALITY 0: DEVMODE_COLOR 0: DEVMODE_DUPLEX 0: DEVMODE_YRESOLUTION 1: DEVMODE_TTOPTION 0: DEVMODE_COLLATE 1: DEVMODE_FORMNAME 0: DEVMODE_LOGPIXELS 0: DEVMODE_BITSPERPEL 0: DEVMODE_PELSWIDTH 0: DEVMODE_PELSHEIGHT 0: DEVMODE_DISPLAYFLAGS 0: DEVMODE_DISPLAYFREQUENCY 0: DEVMODE_ICMMETHOD 0: DEVMODE_ICMINTENT 0: DEVMODE_MEDIATYPE 0: DEVMODE_DITHERTYPE 0: DEVMODE_PANNINGWIDTH 0: DEVMODE_PANNINGHEIGHT orientation : DMORIENT_PORTRAIT (1) papersize : DMPAPER_LETTER (1) paperlength : 0x0000 (0) paperwidth : 0x0000 (0) scale : 0x0064 (100) copies : 0x0001 (1) defaultsource : DMBIN_FORMSOURCE (15) printquality : DMRES_HIGH (65532) color : DMRES_MONOCHROME (1) duplex : DMDUP_SIMPLEX (1) yresolution : 0x0000 (0) ttoption : DMTT_SUBDEV (3) collate : DMCOLLATE_FALSE (0) formname : 'Letter' logpixels : 0x0000 (0) bitsperpel : 0x00000000 (0) pelswidth : 0x00000000 (0) pelsheight : 0x00000000 (0) displayflags : UNKNOWN_ENUM_VALUE (0) displayfrequency : 0x00000000 (0) icmmethod : UNKNOWN_ENUM_VALUE (0) icmintent : UNKNOWN_ENUM_VALUE (0) mediatype : UNKNOWN_ENUM_VALUE (0) dithertype : UNKNOWN_ENUM_VALUE (0) reserved1 : 0x00000000 (0) reserved2 : 0x00000000 (0) panningwidth : 0x00000000 (0) panningheight : 0x00000000 (0) driverextra_data : DATA_BLOB length=0 sepfile : * sepfile : '' printprocessor : * printprocessor : 'winprint' datatype : * datatype : 'RAW' parameters : * parameters : '' secdesc : * secdesc: struct security_descriptor revision : SECURITY_DESCRIPTOR_REVISION_1 (1) type : 0x8004 (32772) 0: SEC_DESC_OWNER_DEFAULTED 0: SEC_DESC_GROUP_DEFAULTED 1: SEC_DESC_DACL_PRESENT 0: SEC_DESC_DACL_DEFAULTED 0: SEC_DESC_SACL_PRESENT 0: SEC_DESC_SACL_DEFAULTED 0: SEC_DESC_DACL_TRUSTED 0: SEC_DESC_SERVER_SECURITY 0: SEC_DESC_DACL_AUTO_INHERIT_REQ 0: SEC_DESC_SACL_AUTO_INHERIT_REQ 0: SEC_DESC_DACL_AUTO_INHERITED 0: SEC_DESC_SACL_AUTO_INHERITED 0: SEC_DESC_DACL_PROTECTED 0: SEC_DESC_SACL_PROTECTED 0: SEC_DESC_RM_CONTROL_VALID 1: SEC_DESC_SELF_RELATIVE owner_sid : * owner_sid : S-1-5-32-544 group_sid : * group_sid : S-1-5-32-544 sacl : NULL dacl : * dacl: struct security_acl revision : SECURITY_ACL_REVISION_NT4 (2) size : 0x00c4 (196) num_aces : 0x00000007 (7) aces: ARRAY(7) aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x02 (2) 0: SEC_ACE_FLAG_OBJECT_INHERIT 1: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 0: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0014 (20) access_mask : 0x20020008 (537001992) object : union security_ace_object_ctr(case 0) trustee : S-1-1-0 aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x09 (9) 1: SEC_ACE_FLAG_OBJECT_INHERIT 0: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 1: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x09: SEC_ACE_FLAG_VALID_INHERIT (9) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0024 (36) access_mask : 0x100f000c (269418508) object : union security_ace_object_ctr(case 0) trustee : S-1-5-21-2426356435-4251213716-997332971-512 aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x02 (2) 0: SEC_ACE_FLAG_OBJECT_INHERIT 1: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 0: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0024 (36) access_mask : 0x100f000c (269418508) object : union security_ace_object_ctr(case 0) trustee : S-1-5-21-2426356435-4251213716-997332971-512 aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x09 (9) 1: SEC_ACE_FLAG_OBJECT_INHERIT 0: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 1: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x09: SEC_ACE_FLAG_VALID_INHERIT (9) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0018 (24) access_mask : 0x100f000c (269418508) object : union security_ace_object_ctr(case 0) trustee : S-1-5-32-544 aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x02 (2) 0: SEC_ACE_FLAG_OBJECT_INHERIT 1: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 0: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0018 (24) access_mask : 0x100f000c (269418508) object : union security_ace_object_ctr(case 0) trustee : S-1-5-32-544 aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x09 (9) 1: SEC_ACE_FLAG_OBJECT_INHERIT 0: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 1: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x09: SEC_ACE_FLAG_VALID_INHERIT (9) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0018 (24) access_mask : 0x100f000c (269418508) object : union security_ace_object_ctr(case 0) trustee : S-1-5-32-550 aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x02 (2) 0: SEC_ACE_FLAG_OBJECT_INHERIT 1: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 0: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0018 (24) access_mask : 0x100f000c (269418508) object : union security_ace_object_ctr(case 0) trustee : S-1-5-32-550 attributes : 0x00001048 (4168) 0: PRINTER_ATTRIBUTE_QUEUED 0: PRINTER_ATTRIBUTE_DIRECT 0: PRINTER_ATTRIBUTE_DEFAULT 1: PRINTER_ATTRIBUTE_SHARED 0: PRINTER_ATTRIBUTE_NETWORK 0: PRINTER_ATTRIBUTE_HIDDEN 1: PRINTER_ATTRIBUTE_LOCAL 0: PRINTER_ATTRIBUTE_ENABLE_DEVQ 0: PRINTER_ATTRIBUTE_KEEPPRINTEDJOBS 0: PRINTER_ATTRIBUTE_DO_COMPLETE_FIRST 0: PRINTER_ATTRIBUTE_WORK_OFFLINE 0: PRINTER_ATTRIBUTE_ENABLE_BIDI 1: PRINTER_ATTRIBUTE_RAW_ONLY 0: PRINTER_ATTRIBUTE_PUBLISHED 0: PRINTER_ATTRIBUTE_FAX 0: PRINTER_ATTRIBUTE_TS priority : 0x00000001 (1) defaultpriority : 0x00000001 (1) starttime : 0x00000000 (0) untiltime : 0x00000000 (0) status : 0x00000000 (0) 0: PRINTER_STATUS_PAUSED 0: PRINTER_STATUS_ERROR 0: PRINTER_STATUS_PENDING_DELETION 0: PRINTER_STATUS_PAPER_JAM 0: PRINTER_STATUS_PAPER_OUT 0: PRINTER_STATUS_MANUAL_FEED 0: PRINTER_STATUS_PAPER_PROBLEM 0: PRINTER_STATUS_OFFLINE 0: PRINTER_STATUS_IO_ACTIVE 0: PRINTER_STATUS_BUSY 0: PRINTER_STATUS_PRINTING 0: PRINTER_STATUS_OUTPUT_BIN_FULL 0: PRINTER_STATUS_NOT_AVAILABLE 0: PRINTER_STATUS_WAITING 0: PRINTER_STATUS_PROCESSING 0: PRINTER_STATUS_INITIALIZING 0: PRINTER_STATUS_WARMING_UP 0: PRINTER_STATUS_TONER_LOW 0: PRINTER_STATUS_NO_TONER 0: PRINTER_STATUS_PAGE_PUNT 0: PRINTER_STATUS_USER_INTERVENTION 0: PRINTER_STATUS_OUT_OF_MEMORY 0: PRINTER_STATUS_DOOR_OPEN 0: PRINTER_STATUS_SERVER_UNKNOWN 0: PRINTER_STATUS_POWER_SAVE cjobs : 0x00000000 (0) averageppm : 0x00000000 (0) needed : * needed : 0x00000328 (808) result : WERR_OK [2012/02/20 14:52:42.586739, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP) api_rpcTNP: called \spoolss successfully [2012/02/20 14:52:42.586860, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 4140 [2012/02/20 14:52:42.586990, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) name: \spoolss len: 4136 [2012/02/20 14:52:42.587126, 10] rpc_server/srv_pipe_hnd.c:346(read_from_internal_pipe) read_from_pipe: \spoolss: fault_state = 0 : data_sent_length = 0, p->out_data.rdata.length = 4112. [2012/02/20 14:52:42.587240, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) &r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_RESPONSE (2) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x1028 (4136) auth_length : 0x0000 (0) call_id : 0x00000004 (4) u : union dcerpc_payload(case 2) response: struct dcerpc_response alloc_hint : 0x00001010 (4112) context_id : 0x0000 (0) cancel_count : 0x00 (0) _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=4112 [0000] 04 00 02 00 00 10 00 00 F0 0F 00 00 D8 0F 00 00 ........ ........ [0010] D0 0F 00 00 AA 0F 00 00 A8 0F 00 00 58 0F 00 00 ........ ....X... [0020] 40 0F 00 00 44 0E 00 00 3E 0F 00 00 2C 0F 00 00 @...D... >...,... [0030] 24 0F 00 00 22 0F 00 00 4C 0D 00 00 48 10 00 00 $..."... L...H... [0040] 01 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0200] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0210] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0220] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0230] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0240] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0250] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0260] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0270] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0280] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0290] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0300] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0310] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0320] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0330] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0340] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0350] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0360] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0370] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0380] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0390] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0400] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0410] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0420] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0430] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0440] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0450] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0460] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0470] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0480] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0490] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0500] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0510] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0520] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0530] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0540] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0550] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0560] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0570] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0580] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0590] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0600] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0610] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0620] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0630] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0640] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0650] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0660] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0670] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0680] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0690] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0700] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0710] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0720] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0730] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0740] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0750] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0760] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0770] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0780] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0790] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0800] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0810] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0820] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0830] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0840] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0850] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0860] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0870] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0880] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0890] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0900] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0910] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0920] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0930] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0940] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0950] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0960] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0970] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0980] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0990] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D50] 00 00 00 00 01 00 04 80 D8 00 00 00 E8 00 00 00 ........ ........ [0D60] 00 00 00 00 14 00 00 00 02 00 C4 00 07 00 00 00 ........ ........ [0D70] 00 02 14 00 08 00 02 20 01 01 00 00 00 00 00 01 ....... ........ [0D80] 00 00 00 00 00 09 24 00 0C 00 0F 10 01 05 00 00 ......$. ........ [0D90] 00 00 00 05 15 00 00 00 D3 42 9F 90 94 5F 64 FD ........ .B..._d. [0DA0] EB 17 72 3B 00 02 00 00 00 02 24 00 0C 00 0F 10 ..r;.... ..$..... [0DB0] 01 05 00 00 00 00 00 05 15 00 00 00 D3 42 9F 90 ........ .....B.. [0DC0] 94 5F 64 FD EB 17 72 3B 00 02 00 00 00 09 18 00 ._d...r; ........ [0DD0] 0C 00 0F 10 01 02 00 00 00 00 00 05 20 00 00 00 ........ .... ... [0DE0] 20 02 00 00 00 02 18 00 0C 00 0F 10 01 02 00 00 ....... ........ [0DF0] 00 00 00 05 20 00 00 00 20 02 00 00 00 09 18 00 .... ... ....... [0E00] 0C 00 0F 10 01 02 00 00 00 00 00 05 20 00 00 00 ........ .... ... [0E10] 26 02 00 00 00 02 18 00 0C 00 0F 10 01 02 00 00 &....... ........ [0E20] 00 00 00 05 20 00 00 00 26 02 00 00 01 02 00 00 .... ... &....... [0E30] 00 00 00 05 20 00 00 00 20 02 00 00 01 02 00 00 .... ... ....... [0E40] 00 00 00 05 20 00 00 00 20 02 00 00 5C 00 5C 00 .... ... ...\.\. [0E50] 65 00 61 00 72 00 74 00 68 00 5C 00 70 00 6F 00 e.a.r.t. h.\.p.o. [0E60] 65 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e....... ........ [0E70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E80] 00 00 00 00 00 00 00 00 00 00 00 00 01 04 00 04 ........ ........ [0E90] DC 00 00 00 13 47 01 00 01 00 01 00 00 00 00 00 .....G.. ........ [0EA0] 64 00 01 00 0F 00 FC FF 01 00 01 00 00 00 03 00 d....... ........ [0EB0] 00 00 4C 00 65 00 74 00 74 00 65 00 72 00 00 00 ..L.e.t. t.e.r... [0EC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0ED0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F20] 00 00 00 00 00 00 00 00 00 00 00 00 52 00 41 00 ........ ....R.A. [0F30] 57 00 00 00 77 00 69 00 6E 00 70 00 72 00 69 00 W...w.i. n.p.r.i. [0F40] 6E 00 74 00 00 00 00 00 46 00 61 00 78 00 20 00 n.t..... F.a.x. . [0F50] 4D 00 61 00 63 00 68 00 69 00 6E 00 65 00 00 00 M.a.c.h. i.n.e... [0F60] 44 00 6F 00 75 00 62 00 6C 00 65 00 20 00 73 00 D.o.u.b. l.e. .s. [0F70] 69 00 64 00 65 00 64 00 20 00 4C 00 61 00 73 00 i.d.e.d. .L.a.s. [0F80] 65 00 72 00 4A 00 65 00 74 00 20 00 35 00 6D 00 e.r.J.e. t. .5.m. [0F90] 20 00 62 00 79 00 20 00 66 00 61 00 78 00 20 00 .b.y. . f.a.x. . [0FA0] 6D 00 61 00 63 00 68 00 69 00 6E 00 65 00 00 00 m.a.c.h. i.n.e... [0FB0] 00 00 53 00 61 00 6D 00 62 00 61 00 20 00 50 00 ..S.a.m. b.a. .P. [0FC0] 72 00 69 00 6E 00 74 00 65 00 72 00 20 00 50 00 r.i.n.t. e.r. .P. [0FD0] 6F 00 72 00 74 00 00 00 70 00 6F 00 65 00 00 00 o.r.t... p.o.e... [0FE0] 5C 00 5C 00 65 00 61 00 72 00 74 00 68 00 5C 00 \.\.e.a. r.t.h.\. [0FF0] 70 00 6F 00 65 00 00 00 5C 00 5C 00 65 00 61 00 p.o.e... \.\.e.a. [1000] 72 00 74 00 68 00 00 00 28 03 00 00 00 00 00 00 r.t.h... (....... [2012/02/20 14:52:42.612976, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) free_pipe_context: destroying talloc pool of size 4092 [2012/02/20 14:52:42.613137, 10] rpc_server/rpc_handles.c:307(close_policy_by_pipe) close_policy_by_pipe: deleted handle list for pipe \winreg [2012/02/20 14:52:42.613263, 10] rpc_server/srv_pipe_hnd.c:788(np_read_recv) Received 4136 bytes. There is no more data outstanding [2012/02/20 14:52:42.613360, 5] smbd/ipc.c:62(copy_trans_params_and_data) copy_trans_params_and_data: params[0..0] data[0..4136] (align 0) [2012/02/20 14:52:42.613454, 5] lib/util.c:332(show_msg) [2012/02/20 14:52:42.613504, 5] lib/util.c:342(show_msg) size=4192 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=2 smb_pid=1620 smb_uid=100 smb_mid=22977 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 4136 (0x1028) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 4136 (0x1028) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=4137 [2012/02/20 14:52:42.614328, 10] ../lib/util/util.c:415(dump_data) [0000] 00 05 00 02 03 10 00 00 00 28 10 00 00 04 00 00 ........ .(...... [0010] 00 10 10 00 00 00 00 00 00 04 00 02 00 00 10 00 ........ ........ [0020] 00 F0 0F 00 00 D8 0F 00 00 D0 0F 00 00 AA 0F 00 ........ ........ [0030] 00 A8 0F 00 00 58 0F 00 00 40 0F 00 00 44 0E 00 .....X.. .@...D.. [0040] 00 3E 0F 00 00 2C 0F 00 00 24 0F 00 00 22 0F 00 .>...,.. .$...".. [0050] 00 4C 0D 00 00 48 10 00 00 01 00 00 00 01 00 00 .L...H.. ........ [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [2012/02/20 14:52:42.617714, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 148 [2012/02/20 14:52:42.617909, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x94 [2012/02/20 14:52:42.618012, 3] smbd/process.c:1662(process_smb) Transaction 40 of length 152 (0 toread) [2012/02/20 14:52:42.618100, 5] lib/util.c:332(show_msg) [2012/02/20 14:52:42.618150, 5] lib/util.c:342(show_msg) size=148 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=1620 smb_uid=100 smb_mid=23041 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 64 (0x40) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4136 (0x1028) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 64 (0x40) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=15584 (0x3CE0) smb_bcc=81 [2012/02/20 14:52:42.619182, 10] ../lib/util/util.c:415(dump_data) [0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [0010] 00 05 00 00 03 10 00 00 00 40 00 00 00 05 00 00 ........ .@...... [0020] 00 28 00 00 00 00 00 04 00 00 00 00 00 0D 00 00 .(...... ........ [0030] 00 00 00 00 00 42 4F AA C0 59 6C 00 00 00 00 00 .....BO. .Yl..... [0040] 00 FF FF FF FF 02 00 00 00 00 00 00 00 00 00 00 ........ ........ [0050] 00 . [2012/02/20 14:52:42.619663, 3] smbd/process.c:1467(switch_message) switch message SMBtrans (pid 27737) conn 0x9697a50 [2012/02/20 14:52:42.619755, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/02/20 14:52:42.619853, 3] smbd/ipc.c:560(handle_trans) trans <\PIPE\> data=64 params=0 setup=2 [2012/02/20 14:52:42.619945, 5] smbd/ipc.c:593(handle_trans) calling named_pipe [2012/02/20 14:52:42.620037, 3] smbd/ipc.c:511(named_pipe) named pipe command on <> name [2012/02/20 14:52:42.620123, 5] smbd/ipc.c:434(api_fd_reply) api_fd_reply [2012/02/20 14:52:42.620208, 3] smbd/ipc.c:475(api_fd_reply) Got API command 0x26 on pipe "spoolss" (pnum 3ce0) [2012/02/20 14:52:42.620295, 10] smbd/ipc.c:477(api_fd_reply) api_fd_reply: p:0x9617028 max_trans_reply: 4136 [2012/02/20 14:52:42.620396, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 64 [2012/02/20 14:52:42.620496, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 64 [2012/02/20 14:52:42.620588, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 64 [2012/02/20 14:52:42.620678, 10] rpc_server/srv_pipe_hnd.c:50(fill_rpc_header) fill_rpc_header: data_to_copy = 64, len_needed_to_complete_hdr = 16, receive_len = 0 [2012/02/20 14:52:42.620768, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 16 [2012/02/20 14:52:42.620853, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 48 [2012/02/20 14:52:42.620939, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 48 [2012/02/20 14:52:42.621039, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 0 [2012/02/20 14:52:42.621125, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 48 [2012/02/20 14:52:42.621212, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 48, incoming data = 48 [2012/02/20 14:52:42.621302, 10] rpc_server/srv_pipe.c:1877(process_complete_pdu) PDU is in Little Endian format! [2012/02/20 14:52:42.621401, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_REQUEST (0) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0040 (64) auth_length : 0x0000 (0) call_id : 0x00000005 (5) u : union dcerpc_payload(case 0) request: struct dcerpc_request alloc_hint : 0x00000028 (40) context_id : 0x0000 (0) opnum : 0x0004 (4) object : union dcerpc_object(case 0) empty: struct dcerpc_empty _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=40 [0000] 00 00 00 00 0D 00 00 00 00 00 00 00 42 4F AA C0 ........ ....BO.. [0010] 59 6C 00 00 00 00 00 00 FF FF FF FF 02 00 00 00 Yl...... ........ [0020] 00 00 00 00 00 00 00 00 ........ [2012/02/20 14:52:42.622656, 10] rpc_server/srv_pipe.c:1890(process_complete_pdu) Processing packet type 0 [2012/02/20 14:52:42.622745, 10] rpc_server/srv_pipe.c:1734(dcesrv_auth_request) Checking request auth. [2012/02/20 14:52:42.622941, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) Requested \PIPE\\spoolss [2012/02/20 14:52:42.623084, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) api_rpcTNP: \spoolss op 0x4 - api_rpcTNP: rpc command: SPOOLSS_ENUMJOBS [2012/02/20 14:52:42.623205, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) api_rpc_cmds[4].fn == 0x4424e0 [2012/02/20 14:52:42.623332, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) spoolss_EnumJobs: struct spoolss_EnumJobs in: struct spoolss_EnumJobs handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000000d-0000-0000-424f-aac0596c0000 firstjob : 0x00000000 (0) numjobs : 0xffffffff (4294967295) level : 0x00000002 (2) buffer : NULL offered : 0x00000000 (0) [2012/02/20 14:52:42.624195, 4] rpc_server/spoolss/srv_spoolss_nt.c:7060(_spoolss_EnumJobs) _spoolss_EnumJobs [2012/02/20 14:52:42.624370, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 0D 00 00 00 00 00 00 00 42 4F AA C0 ........ ....BO.. [0010] 59 6C 00 00 Yl.. [2012/02/20 14:52:42.624907, 4] rpc_server/spoolss/srv_spoolss_nt.c:504(get_printer_snum) short name:poe [2012/02/20 14:52:42.625084, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) Create pipe requested \winreg [2012/02/20 14:52:42.625462, 10] rpc_server/rpc_handles.c:116(init_pipe_handles) init_pipe_handle_list: created handle list for pipe \winreg [2012/02/20 14:52:42.625806, 10] rpc_server/rpc_handles.c:133(init_pipe_handles) init_pipe_handle_list: pipe_handles ref count = 1 for pipe \winreg [2012/02/20 14:52:42.626187, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) Created internal pipe \winreg (pipes_open=0) [2012/02/20 14:52:42.626436, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM in: struct winreg_OpenHKLM system_name : NULL access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2012/02/20 14:52:42.627391, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2012/02/20 14:52:42.627566, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(7000, 1001) : sec_ctx_stack_ndx = 1 [2012/02/20 14:52:42.627717, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(100) : conn_ctx_stack_ndx = 0 [2012/02/20 14:52:42.627853, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2012/02/20 14:52:42.628003, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2012/02/20 14:52:42.628135, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2012/02/20 14:52:42.628519, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (7000, 1001) - sec_ctx_stack_ndx = 0 [2012/02/20 14:52:42.628688, 10] registry/reg_backend_db.c:602(regdb_open) regdb_open: registry db opened. refcount reset (1) [2012/02/20 14:52:42.628844, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM] [2012/02/20 14:52:42.629004, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM] [2012/02/20 14:52:42.629154, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/02/20 14:52:42.629267, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0xb037c0 for key [\HKLM] [2012/02/20 14:52:42.629736, 10] registry/reg_backend_db.c:1871(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM] [2012/02/20 14:52:42.630241, 10] ../libcli/security/access_check.c:178(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2012/02/20 14:52:42.630588, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[1] [0000] 00 00 00 00 1D 00 00 00 00 00 00 00 42 4F AA C0 ........ ....BO.. [0010] 59 6C 00 00 Yl.. [2012/02/20 14:52:42.631214, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM out: struct winreg_OpenHKLM handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000001d-0000-0000-424f-aac0596c0000 result : WERR_OK [2012/02/20 14:52:42.631687, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey in: struct winreg_OpenKey parent_handle : * parent_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000001d-0000-0000-424f-aac0596c0000 keyname: struct winreg_String name_len : 0x0080 (128) name_size : 0x0080 (128) name : * name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\poe' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2012/02/20 14:52:42.632818, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 1D 00 00 00 00 00 00 00 42 4F AA C0 ........ ....BO.. [0010] 59 6C 00 00 Yl.. [2012/02/20 14:52:42.633137, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2012/02/20 14:52:42.633242, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (1->2) [2012/02/20 14:52:42.633341, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] [2012/02/20 14:52:42.633429, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE] [2012/02/20 14:52:42.633517, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/02/20 14:52:42.633609, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0xb037c0 for key [\HKLM\SOFTWARE] [2012/02/20 14:52:42.633788, 10] registry/reg_backend_db.c:1871(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE] [2012/02/20 14:52:42.633926, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2012/02/20 14:52:42.634040, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (2->3) [2012/02/20 14:52:42.634134, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] [2012/02/20 14:52:42.634222, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] [2012/02/20 14:52:42.634310, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/02/20 14:52:42.634394, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0xb037c0 for key [\HKLM\SOFTWARE\Microsoft] [2012/02/20 14:52:42.634539, 10] registry/reg_backend_db.c:1871(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft] [2012/02/20 14:52:42.634677, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (3->2) [2012/02/20 14:52:42.634768, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2012/02/20 14:52:42.634859, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (2->3) [2012/02/20 14:52:42.634954, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] [2012/02/20 14:52:42.635070, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] [2012/02/20 14:52:42.635160, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/02/20 14:52:42.635246, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0xb037c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] [2012/02/20 14:52:42.635389, 10] registry/reg_backend_db.c:1871(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT] [2012/02/20 14:52:42.635522, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (3->2) [2012/02/20 14:52:42.635618, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2012/02/20 14:52:42.635711, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (2->3) [2012/02/20 14:52:42.635804, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2012/02/20 14:52:42.635892, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2012/02/20 14:52:42.636001, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/02/20 14:52:42.636089, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0xb03a20 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2012/02/20 14:52:42.636257, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (3->2) [2012/02/20 14:52:42.636349, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2012/02/20 14:52:42.636473, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (2->3) [2012/02/20 14:52:42.636574, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2012/02/20 14:52:42.636664, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2012/02/20 14:52:42.636756, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/02/20 14:52:42.636841, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0xb03a20 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2012/02/20 14:52:42.637004, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (3->2) [2012/02/20 14:52:42.637096, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2012/02/20 14:52:42.637187, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (2->3) [2012/02/20 14:52:42.637280, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2012/02/20 14:52:42.637369, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2012/02/20 14:52:42.637460, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/02/20 14:52:42.637545, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0xb037c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2012/02/20 14:52:42.637697, 10] registry/reg_backend_db.c:1871(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2012/02/20 14:52:42.637834, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (3->2) [2012/02/20 14:52:42.637923, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [poe] [2012/02/20 14:52:42.638039, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (2->3) [2012/02/20 14:52:42.638136, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\poe] [2012/02/20 14:52:42.638225, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\poe] [2012/02/20 14:52:42.638317, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/02/20 14:52:42.638401, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0xb037c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\poe] [2012/02/20 14:52:42.638549, 10] registry/reg_backend_db.c:1871(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\poe] [2012/02/20 14:52:42.638693, 10] ../libcli/security/access_check.c:178(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2012/02/20 14:52:42.638789, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (3->2) [2012/02/20 14:52:42.638882, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[2] [0000] 00 00 00 00 1E 00 00 00 00 00 00 00 42 4F AA C0 ........ ....BO.. [0010] 59 6C 00 00 Yl.. [2012/02/20 14:52:42.639093, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey out: struct winreg_OpenKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000001e-0000-0000-424f-aac0596c0000 result : WERR_OK [2012/02/20 14:52:42.639527, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_QueryInfoKey: struct winreg_QueryInfoKey in: struct winreg_QueryInfoKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000001e-0000-0000-424f-aac0596c0000 classname : * classname: struct winreg_String name_len : 0x0000 (0) name_size : 0x0000 (0) name : NULL [2012/02/20 14:52:42.640053, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 1E 00 00 00 00 00 00 00 42 4F AA C0 ........ ....BO.. [0010] 59 6C 00 00 Yl.. [2012/02/20 14:52:42.640309, 10] registry/reg_dispatcher.c:150(fetch_reg_values) fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\poe' (ops 0xb037c0) [2012/02/20 14:52:42.640405, 10] registry/reg_backend_db.c:1764(regdb_fetch_values_internal) regdb_fetch_values: Looking for value of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\poe] [2012/02/20 14:52:42.640544, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) specific: [Attributes], len: 4 [2012/02/20 14:52:42.640641, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) specific: [Description], len: 2 [2012/02/20 14:52:42.640731, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) specific: [Datatype], len: 8 [2012/02/20 14:52:42.640820, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) specific: [Default Priority], len: 4 [2012/02/20 14:52:42.640910, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) specific: [Port], len: 38 [2012/02/20 14:52:42.641030, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) specific: [Name], len: 8 [2012/02/20 14:52:42.641123, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) specific: [Print Processor], len: 18 [2012/02/20 14:52:42.641214, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) specific: [Priority], len: 4 [2012/02/20 14:52:42.641304, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) specific: [Security], len: 248 [2012/02/20 14:52:42.641394, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) specific: [Share Name], len: 8 [2012/02/20 14:52:42.641484, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) specific: [StartTime], len: 4 [2012/02/20 14:52:42.641580, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) specific: [UntilTime], len: 4 [2012/02/20 14:52:42.641670, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) specific: [ChangeID], len: 4 [2012/02/20 14:52:42.641761, 10] registry/reg_backend_db.c:1871(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\poe] [2012/02/20 14:52:42.641902, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_QueryInfoKey: struct winreg_QueryInfoKey out: struct winreg_QueryInfoKey classname : * classname: struct winreg_String name_len : 0x0000 (0) name_size : 0x0000 (0) name : NULL num_subkeys : * num_subkeys : 0x00000003 (3) max_subkeylen : * max_subkeylen : 0x00000022 (34) max_classlen : * max_classlen : 0x00000000 (0) num_values : * num_values : 0x0000000d (13) max_valnamelen : * max_valnamelen : 0x00000022 (34) max_valbufsize : * max_valbufsize : 0x000000f8 (248) secdescsize : * secdescsize : 0x00000078 (120) last_changed_time : * last_changed_time : NTTIME(0) result : WERR_OK [2012/02/20 14:52:42.643029, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000001e-0000-0000-424f-aac0596c0000 enum_index : 0x00000000 (0) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2012/02/20 14:52:42.643947, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 1E 00 00 00 00 00 00 00 42 4F AA C0 ........ ....BO.. [0010] 59 6C 00 00 Yl.. [2012/02/20 14:52:42.644159, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\poe] [2012/02/20 14:52:42.644259, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0016 (22) size : 0x0024 (36) name : * name : 'Attributes' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x48 (72) [1] : 0x10 (16) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2012/02/20 14:52:42.645210, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000001e-0000-0000-424f-aac0596c0000 enum_index : 0x00000001 (1) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2012/02/20 14:52:42.646156, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 1E 00 00 00 00 00 00 00 42 4F AA C0 ........ ....BO.. [0010] 59 6C 00 00 Yl.. [2012/02/20 14:52:42.646341, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\poe] [2012/02/20 14:52:42.646437, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0018 (24) size : 0x0024 (36) name : * name : 'Description' type : * type : REG_SZ (1) value : * value: ARRAY(2) [0] : 0x00 (0) [1] : 0x00 (0) size : * size : 0x00000002 (2) length : * length : 0x00000002 (2) result : WERR_OK [2012/02/20 14:52:42.647325, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000001e-0000-0000-424f-aac0596c0000 enum_index : 0x00000002 (2) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2012/02/20 14:52:42.648247, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 1E 00 00 00 00 00 00 00 42 4F AA C0 ........ ....BO.. [0010] 59 6C 00 00 Yl.. [2012/02/20 14:52:42.648431, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\poe] [2012/02/20 14:52:42.648527, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0024 (36) name : * name : 'Datatype' type : * type : REG_SZ (1) value : * value: ARRAY(8) [0] : 0x52 (82) [1] : 0x00 (0) [2] : 0x41 (65) [3] : 0x00 (0) [4] : 0x57 (87) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) size : * size : 0x00000008 (8) length : * length : 0x00000008 (8) result : WERR_OK [2012/02/20 14:52:42.649674, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000001e-0000-0000-424f-aac0596c0000 enum_index : 0x00000003 (3) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2012/02/20 14:52:42.650607, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 1E 00 00 00 00 00 00 00 42 4F AA C0 ........ ....BO.. [0010] 59 6C 00 00 Yl.. [2012/02/20 14:52:42.650793, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\poe] [2012/02/20 14:52:42.650889, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0022 (34) size : 0x0024 (36) name : * name : 'Default Priority' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2012/02/20 14:52:42.651834, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000001e-0000-0000-424f-aac0596c0000 enum_index : 0x00000004 (4) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2012/02/20 14:52:42.652783, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 1E 00 00 00 00 00 00 00 42 4F AA C0 ........ ....BO.. [0010] 59 6C 00 00 Yl.. [2012/02/20 14:52:42.652985, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\poe] [2012/02/20 14:52:42.653089, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x000a (10) size : 0x0024 (36) name : * name : 'Port' type : * type : REG_SZ (1) value : * value: ARRAY(38) [0] : 0x53 (83) [1] : 0x00 (0) [2] : 0x61 (97) [3] : 0x00 (0) [4] : 0x6d (109) [5] : 0x00 (0) [6] : 0x62 (98) [7] : 0x00 (0) [8] : 0x61 (97) [9] : 0x00 (0) [10] : 0x20 (32) [11] : 0x00 (0) [12] : 0x50 (80) [13] : 0x00 (0) [14] : 0x72 (114) [15] : 0x00 (0) [16] : 0x69 (105) [17] : 0x00 (0) [18] : 0x6e (110) [19] : 0x00 (0) [20] : 0x74 (116) [21] : 0x00 (0) [22] : 0x65 (101) [23] : 0x00 (0) [24] : 0x72 (114) [25] : 0x00 (0) [26] : 0x20 (32) [27] : 0x00 (0) [28] : 0x50 (80) [29] : 0x00 (0) [30] : 0x6f (111) [31] : 0x00 (0) [32] : 0x72 (114) [33] : 0x00 (0) [34] : 0x74 (116) [35] : 0x00 (0) [36] : 0x00 (0) [37] : 0x00 (0) size : * size : 0x00000026 (38) length : * length : 0x00000026 (38) result : WERR_OK [2012/02/20 14:52:42.655572, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000001e-0000-0000-424f-aac0596c0000 enum_index : 0x00000005 (5) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2012/02/20 14:52:42.656505, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 1E 00 00 00 00 00 00 00 42 4F AA C0 ........ ....BO.. [0010] 59 6C 00 00 Yl.. [2012/02/20 14:52:42.656695, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\poe] [2012/02/20 14:52:42.656792, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x000a (10) size : 0x0024 (36) name : * name : 'Name' type : * type : REG_SZ (1) value : * value: ARRAY(8) [0] : 0x70 (112) [1] : 0x00 (0) [2] : 0x6f (111) [3] : 0x00 (0) [4] : 0x65 (101) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) size : * size : 0x00000008 (8) length : * length : 0x00000008 (8) result : WERR_OK [2012/02/20 14:52:42.657990, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000001e-0000-0000-424f-aac0596c0000 enum_index : 0x00000006 (6) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2012/02/20 14:52:42.658932, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 1E 00 00 00 00 00 00 00 42 4F AA C0 ........ ....BO.. [0010] 59 6C 00 00 Yl.. [2012/02/20 14:52:42.659143, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\poe] [2012/02/20 14:52:42.659241, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0020 (32) size : 0x0024 (36) name : * name : 'Print Processor' type : * type : REG_SZ (1) value : * value: ARRAY(18) [0] : 0x77 (119) [1] : 0x00 (0) [2] : 0x69 (105) [3] : 0x00 (0) [4] : 0x6e (110) [5] : 0x00 (0) [6] : 0x70 (112) [7] : 0x00 (0) [8] : 0x72 (114) [9] : 0x00 (0) [10] : 0x69 (105) [11] : 0x00 (0) [12] : 0x6e (110) [13] : 0x00 (0) [14] : 0x74 (116) [15] : 0x00 (0) [16] : 0x00 (0) [17] : 0x00 (0) size : * size : 0x00000012 (18) length : * length : 0x00000012 (18) result : WERR_OK [2012/02/20 14:52:42.661194, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000001e-0000-0000-424f-aac0596c0000 enum_index : 0x00000007 (7) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2012/02/20 14:52:42.662484, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 1E 00 00 00 00 00 00 00 42 4F AA C0 ........ ....BO.. [0010] 59 6C 00 00 Yl.. [2012/02/20 14:52:42.662722, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\poe] [2012/02/20 14:52:42.662826, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0024 (36) name : * name : 'Priority' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2012/02/20 14:52:42.663839, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000001e-0000-0000-424f-aac0596c0000 enum_index : 0x00000008 (8) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2012/02/20 14:52:42.664767, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 1E 00 00 00 00 00 00 00 42 4F AA C0 ........ ....BO.. [0010] 59 6C 00 00 Yl.. [2012/02/20 14:52:42.664954, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\poe] [2012/02/20 14:52:42.665083, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0024 (36) name : * name : 'Security' type : * type : REG_BINARY (3) value : * value: ARRAY(248) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x04 (4) [3] : 0x80 (128) [4] : 0x14 (20) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) [8] : 0x24 (36) [9] : 0x00 (0) [10] : 0x00 (0) [11] : 0x00 (0) [12] : 0x00 (0) [13] : 0x00 (0) [14] : 0x00 (0) [15] : 0x00 (0) [16] : 0x34 (52) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) [20] : 0x01 (1) [21] : 0x02 (2) [22] : 0x00 (0) [23] : 0x00 (0) [24] : 0x00 (0) [25] : 0x00 (0) [26] : 0x00 (0) [27] : 0x05 (5) [28] : 0x20 (32) [29] : 0x00 (0) [30] : 0x00 (0) [31] : 0x00 (0) [32] : 0x20 (32) [33] : 0x02 (2) [34] : 0x00 (0) [35] : 0x00 (0) [36] : 0x01 (1) [37] : 0x02 (2) [38] : 0x00 (0) [39] : 0x00 (0) [40] : 0x00 (0) [41] : 0x00 (0) [42] : 0x00 (0) [43] : 0x05 (5) [44] : 0x20 (32) [45] : 0x00 (0) [46] : 0x00 (0) [47] : 0x00 (0) [48] : 0x20 (32) [49] : 0x02 (2) [50] : 0x00 (0) [51] : 0x00 (0) [52] : 0x02 (2) [53] : 0x00 (0) [54] : 0xc4 (196) [55] : 0x00 (0) [56] : 0x07 (7) [57] : 0x00 (0) [58] : 0x00 (0) [59] : 0x00 (0) [60] : 0x00 (0) [61] : 0x02 (2) [62] : 0x14 (20) [63] : 0x00 (0) [64] : 0x08 (8) [65] : 0x00 (0) [66] : 0x02 (2) [67] : 0x20 (32) [68] : 0x01 (1) [69] : 0x01 (1) [70] : 0x00 (0) [71] : 0x00 (0) [72] : 0x00 (0) [73] : 0x00 (0) [74] : 0x00 (0) [75] : 0x01 (1) [76] : 0x00 (0) [77] : 0x00 (0) [78] : 0x00 (0) [79] : 0x00 (0) [80] : 0x00 (0) [81] : 0x09 (9) [82] : 0x24 (36) [83] : 0x00 (0) [84] : 0x0c (12) [85] : 0x00 (0) [86] : 0x0f (15) [87] : 0x10 (16) [88] : 0x01 (1) [89] : 0x05 (5) [90] : 0x00 (0) [91] : 0x00 (0) [92] : 0x00 (0) [93] : 0x00 (0) [94] : 0x00 (0) [95] : 0x05 (5) [96] : 0x15 (21) [97] : 0x00 (0) [98] : 0x00 (0) [99] : 0x00 (0) [100] : 0xd3 (211) [101] : 0x42 (66) [102] : 0x9f (159) [103] : 0x90 (144) [104] : 0x94 (148) [105] : 0x5f (95) [106] : 0x64 (100) [107] : 0xfd (253) [108] : 0xeb (235) [109] : 0x17 (23) [110] : 0x72 (114) [111] : 0x3b (59) [112] : 0x00 (0) [113] : 0x02 (2) [114] : 0x00 (0) [115] : 0x00 (0) [116] : 0x00 (0) [117] : 0x02 (2) [118] : 0x24 (36) [119] : 0x00 (0) [120] : 0x0c (12) [121] : 0x00 (0) [122] : 0x0f (15) [123] : 0x10 (16) [124] : 0x01 (1) [125] : 0x05 (5) [126] : 0x00 (0) [127] : 0x00 (0) [128] : 0x00 (0) [129] : 0x00 (0) [130] : 0x00 (0) [131] : 0x05 (5) [132] : 0x15 (21) [133] : 0x00 (0) [134] : 0x00 (0) [135] : 0x00 (0) [136] : 0xd3 (211) [137] : 0x42 (66) [138] : 0x9f (159) [139] : 0x90 (144) [140] : 0x94 (148) [141] : 0x5f (95) [142] : 0x64 (100) [143] : 0xfd (253) [144] : 0xeb (235) [145] : 0x17 (23) [146] : 0x72 (114) [147] : 0x3b (59) [148] : 0x00 (0) [149] : 0x02 (2) [150] : 0x00 (0) [151] : 0x00 (0) [152] : 0x00 (0) [153] : 0x09 (9) [154] : 0x18 (24) [155] : 0x00 (0) [156] : 0x0c (12) [157] : 0x00 (0) [158] : 0x0f (15) [159] : 0x10 (16) [160] : 0x01 (1) [161] : 0x02 (2) [162] : 0x00 (0) [163] : 0x00 (0) [164] : 0x00 (0) [165] : 0x00 (0) [166] : 0x00 (0) [167] : 0x05 (5) [168] : 0x20 (32) [169] : 0x00 (0) [170] : 0x00 (0) [171] : 0x00 (0) [172] : 0x20 (32) [173] : 0x02 (2) [174] : 0x00 (0) [175] : 0x00 (0) [176] : 0x00 (0) [177] : 0x02 (2) [178] : 0x18 (24) [179] : 0x00 (0) [180] : 0x0c (12) [181] : 0x00 (0) [182] : 0x0f (15) [183] : 0x10 (16) [184] : 0x01 (1) [185] : 0x02 (2) [186] : 0x00 (0) [187] : 0x00 (0) [188] : 0x00 (0) [189] : 0x00 (0) [190] : 0x00 (0) [191] : 0x05 (5) [192] : 0x20 (32) [193] : 0x00 (0) [194] : 0x00 (0) [195] : 0x00 (0) [196] : 0x20 (32) [197] : 0x02 (2) [198] : 0x00 (0) [199] : 0x00 (0) [200] : 0x00 (0) [201] : 0x09 (9) [202] : 0x18 (24) [203] : 0x00 (0) [204] : 0x0c (12) [205] : 0x00 (0) [206] : 0x0f (15) [207] : 0x10 (16) [208] : 0x01 (1) [209] : 0x02 (2) [210] : 0x00 (0) [211] : 0x00 (0) [212] : 0x00 (0) [213] : 0x00 (0) [214] : 0x00 (0) [215] : 0x05 (5) [216] : 0x20 (32) [217] : 0x00 (0) [218] : 0x00 (0) [219] : 0x00 (0) [220] : 0x26 (38) [221] : 0x02 (2) [222] : 0x00 (0) [223] : 0x00 (0) [224] : 0x00 (0) [225] : 0x02 (2) [226] : 0x18 (24) [227] : 0x00 (0) [228] : 0x0c (12) [229] : 0x00 (0) [230] : 0x0f (15) [231] : 0x10 (16) [232] : 0x01 (1) [233] : 0x02 (2) [234] : 0x00 (0) [235] : 0x00 (0) [236] : 0x00 (0) [237] : 0x00 (0) [238] : 0x00 (0) [239] : 0x05 (5) [240] : 0x20 (32) [241] : 0x00 (0) [242] : 0x00 (0) [243] : 0x00 (0) [244] : 0x26 (38) [245] : 0x02 (2) [246] : 0x00 (0) [247] : 0x00 (0) size : * size : 0x000000f8 (248) length : * length : 0x000000f8 (248) result : WERR_OK [2012/02/20 14:52:42.676585, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000001e-0000-0000-424f-aac0596c0000 enum_index : 0x00000009 (9) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2012/02/20 14:52:42.677531, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 1E 00 00 00 00 00 00 00 42 4F AA C0 ........ ....BO.. [0010] 59 6C 00 00 Yl.. [2012/02/20 14:52:42.677722, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\poe] [2012/02/20 14:52:42.677820, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0016 (22) size : 0x0024 (36) name : * name : 'Share Name' type : * type : REG_SZ (1) value : * value: ARRAY(8) [0] : 0x70 (112) [1] : 0x00 (0) [2] : 0x6f (111) [3] : 0x00 (0) [4] : 0x65 (101) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) size : * size : 0x00000008 (8) length : * length : 0x00000008 (8) result : WERR_OK [2012/02/20 14:52:42.678996, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000001e-0000-0000-424f-aac0596c0000 enum_index : 0x0000000a (10) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2012/02/20 14:52:42.679910, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 1E 00 00 00 00 00 00 00 42 4F AA C0 ........ ....BO.. [0010] 59 6C 00 00 Yl.. [2012/02/20 14:52:42.680119, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\poe] [2012/02/20 14:52:42.680218, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0014 (20) size : 0x0024 (36) name : * name : 'StartTime' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x00 (0) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2012/02/20 14:52:42.681187, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000001e-0000-0000-424f-aac0596c0000 enum_index : 0x0000000b (11) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2012/02/20 14:52:42.682187, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 1E 00 00 00 00 00 00 00 42 4F AA C0 ........ ....BO.. [0010] 59 6C 00 00 Yl.. [2012/02/20 14:52:42.682378, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\poe] [2012/02/20 14:52:42.682476, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0014 (20) size : 0x0024 (36) name : * name : 'UntilTime' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x00 (0) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2012/02/20 14:52:42.683455, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000001e-0000-0000-424f-aac0596c0000 enum_index : 0x0000000c (12) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2012/02/20 14:52:42.684378, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 1E 00 00 00 00 00 00 00 42 4F AA C0 ........ ....BO.. [0010] 59 6C 00 00 Yl.. [2012/02/20 14:52:42.684565, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\poe] [2012/02/20 14:52:42.684694, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0024 (36) name : * name : 'ChangeID' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x6e (110) [1] : 0xef (239) [2] : 0xbe (190) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2012/02/20 14:52:42.685708, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000001e-0000-0000-424f-aac0596c0000 value_name : * value_name: struct winreg_String name_len : 0x0020 (32) name_size : 0x0020 (32) name : * name : 'Default DevMode' type : * type : REG_NONE (0) data : NULL data_size : * data_size : 0x00000000 (0) data_length : * data_length : 0x00000000 (0) [2012/02/20 14:52:42.686563, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 1E 00 00 00 00 00 00 00 42 4F AA C0 ........ ....BO.. [0010] 59 6C 00 00 Yl.. [2012/02/20 14:52:42.686754, 7] rpc_server/winreg/srv_winreg_nt.c:262(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\poe] [2012/02/20 14:52:42.686845, 7] rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2012/02/20 14:52:42.686937, 10] rpc_server/winreg/srv_winreg_nt.c:315(_winreg_QueryValue) _winreg_QueryValue: reg_queryvalue failed with: WERR_BADFILE [2012/02/20 14:52:42.687044, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_NONE (0) data : NULL data_size : * data_size : 0x00000000 (0) data_length : * data_length : 0x00000000 (0) result : WERR_BADFILE [2012/02/20 14:52:42.687539, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM in: struct winreg_OpenHKLM system_name : NULL access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2012/02/20 14:52:42.688117, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2012/02/20 14:52:42.688213, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (2->3) [2012/02/20 14:52:42.688306, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM] [2012/02/20 14:52:42.688393, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM] [2012/02/20 14:52:42.688480, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/02/20 14:52:42.688568, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0xb037c0 for key [\HKLM] [2012/02/20 14:52:42.688721, 10] registry/reg_backend_db.c:1871(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM] [2012/02/20 14:52:42.688852, 10] ../libcli/security/access_check.c:178(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2012/02/20 14:52:42.688952, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[3] [0000] 00 00 00 00 1F 00 00 00 00 00 00 00 42 4F AA C0 ........ ....BO.. [0010] 59 6C 00 00 Yl.. [2012/02/20 14:52:42.689173, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM out: struct winreg_OpenHKLM handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000001f-0000-0000-424f-aac0596c0000 result : WERR_OK [2012/02/20 14:52:42.689567, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey in: struct winreg_OpenKey parent_handle : * parent_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000001f-0000-0000-424f-aac0596c0000 keyname: struct winreg_String name_len : 0x0080 (128) name_size : 0x0080 (128) name : * name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\poe' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2012/02/20 14:52:42.690647, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 1F 00 00 00 00 00 00 00 42 4F AA C0 ........ ....BO.. [0010] 59 6C 00 00 Yl.. [2012/02/20 14:52:42.690839, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2012/02/20 14:52:42.690931, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (3->4) [2012/02/20 14:52:42.691033, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] [2012/02/20 14:52:42.691119, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE] [2012/02/20 14:52:42.691240, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/02/20 14:52:42.691325, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0xb037c0 for key [\HKLM\SOFTWARE] [2012/02/20 14:52:42.691477, 10] registry/reg_backend_db.c:1871(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE] [2012/02/20 14:52:42.691613, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2012/02/20 14:52:42.691707, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (4->5) [2012/02/20 14:52:42.691801, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] [2012/02/20 14:52:42.691888, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] [2012/02/20 14:52:42.691998, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/02/20 14:52:42.692089, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0xb037c0 for key [\HKLM\SOFTWARE\Microsoft] [2012/02/20 14:52:42.692228, 10] registry/reg_backend_db.c:1871(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft] [2012/02/20 14:52:42.692360, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (5->4) [2012/02/20 14:52:42.692452, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2012/02/20 14:52:42.692541, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (4->5) [2012/02/20 14:52:42.692640, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] [2012/02/20 14:52:42.692727, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] [2012/02/20 14:52:42.692815, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/02/20 14:52:42.692900, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0xb037c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] [2012/02/20 14:52:42.693093, 10] registry/reg_backend_db.c:1871(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT] [2012/02/20 14:52:42.693230, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (5->4) [2012/02/20 14:52:42.693322, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2012/02/20 14:52:42.693414, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (4->5) [2012/02/20 14:52:42.693508, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2012/02/20 14:52:42.693599, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2012/02/20 14:52:42.693689, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/02/20 14:52:42.693774, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0xb03a20 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2012/02/20 14:52:42.693930, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (5->4) [2012/02/20 14:52:42.694033, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2012/02/20 14:52:42.694124, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (4->5) [2012/02/20 14:52:42.694218, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2012/02/20 14:52:42.694307, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2012/02/20 14:52:42.694398, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/02/20 14:52:42.694514, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0xb03a20 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2012/02/20 14:52:42.694662, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (5->4) [2012/02/20 14:52:42.694754, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2012/02/20 14:52:42.694845, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (4->5) [2012/02/20 14:52:42.694939, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2012/02/20 14:52:42.695070, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2012/02/20 14:52:42.695164, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/02/20 14:52:42.695249, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0xb037c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2012/02/20 14:52:42.695401, 10] registry/reg_backend_db.c:1871(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2012/02/20 14:52:42.695540, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (5->4) [2012/02/20 14:52:42.695635, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [poe] [2012/02/20 14:52:42.695727, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (4->5) [2012/02/20 14:52:42.695822, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\poe] [2012/02/20 14:52:42.695911, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\poe] [2012/02/20 14:52:42.696055, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/02/20 14:52:42.696169, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0xb037c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\poe] [2012/02/20 14:52:42.696328, 10] registry/reg_backend_db.c:1871(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\poe] [2012/02/20 14:52:42.696471, 10] ../libcli/security/access_check.c:178(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2012/02/20 14:52:42.696574, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (5->4) [2012/02/20 14:52:42.696668, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[4] [0000] 00 00 00 00 20 00 00 00 00 00 00 00 42 4F AA C0 .... ... ....BO.. [0010] 59 6C 00 00 Yl.. [2012/02/20 14:52:42.696859, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey out: struct winreg_OpenKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000020-0000-0000-424f-aac0596c0000 result : WERR_OK [2012/02/20 14:52:42.697280, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000020-0000-0000-424f-aac0596c0000 value_name : * value_name: struct winreg_String name_len : 0x0012 (18) name_size : 0x0012 (18) name : * name : 'Security' type : * type : REG_NONE (0) data : NULL data_size : * data_size : 0x00000000 (0) data_length : * data_length : 0x00000000 (0) [2012/02/20 14:52:42.698164, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 20 00 00 00 00 00 00 00 42 4F AA C0 .... ... ....BO.. [0010] 59 6C 00 00 Yl.. [2012/02/20 14:52:42.698357, 7] rpc_server/winreg/srv_winreg_nt.c:262(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\poe] [2012/02/20 14:52:42.698447, 7] rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2012/02/20 14:52:42.698535, 10] registry/reg_dispatcher.c:150(fetch_reg_values) fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\poe' (ops 0xb037c0) [2012/02/20 14:52:42.698630, 10] registry/reg_backend_db.c:1764(regdb_fetch_values_internal) regdb_fetch_values: Looking for value of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\poe] [2012/02/20 14:52:42.698777, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) specific: [Attributes], len: 4 [2012/02/20 14:52:42.698869, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) specific: [Description], len: 2 [2012/02/20 14:52:42.698971, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) specific: [Datatype], len: 8 [2012/02/20 14:52:42.699069, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) specific: [Default Priority], len: 4 [2012/02/20 14:52:42.699159, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) specific: [Port], len: 38 [2012/02/20 14:52:42.699249, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) specific: [Name], len: 8 [2012/02/20 14:52:42.699339, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) specific: [Print Processor], len: 18 [2012/02/20 14:52:42.699428, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) specific: [Priority], len: 4 [2012/02/20 14:52:42.699518, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) specific: [Security], len: 248 [2012/02/20 14:52:42.699611, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) specific: [Share Name], len: 8 [2012/02/20 14:52:42.699699, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) specific: [StartTime], len: 4 [2012/02/20 14:52:42.699788, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) specific: [UntilTime], len: 4 [2012/02/20 14:52:42.699878, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) specific: [ChangeID], len: 4 [2012/02/20 14:52:42.699979, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_BINARY (3) data : NULL data_size : * data_size : 0x000000f8 (248) data_length : * data_length : 0x00000000 (0) result : WERR_OK [2012/02/20 14:52:42.700474, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000020-0000-0000-424f-aac0596c0000 value_name : * value_name: struct winreg_String name_len : 0x0012 (18) name_size : 0x0012 (18) name : * name : 'Security' type : * type : REG_BINARY (3) data : * data: ARRAY(0) data_size : * data_size : 0x000000f8 (248) data_length : * data_length : 0x00000000 (0) [2012/02/20 14:52:42.701394, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 20 00 00 00 00 00 00 00 42 4F AA C0 .... ... ....BO.. [0010] 59 6C 00 00 Yl.. [2012/02/20 14:52:42.701590, 7] rpc_server/winreg/srv_winreg_nt.c:262(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\poe] [2012/02/20 14:52:42.701680, 7] rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2012/02/20 14:52:42.701773, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_BINARY (3) data : * data: ARRAY(248) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x04 (4) [3] : 0x80 (128) [4] : 0x14 (20) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) [8] : 0x24 (36) [9] : 0x00 (0) [10] : 0x00 (0) [11] : 0x00 (0) [12] : 0x00 (0) [13] : 0x00 (0) [14] : 0x00 (0) [15] : 0x00 (0) [16] : 0x34 (52) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) [20] : 0x01 (1) [21] : 0x02 (2) [22] : 0x00 (0) [23] : 0x00 (0) [24] : 0x00 (0) [25] : 0x00 (0) [26] : 0x00 (0) [27] : 0x05 (5) [28] : 0x20 (32) [29] : 0x00 (0) [30] : 0x00 (0) [31] : 0x00 (0) [32] : 0x20 (32) [33] : 0x02 (2) [34] : 0x00 (0) [35] : 0x00 (0) [36] : 0x01 (1) [37] : 0x02 (2) [38] : 0x00 (0) [39] : 0x00 (0) [40] : 0x00 (0) [41] : 0x00 (0) [42] : 0x00 (0) [43] : 0x05 (5) [44] : 0x20 (32) [45] : 0x00 (0) [46] : 0x00 (0) [47] : 0x00 (0) [48] : 0x20 (32) [49] : 0x02 (2) [50] : 0x00 (0) [51] : 0x00 (0) [52] : 0x02 (2) [53] : 0x00 (0) [54] : 0xc4 (196) [55] : 0x00 (0) [56] : 0x07 (7) [57] : 0x00 (0) [58] : 0x00 (0) [59] : 0x00 (0) [60] : 0x00 (0) [61] : 0x02 (2) [62] : 0x14 (20) [63] : 0x00 (0) [64] : 0x08 (8) [65] : 0x00 (0) [66] : 0x02 (2) [67] : 0x20 (32) [68] : 0x01 (1) [69] : 0x01 (1) [70] : 0x00 (0) [71] : 0x00 (0) [72] : 0x00 (0) [73] : 0x00 (0) [74] : 0x00 (0) [75] : 0x01 (1) [76] : 0x00 (0) [77] : 0x00 (0) [78] : 0x00 (0) [79] : 0x00 (0) [80] : 0x00 (0) [81] : 0x09 (9) [82] : 0x24 (36) [83] : 0x00 (0) [84] : 0x0c (12) [85] : 0x00 (0) [86] : 0x0f (15) [87] : 0x10 (16) [88] : 0x01 (1) [89] : 0x05 (5) [90] : 0x00 (0) [91] : 0x00 (0) [92] : 0x00 (0) [93] : 0x00 (0) [94] : 0x00 (0) [95] : 0x05 (5) [96] : 0x15 (21) [97] : 0x00 (0) [98] : 0x00 (0) [99] : 0x00 (0) [100] : 0xd3 (211) [101] : 0x42 (66) [102] : 0x9f (159) [103] : 0x90 (144) [104] : 0x94 (148) [105] : 0x5f (95) [106] : 0x64 (100) [107] : 0xfd (253) [108] : 0xeb (235) [109] : 0x17 (23) [110] : 0x72 (114) [111] : 0x3b (59) [112] : 0x00 (0) [113] : 0x02 (2) [114] : 0x00 (0) [115] : 0x00 (0) [116] : 0x00 (0) [117] : 0x02 (2) [118] : 0x24 (36) [119] : 0x00 (0) [120] : 0x0c (12) [121] : 0x00 (0) [122] : 0x0f (15) [123] : 0x10 (16) [124] : 0x01 (1) [125] : 0x05 (5) [126] : 0x00 (0) [127] : 0x00 (0) [128] : 0x00 (0) [129] : 0x00 (0) [130] : 0x00 (0) [131] : 0x05 (5) [132] : 0x15 (21) [133] : 0x00 (0) [134] : 0x00 (0) [135] : 0x00 (0) [136] : 0xd3 (211) [137] : 0x42 (66) [138] : 0x9f (159) [139] : 0x90 (144) [140] : 0x94 (148) [141] : 0x5f (95) [142] : 0x64 (100) [143] : 0xfd (253) [144] : 0xeb (235) [145] : 0x17 (23) [146] : 0x72 (114) [147] : 0x3b (59) [148] : 0x00 (0) [149] : 0x02 (2) [150] : 0x00 (0) [151] : 0x00 (0) [152] : 0x00 (0) [153] : 0x09 (9) [154] : 0x18 (24) [155] : 0x00 (0) [156] : 0x0c (12) [157] : 0x00 (0) [158] : 0x0f (15) [159] : 0x10 (16) [160] : 0x01 (1) [161] : 0x02 (2) [162] : 0x00 (0) [163] : 0x00 (0) [164] : 0x00 (0) [165] : 0x00 (0) [166] : 0x00 (0) [167] : 0x05 (5) [168] : 0x20 (32) [169] : 0x00 (0) [170] : 0x00 (0) [171] : 0x00 (0) [172] : 0x20 (32) [173] : 0x02 (2) [174] : 0x00 (0) [175] : 0x00 (0) [176] : 0x00 (0) [177] : 0x02 (2) [178] : 0x18 (24) [179] : 0x00 (0) [180] : 0x0c (12) [181] : 0x00 (0) [182] : 0x0f (15) [183] : 0x10 (16) [184] : 0x01 (1) [185] : 0x02 (2) [186] : 0x00 (0) [187] : 0x00 (0) [188] : 0x00 (0) [189] : 0x00 (0) [190] : 0x00 (0) [191] : 0x05 (5) [192] : 0x20 (32) [193] : 0x00 (0) [194] : 0x00 (0) [195] : 0x00 (0) [196] : 0x20 (32) [197] : 0x02 (2) [198] : 0x00 (0) [199] : 0x00 (0) [200] : 0x00 (0) [201] : 0x09 (9) [202] : 0x18 (24) [203] : 0x00 (0) [204] : 0x0c (12) [205] : 0x00 (0) [206] : 0x0f (15) [207] : 0x10 (16) [208] : 0x01 (1) [209] : 0x02 (2) [210] : 0x00 (0) [211] : 0x00 (0) [212] : 0x00 (0) [213] : 0x00 (0) [214] : 0x00 (0) [215] : 0x05 (5) [216] : 0x20 (32) [217] : 0x00 (0) [218] : 0x00 (0) [219] : 0x00 (0) [220] : 0x26 (38) [221] : 0x02 (2) [222] : 0x00 (0) [223] : 0x00 (0) [224] : 0x00 (0) [225] : 0x02 (2) [226] : 0x18 (24) [227] : 0x00 (0) [228] : 0x0c (12) [229] : 0x00 (0) [230] : 0x0f (15) [231] : 0x10 (16) [232] : 0x01 (1) [233] : 0x02 (2) [234] : 0x00 (0) [235] : 0x00 (0) [236] : 0x00 (0) [237] : 0x00 (0) [238] : 0x00 (0) [239] : 0x05 (5) [240] : 0x20 (32) [241] : 0x00 (0) [242] : 0x00 (0) [243] : 0x00 (0) [244] : 0x26 (38) [245] : 0x02 (2) [246] : 0x00 (0) [247] : 0x00 (0) data_size : * data_size : 0x000000f8 (248) data_length : * data_length : 0x000000f8 (248) result : WERR_OK [2012/02/20 14:52:42.712769, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000020-0000-0000-424f-aac0596c0000 [2012/02/20 14:52:42.713113, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 20 00 00 00 00 00 00 00 42 4F AA C0 .... ... ....BO.. [0010] 59 6C 00 00 Yl.. [2012/02/20 14:52:42.713305, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 20 00 00 00 00 00 00 00 42 4F AA C0 .... ... ....BO.. [0010] 59 6C 00 00 Yl.. [2012/02/20 14:52:42.713490, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/02/20 14:52:42.713588, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (4->3) [2012/02/20 14:52:42.713679, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2012/02/20 14:52:42.714197, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000001f-0000-0000-424f-aac0596c0000 [2012/02/20 14:52:42.714600, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 1F 00 00 00 00 00 00 00 42 4F AA C0 ........ ....BO.. [0010] 59 6C 00 00 Yl.. [2012/02/20 14:52:42.714860, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 1F 00 00 00 00 00 00 00 42 4F AA C0 ........ ....BO.. [0010] 59 6C 00 00 Yl.. [2012/02/20 14:52:42.715145, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/02/20 14:52:42.715304, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (3->2) [2012/02/20 14:52:42.715439, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2012/02/20 14:52:42.716134, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000001e-0000-0000-424f-aac0596c0000 [2012/02/20 14:52:42.716751, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 1E 00 00 00 00 00 00 00 42 4F AA C0 ........ ....BO.. [0010] 59 6C 00 00 Yl.. [2012/02/20 14:52:42.717052, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 1E 00 00 00 00 00 00 00 42 4F AA C0 ........ ....BO.. [0010] 59 6C 00 00 Yl.. [2012/02/20 14:52:42.717352, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/02/20 14:52:42.717478, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (2->1) [2012/02/20 14:52:42.717598, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2012/02/20 14:52:42.718249, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000001d-0000-0000-424f-aac0596c0000 [2012/02/20 14:52:42.718732, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 1D 00 00 00 00 00 00 00 42 4F AA C0 ........ ....BO.. [0010] 59 6C 00 00 Yl.. [2012/02/20 14:52:42.719135, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 1D 00 00 00 00 00 00 00 42 4F AA C0 ........ ....BO.. [0010] 59 6C 00 00 Yl.. [2012/02/20 14:52:42.719357, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/02/20 14:52:42.719448, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (1->0) [2012/02/20 14:52:42.719582, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2012/02/20 14:52:42.720146, 5] printing/printing.c:3056(get_stored_queue_info) get_stored_queue_info: qcount = 0, extra_count = 0 count:[0], status:[0], [] [2012/02/20 14:52:42.720304, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) spoolss_EnumJobs: struct spoolss_EnumJobs out: struct spoolss_EnumJobs count : * count : 0x00000000 (0) info : * info : NULL needed : * needed : 0x00000000 (0) result : WERR_OK [2012/02/20 14:52:42.720741, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP) api_rpcTNP: called \spoolss successfully [2012/02/20 14:52:42.720850, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 48 [2012/02/20 14:52:42.720991, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) name: \spoolss len: 4136 [2012/02/20 14:52:42.721093, 10] rpc_server/srv_pipe_hnd.c:346(read_from_internal_pipe) read_from_pipe: \spoolss: fault_state = 0 : data_sent_length = 0, p->out_data.rdata.length = 16. [2012/02/20 14:52:42.721201, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) &r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_RESPONSE (2) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0028 (40) auth_length : 0x0000 (0) call_id : 0x00000005 (5) u : union dcerpc_payload(case 2) response: struct dcerpc_response alloc_hint : 0x00000010 (16) context_id : 0x0000 (0) cancel_count : 0x00 (0) _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=16 [0000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [2012/02/20 14:52:42.722312, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) free_pipe_context: destroying talloc pool of size 1341 [2012/02/20 14:52:42.722416, 10] rpc_server/rpc_handles.c:307(close_policy_by_pipe) close_policy_by_pipe: deleted handle list for pipe \winreg [2012/02/20 14:52:42.722536, 10] rpc_server/srv_pipe_hnd.c:788(np_read_recv) Received 40 bytes. There is no more data outstanding [2012/02/20 14:52:42.722636, 5] smbd/ipc.c:62(copy_trans_params_and_data) copy_trans_params_and_data: params[0..0] data[0..40] (align 0) [2012/02/20 14:52:42.722727, 5] lib/util.c:332(show_msg) [2012/02/20 14:52:42.722777, 5] lib/util.c:342(show_msg) size=96 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=2 smb_pid=1620 smb_uid=100 smb_mid=23041 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 40 (0x28) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 40 (0x28) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=41 [2012/02/20 14:52:42.723609, 10] ../lib/util/util.c:415(dump_data) [0000] 00 05 00 02 03 10 00 00 00 28 00 00 00 05 00 00 ........ .(...... [0010] 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0020] 00 00 00 00 00 00 00 00 00 ........ . [2012/02/20 14:52:42.724500, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 128 [2012/02/20 14:52:42.724735, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x80 [2012/02/20 14:52:42.724839, 3] smbd/process.c:1662(process_smb) Transaction 41 of length 132 (0 toread) [2012/02/20 14:52:42.724928, 5] lib/util.c:332(show_msg) [2012/02/20 14:52:42.724992, 5] lib/util.c:342(show_msg) size=128 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=1620 smb_uid=100 smb_mid=23105 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 44 (0x2C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4136 (0x1028) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 44 (0x2C) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=15584 (0x3CE0) smb_bcc=61 [2012/02/20 14:52:42.726099, 10] ../lib/util/util.c:415(dump_data) [0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [0010] 00 05 00 00 03 10 00 00 00 2C 00 00 00 06 00 00 ........ .,...... [0020] 00 14 00 00 00 00 00 1D 00 00 00 00 00 0D 00 00 ........ ........ [0030] 00 00 00 00 00 42 4F AA C0 59 6C 00 00 .....BO. .Yl.. [2012/02/20 14:52:42.726462, 3] smbd/process.c:1467(switch_message) switch message SMBtrans (pid 27737) conn 0x9697a50 [2012/02/20 14:52:42.726555, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/02/20 14:52:42.726654, 3] smbd/ipc.c:560(handle_trans) trans <\PIPE\> data=44 params=0 setup=2 [2012/02/20 14:52:42.726747, 5] smbd/ipc.c:593(handle_trans) calling named_pipe [2012/02/20 14:52:42.726831, 3] smbd/ipc.c:511(named_pipe) named pipe command on <> name [2012/02/20 14:52:42.726918, 5] smbd/ipc.c:434(api_fd_reply) api_fd_reply [2012/02/20 14:52:42.727026, 3] smbd/ipc.c:475(api_fd_reply) Got API command 0x26 on pipe "spoolss" (pnum 3ce0) [2012/02/20 14:52:42.727157, 10] smbd/ipc.c:477(api_fd_reply) api_fd_reply: p:0x9617028 max_trans_reply: 4136 [2012/02/20 14:52:42.727246, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 44 [2012/02/20 14:52:42.727337, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 44 [2012/02/20 14:52:42.727425, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 44 [2012/02/20 14:52:42.727514, 10] rpc_server/srv_pipe_hnd.c:50(fill_rpc_header) fill_rpc_header: data_to_copy = 44, len_needed_to_complete_hdr = 16, receive_len = 0 [2012/02/20 14:52:42.727604, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 16 [2012/02/20 14:52:42.727690, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 28 [2012/02/20 14:52:42.727783, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 28 [2012/02/20 14:52:42.727891, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 0 [2012/02/20 14:52:42.727990, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 28 [2012/02/20 14:52:42.728077, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 28, incoming data = 28 [2012/02/20 14:52:42.728167, 10] rpc_server/srv_pipe.c:1877(process_complete_pdu) PDU is in Little Endian format! [2012/02/20 14:52:42.728265, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_REQUEST (0) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x002c (44) auth_length : 0x0000 (0) call_id : 0x00000006 (6) u : union dcerpc_payload(case 0) request: struct dcerpc_request alloc_hint : 0x00000014 (20) context_id : 0x0000 (0) opnum : 0x001d (29) object : union dcerpc_object(case 0) empty: struct dcerpc_empty _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=20 [0000] 00 00 00 00 0D 00 00 00 00 00 00 00 42 4F AA C0 ........ ....BO.. [0010] 59 6C 00 00 Yl.. [2012/02/20 14:52:42.729385, 10] rpc_server/srv_pipe.c:1890(process_complete_pdu) Processing packet type 0 [2012/02/20 14:52:42.729476, 10] rpc_server/srv_pipe.c:1734(dcesrv_auth_request) Checking request auth. [2012/02/20 14:52:42.729565, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) Requested \PIPE\\spoolss [2012/02/20 14:52:42.729660, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) api_rpcTNP: \spoolss op 0x1d - api_rpcTNP: rpc command: SPOOLSS_CLOSEPRINTER [2012/02/20 14:52:42.729752, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) api_rpc_cmds[29].fn == 0x444cd0 [2012/02/20 14:52:42.729858, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) spoolss_ClosePrinter: struct spoolss_ClosePrinter in: struct spoolss_ClosePrinter handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000000d-0000-0000-424f-aac0596c0000 [2012/02/20 14:52:42.730192, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 0D 00 00 00 00 00 00 00 42 4F AA C0 ........ ....BO.. [0010] 59 6C 00 00 Yl.. [2012/02/20 14:52:42.730414, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 0D 00 00 00 00 00 00 00 42 4F AA C0 ........ ....BO.. [0010] 59 6C 00 00 Yl.. [2012/02/20 14:52:42.730602, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 0D 00 00 00 00 00 00 00 42 4F AA C0 ........ ....BO.. [0010] 59 6C 00 00 Yl.. [2012/02/20 14:52:42.730788, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/02/20 14:52:42.730875, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) spoolss_ClosePrinter: struct spoolss_ClosePrinter out: struct spoolss_ClosePrinter handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2012/02/20 14:52:42.731231, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP) api_rpcTNP: called \spoolss successfully [2012/02/20 14:52:42.731344, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 28 [2012/02/20 14:52:42.731469, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) name: \spoolss len: 4136 [2012/02/20 14:52:42.731563, 10] rpc_server/srv_pipe_hnd.c:346(read_from_internal_pipe) read_from_pipe: \spoolss: fault_state = 0 : data_sent_length = 0, p->out_data.rdata.length = 24. [2012/02/20 14:52:42.731668, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) &r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_RESPONSE (2) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0030 (48) auth_length : 0x0000 (0) call_id : 0x00000006 (6) u : union dcerpc_payload(case 2) response: struct dcerpc_response alloc_hint : 0x00000018 (24) context_id : 0x0000 (0) cancel_count : 0x00 (0) _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=24 [0000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0010] 00 00 00 00 00 00 00 00 ........ [2012/02/20 14:52:42.732711, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) free_pipe_context: destroying talloc pool of size 24 [2012/02/20 14:52:42.732819, 10] rpc_server/srv_pipe_hnd.c:788(np_read_recv) Received 48 bytes. There is no more data outstanding [2012/02/20 14:52:42.732912, 5] smbd/ipc.c:62(copy_trans_params_and_data) copy_trans_params_and_data: params[0..0] data[0..48] (align 0) [2012/02/20 14:52:42.733021, 5] lib/util.c:332(show_msg) [2012/02/20 14:52:42.733073, 5] lib/util.c:342(show_msg) size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=2 smb_pid=1620 smb_uid=100 smb_mid=23105 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [2012/02/20 14:52:42.733919, 10] ../lib/util/util.c:415(dump_data) [0000] 00 05 00 02 03 10 00 00 00 30 00 00 00 06 00 00 ........ .0...... [0010] 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0030] 00 . [2012/02/20 14:52:42.734405, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 102 [2012/02/20 14:52:42.734530, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x66 [2012/02/20 14:52:42.734620, 3] smbd/process.c:1662(process_smb) Transaction 42 of length 106 (0 toread) [2012/02/20 14:52:42.734706, 5] lib/util.c:332(show_msg) [2012/02/20 14:52:42.734756, 5] lib/util.c:342(show_msg) size=102 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=1620 smb_uid=100 smb_mid=23170 smt_wct=24 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 4096 (0x1000) smb_vwv[ 3]= 4096 (0x1000) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]=40704 (0x9F00) smb_vwv[ 8]= 4609 (0x1201) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 1792 (0x700) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 256 (0x100) smb_vwv[18]= 0 (0x0) smb_vwv[19]=16384 (0x4000) smb_vwv[20]=16384 (0x4000) smb_vwv[21]= 512 (0x200) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 768 (0x300) smb_bcc=19 [2012/02/20 14:52:42.736142, 10] ../lib/util/util.c:415(dump_data) [0000] 00 5C 00 73 00 70 00 6F 00 6F 00 6C 00 73 00 73 .\.s.p.o .o.l.s.s [0010] 00 00 00 ... [2012/02/20 14:52:42.736340, 3] smbd/process.c:1467(switch_message) switch message SMBntcreateX (pid 27737) conn 0x9697a50 [2012/02/20 14:52:42.736432, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/02/20 14:52:42.736527, 10] smbd/nttrans.c:505(reply_ntcreate_and_X) reply_ntcreate_and_X: flags = 0x10, access_mask = 0x12019f file_attributes = 0x0, share_access = 0x7, create_disposition = 0x1 create_options = 0x400040 root_dir_fid = 0x0, fname = spoolss [2012/02/20 14:52:42.736625, 4] smbd/nttrans.c:293(nt_open_pipe) nt_open_pipe: Opening pipe \spoolss. [2012/02/20 14:52:42.736721, 5] smbd/files.c:126(file_new) allocated file structure 11490, fnum = 15586 (3 used) [2012/02/20 14:52:42.736820, 10] smbd/files.c:618(file_name_hash) file_name_hash: /tmp/spoolss hash 0x7d4e46e5 [2012/02/20 14:52:42.736921, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) Create pipe requested \spoolss [2012/02/20 14:52:42.737036, 10] rpc_server/rpc_handles.c:133(init_pipe_handles) init_pipe_handle_list: pipe_handles ref count = 3 for pipe \spoolss [2012/02/20 14:52:42.737146, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) Created internal pipe \spoolss (pipes_open=0) [2012/02/20 14:52:42.737243, 5] smbd/nttrans.c:382(do_ntcreate_pipe_open) do_ntcreate_pipe_open: open pipe = \spoolss [2012/02/20 14:52:42.737526, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 41 [2012/02/20 14:52:42.737640, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x29 [2012/02/20 14:52:42.737729, 3] smbd/process.c:1662(process_smb) Transaction 43 of length 45 (0 toread) [2012/02/20 14:52:42.737816, 5] lib/util.c:332(show_msg) [2012/02/20 14:52:42.737867, 5] lib/util.c:342(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=65279 smb_uid=100 smb_mid=23234 smt_wct=3 smb_vwv[ 0]=15584 (0x3CE0) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2012/02/20 14:52:42.738467, 10] ../lib/util/util.c:415(dump_data) [2012/02/20 14:52:42.738526, 3] smbd/process.c:1467(switch_message) switch message SMBclose (pid 27737) conn 0x9697a50 [2012/02/20 14:52:42.738617, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/02/20 14:52:42.738705, 3] smbd/reply.c:4846(reply_close) close fd=-1 fnum=15584 (numopen=2) [2012/02/20 14:52:42.738837, 6] smbd/close.c:527(set_close_write_time) close_write_time: Wed Dec 31 16:59:59 1969 [2012/02/20 14:52:42.738947, 5] smbd/files.c:464(file_free) freed files structure 15584 (2 used) [2012/02/20 14:52:42.739125, 5] lib/util.c:332(show_msg) [2012/02/20 14:52:42.739183, 5] lib/util.c:342(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=2 smb_pid=65279 smb_uid=100 smb_mid=23234 smt_wct=0 smb_bcc=0 [2012/02/20 14:52:42.739648, 10] ../lib/util/util.c:415(dump_data) [2012/02/20 14:52:42.739933, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 180 [2012/02/20 14:52:42.740060, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0xb4 [2012/02/20 14:52:42.740150, 3] smbd/process.c:1662(process_smb) Transaction 44 of length 184 (0 toread) [2012/02/20 14:52:42.740237, 5] lib/util.c:332(show_msg) [2012/02/20 14:52:42.740287, 5] lib/util.c:342(show_msg) size=180 smb_com=0x2f smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=65279 smb_uid=100 smb_mid=23298 smt_wct=14 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]=15586 (0x3CE2) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]=65535 (0xFFFF) smb_vwv[ 6]=65535 (0xFFFF) smb_vwv[ 7]= 8 (0x8) smb_vwv[ 8]= 116 (0x74) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 116 (0x74) smb_vwv[11]= 64 (0x40) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_bcc=117 [2012/02/20 14:52:42.741255, 10] ../lib/util/util.c:415(dump_data) [0000] EE 05 00 0B 03 10 00 00 00 74 00 00 00 02 00 00 ........ .t...... [0010] 00 B8 10 B8 10 00 00 00 00 02 00 00 00 00 00 01 ........ ........ [0020] 00 78 56 34 12 34 12 CD AB EF 00 01 23 45 67 89 .xV4.4.. ....#Eg. [0030] AB 01 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 ......]. ........ [0040] 00 2B 10 48 60 02 00 00 00 01 00 01 00 78 56 34 .+.H`... .....xV4 [0050] 12 34 12 CD AB EF 00 01 23 45 67 89 AB 01 00 00 .4...... #Eg..... [0060] 00 2C 1C B7 6C 12 98 40 45 03 00 00 00 00 00 00 .,..l..@ E....... [0070] 00 01 00 00 00 ..... [2012/02/20 14:52:42.741885, 3] smbd/process.c:1467(switch_message) switch message SMBwriteX (pid 27737) conn 0x9697a50 [2012/02/20 14:52:42.741998, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/02/20 14:52:42.742091, 6] smbd/pipes.c:300(reply_pipe_write_and_X) reply_pipe_write_and_X: 3ce2 name: spoolss len: 116 [2012/02/20 14:52:42.742181, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 116 [2012/02/20 14:52:42.742271, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 116 [2012/02/20 14:52:42.742359, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 116 [2012/02/20 14:52:42.742449, 10] rpc_server/srv_pipe_hnd.c:50(fill_rpc_header) fill_rpc_header: data_to_copy = 116, len_needed_to_complete_hdr = 16, receive_len = 0 [2012/02/20 14:52:42.742542, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 16 [2012/02/20 14:52:42.742628, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 100 [2012/02/20 14:52:42.742714, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 100 [2012/02/20 14:52:42.742804, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 0 [2012/02/20 14:52:42.742890, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 100 [2012/02/20 14:52:42.742983, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 100, incoming data = 100 [2012/02/20 14:52:42.743073, 10] rpc_server/srv_pipe.c:1877(process_complete_pdu) PDU is in Little Endian format! [2012/02/20 14:52:42.743210, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_BIND (11) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0074 (116) auth_length : 0x0000 (0) call_id : 0x00000002 (2) u : union dcerpc_payload(case 11) bind: struct dcerpc_bind max_xmit_frag : 0x10b8 (4280) max_recv_frag : 0x10b8 (4280) assoc_group_id : 0x00000000 (0) num_contexts : 0x02 (2) ctx_list: ARRAY(2) ctx_list: struct dcerpc_ctx_list context_id : 0x0000 (0) num_transfer_syntaxes : 0x01 (1) abstract_syntax: struct ndr_syntax_id uuid : 12345678-1234-abcd-ef00-0123456789ab if_version : 0x00000001 (1) transfer_syntaxes: ARRAY(1) transfer_syntaxes: struct ndr_syntax_id uuid : 8a885d04-1ceb-11c9-9fe8-08002b104860 if_version : 0x00000002 (2) ctx_list: struct dcerpc_ctx_list context_id : 0x0001 (1) num_transfer_syntaxes : 0x01 (1) abstract_syntax: struct ndr_syntax_id uuid : 12345678-1234-abcd-ef00-0123456789ab if_version : 0x00000001 (1) transfer_syntaxes: ARRAY(1) transfer_syntaxes: struct ndr_syntax_id uuid : 6cb71c2c-9812-4540-0300-000000000000 if_version : 0x00000001 (1) auth_info : DATA_BLOB length=0 [2012/02/20 14:52:42.744974, 10] rpc_server/srv_pipe.c:1890(process_complete_pdu) Processing packet type 11 [2012/02/20 14:52:42.745073, 3] rpc_server/srv_pipe.c:889(api_pipe_bind_req) api_pipe_bind_req: \PIPE\spoolss -> \PIPE\spoolss [2012/02/20 14:52:42.745164, 5] rpc_server/srv_pipe.c:923(api_pipe_bind_req) api_pipe_bind_req: make response. 923 [2012/02/20 14:52:42.745254, 3] rpc_server/srv_pipe.c:339(check_bind_req) check_bind_req for \spoolss [2012/02/20 14:52:42.745360, 3] rpc_server/srv_pipe.c:346(check_bind_req) check_bind_req: \PIPE\spoolss -> \PIPE\spoolss [2012/02/20 14:52:42.745474, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) &r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_BIND_ACK (12) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0044 (68) auth_length : 0x0000 (0) call_id : 0x00000002 (2) u : union dcerpc_payload(case 12) bind_ack: struct dcerpc_bind_ack max_xmit_frag : 0x10b8 (4280) max_recv_frag : 0x10b8 (4280) assoc_group_id : 0x000053f0 (21488) secondary_address_size : 0x000e (14) secondary_address : '\PIPE\spoolss' _pad1 : DATA_BLOB length=0 num_results : 0x01 (1) ctx_list: ARRAY(1) ctx_list: struct dcerpc_ack_ctx result : 0x0000 (0) reason : 0x0000 (0) syntax: struct ndr_syntax_id uuid : 8a885d04-1ceb-11c9-9fe8-08002b104860 if_version : 0x00000002 (2) auth_info : DATA_BLOB length=0 [2012/02/20 14:52:42.746753, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 100 [2012/02/20 14:52:42.746870, 3] smbd/pipes.c:361(pipe_write_andx_done) writeX-IPC nwritten=116 [2012/02/20 14:52:42.747258, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 59 [2012/02/20 14:52:42.747389, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x3b [2012/02/20 14:52:42.747477, 3] smbd/process.c:1662(process_smb) Transaction 45 of length 63 (0 toread) [2012/02/20 14:52:42.747566, 5] lib/util.c:332(show_msg) [2012/02/20 14:52:42.747616, 5] lib/util.c:342(show_msg) size=59 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=65279 smb_uid=100 smb_mid=23362 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]=15586 (0x3CE2) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 1024 (0x400) smb_vwv[ 6]= 1024 (0x400) smb_vwv[ 7]=65535 (0xFFFF) smb_vwv[ 8]=65535 (0xFFFF) smb_vwv[ 9]= 1024 (0x400) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=0 [2012/02/20 14:52:42.748542, 10] ../lib/util/util.c:415(dump_data) [2012/02/20 14:52:42.748604, 3] smbd/process.c:1467(switch_message) switch message SMBreadX (pid 27737) conn 0x9697a50 [2012/02/20 14:52:42.748694, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/02/20 14:52:42.748787, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) name: \spoolss len: 1024 [2012/02/20 14:52:42.748880, 10] rpc_server/srv_pipe_hnd.c:325(read_from_internal_pipe) read_from_pipe: \spoolss: current_pdu_len = 68, current_pdu_sent = 0 returning 68 bytes. [2012/02/20 14:52:42.748983, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) free_pipe_context: destroying talloc pool of size 24 [2012/02/20 14:52:42.749093, 10] rpc_server/srv_pipe_hnd.c:788(np_read_recv) Received 68 bytes. There is no more data outstanding [2012/02/20 14:52:42.749182, 3] smbd/pipes.c:485(pipe_read_andx_done) readX-IPC min=1024 max=1024 nread=68 [2012/02/20 14:52:42.749519, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 278 [2012/02/20 14:52:42.749631, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x116 [2012/02/20 14:52:42.749720, 3] smbd/process.c:1662(process_smb) Transaction 46 of length 282 (0 toread) [2012/02/20 14:52:42.749808, 5] lib/util.c:332(show_msg) [2012/02/20 14:52:42.749858, 5] lib/util.c:342(show_msg) size=278 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=1620 smb_uid=100 smb_mid=23426 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 194 (0xC2) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 194 (0xC2) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=15586 (0x3CE2) smb_bcc=211 [2012/02/20 14:52:42.750903, 10] ../lib/util/util.c:415(dump_data) [0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [0010] 00 05 00 00 03 10 00 00 00 C2 00 00 00 02 00 00 ........ ........ [0020] 00 AA 00 00 00 00 00 45 00 00 00 02 00 0E 00 00 .......E ........ [0030] 00 00 00 00 00 0E 00 00 00 5C 00 5C 00 45 00 41 ........ .\.\.E.A [0040] 00 52 00 54 00 48 00 5C 00 66 00 72 00 6F 00 73 .R.T.H.\ .f.r.o.s [0050] 00 74 00 00 00 00 00 00 00 00 00 00 00 00 00 00 .t...... ........ [0060] 00 00 00 00 00 01 00 00 00 01 00 00 00 04 00 02 ........ ........ [0070] 00 1C 00 00 00 08 00 02 00 0C 00 02 00 B1 1D 00 ........ ........ [0080] 00 03 00 00 00 00 00 00 00 00 00 00 00 07 00 00 ........ ........ [0090] 00 00 00 00 00 07 00 00 00 48 00 45 00 53 00 54 ........ .H.E.S.T [00A0] 00 49 00 41 00 00 00 00 00 0F 00 00 00 00 00 00 .I.A.... ........ [00B0] 00 0F 00 00 00 43 00 4F 00 2D 00 52 00 41 00 5C .....C.O .-.R.A.\ [00C0] 00 77 00 69 00 6E 00 67 00 75 00 65 00 73 00 74 .w.i.n.g .u.e.s.t [00D0] 00 00 00 ... [2012/02/20 14:52:42.752045, 3] smbd/process.c:1467(switch_message) switch message SMBtrans (pid 27737) conn 0x9697a50 [2012/02/20 14:52:42.752143, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/02/20 14:52:42.752241, 3] smbd/ipc.c:560(handle_trans) trans <\PIPE\> data=194 params=0 setup=2 [2012/02/20 14:52:42.752333, 5] smbd/ipc.c:593(handle_trans) calling named_pipe [2012/02/20 14:52:42.752418, 3] smbd/ipc.c:511(named_pipe) named pipe command on <> name [2012/02/20 14:52:42.752504, 5] smbd/ipc.c:434(api_fd_reply) api_fd_reply [2012/02/20 14:52:42.752593, 3] smbd/ipc.c:475(api_fd_reply) Got API command 0x26 on pipe "spoolss" (pnum 3ce2) [2012/02/20 14:52:42.752681, 10] smbd/ipc.c:477(api_fd_reply) api_fd_reply: p:0x96a87b8 max_trans_reply: 1024 [2012/02/20 14:52:42.752770, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 194 [2012/02/20 14:52:42.752860, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 194 [2012/02/20 14:52:42.752948, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 194 [2012/02/20 14:52:42.753064, 10] rpc_server/srv_pipe_hnd.c:50(fill_rpc_header) fill_rpc_header: data_to_copy = 194, len_needed_to_complete_hdr = 16, receive_len = 0 [2012/02/20 14:52:42.753155, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 16 [2012/02/20 14:52:42.753240, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 178 [2012/02/20 14:52:42.753326, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 178 [2012/02/20 14:52:42.753416, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 0 [2012/02/20 14:52:42.753502, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 178 [2012/02/20 14:52:42.753589, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 178, incoming data = 178 [2012/02/20 14:52:42.753679, 10] rpc_server/srv_pipe.c:1877(process_complete_pdu) PDU is in Little Endian format! [2012/02/20 14:52:42.753776, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_REQUEST (0) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x00c2 (194) auth_length : 0x0000 (0) call_id : 0x00000002 (2) u : union dcerpc_payload(case 0) request: struct dcerpc_request alloc_hint : 0x000000aa (170) context_id : 0x0000 (0) opnum : 0x0045 (69) object : union dcerpc_object(case 0) empty: struct dcerpc_empty _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=170 [0000] 00 00 02 00 0E 00 00 00 00 00 00 00 0E 00 00 00 ........ ........ [0010] 5C 00 5C 00 45 00 41 00 52 00 54 00 48 00 5C 00 \.\.E.A. R.T.H.\. [0020] 66 00 72 00 6F 00 73 00 74 00 00 00 00 00 00 00 f.r.o.s. t....... [0030] 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 ........ ........ [0040] 01 00 00 00 04 00 02 00 1C 00 00 00 08 00 02 00 ........ ........ [0050] 0C 00 02 00 B1 1D 00 00 03 00 00 00 00 00 00 00 ........ ........ [0060] 00 00 00 00 07 00 00 00 00 00 00 00 07 00 00 00 ........ ........ [0070] 48 00 45 00 53 00 54 00 49 00 41 00 00 00 00 00 H.E.S.T. I.A..... [0080] 0F 00 00 00 00 00 00 00 0F 00 00 00 43 00 4F 00 ........ ....C.O. [0090] 2D 00 52 00 41 00 5C 00 77 00 69 00 6E 00 67 00 -.R.A.\. w.i.n.g. [00A0] 75 00 65 00 73 00 74 00 00 00 u.e.s.t. .. [2012/02/20 14:52:42.755808, 10] rpc_server/srv_pipe.c:1890(process_complete_pdu) Processing packet type 0 [2012/02/20 14:52:42.755901, 10] rpc_server/srv_pipe.c:1734(dcesrv_auth_request) Checking request auth. [2012/02/20 14:52:42.756014, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) Requested \PIPE\\spoolss [2012/02/20 14:52:42.756113, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) api_rpcTNP: \spoolss op 0x45 - api_rpcTNP: rpc command: SPOOLSS_OPENPRINTEREX [2012/02/20 14:52:42.756207, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) api_rpc_cmds[69].fn == 0x4473d0 [2012/02/20 14:52:42.756309, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) spoolss_OpenPrinterEx: struct spoolss_OpenPrinterEx in: struct spoolss_OpenPrinterEx printername : * printername : '\\EARTH\frost' datatype : NULL devmode_ctr: struct spoolss_DevmodeContainer _ndr_size : 0x00000000 (0) devmode : NULL access_mask : 0x00000000 (0) 0: SERVER_ACCESS_ADMINISTER 0: SERVER_ACCESS_ENUMERATE 0: PRINTER_ACCESS_ADMINISTER 0: PRINTER_ACCESS_USE 0: JOB_ACCESS_ADMINISTER 0: JOB_ACCESS_READ level : 0x00000001 (1) userlevel : union spoolss_UserLevel(case 1) level1 : * level1: struct spoolss_UserLevel1 size : 0x0000001c (28) client : * client : 'HESTIA' user : * user : 'CO-RA\winguest' build : 0x00001db1 (7601) major : UNKNOWN_ENUM_VALUE (3) minor : SPOOLSS_MINOR_VERSION_0 (0) processor : PROCESSOR_ARCHITECTURE_INTEL (0) checking name: \\EARTH\frost [2012/02/20 14:52:42.757540, 10] rpc_server/spoolss/srv_spoolss_nt.c:752(open_printer_hnd) open_printer_hnd: name [\\EARTH\frost] [2012/02/20 14:52:42.757641, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[1] [0000] 00 00 00 00 21 00 00 00 00 00 00 00 42 4F AA C0 ....!... ....BO.. [0010] 59 6C 00 00 Yl.. [2012/02/20 14:52:42.757839, 3] rpc_server/spoolss/srv_spoolss_nt.c:521(set_printer_hnd_printertype) Setting printer type=\\EARTH\frost Printer is a printer [2012/02/20 14:52:42.757964, 4] rpc_server/spoolss/srv_spoolss_nt.c:581(set_printer_hnd_name) Setting printer name=\\EARTH\frost (len=13) searching for [frost] [2012/02/20 14:52:42.758182, 10] lib/gencache.c:183(gencache_set_data_blob) Adding cache entry with key = PRINTERNAME/frost and timeout = Mon Feb 20 14:57:42 2012 (300 seconds ahead) set_printer_hnd_name: Printer found: frost -> frost [2012/02/20 14:52:42.758409, 5] rpc_server/spoolss/srv_spoolss_nt.c:788(open_printer_hnd) 1 printer handles active [2012/02/20 14:52:42.758497, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 21 00 00 00 00 00 00 00 42 4F AA C0 ....!... ....BO.. [0010] 59 6C 00 00 Yl.. [2012/02/20 14:52:42.758683, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 21 00 00 00 00 00 00 00 42 4F AA C0 ....!... ....BO.. [0010] 59 6C 00 00 Yl.. [2012/02/20 14:52:42.758865, 4] rpc_server/spoolss/srv_spoolss_nt.c:504(get_printer_snum) short name:frost [2012/02/20 14:52:42.759011, 3] lib/access.c:338(allow_access) Allowed connection from 10.10.20.205 (10.10.20.205) [2012/02/20 14:52:42.760851, 10] smbd/share_access.c:241(user_ok_token) user_ok_token: share frost is ok for unix user winguest [2012/02/20 14:52:42.761074, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) Create pipe requested \winreg [2012/02/20 14:52:42.761184, 10] rpc_server/rpc_handles.c:116(init_pipe_handles) init_pipe_handle_list: created handle list for pipe \winreg [2012/02/20 14:52:42.761275, 10] rpc_server/rpc_handles.c:133(init_pipe_handles) init_pipe_handle_list: pipe_handles ref count = 1 for pipe \winreg [2012/02/20 14:52:42.761387, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) Created internal pipe \winreg (pipes_open=0) [2012/02/20 14:52:42.761506, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM in: struct winreg_OpenHKLM system_name : NULL access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2012/02/20 14:52:42.762084, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2012/02/20 14:52:42.762187, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(7000, 1001) : sec_ctx_stack_ndx = 1 [2012/02/20 14:52:42.762284, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(100) : conn_ctx_stack_ndx = 0 [2012/02/20 14:52:42.762370, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2012/02/20 14:52:42.762457, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2012/02/20 14:52:42.762546, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2012/02/20 14:52:42.762825, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (7000, 1001) - sec_ctx_stack_ndx = 0 [2012/02/20 14:52:42.762926, 10] registry/reg_backend_db.c:602(regdb_open) regdb_open: registry db opened. refcount reset (1) [2012/02/20 14:52:42.763047, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM] [2012/02/20 14:52:42.763135, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM] [2012/02/20 14:52:42.763223, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/02/20 14:52:42.763308, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0xb037c0 for key [\HKLM] [2012/02/20 14:52:42.763466, 10] registry/reg_backend_db.c:1871(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM] [2012/02/20 14:52:42.763607, 10] ../libcli/security/access_check.c:178(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2012/02/20 14:52:42.763748, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[1] [0000] 00 00 00 00 22 00 00 00 00 00 00 00 42 4F AA C0 ...."... ....BO.. [0010] 59 6C 00 00 Yl.. [2012/02/20 14:52:42.763942, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM out: struct winreg_OpenHKLM handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000022-0000-0000-424f-aac0596c0000 result : WERR_OK [2012/02/20 14:52:42.764399, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey in: struct winreg_OpenKey parent_handle : * parent_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000022-0000-0000-424f-aac0596c0000 keyname: struct winreg_String name_len : 0x0084 (132) name_size : 0x0084 (132) name : * name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\frost' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2012/02/20 14:52:42.765498, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 22 00 00 00 00 00 00 00 42 4F AA C0 ...."... ....BO.. [0010] 59 6C 00 00 Yl.. [2012/02/20 14:52:42.765690, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2012/02/20 14:52:42.765785, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (1->2) [2012/02/20 14:52:42.765880, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] [2012/02/20 14:52:42.765978, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE] [2012/02/20 14:52:42.766077, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/02/20 14:52:42.766163, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0xb037c0 for key [\HKLM\SOFTWARE] [2012/02/20 14:52:42.766330, 10] registry/reg_backend_db.c:1871(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE] [2012/02/20 14:52:42.766465, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2012/02/20 14:52:42.766560, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (2->3) [2012/02/20 14:52:42.766660, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] [2012/02/20 14:52:42.766766, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] [2012/02/20 14:52:42.766856, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/02/20 14:52:42.766941, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0xb037c0 for key [\HKLM\SOFTWARE\Microsoft] [2012/02/20 14:52:42.767141, 10] registry/reg_backend_db.c:1871(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft] [2012/02/20 14:52:42.767276, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (3->2) [2012/02/20 14:52:42.767369, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2012/02/20 14:52:42.767461, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (2->3) [2012/02/20 14:52:42.767555, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] [2012/02/20 14:52:42.767642, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] [2012/02/20 14:52:42.767731, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/02/20 14:52:42.767816, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0xb037c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] [2012/02/20 14:52:42.767953, 10] registry/reg_backend_db.c:1871(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT] [2012/02/20 14:52:42.768130, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (3->2) [2012/02/20 14:52:42.768224, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2012/02/20 14:52:42.768315, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (2->3) [2012/02/20 14:52:42.768410, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2012/02/20 14:52:42.768497, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2012/02/20 14:52:42.768588, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/02/20 14:52:42.768673, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0xb03a20 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2012/02/20 14:52:42.768839, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (3->2) [2012/02/20 14:52:42.768931, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2012/02/20 14:52:42.769047, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (2->3) [2012/02/20 14:52:42.769143, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2012/02/20 14:52:42.769231, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2012/02/20 14:52:42.769323, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/02/20 14:52:42.769408, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0xb03a20 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2012/02/20 14:52:42.769561, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (3->2) [2012/02/20 14:52:42.769653, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2012/02/20 14:52:42.769744, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (2->3) [2012/02/20 14:52:42.769838, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2012/02/20 14:52:42.769927, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2012/02/20 14:52:42.770026, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/02/20 14:52:42.770112, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0xb037c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2012/02/20 14:52:42.770292, 10] registry/reg_backend_db.c:1871(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2012/02/20 14:52:42.770431, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (3->2) [2012/02/20 14:52:42.770521, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [frost] [2012/02/20 14:52:42.770613, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (2->3) [2012/02/20 14:52:42.770708, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\frost] [2012/02/20 14:52:42.770797, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\frost] [2012/02/20 14:52:42.770888, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/02/20 14:52:42.770988, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0xb037c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\frost] [2012/02/20 14:52:42.771148, 10] registry/reg_backend_db.c:1871(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\frost] [2012/02/20 14:52:42.771288, 10] ../libcli/security/access_check.c:178(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2012/02/20 14:52:42.771383, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (3->2) [2012/02/20 14:52:42.771476, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[2] [0000] 00 00 00 00 23 00 00 00 00 00 00 00 42 4F AA C0 ....#... ....BO.. [0010] 59 6C 00 00 Yl.. [2012/02/20 14:52:42.771668, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey out: struct winreg_OpenKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000023-0000-0000-424f-aac0596c0000 result : WERR_OK [2012/02/20 14:52:42.772124, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000023-0000-0000-424f-aac0596c0000 value_name : * value_name: struct winreg_String name_len : 0x0012 (18) name_size : 0x0012 (18) name : * name : 'Security' type : * type : REG_NONE (0) data : NULL data_size : * data_size : 0x00000000 (0) data_length : * data_length : 0x00000000 (0) [2012/02/20 14:52:42.772964, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 23 00 00 00 00 00 00 00 42 4F AA C0 ....#... ....BO.. [0010] 59 6C 00 00 Yl.. [2012/02/20 14:52:42.773151, 7] rpc_server/winreg/srv_winreg_nt.c:262(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\frost] [2012/02/20 14:52:42.773297, 7] rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2012/02/20 14:52:42.773394, 10] registry/reg_dispatcher.c:150(fetch_reg_values) fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\frost' (ops 0xb037c0) [2012/02/20 14:52:42.773486, 10] registry/reg_backend_db.c:1764(regdb_fetch_values_internal) regdb_fetch_values: Looking for value of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\frost] [2012/02/20 14:52:42.773641, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) specific: [Attributes], len: 4 [2012/02/20 14:52:42.773737, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) specific: [Description], len: 2 [2012/02/20 14:52:42.773826, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) specific: [Datatype], len: 8 [2012/02/20 14:52:42.773916, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) specific: [Default Priority], len: 4 [2012/02/20 14:52:42.774036, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) specific: [Port], len: 38 [2012/02/20 14:52:42.774129, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) specific: [Name], len: 12 [2012/02/20 14:52:42.774218, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) specific: [Print Processor], len: 18 [2012/02/20 14:52:42.774308, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) specific: [Priority], len: 4 [2012/02/20 14:52:42.774399, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) specific: [Security], len: 248 [2012/02/20 14:52:42.774489, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) specific: [Share Name], len: 12 [2012/02/20 14:52:42.774579, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) specific: [StartTime], len: 4 [2012/02/20 14:52:42.774669, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) specific: [UntilTime], len: 4 [2012/02/20 14:52:42.774758, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) specific: [ChangeID], len: 4 [2012/02/20 14:52:42.774853, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_BINARY (3) data : NULL data_size : * data_size : 0x000000f8 (248) data_length : * data_length : 0x00000000 (0) result : WERR_OK [2012/02/20 14:52:42.775368, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000023-0000-0000-424f-aac0596c0000 value_name : * value_name: struct winreg_String name_len : 0x0012 (18) name_size : 0x0012 (18) name : * name : 'Security' type : * type : REG_BINARY (3) data : * data: ARRAY(0) data_size : * data_size : 0x000000f8 (248) data_length : * data_length : 0x00000000 (0) [2012/02/20 14:52:42.776255, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 23 00 00 00 00 00 00 00 42 4F AA C0 ....#... ....BO.. [0010] 59 6C 00 00 Yl.. [2012/02/20 14:52:42.776448, 7] rpc_server/winreg/srv_winreg_nt.c:262(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\frost] [2012/02/20 14:52:42.776570, 7] rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2012/02/20 14:52:42.776666, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_BINARY (3) data : * data: ARRAY(248) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x04 (4) [3] : 0x80 (128) [4] : 0x14 (20) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) [8] : 0x24 (36) [9] : 0x00 (0) [10] : 0x00 (0) [11] : 0x00 (0) [12] : 0x00 (0) [13] : 0x00 (0) [14] : 0x00 (0) [15] : 0x00 (0) [16] : 0x34 (52) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) [20] : 0x01 (1) [21] : 0x02 (2) [22] : 0x00 (0) [23] : 0x00 (0) [24] : 0x00 (0) [25] : 0x00 (0) [26] : 0x00 (0) [27] : 0x05 (5) [28] : 0x20 (32) [29] : 0x00 (0) [30] : 0x00 (0) [31] : 0x00 (0) [32] : 0x20 (32) [33] : 0x02 (2) [34] : 0x00 (0) [35] : 0x00 (0) [36] : 0x01 (1) [37] : 0x02 (2) [38] : 0x00 (0) [39] : 0x00 (0) [40] : 0x00 (0) [41] : 0x00 (0) [42] : 0x00 (0) [43] : 0x05 (5) [44] : 0x20 (32) [45] : 0x00 (0) [46] : 0x00 (0) [47] : 0x00 (0) [48] : 0x20 (32) [49] : 0x02 (2) [50] : 0x00 (0) [51] : 0x00 (0) [52] : 0x02 (2) [53] : 0x00 (0) [54] : 0xc4 (196) [55] : 0x00 (0) [56] : 0x07 (7) [57] : 0x00 (0) [58] : 0x00 (0) [59] : 0x00 (0) [60] : 0x00 (0) [61] : 0x02 (2) [62] : 0x14 (20) [63] : 0x00 (0) [64] : 0x08 (8) [65] : 0x00 (0) [66] : 0x02 (2) [67] : 0x20 (32) [68] : 0x01 (1) [69] : 0x01 (1) [70] : 0x00 (0) [71] : 0x00 (0) [72] : 0x00 (0) [73] : 0x00 (0) [74] : 0x00 (0) [75] : 0x01 (1) [76] : 0x00 (0) [77] : 0x00 (0) [78] : 0x00 (0) [79] : 0x00 (0) [80] : 0x00 (0) [81] : 0x09 (9) [82] : 0x24 (36) [83] : 0x00 (0) [84] : 0x0c (12) [85] : 0x00 (0) [86] : 0x0f (15) [87] : 0x10 (16) [88] : 0x01 (1) [89] : 0x05 (5) [90] : 0x00 (0) [91] : 0x00 (0) [92] : 0x00 (0) [93] : 0x00 (0) [94] : 0x00 (0) [95] : 0x05 (5) [96] : 0x15 (21) [97] : 0x00 (0) [98] : 0x00 (0) [99] : 0x00 (0) [100] : 0xd3 (211) [101] : 0x42 (66) [102] : 0x9f (159) [103] : 0x90 (144) [104] : 0x94 (148) [105] : 0x5f (95) [106] : 0x64 (100) [107] : 0xfd (253) [108] : 0xeb (235) [109] : 0x17 (23) [110] : 0x72 (114) [111] : 0x3b (59) [112] : 0x00 (0) [113] : 0x02 (2) [114] : 0x00 (0) [115] : 0x00 (0) [116] : 0x00 (0) [117] : 0x02 (2) [118] : 0x24 (36) [119] : 0x00 (0) [120] : 0x0c (12) [121] : 0x00 (0) [122] : 0x0f (15) [123] : 0x10 (16) [124] : 0x01 (1) [125] : 0x05 (5) [126] : 0x00 (0) [127] : 0x00 (0) [128] : 0x00 (0) [129] : 0x00 (0) [130] : 0x00 (0) [131] : 0x05 (5) [132] : 0x15 (21) [133] : 0x00 (0) [134] : 0x00 (0) [135] : 0x00 (0) [136] : 0xd3 (211) [137] : 0x42 (66) [138] : 0x9f (159) [139] : 0x90 (144) [140] : 0x94 (148) [141] : 0x5f (95) [142] : 0x64 (100) [143] : 0xfd (253) [144] : 0xeb (235) [145] : 0x17 (23) [146] : 0x72 (114) [147] : 0x3b (59) [148] : 0x00 (0) [149] : 0x02 (2) [150] : 0x00 (0) [151] : 0x00 (0) [152] : 0x00 (0) [153] : 0x09 (9) [154] : 0x18 (24) [155] : 0x00 (0) [156] : 0x0c (12) [157] : 0x00 (0) [158] : 0x0f (15) [159] : 0x10 (16) [160] : 0x01 (1) [161] : 0x02 (2) [162] : 0x00 (0) [163] : 0x00 (0) [164] : 0x00 (0) [165] : 0x00 (0) [166] : 0x00 (0) [167] : 0x05 (5) [168] : 0x20 (32) [169] : 0x00 (0) [170] : 0x00 (0) [171] : 0x00 (0) [172] : 0x20 (32) [173] : 0x02 (2) [174] : 0x00 (0) [175] : 0x00 (0) [176] : 0x00 (0) [177] : 0x02 (2) [178] : 0x18 (24) [179] : 0x00 (0) [180] : 0x0c (12) [181] : 0x00 (0) [182] : 0x0f (15) [183] : 0x10 (16) [184] : 0x01 (1) [185] : 0x02 (2) [186] : 0x00 (0) [187] : 0x00 (0) [188] : 0x00 (0) [189] : 0x00 (0) [190] : 0x00 (0) [191] : 0x05 (5) [192] : 0x20 (32) [193] : 0x00 (0) [194] : 0x00 (0) [195] : 0x00 (0) [196] : 0x20 (32) [197] : 0x02 (2) [198] : 0x00 (0) [199] : 0x00 (0) [200] : 0x00 (0) [201] : 0x09 (9) [202] : 0x18 (24) [203] : 0x00 (0) [204] : 0x0c (12) [205] : 0x00 (0) [206] : 0x0f (15) [207] : 0x10 (16) [208] : 0x01 (1) [209] : 0x02 (2) [210] : 0x00 (0) [211] : 0x00 (0) [212] : 0x00 (0) [213] : 0x00 (0) [214] : 0x00 (0) [215] : 0x05 (5) [216] : 0x20 (32) [217] : 0x00 (0) [218] : 0x00 (0) [219] : 0x00 (0) [220] : 0x26 (38) [221] : 0x02 (2) [222] : 0x00 (0) [223] : 0x00 (0) [224] : 0x00 (0) [225] : 0x02 (2) [226] : 0x18 (24) [227] : 0x00 (0) [228] : 0x0c (12) [229] : 0x00 (0) [230] : 0x0f (15) [231] : 0x10 (16) [232] : 0x01 (1) [233] : 0x02 (2) [234] : 0x00 (0) [235] : 0x00 (0) [236] : 0x00 (0) [237] : 0x00 (0) [238] : 0x00 (0) [239] : 0x05 (5) [240] : 0x20 (32) [241] : 0x00 (0) [242] : 0x00 (0) [243] : 0x00 (0) [244] : 0x26 (38) [245] : 0x02 (2) [246] : 0x00 (0) [247] : 0x00 (0) data_size : * data_size : 0x000000f8 (248) data_length : * data_length : 0x000000f8 (248) result : WERR_OK [2012/02/20 14:52:42.787847, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000023-0000-0000-424f-aac0596c0000 [2012/02/20 14:52:42.788188, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 23 00 00 00 00 00 00 00 42 4F AA C0 ....#... ....BO.. [0010] 59 6C 00 00 Yl.. [2012/02/20 14:52:42.788381, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 23 00 00 00 00 00 00 00 42 4F AA C0 ....#... ....BO.. [0010] 59 6C 00 00 Yl.. [2012/02/20 14:52:42.788569, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/02/20 14:52:42.788694, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (2->1) [2012/02/20 14:52:42.788784, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2012/02/20 14:52:42.789271, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000022-0000-0000-424f-aac0596c0000 [2012/02/20 14:52:42.789583, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 22 00 00 00 00 00 00 00 42 4F AA C0 ...."... ....BO.. [0010] 59 6C 00 00 Yl.. [2012/02/20 14:52:42.789773, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 22 00 00 00 00 00 00 00 42 4F AA C0 ...."... ....BO.. [0010] 59 6C 00 00 Yl.. [2012/02/20 14:52:42.789971, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/02/20 14:52:42.790073, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (1->0) [2012/02/20 14:52:42.790195, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2012/02/20 14:52:42.790559, 10] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0x20020008 to 0x00020008 [2012/02/20 14:52:42.790650, 10] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0x100f000c to 0x000f000c [2012/02/20 14:52:42.790737, 10] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0x100f000c to 0x000f000c [2012/02/20 14:52:42.790823, 10] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0x100f000c to 0x000f000c [2012/02/20 14:52:42.790909, 10] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0x100f000c to 0x000f000c [2012/02/20 14:52:42.791007, 10] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0x100f000c to 0x000f000c [2012/02/20 14:52:42.791094, 10] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0x100f000c to 0x000f000c [2012/02/20 14:52:42.791183, 4] printing/nt_printing.c:1793(print_access_check) access check was SUCCESS [2012/02/20 14:52:42.791273, 10] rpc_server/rpc_handles.c:307(close_policy_by_pipe) close_policy_by_pipe: deleted handle list for pipe \winreg [2012/02/20 14:52:42.791374, 4] rpc_server/spoolss/srv_spoolss_nt.c:1923(_spoolss_OpenPrinterEx) Setting printer access = PRINTER_ACCESS_USE [2012/02/20 14:52:42.791467, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) Create pipe requested \winreg [2012/02/20 14:52:42.791568, 10] rpc_server/rpc_handles.c:116(init_pipe_handles) init_pipe_handle_list: created handle list for pipe \winreg [2012/02/20 14:52:42.791659, 10] rpc_server/rpc_handles.c:133(init_pipe_handles) init_pipe_handle_list: pipe_handles ref count = 1 for pipe \winreg [2012/02/20 14:52:42.791768, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) Created internal pipe \winreg (pipes_open=0) [2012/02/20 14:52:42.791917, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM in: struct winreg_OpenHKLM system_name : NULL access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2012/02/20 14:52:42.792483, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2012/02/20 14:52:42.792585, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(7000, 1001) : sec_ctx_stack_ndx = 1 [2012/02/20 14:52:42.792839, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(100) : conn_ctx_stack_ndx = 0 [2012/02/20 14:52:42.793015, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2012/02/20 14:52:42.793151, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2012/02/20 14:52:42.793241, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2012/02/20 14:52:42.793526, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (7000, 1001) - sec_ctx_stack_ndx = 0 [2012/02/20 14:52:42.793630, 10] registry/reg_backend_db.c:602(regdb_open) regdb_open: registry db opened. refcount reset (1) [2012/02/20 14:52:42.793725, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM] [2012/02/20 14:52:42.793812, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM] [2012/02/20 14:52:42.793899, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/02/20 14:52:42.793998, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0xb037c0 for key [\HKLM] [2012/02/20 14:52:42.794160, 10] registry/reg_backend_db.c:1871(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM] [2012/02/20 14:52:42.794302, 10] ../libcli/security/access_check.c:178(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2012/02/20 14:52:42.794404, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[1] [0000] 00 00 00 00 24 00 00 00 00 00 00 00 42 4F AA C0 ....$... ....BO.. [0010] 59 6C 00 00 Yl.. [2012/02/20 14:52:42.794601, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM out: struct winreg_OpenHKLM handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000024-0000-0000-424f-aac0596c0000 result : WERR_OK [2012/02/20 14:52:42.795039, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey in: struct winreg_OpenKey parent_handle : * parent_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000024-0000-0000-424f-aac0596c0000 keyname: struct winreg_String name_len : 0x0084 (132) name_size : 0x0084 (132) name : * name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\frost' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2012/02/20 14:52:42.796209, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 24 00 00 00 00 00 00 00 42 4F AA C0 ....$... ....BO.. [0010] 59 6C 00 00 Yl.. [2012/02/20 14:52:42.796408, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2012/02/20 14:52:42.796502, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (1->2) [2012/02/20 14:52:42.796597, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] [2012/02/20 14:52:42.796684, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE] [2012/02/20 14:52:42.796773, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/02/20 14:52:42.796857, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0xb037c0 for key [\HKLM\SOFTWARE] [2012/02/20 14:52:42.797029, 10] registry/reg_backend_db.c:1871(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE] [2012/02/20 14:52:42.797164, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2012/02/20 14:52:42.797258, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (2->3) [2012/02/20 14:52:42.797351, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] [2012/02/20 14:52:42.797438, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] [2012/02/20 14:52:42.797526, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/02/20 14:52:42.797611, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0xb037c0 for key [\HKLM\SOFTWARE\Microsoft] [2012/02/20 14:52:42.797753, 10] registry/reg_backend_db.c:1871(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft] [2012/02/20 14:52:42.797882, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (3->2) [2012/02/20 14:52:42.797990, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2012/02/20 14:52:42.798093, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (2->3) [2012/02/20 14:52:42.798187, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] [2012/02/20 14:52:42.798274, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] [2012/02/20 14:52:42.798362, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/02/20 14:52:42.798447, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0xb037c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] [2012/02/20 14:52:42.798590, 10] registry/reg_backend_db.c:1871(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT] [2012/02/20 14:52:42.798722, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (3->2) [2012/02/20 14:52:42.798812, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2012/02/20 14:52:42.798903, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (2->3) [2012/02/20 14:52:42.799014, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2012/02/20 14:52:42.799134, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2012/02/20 14:52:42.799228, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/02/20 14:52:42.799313, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0xb03a20 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2012/02/20 14:52:42.799481, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (3->2) [2012/02/20 14:52:42.799577, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2012/02/20 14:52:42.799668, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (2->3) [2012/02/20 14:52:42.799762, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2012/02/20 14:52:42.799852, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2012/02/20 14:52:42.799942, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/02/20 14:52:42.800037, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0xb03a20 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2012/02/20 14:52:42.800188, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (3->2) [2012/02/20 14:52:42.800279, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2012/02/20 14:52:42.800369, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (2->3) [2012/02/20 14:52:42.800462, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2012/02/20 14:52:42.800552, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2012/02/20 14:52:42.800643, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/02/20 14:52:42.800727, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0xb037c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2012/02/20 14:52:42.800874, 10] registry/reg_backend_db.c:1871(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2012/02/20 14:52:42.801032, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (3->2) [2012/02/20 14:52:42.801128, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [frost] [2012/02/20 14:52:42.801219, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (2->3) [2012/02/20 14:52:42.801314, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\frost] [2012/02/20 14:52:42.801402, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\frost] [2012/02/20 14:52:42.801493, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/02/20 14:52:42.801579, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0xb037c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\frost] [2012/02/20 14:52:42.801724, 10] registry/reg_backend_db.c:1871(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\frost] [2012/02/20 14:52:42.801863, 10] ../libcli/security/access_check.c:178(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2012/02/20 14:52:42.801966, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (3->2) [2012/02/20 14:52:42.802174, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[2] [0000] 00 00 00 00 25 00 00 00 00 00 00 00 42 4F AA C0 ....%... ....BO.. [0010] 59 6C 00 00 Yl.. [2012/02/20 14:52:42.802370, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey out: struct winreg_OpenKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000025-0000-0000-424f-aac0596c0000 result : WERR_OK [2012/02/20 14:52:42.802750, 2] rpc_client/cli_winreg_spoolss.c:898(winreg_create_printer) winreg_create_printer: Skipping, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\frost already exists [2012/02/20 14:52:42.802867, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000025-0000-0000-424f-aac0596c0000 [2012/02/20 14:52:42.803207, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 25 00 00 00 00 00 00 00 42 4F AA C0 ....%... ....BO.. [0010] 59 6C 00 00 Yl.. [2012/02/20 14:52:42.803391, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 25 00 00 00 00 00 00 00 42 4F AA C0 ....%... ....BO.. [0010] 59 6C 00 00 Yl.. [2012/02/20 14:52:42.803571, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/02/20 14:52:42.803657, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (2->1) [2012/02/20 14:52:42.803746, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2012/02/20 14:52:42.804224, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000024-0000-0000-424f-aac0596c0000 [2012/02/20 14:52:42.804547, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 24 00 00 00 00 00 00 00 42 4F AA C0 ....$... ....BO.. [0010] 59 6C 00 00 Yl.. [2012/02/20 14:52:42.804737, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 24 00 00 00 00 00 00 00 42 4F AA C0 ....$... ....BO.. [0010] 59 6C 00 00 Yl.. [2012/02/20 14:52:42.804923, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/02/20 14:52:42.805032, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (1->0) [2012/02/20 14:52:42.805154, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2012/02/20 14:52:42.805551, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) spoolss_OpenPrinterEx: struct spoolss_OpenPrinterEx out: struct spoolss_OpenPrinterEx handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000021-0000-0000-424f-aac0596c0000 result : WERR_OK [2012/02/20 14:52:42.805902, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP) api_rpcTNP: called \spoolss successfully [2012/02/20 14:52:42.806015, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 178 [2012/02/20 14:52:42.806135, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) name: \spoolss len: 1024 [2012/02/20 14:52:42.806228, 10] rpc_server/srv_pipe_hnd.c:346(read_from_internal_pipe) read_from_pipe: \spoolss: fault_state = 0 : data_sent_length = 0, p->out_data.rdata.length = 24. [2012/02/20 14:52:42.806332, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) &r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_RESPONSE (2) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0030 (48) auth_length : 0x0000 (0) call_id : 0x00000002 (2) u : union dcerpc_payload(case 2) response: struct dcerpc_response alloc_hint : 0x00000018 (24) context_id : 0x0000 (0) cancel_count : 0x00 (0) _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=24 [0000] 00 00 00 00 21 00 00 00 00 00 00 00 42 4F AA C0 ....!... ....BO.. [0010] 59 6C 00 00 00 00 00 00 Yl...... [2012/02/20 14:52:42.807399, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) free_pipe_context: destroying talloc pool of size 1341 [2012/02/20 14:52:42.807501, 10] rpc_server/rpc_handles.c:307(close_policy_by_pipe) close_policy_by_pipe: deleted handle list for pipe \winreg [2012/02/20 14:52:42.807617, 10] rpc_server/srv_pipe_hnd.c:788(np_read_recv) Received 48 bytes. There is no more data outstanding [2012/02/20 14:52:42.807711, 5] smbd/ipc.c:62(copy_trans_params_and_data) copy_trans_params_and_data: params[0..0] data[0..48] (align 0) [2012/02/20 14:52:42.807801, 5] lib/util.c:332(show_msg) [2012/02/20 14:52:42.807851, 5] lib/util.c:342(show_msg) size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=2 smb_pid=1620 smb_uid=100 smb_mid=23426 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [2012/02/20 14:52:42.808685, 10] ../lib/util/util.c:415(dump_data) [0000] 00 05 00 02 03 10 00 00 00 30 00 00 00 02 00 00 ........ .0...... [0010] 00 18 00 00 00 00 00 00 00 00 00 00 00 21 00 00 ........ .....!.. [0020] 00 00 00 00 00 42 4F AA C0 59 6C 00 00 00 00 00 .....BO. .Yl..... [0030] 00 . [2012/02/20 14:52:42.809825, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 4240 [2012/02/20 14:52:42.809968, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x1090 [2012/02/20 14:52:42.810084, 3] smbd/process.c:1662(process_smb) Transaction 47 of length 4244 (0 toread) [2012/02/20 14:52:42.810207, 5] lib/util.c:332(show_msg) [2012/02/20 14:52:42.810276, 5] lib/util.c:342(show_msg) size=4240 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=1620 smb_uid=100 smb_mid=23490 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 4156 (0x103C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 4156 (0x103C) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=15586 (0x3CE2) smb_bcc=4173 [2012/02/20 14:52:42.811325, 10] ../lib/util/util.c:415(dump_data) [0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [0010] 00 05 00 00 03 10 00 00 00 3C 10 00 00 03 00 00 ........ .<...... [0020] 00 24 10 00 00 00 00 08 00 00 00 00 00 21 00 00 .$...... .....!.. [0030] 00 00 00 00 00 42 4F AA C0 59 6C 00 00 02 00 00 .....BO. .Yl..... [0040] 00 00 00 02 00 00 10 00 00 00 00 00 00 00 00 00 ........ ........ [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [2012/02/20 14:52:42.813732, 3] smbd/process.c:1467(switch_message) switch message SMBtrans (pid 27737) conn 0x9697a50 [2012/02/20 14:52:42.813826, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/02/20 14:52:42.813930, 3] smbd/ipc.c:560(handle_trans) trans <\PIPE\> data=4156 params=0 setup=2 [2012/02/20 14:52:42.814076, 5] smbd/ipc.c:593(handle_trans) calling named_pipe [2012/02/20 14:52:42.814183, 3] smbd/ipc.c:511(named_pipe) named pipe command on <> name [2012/02/20 14:52:42.814270, 5] smbd/ipc.c:434(api_fd_reply) api_fd_reply [2012/02/20 14:52:42.814355, 3] smbd/ipc.c:475(api_fd_reply) Got API command 0x26 on pipe "spoolss" (pnum 3ce2) [2012/02/20 14:52:42.814444, 10] smbd/ipc.c:477(api_fd_reply) api_fd_reply: p:0x96a87b8 max_trans_reply: 1024 [2012/02/20 14:52:42.814571, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 4156 [2012/02/20 14:52:42.814664, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 4156 [2012/02/20 14:52:42.814751, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 4156 [2012/02/20 14:52:42.814841, 10] rpc_server/srv_pipe_hnd.c:50(fill_rpc_header) fill_rpc_header: data_to_copy = 4156, len_needed_to_complete_hdr = 16, receive_len = 0 [2012/02/20 14:52:42.814932, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 16 [2012/02/20 14:52:42.815028, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 4140 [2012/02/20 14:52:42.815114, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 4140 [2012/02/20 14:52:42.815207, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 0 [2012/02/20 14:52:42.815293, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 4140 [2012/02/20 14:52:42.815379, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 4140, incoming data = 4140 [2012/02/20 14:52:42.815474, 10] rpc_server/srv_pipe.c:1877(process_complete_pdu) PDU is in Little Endian format! [2012/02/20 14:52:42.815578, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_REQUEST (0) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x103c (4156) auth_length : 0x0000 (0) call_id : 0x00000003 (3) u : union dcerpc_payload(case 0) request: struct dcerpc_request alloc_hint : 0x00001024 (4132) context_id : 0x0000 (0) opnum : 0x0008 (8) object : union dcerpc_object(case 0) empty: struct dcerpc_empty _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=4132 [0000] 00 00 00 00 21 00 00 00 00 00 00 00 42 4F AA C0 ....!... ....BO.. [0010] 59 6C 00 00 02 00 00 00 00 00 02 00 00 10 00 00 Yl...... ........ [0020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0040] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0200] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0210] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0220] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0230] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0240] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0250] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0260] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0270] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0280] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0290] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0300] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0310] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0320] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0330] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0340] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0350] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0360] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0370] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0380] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0390] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0400] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0410] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0420] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0430] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0440] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0450] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0460] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0470] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0480] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0490] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0500] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0510] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0520] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0530] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0540] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0550] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0560] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0570] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0580] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0590] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0600] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0610] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0620] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0630] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0640] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0650] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0660] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0670] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0680] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0690] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0700] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0710] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0720] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0730] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0740] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0750] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0760] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0770] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0780] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0790] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0800] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0810] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0820] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0830] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0840] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0850] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0860] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0870] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0880] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0890] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0900] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0910] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0920] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0930] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0940] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0950] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0960] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0970] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0980] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0990] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0ED0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1010] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1020] 00 10 00 00 .... [2012/02/20 14:52:42.841156, 10] rpc_server/srv_pipe.c:1890(process_complete_pdu) Processing packet type 0 [2012/02/20 14:52:42.841273, 10] rpc_server/srv_pipe.c:1734(dcesrv_auth_request) Checking request auth. [2012/02/20 14:52:42.841376, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) Requested \PIPE\\spoolss [2012/02/20 14:52:42.841477, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) api_rpcTNP: \spoolss op 0x8 - api_rpcTNP: rpc command: SPOOLSS_GETPRINTER [2012/02/20 14:52:42.841573, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) api_rpc_cmds[8].fn == 0x442b10 [2012/02/20 14:52:42.841673, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) spoolss_GetPrinter: struct spoolss_GetPrinter in: struct spoolss_GetPrinter handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000021-0000-0000-424f-aac0596c0000 level : 0x00000002 (2) buffer : * buffer : DATA_BLOB length=4096 [0000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0010] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0040] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0200] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0210] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0220] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0230] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0240] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0250] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0260] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0270] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0280] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0290] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0300] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0310] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0320] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0330] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0340] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0350] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0360] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0370] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0380] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0390] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0400] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0410] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0420] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0430] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0440] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0450] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0460] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0470] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0480] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0490] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0500] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0510] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0520] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0530] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0540] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0550] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0560] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0570] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0580] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0590] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0600] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0610] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0620] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0630] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0640] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0650] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0660] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0670] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0680] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0690] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0700] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0710] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0720] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0730] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0740] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0750] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0760] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0770] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0780] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0790] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0800] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0810] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0820] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0830] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0840] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0850] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0860] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0870] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0880] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0890] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0900] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0910] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0920] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0930] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0940] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0950] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0960] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0970] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0980] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0990] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0ED0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ offered : 0x00001000 (4096) [2012/02/20 14:52:42.958376, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 21 00 00 00 00 00 00 00 42 4F AA C0 ....!... ....BO.. [0010] 59 6C 00 00 Yl.. [2012/02/20 14:52:42.958612, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 21 00 00 00 00 00 00 00 42 4F AA C0 ....!... ....BO.. [0010] 59 6C 00 00 Yl.. [2012/02/20 14:52:42.958842, 4] rpc_server/spoolss/srv_spoolss_nt.c:504(get_printer_snum) short name:frost [2012/02/20 14:52:42.958953, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) Create pipe requested \winreg [2012/02/20 14:52:42.959071, 10] rpc_server/rpc_handles.c:116(init_pipe_handles) init_pipe_handle_list: created handle list for pipe \winreg [2012/02/20 14:52:42.959166, 10] rpc_server/rpc_handles.c:133(init_pipe_handles) init_pipe_handle_list: pipe_handles ref count = 1 for pipe \winreg [2012/02/20 14:52:42.959281, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) Created internal pipe \winreg (pipes_open=0) [2012/02/20 14:52:42.959421, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM in: struct winreg_OpenHKLM system_name : NULL access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2012/02/20 14:52:42.960031, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2012/02/20 14:52:42.960142, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(7000, 1001) : sec_ctx_stack_ndx = 1 [2012/02/20 14:52:42.960239, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(100) : conn_ctx_stack_ndx = 0 [2012/02/20 14:52:42.960326, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2012/02/20 14:52:42.960413, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2012/02/20 14:52:42.960499, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2012/02/20 14:52:42.960788, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (7000, 1001) - sec_ctx_stack_ndx = 0 [2012/02/20 14:52:42.960891, 10] registry/reg_backend_db.c:602(regdb_open) regdb_open: registry db opened. refcount reset (1) [2012/02/20 14:52:42.960998, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM] [2012/02/20 14:52:42.961088, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM] [2012/02/20 14:52:42.961176, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/02/20 14:52:42.961262, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0xb037c0 for key [\HKLM] [2012/02/20 14:52:42.961449, 10] registry/reg_backend_db.c:1871(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM] [2012/02/20 14:52:42.961598, 10] ../libcli/security/access_check.c:178(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2012/02/20 14:52:42.961701, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[1] [0000] 00 00 00 00 26 00 00 00 00 00 00 00 42 4F AA C0 ....&... ....BO.. [0010] 59 6C 00 00 Yl.. [2012/02/20 14:52:42.961895, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM out: struct winreg_OpenHKLM handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000026-0000-0000-424f-aac0596c0000 result : WERR_OK [2012/02/20 14:52:42.962315, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey in: struct winreg_OpenKey parent_handle : * parent_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000026-0000-0000-424f-aac0596c0000 keyname: struct winreg_String name_len : 0x0084 (132) name_size : 0x0084 (132) name : * name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\frost' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2012/02/20 14:52:42.963418, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 26 00 00 00 00 00 00 00 42 4F AA C0 ....&... ....BO.. [0010] 59 6C 00 00 Yl.. [2012/02/20 14:52:42.963606, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2012/02/20 14:52:42.963700, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (1->2) [2012/02/20 14:52:42.963796, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] [2012/02/20 14:52:42.963892, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE] [2012/02/20 14:52:42.963999, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/02/20 14:52:42.964086, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0xb037c0 for key [\HKLM\SOFTWARE] [2012/02/20 14:52:42.964248, 10] registry/reg_backend_db.c:1871(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE] [2012/02/20 14:52:42.964381, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2012/02/20 14:52:42.964477, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (2->3) [2012/02/20 14:52:42.964571, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] [2012/02/20 14:52:42.964659, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] [2012/02/20 14:52:42.964748, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/02/20 14:52:42.964833, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0xb037c0 for key [\HKLM\SOFTWARE\Microsoft] [2012/02/20 14:52:42.964983, 10] registry/reg_backend_db.c:1871(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft] [2012/02/20 14:52:42.965118, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (3->2) [2012/02/20 14:52:42.965210, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2012/02/20 14:52:42.965302, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (2->3) [2012/02/20 14:52:42.965396, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] [2012/02/20 14:52:42.965484, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] [2012/02/20 14:52:42.965575, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/02/20 14:52:42.965661, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0xb037c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] [2012/02/20 14:52:42.965889, 10] registry/reg_backend_db.c:1871(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT] [2012/02/20 14:52:42.966119, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (3->2) [2012/02/20 14:52:42.966225, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2012/02/20 14:52:42.966318, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (2->3) [2012/02/20 14:52:42.966412, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2012/02/20 14:52:42.966500, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2012/02/20 14:52:42.966593, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/02/20 14:52:42.966679, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0xb03a20 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2012/02/20 14:52:42.966849, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (3->2) [2012/02/20 14:52:42.966943, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2012/02/20 14:52:42.967045, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (2->3) [2012/02/20 14:52:42.967139, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2012/02/20 14:52:42.967229, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2012/02/20 14:52:42.967320, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/02/20 14:52:42.967405, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0xb03a20 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2012/02/20 14:52:42.967556, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (3->2) [2012/02/20 14:52:42.967647, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2012/02/20 14:52:42.967738, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (2->3) [2012/02/20 14:52:42.967832, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2012/02/20 14:52:42.967921, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2012/02/20 14:52:42.968020, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/02/20 14:52:42.968106, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0xb037c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2012/02/20 14:52:42.968255, 10] registry/reg_backend_db.c:1871(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2012/02/20 14:52:42.968391, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (3->2) [2012/02/20 14:52:42.968481, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [frost] [2012/02/20 14:52:42.968575, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (2->3) [2012/02/20 14:52:42.968669, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\frost] [2012/02/20 14:52:42.968760, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\frost] [2012/02/20 14:52:42.968849, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/02/20 14:52:42.968974, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0xb037c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\frost] [2012/02/20 14:52:42.969124, 10] registry/reg_backend_db.c:1871(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\frost] [2012/02/20 14:52:42.969262, 10] ../libcli/security/access_check.c:178(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2012/02/20 14:52:42.969357, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (3->2) [2012/02/20 14:52:42.969450, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[2] [0000] 00 00 00 00 27 00 00 00 00 00 00 00 42 4F AA C0 ....'... ....BO.. [0010] 59 6C 00 00 Yl.. [2012/02/20 14:52:42.969641, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey out: struct winreg_OpenKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000027-0000-0000-424f-aac0596c0000 result : WERR_OK [2012/02/20 14:52:42.970114, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_QueryInfoKey: struct winreg_QueryInfoKey in: struct winreg_QueryInfoKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000027-0000-0000-424f-aac0596c0000 classname : * classname: struct winreg_String name_len : 0x0000 (0) name_size : 0x0000 (0) name : NULL [2012/02/20 14:52:42.970817, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 27 00 00 00 00 00 00 00 42 4F AA C0 ....'... ....BO.. [0010] 59 6C 00 00 Yl.. [2012/02/20 14:52:42.971107, 10] registry/reg_dispatcher.c:150(fetch_reg_values) fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\frost' (ops 0xb037c0) [2012/02/20 14:52:42.971207, 10] registry/reg_backend_db.c:1764(regdb_fetch_values_internal) regdb_fetch_values: Looking for value of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\frost] [2012/02/20 14:52:42.971348, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) specific: [Attributes], len: 4 [2012/02/20 14:52:42.971442, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) specific: [Description], len: 2 [2012/02/20 14:52:42.971534, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) specific: [Datatype], len: 8 [2012/02/20 14:52:42.971624, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) specific: [Default Priority], len: 4 [2012/02/20 14:52:42.971714, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) specific: [Port], len: 38 [2012/02/20 14:52:42.971803, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) specific: [Name], len: 12 [2012/02/20 14:52:42.971892, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) specific: [Print Processor], len: 18 [2012/02/20 14:52:42.971991, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) specific: [Priority], len: 4 [2012/02/20 14:52:42.972082, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) specific: [Security], len: 248 [2012/02/20 14:52:42.972171, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) specific: [Share Name], len: 12 [2012/02/20 14:52:42.972281, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) specific: [StartTime], len: 4 [2012/02/20 14:52:42.972411, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) specific: [UntilTime], len: 4 [2012/02/20 14:52:42.972504, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) specific: [ChangeID], len: 4 [2012/02/20 14:52:42.972597, 10] registry/reg_backend_db.c:1871(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\frost] [2012/02/20 14:52:42.972747, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_QueryInfoKey: struct winreg_QueryInfoKey out: struct winreg_QueryInfoKey classname : * classname: struct winreg_String name_len : 0x0000 (0) name_size : 0x0000 (0) name : NULL num_subkeys : * num_subkeys : 0x00000003 (3) max_subkeylen : * max_subkeylen : 0x00000022 (34) max_classlen : * max_classlen : 0x00000000 (0) num_values : * num_values : 0x0000000d (13) max_valnamelen : * max_valnamelen : 0x00000022 (34) max_valbufsize : * max_valbufsize : 0x000000f8 (248) secdescsize : * secdescsize : 0x00000078 (120) last_changed_time : * last_changed_time : NTTIME(0) result : WERR_OK [2012/02/20 14:52:42.973807, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000027-0000-0000-424f-aac0596c0000 enum_index : 0x00000000 (0) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2012/02/20 14:52:42.974752, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 27 00 00 00 00 00 00 00 42 4F AA C0 ....'... ....BO.. [0010] 59 6C 00 00 Yl.. [2012/02/20 14:52:42.974945, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\frost] [2012/02/20 14:52:42.975101, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0016 (22) size : 0x0024 (36) name : * name : 'Attributes' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x48 (72) [1] : 0x10 (16) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2012/02/20 14:52:42.976143, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000027-0000-0000-424f-aac0596c0000 enum_index : 0x00000001 (1) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2012/02/20 14:52:42.977223, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 27 00 00 00 00 00 00 00 42 4F AA C0 ....'... ....BO.. [0010] 59 6C 00 00 Yl.. [2012/02/20 14:52:42.977623, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\frost] [2012/02/20 14:52:42.977737, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0018 (24) size : 0x0024 (36) name : * name : 'Description' type : * type : REG_SZ (1) value : * value: ARRAY(2) [0] : 0x00 (0) [1] : 0x00 (0) size : * size : 0x00000002 (2) length : * length : 0x00000002 (2) result : WERR_OK [2012/02/20 14:52:42.978702, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000027-0000-0000-424f-aac0596c0000 enum_index : 0x00000002 (2) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2012/02/20 14:52:42.979704, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 27 00 00 00 00 00 00 00 42 4F AA C0 ....'... ....BO.. [0010] 59 6C 00 00 Yl.. [2012/02/20 14:52:42.979897, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\frost] [2012/02/20 14:52:42.980025, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0024 (36) name : * name : 'Datatype' type : * type : REG_SZ (1) value : * value: ARRAY(8) [0] : 0x52 (82) [1] : 0x00 (0) [2] : 0x41 (65) [3] : 0x00 (0) [4] : 0x57 (87) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) size : * size : 0x00000008 (8) length : * length : 0x00000008 (8) result : WERR_OK [2012/02/20 14:52:42.981467, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000027-0000-0000-424f-aac0596c0000 enum_index : 0x00000003 (3) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2012/02/20 14:52:42.982504, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 27 00 00 00 00 00 00 00 42 4F AA C0 ....'... ....BO.. [0010] 59 6C 00 00 Yl.. [2012/02/20 14:52:42.982701, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\frost] [2012/02/20 14:52:42.982813, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0022 (34) size : 0x0024 (36) name : * name : 'Default Priority' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2012/02/20 14:52:42.983843, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000027-0000-0000-424f-aac0596c0000 enum_index : 0x00000004 (4) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2012/02/20 14:52:42.984828, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 27 00 00 00 00 00 00 00 42 4F AA C0 ....'... ....BO.. [0010] 59 6C 00 00 Yl.. [2012/02/20 14:52:42.985043, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\frost] [2012/02/20 14:52:42.985144, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x000a (10) size : 0x0024 (36) name : * name : 'Port' type : * type : REG_SZ (1) value : * value: ARRAY(38) [0] : 0x53 (83) [1] : 0x00 (0) [2] : 0x61 (97) [3] : 0x00 (0) [4] : 0x6d (109) [5] : 0x00 (0) [6] : 0x62 (98) [7] : 0x00 (0) [8] : 0x61 (97) [9] : 0x00 (0) [10] : 0x20 (32) [11] : 0x00 (0) [12] : 0x50 (80) [13] : 0x00 (0) [14] : 0x72 (114) [15] : 0x00 (0) [16] : 0x69 (105) [17] : 0x00 (0) [18] : 0x6e (110) [19] : 0x00 (0) [20] : 0x74 (116) [21] : 0x00 (0) [22] : 0x65 (101) [23] : 0x00 (0) [24] : 0x72 (114) [25] : 0x00 (0) [26] : 0x20 (32) [27] : 0x00 (0) [28] : 0x50 (80) [29] : 0x00 (0) [30] : 0x6f (111) [31] : 0x00 (0) [32] : 0x72 (114) [33] : 0x00 (0) [34] : 0x74 (116) [35] : 0x00 (0) [36] : 0x00 (0) [37] : 0x00 (0) size : * size : 0x00000026 (38) length : * length : 0x00000026 (38) result : WERR_OK [2012/02/20 14:52:42.987735, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000027-0000-0000-424f-aac0596c0000 enum_index : 0x00000005 (5) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2012/02/20 14:52:42.988698, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 27 00 00 00 00 00 00 00 42 4F AA C0 ....'... ....BO.. [0010] 59 6C 00 00 Yl.. [2012/02/20 14:52:42.988889, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\frost] [2012/02/20 14:52:42.988993, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x000a (10) size : 0x0024 (36) name : * name : 'Name' type : * type : REG_SZ (1) value : * value: ARRAY(12) [0] : 0x66 (102) [1] : 0x00 (0) [2] : 0x72 (114) [3] : 0x00 (0) [4] : 0x6f (111) [5] : 0x00 (0) [6] : 0x73 (115) [7] : 0x00 (0) [8] : 0x74 (116) [9] : 0x00 (0) [10] : 0x00 (0) [11] : 0x00 (0) size : * size : 0x0000000c (12) length : * length : 0x0000000c (12) result : WERR_OK [2012/02/20 14:52:42.990386, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000027-0000-0000-424f-aac0596c0000 enum_index : 0x00000006 (6) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2012/02/20 14:52:42.991653, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 27 00 00 00 00 00 00 00 42 4F AA C0 ....'... ....BO.. [0010] 59 6C 00 00 Yl.. [2012/02/20 14:52:42.991859, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\frost] [2012/02/20 14:52:42.991960, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0020 (32) size : 0x0024 (36) name : * name : 'Print Processor' type : * type : REG_SZ (1) value : * value: ARRAY(18) [0] : 0x77 (119) [1] : 0x00 (0) [2] : 0x69 (105) [3] : 0x00 (0) [4] : 0x6e (110) [5] : 0x00 (0) [6] : 0x70 (112) [7] : 0x00 (0) [8] : 0x72 (114) [9] : 0x00 (0) [10] : 0x69 (105) [11] : 0x00 (0) [12] : 0x6e (110) [13] : 0x00 (0) [14] : 0x74 (116) [15] : 0x00 (0) [16] : 0x00 (0) [17] : 0x00 (0) size : * size : 0x00000012 (18) length : * length : 0x00000012 (18) result : WERR_OK [2012/02/20 14:52:42.994260, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000027-0000-0000-424f-aac0596c0000 enum_index : 0x00000007 (7) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2012/02/20 14:52:42.995270, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 27 00 00 00 00 00 00 00 42 4F AA C0 ....'... ....BO.. [0010] 59 6C 00 00 Yl.. [2012/02/20 14:52:42.995493, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\frost] [2012/02/20 14:52:42.995615, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0024 (36) name : * name : 'Priority' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2012/02/20 14:52:42.996828, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000027-0000-0000-424f-aac0596c0000 enum_index : 0x00000008 (8) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2012/02/20 14:52:42.998198, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 27 00 00 00 00 00 00 00 42 4F AA C0 ....'... ....BO.. [0010] 59 6C 00 00 Yl.. [2012/02/20 14:52:42.998511, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\frost] [2012/02/20 14:52:42.998624, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0024 (36) name : * name : 'Security' type : * type : REG_BINARY (3) value : * value: ARRAY(248) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x04 (4) [3] : 0x80 (128) [4] : 0x14 (20) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) [8] : 0x24 (36) [9] : 0x00 (0) [10] : 0x00 (0) [11] : 0x00 (0) [12] : 0x00 (0) [13] : 0x00 (0) [14] : 0x00 (0) [15] : 0x00 (0) [16] : 0x34 (52) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) [20] : 0x01 (1) [21] : 0x02 (2) [22] : 0x00 (0) [23] : 0x00 (0) [24] : 0x00 (0) [25] : 0x00 (0) [26] : 0x00 (0) [27] : 0x05 (5) [28] : 0x20 (32) [29] : 0x00 (0) [30] : 0x00 (0) [31] : 0x00 (0) [32] : 0x20 (32) [33] : 0x02 (2) [34] : 0x00 (0) [35] : 0x00 (0) [36] : 0x01 (1) [37] : 0x02 (2) [38] : 0x00 (0) [39] : 0x00 (0) [40] : 0x00 (0) [41] : 0x00 (0) [42] : 0x00 (0) [43] : 0x05 (5) [44] : 0x20 (32) [45] : 0x00 (0) [46] : 0x00 (0) [47] : 0x00 (0) [48] : 0x20 (32) [49] : 0x02 (2) [50] : 0x00 (0) [51] : 0x00 (0) [52] : 0x02 (2) [53] : 0x00 (0) [54] : 0xc4 (196) [55] : 0x00 (0) [56] : 0x07 (7) [57] : 0x00 (0) [58] : 0x00 (0) [59] : 0x00 (0) [60] : 0x00 (0) [61] : 0x02 (2) [62] : 0x14 (20) [63] : 0x00 (0) [64] : 0x08 (8) [65] : 0x00 (0) [66] : 0x02 (2) [67] : 0x20 (32) [68] : 0x01 (1) [69] : 0x01 (1) [70] : 0x00 (0) [71] : 0x00 (0) [72] : 0x00 (0) [73] : 0x00 (0) [74] : 0x00 (0) [75] : 0x01 (1) [76] : 0x00 (0) [77] : 0x00 (0) [78] : 0x00 (0) [79] : 0x00 (0) [80] : 0x00 (0) [81] : 0x09 (9) [82] : 0x24 (36) [83] : 0x00 (0) [84] : 0x0c (12) [85] : 0x00 (0) [86] : 0x0f (15) [87] : 0x10 (16) [88] : 0x01 (1) [89] : 0x05 (5) [90] : 0x00 (0) [91] : 0x00 (0) [92] : 0x00 (0) [93] : 0x00 (0) [94] : 0x00 (0) [95] : 0x05 (5) [96] : 0x15 (21) [97] : 0x00 (0) [98] : 0x00 (0) [99] : 0x00 (0) [100] : 0xd3 (211) [101] : 0x42 (66) [102] : 0x9f (159) [103] : 0x90 (144) [104] : 0x94 (148) [105] : 0x5f (95) [106] : 0x64 (100) [107] : 0xfd (253) [108] : 0xeb (235) [109] : 0x17 (23) [110] : 0x72 (114) [111] : 0x3b (59) [112] : 0x00 (0) [113] : 0x02 (2) [114] : 0x00 (0) [115] : 0x00 (0) [116] : 0x00 (0) [117] : 0x02 (2) [118] : 0x24 (36) [119] : 0x00 (0) [120] : 0x0c (12) [121] : 0x00 (0) [122] : 0x0f (15) [123] : 0x10 (16) [124] : 0x01 (1) [125] : 0x05 (5) [126] : 0x00 (0) [127] : 0x00 (0) [128] : 0x00 (0) [129] : 0x00 (0) [130] : 0x00 (0) [131] : 0x05 (5) [132] : 0x15 (21) [133] : 0x00 (0) [134] : 0x00 (0) [135] : 0x00 (0) [136] : 0xd3 (211) [137] : 0x42 (66) [138] : 0x9f (159) [139] : 0x90 (144) [140] : 0x94 (148) [141] : 0x5f (95) [142] : 0x64 (100) [143] : 0xfd (253) [144] : 0xeb (235) [145] : 0x17 (23) [146] : 0x72 (114) [147] : 0x3b (59) [148] : 0x00 (0) [149] : 0x02 (2) [150] : 0x00 (0) [151] : 0x00 (0) [152] : 0x00 (0) [153] : 0x09 (9) [154] : 0x18 (24) [155] : 0x00 (0) [156] : 0x0c (12) [157] : 0x00 (0) [158] : 0x0f (15) [159] : 0x10 (16) [160] : 0x01 (1) [161] : 0x02 (2) [162] : 0x00 (0) [163] : 0x00 (0) [164] : 0x00 (0) [165] : 0x00 (0) [166] : 0x00 (0) [167] : 0x05 (5) [168] : 0x20 (32) [169] : 0x00 (0) [170] : 0x00 (0) [171] : 0x00 (0) [172] : 0x20 (32) [173] : 0x02 (2) [174] : 0x00 (0) [175] : 0x00 (0) [176] : 0x00 (0) [177] : 0x02 (2) [178] : 0x18 (24) [179] : 0x00 (0) [180] : 0x0c (12) [181] : 0x00 (0) [182] : 0x0f (15) [183] : 0x10 (16) [184] : 0x01 (1) [185] : 0x02 (2) [186] : 0x00 (0) [187] : 0x00 (0) [188] : 0x00 (0) [189] : 0x00 (0) [190] : 0x00 (0) [191] : 0x05 (5) [192] : 0x20 (32) [193] : 0x00 (0) [194] : 0x00 (0) [195] : 0x00 (0) [196] : 0x20 (32) [197] : 0x02 (2) [198] : 0x00 (0) [199] : 0x00 (0) [200] : 0x00 (0) [201] : 0x09 (9) [202] : 0x18 (24) [203] : 0x00 (0) [204] : 0x0c (12) [205] : 0x00 (0) [206] : 0x0f (15) [207] : 0x10 (16) [208] : 0x01 (1) [209] : 0x02 (2) [210] : 0x00 (0) [211] : 0x00 (0) [212] : 0x00 (0) [213] : 0x00 (0) [214] : 0x00 (0) [215] : 0x05 (5) [216] : 0x20 (32) [217] : 0x00 (0) [218] : 0x00 (0) [219] : 0x00 (0) [220] : 0x26 (38) [221] : 0x02 (2) [222] : 0x00 (0) [223] : 0x00 (0) [224] : 0x00 (0) [225] : 0x02 (2) [226] : 0x18 (24) [227] : 0x00 (0) [228] : 0x0c (12) [229] : 0x00 (0) [230] : 0x0f (15) [231] : 0x10 (16) [232] : 0x01 (1) [233] : 0x02 (2) [234] : 0x00 (0) [235] : 0x00 (0) [236] : 0x00 (0) [237] : 0x00 (0) [238] : 0x00 (0) [239] : 0x05 (5) [240] : 0x20 (32) [241] : 0x00 (0) [242] : 0x00 (0) [243] : 0x00 (0) [244] : 0x26 (38) [245] : 0x02 (2) [246] : 0x00 (0) [247] : 0x00 (0) size : * size : 0x000000f8 (248) length : * length : 0x000000f8 (248) result : WERR_OK [2012/02/20 14:52:43.011041, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000027-0000-0000-424f-aac0596c0000 enum_index : 0x00000009 (9) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2012/02/20 14:52:43.012078, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 27 00 00 00 00 00 00 00 42 4F AA C0 ....'... ....BO.. [0010] 59 6C 00 00 Yl.. [2012/02/20 14:52:43.012275, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\frost] [2012/02/20 14:52:43.012375, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0016 (22) size : 0x0024 (36) name : * name : 'Share Name' type : * type : REG_SZ (1) value : * value: ARRAY(12) [0] : 0x66 (102) [1] : 0x00 (0) [2] : 0x72 (114) [3] : 0x00 (0) [4] : 0x6f (111) [5] : 0x00 (0) [6] : 0x73 (115) [7] : 0x00 (0) [8] : 0x74 (116) [9] : 0x00 (0) [10] : 0x00 (0) [11] : 0x00 (0) size : * size : 0x0000000c (12) length : * length : 0x0000000c (12) result : WERR_OK [2012/02/20 14:52:43.013928, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000027-0000-0000-424f-aac0596c0000 enum_index : 0x0000000a (10) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2012/02/20 14:52:43.015121, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 27 00 00 00 00 00 00 00 42 4F AA C0 ....'... ....BO.. [0010] 59 6C 00 00 Yl.. [2012/02/20 14:52:43.015325, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\frost] [2012/02/20 14:52:43.015431, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0014 (20) size : 0x0024 (36) name : * name : 'StartTime' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x00 (0) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2012/02/20 14:52:43.016463, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000027-0000-0000-424f-aac0596c0000 enum_index : 0x0000000b (11) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2012/02/20 14:52:43.017423, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 27 00 00 00 00 00 00 00 42 4F AA C0 ....'... ....BO.. [0010] 59 6C 00 00 Yl.. [2012/02/20 14:52:43.017613, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\frost] [2012/02/20 14:52:43.017710, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0014 (20) size : 0x0024 (36) name : * name : 'UntilTime' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x00 (0) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2012/02/20 14:52:43.018753, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000027-0000-0000-424f-aac0596c0000 enum_index : 0x0000000c (12) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2012/02/20 14:52:43.019734, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 27 00 00 00 00 00 00 00 42 4F AA C0 ....'... ....BO.. [0010] 59 6C 00 00 Yl.. [2012/02/20 14:52:43.020009, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\frost] [2012/02/20 14:52:43.020179, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0024 (36) name : * name : 'ChangeID' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x3b (59) [1] : 0x86 (134) [2] : 0xbe (190) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2012/02/20 14:52:43.021433, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000027-0000-0000-424f-aac0596c0000 value_name : * value_name: struct winreg_String name_len : 0x0020 (32) name_size : 0x0020 (32) name : * name : 'Default DevMode' type : * type : REG_NONE (0) data : NULL data_size : * data_size : 0x00000000 (0) data_length : * data_length : 0x00000000 (0) [2012/02/20 14:52:43.022340, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 27 00 00 00 00 00 00 00 42 4F AA C0 ....'... ....BO.. [0010] 59 6C 00 00 Yl.. [2012/02/20 14:52:43.022531, 7] rpc_server/winreg/srv_winreg_nt.c:262(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\frost] [2012/02/20 14:52:43.022623, 7] rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2012/02/20 14:52:43.022719, 10] rpc_server/winreg/srv_winreg_nt.c:315(_winreg_QueryValue) _winreg_QueryValue: reg_queryvalue failed with: WERR_BADFILE [2012/02/20 14:52:43.022806, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_NONE (0) data : NULL data_size : * data_size : 0x00000000 (0) data_length : * data_length : 0x00000000 (0) result : WERR_BADFILE [2012/02/20 14:52:43.023313, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM in: struct winreg_OpenHKLM system_name : NULL access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2012/02/20 14:52:43.023840, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2012/02/20 14:52:43.023933, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (2->3) [2012/02/20 14:52:43.024036, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM] [2012/02/20 14:52:43.024123, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM] [2012/02/20 14:52:43.024211, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/02/20 14:52:43.024296, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0xb037c0 for key [\HKLM] [2012/02/20 14:52:43.024450, 10] registry/reg_backend_db.c:1871(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM] [2012/02/20 14:52:43.024581, 10] ../libcli/security/access_check.c:178(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2012/02/20 14:52:43.024682, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[3] [0000] 00 00 00 00 28 00 00 00 00 00 00 00 42 4F AB C0 ....(... ....BO.. [0010] 59 6C 00 00 Yl.. [2012/02/20 14:52:43.024873, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM out: struct winreg_OpenHKLM handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000028-0000-0000-424f-abc0596c0000 result : WERR_OK [2012/02/20 14:52:43.025270, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey in: struct winreg_OpenKey parent_handle : * parent_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000028-0000-0000-424f-abc0596c0000 keyname: struct winreg_String name_len : 0x0084 (132) name_size : 0x0084 (132) name : * name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\frost' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2012/02/20 14:52:43.026363, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 28 00 00 00 00 00 00 00 42 4F AB C0 ....(... ....BO.. [0010] 59 6C 00 00 Yl.. [2012/02/20 14:52:43.026559, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2012/02/20 14:52:43.026651, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (3->4) [2012/02/20 14:52:43.026744, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] [2012/02/20 14:52:43.026830, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE] [2012/02/20 14:52:43.026917, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/02/20 14:52:43.027011, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0xb037c0 for key [\HKLM\SOFTWARE] [2012/02/20 14:52:43.027160, 10] registry/reg_backend_db.c:1871(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE] [2012/02/20 14:52:43.027292, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2012/02/20 14:52:43.027387, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (4->5) [2012/02/20 14:52:43.027480, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] [2012/02/20 14:52:43.027566, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] [2012/02/20 14:52:43.027654, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/02/20 14:52:43.027738, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0xb037c0 for key [\HKLM\SOFTWARE\Microsoft] [2012/02/20 14:52:43.027870, 10] registry/reg_backend_db.c:1871(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft] [2012/02/20 14:52:43.028035, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (5->4) [2012/02/20 14:52:43.028140, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2012/02/20 14:52:43.028233, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (4->5) [2012/02/20 14:52:43.028326, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] [2012/02/20 14:52:43.028413, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] [2012/02/20 14:52:43.028501, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/02/20 14:52:43.028586, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0xb037c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] [2012/02/20 14:52:43.028751, 10] registry/reg_backend_db.c:1871(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT] [2012/02/20 14:52:43.028883, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (5->4) [2012/02/20 14:52:43.028982, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2012/02/20 14:52:43.029076, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (4->5) [2012/02/20 14:52:43.029169, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2012/02/20 14:52:43.029257, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2012/02/20 14:52:43.029346, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/02/20 14:52:43.029432, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0xb03a20 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2012/02/20 14:52:43.029592, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (5->4) [2012/02/20 14:52:43.029683, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2012/02/20 14:52:43.029773, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (4->5) [2012/02/20 14:52:43.029867, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2012/02/20 14:52:43.029956, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2012/02/20 14:52:43.030084, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/02/20 14:52:43.030172, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0xb03a20 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2012/02/20 14:52:43.030320, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (5->4) [2012/02/20 14:52:43.030413, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2012/02/20 14:52:43.030507, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (4->5) [2012/02/20 14:52:43.030603, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2012/02/20 14:52:43.030691, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2012/02/20 14:52:43.030782, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/02/20 14:52:43.030867, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0xb037c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2012/02/20 14:52:43.031024, 10] registry/reg_backend_db.c:1871(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2012/02/20 14:52:43.031163, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (5->4) [2012/02/20 14:52:43.031252, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [frost] [2012/02/20 14:52:43.031343, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (4->5) [2012/02/20 14:52:43.031437, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\frost] [2012/02/20 14:52:43.031529, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\frost] [2012/02/20 14:52:43.031619, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/02/20 14:52:43.031732, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0xb037c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\frost] [2012/02/20 14:52:43.031876, 10] registry/reg_backend_db.c:1871(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\frost] [2012/02/20 14:52:43.032053, 10] ../libcli/security/access_check.c:178(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2012/02/20 14:52:43.032158, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (5->4) [2012/02/20 14:52:43.032252, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[4] [0000] 00 00 00 00 29 00 00 00 00 00 00 00 42 4F AB C0 ....)... ....BO.. [0010] 59 6C 00 00 Yl.. [2012/02/20 14:52:43.032441, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey out: struct winreg_OpenKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000029-0000-0000-424f-abc0596c0000 result : WERR_OK [2012/02/20 14:52:43.032847, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000029-0000-0000-424f-abc0596c0000 value_name : * value_name: struct winreg_String name_len : 0x0012 (18) name_size : 0x0012 (18) name : * name : 'Security' type : * type : REG_NONE (0) data : NULL data_size : * data_size : 0x00000000 (0) data_length : * data_length : 0x00000000 (0) [2012/02/20 14:52:43.033908, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 29 00 00 00 00 00 00 00 42 4F AB C0 ....)... ....BO.. [0010] 59 6C 00 00 Yl.. [2012/02/20 14:52:43.034188, 7] rpc_server/winreg/srv_winreg_nt.c:262(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\frost] [2012/02/20 14:52:43.034284, 7] rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2012/02/20 14:52:43.034374, 10] registry/reg_dispatcher.c:150(fetch_reg_values) fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\frost' (ops 0xb037c0) [2012/02/20 14:52:43.034469, 10] registry/reg_backend_db.c:1764(regdb_fetch_values_internal) regdb_fetch_values: Looking for value of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\frost] [2012/02/20 14:52:43.034633, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) specific: [Attributes], len: 4 [2012/02/20 14:52:43.034729, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) specific: [Description], len: 2 [2012/02/20 14:52:43.034818, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) specific: [Datatype], len: 8 [2012/02/20 14:52:43.034908, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) specific: [Default Priority], len: 4 [2012/02/20 14:52:43.035010, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) specific: [Port], len: 38 [2012/02/20 14:52:43.035139, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) specific: [Name], len: 12 [2012/02/20 14:52:43.035230, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) specific: [Print Processor], len: 18 [2012/02/20 14:52:43.035320, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) specific: [Priority], len: 4 [2012/02/20 14:52:43.035411, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) specific: [Security], len: 248 [2012/02/20 14:52:43.035501, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) specific: [Share Name], len: 12 [2012/02/20 14:52:43.035591, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) specific: [StartTime], len: 4 [2012/02/20 14:52:43.035681, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) specific: [UntilTime], len: 4 [2012/02/20 14:52:43.035770, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) specific: [ChangeID], len: 4 [2012/02/20 14:52:43.035865, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_BINARY (3) data : NULL data_size : * data_size : 0x000000f8 (248) data_length : * data_length : 0x00000000 (0) result : WERR_OK [2012/02/20 14:52:43.036408, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000029-0000-0000-424f-abc0596c0000 value_name : * value_name: struct winreg_String name_len : 0x0012 (18) name_size : 0x0012 (18) name : * name : 'Security' type : * type : REG_BINARY (3) data : * data: ARRAY(0) data_size : * data_size : 0x000000f8 (248) data_length : * data_length : 0x00000000 (0) [2012/02/20 14:52:43.037278, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 29 00 00 00 00 00 00 00 42 4F AB C0 ....)... ....BO.. [0010] 59 6C 00 00 Yl.. [2012/02/20 14:52:43.037469, 7] rpc_server/winreg/srv_winreg_nt.c:262(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\frost] [2012/02/20 14:52:43.037562, 7] rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2012/02/20 14:52:43.037655, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_BINARY (3) data : * data: ARRAY(248) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x04 (4) [3] : 0x80 (128) [4] : 0x14 (20) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) [8] : 0x24 (36) [9] : 0x00 (0) [10] : 0x00 (0) [11] : 0x00 (0) [12] : 0x00 (0) [13] : 0x00 (0) [14] : 0x00 (0) [15] : 0x00 (0) [16] : 0x34 (52) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) [20] : 0x01 (1) [21] : 0x02 (2) [22] : 0x00 (0) [23] : 0x00 (0) [24] : 0x00 (0) [25] : 0x00 (0) [26] : 0x00 (0) [27] : 0x05 (5) [28] : 0x20 (32) [29] : 0x00 (0) [30] : 0x00 (0) [31] : 0x00 (0) [32] : 0x20 (32) [33] : 0x02 (2) [34] : 0x00 (0) [35] : 0x00 (0) [36] : 0x01 (1) [37] : 0x02 (2) [38] : 0x00 (0) [39] : 0x00 (0) [40] : 0x00 (0) [41] : 0x00 (0) [42] : 0x00 (0) [43] : 0x05 (5) [44] : 0x20 (32) [45] : 0x00 (0) [46] : 0x00 (0) [47] : 0x00 (0) [48] : 0x20 (32) [49] : 0x02 (2) [50] : 0x00 (0) [51] : 0x00 (0) [52] : 0x02 (2) [53] : 0x00 (0) [54] : 0xc4 (196) [55] : 0x00 (0) [56] : 0x07 (7) [57] : 0x00 (0) [58] : 0x00 (0) [59] : 0x00 (0) [60] : 0x00 (0) [61] : 0x02 (2) [62] : 0x14 (20) [63] : 0x00 (0) [64] : 0x08 (8) [65] : 0x00 (0) [66] : 0x02 (2) [67] : 0x20 (32) [68] : 0x01 (1) [69] : 0x01 (1) [70] : 0x00 (0) [71] : 0x00 (0) [72] : 0x00 (0) [73] : 0x00 (0) [74] : 0x00 (0) [75] : 0x01 (1) [76] : 0x00 (0) [77] : 0x00 (0) [78] : 0x00 (0) [79] : 0x00 (0) [80] : 0x00 (0) [81] : 0x09 (9) [82] : 0x24 (36) [83] : 0x00 (0) [84] : 0x0c (12) [85] : 0x00 (0) [86] : 0x0f (15) [87] : 0x10 (16) [88] : 0x01 (1) [89] : 0x05 (5) [90] : 0x00 (0) [91] : 0x00 (0) [92] : 0x00 (0) [93] : 0x00 (0) [94] : 0x00 (0) [95] : 0x05 (5) [96] : 0x15 (21) [97] : 0x00 (0) [98] : 0x00 (0) [99] : 0x00 (0) [100] : 0xd3 (211) [101] : 0x42 (66) [102] : 0x9f (159) [103] : 0x90 (144) [104] : 0x94 (148) [105] : 0x5f (95) [106] : 0x64 (100) [107] : 0xfd (253) [108] : 0xeb (235) [109] : 0x17 (23) [110] : 0x72 (114) [111] : 0x3b (59) [112] : 0x00 (0) [113] : 0x02 (2) [114] : 0x00 (0) [115] : 0x00 (0) [116] : 0x00 (0) [117] : 0x02 (2) [118] : 0x24 (36) [119] : 0x00 (0) [120] : 0x0c (12) [121] : 0x00 (0) [122] : 0x0f (15) [123] : 0x10 (16) [124] : 0x01 (1) [125] : 0x05 (5) [126] : 0x00 (0) [127] : 0x00 (0) [128] : 0x00 (0) [129] : 0x00 (0) [130] : 0x00 (0) [131] : 0x05 (5) [132] : 0x15 (21) [133] : 0x00 (0) [134] : 0x00 (0) [135] : 0x00 (0) [136] : 0xd3 (211) [137] : 0x42 (66) [138] : 0x9f (159) [139] : 0x90 (144) [140] : 0x94 (148) [141] : 0x5f (95) [142] : 0x64 (100) [143] : 0xfd (253) [144] : 0xeb (235) [145] : 0x17 (23) [146] : 0x72 (114) [147] : 0x3b (59) [148] : 0x00 (0) [149] : 0x02 (2) [150] : 0x00 (0) [151] : 0x00 (0) [152] : 0x00 (0) [153] : 0x09 (9) [154] : 0x18 (24) [155] : 0x00 (0) [156] : 0x0c (12) [157] : 0x00 (0) [158] : 0x0f (15) [159] : 0x10 (16) [160] : 0x01 (1) [161] : 0x02 (2) [162] : 0x00 (0) [163] : 0x00 (0) [164] : 0x00 (0) [165] : 0x00 (0) [166] : 0x00 (0) [167] : 0x05 (5) [168] : 0x20 (32) [169] : 0x00 (0) [170] : 0x00 (0) [171] : 0x00 (0) [172] : 0x20 (32) [173] : 0x02 (2) [174] : 0x00 (0) [175] : 0x00 (0) [176] : 0x00 (0) [177] : 0x02 (2) [178] : 0x18 (24) [179] : 0x00 (0) [180] : 0x0c (12) [181] : 0x00 (0) [182] : 0x0f (15) [183] : 0x10 (16) [184] : 0x01 (1) [185] : 0x02 (2) [186] : 0x00 (0) [187] : 0x00 (0) [188] : 0x00 (0) [189] : 0x00 (0) [190] : 0x00 (0) [191] : 0x05 (5) [192] : 0x20 (32) [193] : 0x00 (0) [194] : 0x00 (0) [195] : 0x00 (0) [196] : 0x20 (32) [197] : 0x02 (2) [198] : 0x00 (0) [199] : 0x00 (0) [200] : 0x00 (0) [201] : 0x09 (9) [202] : 0x18 (24) [203] : 0x00 (0) [204] : 0x0c (12) [205] : 0x00 (0) [206] : 0x0f (15) [207] : 0x10 (16) [208] : 0x01 (1) [209] : 0x02 (2) [210] : 0x00 (0) [211] : 0x00 (0) [212] : 0x00 (0) [213] : 0x00 (0) [214] : 0x00 (0) [215] : 0x05 (5) [216] : 0x20 (32) [217] : 0x00 (0) [218] : 0x00 (0) [219] : 0x00 (0) [220] : 0x26 (38) [221] : 0x02 (2) [222] : 0x00 (0) [223] : 0x00 (0) [224] : 0x00 (0) [225] : 0x02 (2) [226] : 0x18 (24) [227] : 0x00 (0) [228] : 0x0c (12) [229] : 0x00 (0) [230] : 0x0f (15) [231] : 0x10 (16) [232] : 0x01 (1) [233] : 0x02 (2) [234] : 0x00 (0) [235] : 0x00 (0) [236] : 0x00 (0) [237] : 0x00 (0) [238] : 0x00 (0) [239] : 0x05 (5) [240] : 0x20 (32) [241] : 0x00 (0) [242] : 0x00 (0) [243] : 0x00 (0) [244] : 0x26 (38) [245] : 0x02 (2) [246] : 0x00 (0) [247] : 0x00 (0) data_size : * data_size : 0x000000f8 (248) data_length : * data_length : 0x000000f8 (248) result : WERR_OK [2012/02/20 14:52:43.049459, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000029-0000-0000-424f-abc0596c0000 [2012/02/20 14:52:43.049801, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 29 00 00 00 00 00 00 00 42 4F AB C0 ....)... ....BO.. [0010] 59 6C 00 00 Yl.. [2012/02/20 14:52:43.050001, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 29 00 00 00 00 00 00 00 42 4F AB C0 ....)... ....BO.. [0010] 59 6C 00 00 Yl.. [2012/02/20 14:52:43.050186, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/02/20 14:52:43.050281, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (4->3) [2012/02/20 14:52:43.050371, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2012/02/20 14:52:43.050741, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000028-0000-0000-424f-abc0596c0000 [2012/02/20 14:52:43.051052, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 28 00 00 00 00 00 00 00 42 4F AB C0 ....(... ....BO.. [0010] 59 6C 00 00 Yl.. [2012/02/20 14:52:43.051274, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 28 00 00 00 00 00 00 00 42 4F AB C0 ....(... ....BO.. [0010] 59 6C 00 00 Yl.. [2012/02/20 14:52:43.051460, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/02/20 14:52:43.051547, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (3->2) [2012/02/20 14:52:43.051636, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2012/02/20 14:52:43.052017, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000027-0000-0000-424f-aac0596c0000 [2012/02/20 14:52:43.052320, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 27 00 00 00 00 00 00 00 42 4F AA C0 ....'... ....BO.. [0010] 59 6C 00 00 Yl.. [2012/02/20 14:52:43.052501, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 27 00 00 00 00 00 00 00 42 4F AA C0 ....'... ....BO.. [0010] 59 6C 00 00 Yl.. [2012/02/20 14:52:43.052679, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/02/20 14:52:43.052773, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (2->1) [2012/02/20 14:52:43.052861, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2012/02/20 14:52:43.053235, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000026-0000-0000-424f-aac0596c0000 [2012/02/20 14:52:43.053538, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 26 00 00 00 00 00 00 00 42 4F AA C0 ....&... ....BO.. [0010] 59 6C 00 00 Yl.. [2012/02/20 14:52:43.053726, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 26 00 00 00 00 00 00 00 42 4F AA C0 ....&... ....BO.. [0010] 59 6C 00 00 Yl.. [2012/02/20 14:52:43.053914, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/02/20 14:52:43.054008, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (1->0) [2012/02/20 14:52:43.054130, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2012/02/20 14:52:43.054584, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(7000, 1001) : sec_ctx_stack_ndx = 1 [2012/02/20 14:52:43.054695, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(100) : conn_ctx_stack_ndx = 0 [2012/02/20 14:52:43.054783, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2012/02/20 14:52:43.054869, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2012/02/20 14:52:43.054954, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2012/02/20 14:52:43.055284, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (7000, 1001) - sec_ctx_stack_ndx = 0 [2012/02/20 14:52:43.055415, 4] printing/printing.c:1288(print_cache_expired) print_cache_expired: cache expired for queue frost (last_qscan_time = 1329774490, time now = 1329774763, qcachetime = 30) [2012/02/20 14:52:43.055552, 10] printing/printing.c:1815(print_queue_update) print_queue_update: Sending message -> printer = frost, type = 8, lpq command = [frost] lprm command = [] [2012/02/20 14:52:43.055709, 10] lib/messages_local.c:255(messaging_tdb_store) messaging_tdb_store: [2012/02/20 14:52:43.055801, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) array: struct messaging_array num_messages : 0x00000001 (1) messages: ARRAY(1) messages: struct messaging_rec msg_version : 0x00000002 (2) msg_type : MSG_PRINTER_UPDATE (517) dest: struct server_id pid : 0x00000611 (1553) vnn : 0xffffffff (4294967295) unique_id : 0x0d94bc75dd341bb3 (978614233454615475) src: struct server_id pid : 0x00006c59 (27737) vnn : 0xffffffff (4294967295) unique_id : 0x0d94bc75dd341bb3 (978614233454615475) buf : DATA_BLOB length=17 [0000] 66 72 6F 73 74 00 08 00 00 00 66 72 6F 73 74 00 frost... ..frost. [0010] 00 . [2012/02/20 14:52:43.056898, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) spoolss_GetPrinter: struct spoolss_GetPrinter out: struct spoolss_GetPrinter info : * info : union spoolss_PrinterInfo(case 2) info2: struct spoolss_PrinterInfo2 servername : * servername : '\\EARTH' printername : * printername : '\\EARTH\frost' sharename : * sharename : 'frost' portname : * portname : 'Samba Printer Port' drivername : * drivername : '' comment : * comment : 'HP LaserJet 5m in Computer Room' location : * location : 'Computer Room' devmode : * devmode: struct spoolss_DeviceMode devicename : '\\EARTH\frost' specversion : DMSPEC_NT4_AND_ABOVE (1025) driverversion : 0x0400 (1024) size : 0x00dc (220) __driverextra_length : 0x0000 (0) fields : 0x00014713 (83731) 1: DEVMODE_ORIENTATION 1: DEVMODE_PAPERSIZE 0: DEVMODE_PAPERLENGTH 0: DEVMODE_PAPERWIDTH 1: DEVMODE_SCALE 0: DEVMODE_POSITION 0: DEVMODE_NUP 1: DEVMODE_COPIES 1: DEVMODE_DEFAULTSOURCE 1: DEVMODE_PRINTQUALITY 0: DEVMODE_COLOR 0: DEVMODE_DUPLEX 0: DEVMODE_YRESOLUTION 1: DEVMODE_TTOPTION 0: DEVMODE_COLLATE 1: DEVMODE_FORMNAME 0: DEVMODE_LOGPIXELS 0: DEVMODE_BITSPERPEL 0: DEVMODE_PELSWIDTH 0: DEVMODE_PELSHEIGHT 0: DEVMODE_DISPLAYFLAGS 0: DEVMODE_DISPLAYFREQUENCY 0: DEVMODE_ICMMETHOD 0: DEVMODE_ICMINTENT 0: DEVMODE_MEDIATYPE 0: DEVMODE_DITHERTYPE 0: DEVMODE_PANNINGWIDTH 0: DEVMODE_PANNINGHEIGHT orientation : DMORIENT_PORTRAIT (1) papersize : DMPAPER_LETTER (1) paperlength : 0x0000 (0) paperwidth : 0x0000 (0) scale : 0x0064 (100) copies : 0x0001 (1) defaultsource : DMBIN_FORMSOURCE (15) printquality : DMRES_HIGH (65532) color : DMRES_MONOCHROME (1) duplex : DMDUP_SIMPLEX (1) yresolution : 0x0000 (0) ttoption : DMTT_SUBDEV (3) collate : DMCOLLATE_FALSE (0) formname : 'Letter' logpixels : 0x0000 (0) bitsperpel : 0x00000000 (0) pelswidth : 0x00000000 (0) pelsheight : 0x00000000 (0) displayflags : UNKNOWN_ENUM_VALUE (0) displayfrequency : 0x00000000 (0) icmmethod : UNKNOWN_ENUM_VALUE (0) icmintent : UNKNOWN_ENUM_VALUE (0) mediatype : UNKNOWN_ENUM_VALUE (0) dithertype : UNKNOWN_ENUM_VALUE (0) reserved1 : 0x00000000 (0) reserved2 : 0x00000000 (0) panningwidth : 0x00000000 (0) panningheight : 0x00000000 (0) driverextra_data : DATA_BLOB length=0 sepfile : * sepfile : '' printprocessor : * printprocessor : 'winprint' datatype : * datatype : 'RAW' parameters : * parameters : '' secdesc : * secdesc: struct security_descriptor revision : SECURITY_DESCRIPTOR_REVISION_1 (1) type : 0x8004 (32772) 0: SEC_DESC_OWNER_DEFAULTED 0: SEC_DESC_GROUP_DEFAULTED 1: SEC_DESC_DACL_PRESENT 0: SEC_DESC_DACL_DEFAULTED 0: SEC_DESC_SACL_PRESENT 0: SEC_DESC_SACL_DEFAULTED 0: SEC_DESC_DACL_TRUSTED 0: SEC_DESC_SERVER_SECURITY 0: SEC_DESC_DACL_AUTO_INHERIT_REQ 0: SEC_DESC_SACL_AUTO_INHERIT_REQ 0: SEC_DESC_DACL_AUTO_INHERITED 0: SEC_DESC_SACL_AUTO_INHERITED 0: SEC_DESC_DACL_PROTECTED 0: SEC_DESC_SACL_PROTECTED 0: SEC_DESC_RM_CONTROL_VALID 1: SEC_DESC_SELF_RELATIVE owner_sid : * owner_sid : S-1-5-32-544 group_sid : * group_sid : S-1-5-32-544 sacl : NULL dacl : * dacl: struct security_acl revision : SECURITY_ACL_REVISION_NT4 (2) size : 0x00c4 (196) num_aces : 0x00000007 (7) aces: ARRAY(7) aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x02 (2) 0: SEC_ACE_FLAG_OBJECT_INHERIT 1: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 0: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0014 (20) access_mask : 0x20020008 (537001992) object : union security_ace_object_ctr(case 0) trustee : S-1-1-0 aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x09 (9) 1: SEC_ACE_FLAG_OBJECT_INHERIT 0: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 1: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x09: SEC_ACE_FLAG_VALID_INHERIT (9) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0024 (36) access_mask : 0x100f000c (269418508) object : union security_ace_object_ctr(case 0) trustee : S-1-5-21-2426356435-4251213716-997332971-512 aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x02 (2) 0: SEC_ACE_FLAG_OBJECT_INHERIT 1: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 0: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0024 (36) access_mask : 0x100f000c (269418508) object : union security_ace_object_ctr(case 0) trustee : S-1-5-21-2426356435-4251213716-997332971-512 aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x09 (9) 1: SEC_ACE_FLAG_OBJECT_INHERIT 0: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 1: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x09: SEC_ACE_FLAG_VALID_INHERIT (9) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0018 (24) access_mask : 0x100f000c (269418508) object : union security_ace_object_ctr(case 0) trustee : S-1-5-32-544 aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x02 (2) 0: SEC_ACE_FLAG_OBJECT_INHERIT 1: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 0: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0018 (24) access_mask : 0x100f000c (269418508) object : union security_ace_object_ctr(case 0) trustee : S-1-5-32-544 aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x09 (9) 1: SEC_ACE_FLAG_OBJECT_INHERIT 0: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 1: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x09: SEC_ACE_FLAG_VALID_INHERIT (9) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0018 (24) access_mask : 0x100f000c (269418508) object : union security_ace_object_ctr(case 0) trustee : S-1-5-32-550 aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x02 (2) 0: SEC_ACE_FLAG_OBJECT_INHERIT 1: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 0: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0018 (24) access_mask : 0x100f000c (269418508) object : union security_ace_object_ctr(case 0) trustee : S-1-5-32-550 attributes : 0x00001048 (4168) 0: PRINTER_ATTRIBUTE_QUEUED 0: PRINTER_ATTRIBUTE_DIRECT 0: PRINTER_ATTRIBUTE_DEFAULT 1: PRINTER_ATTRIBUTE_SHARED 0: PRINTER_ATTRIBUTE_NETWORK 0: PRINTER_ATTRIBUTE_HIDDEN 1: PRINTER_ATTRIBUTE_LOCAL 0: PRINTER_ATTRIBUTE_ENABLE_DEVQ 0: PRINTER_ATTRIBUTE_KEEPPRINTEDJOBS 0: PRINTER_ATTRIBUTE_DO_COMPLETE_FIRST 0: PRINTER_ATTRIBUTE_WORK_OFFLINE 0: PRINTER_ATTRIBUTE_ENABLE_BIDI 1: PRINTER_ATTRIBUTE_RAW_ONLY 0: PRINTER_ATTRIBUTE_PUBLISHED 0: PRINTER_ATTRIBUTE_FAX 0: PRINTER_ATTRIBUTE_TS priority : 0x00000001 (1) defaultpriority : 0x00000001 (1) starttime : 0x00000000 (0) untiltime : 0x00000000 (0) status : 0x00000001 (1) 1: PRINTER_STATUS_PAUSED 0: PRINTER_STATUS_ERROR 0: PRINTER_STATUS_PENDING_DELETION 0: PRINTER_STATUS_PAPER_JAM 0: PRINTER_STATUS_PAPER_OUT 0: PRINTER_STATUS_MANUAL_FEED 0: PRINTER_STATUS_PAPER_PROBLEM 0: PRINTER_STATUS_OFFLINE 0: PRINTER_STATUS_IO_ACTIVE 0: PRINTER_STATUS_BUSY 0: PRINTER_STATUS_PRINTING 0: PRINTER_STATUS_OUTPUT_BIN_FULL 0: PRINTER_STATUS_NOT_AVAILABLE 0: PRINTER_STATUS_WAITING 0: PRINTER_STATUS_PROCESSING 0: PRINTER_STATUS_INITIALIZING 0: PRINTER_STATUS_WARMING_UP 0: PRINTER_STATUS_TONER_LOW 0: PRINTER_STATUS_NO_TONER 0: PRINTER_STATUS_PAGE_PUNT 0: PRINTER_STATUS_USER_INTERVENTION 0: PRINTER_STATUS_OUT_OF_MEMORY 0: PRINTER_STATUS_DOOR_OPEN 0: PRINTER_STATUS_SERVER_UNKNOWN 0: PRINTER_STATUS_POWER_SAVE cjobs : 0x00000000 (0) averageppm : 0x00000000 (0) needed : * needed : 0x00000330 (816) result : WERR_OK [2012/02/20 14:52:43.071047, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP) api_rpcTNP: called \spoolss successfully [2012/02/20 14:52:43.071188, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 4140 [2012/02/20 14:52:43.071312, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) name: \spoolss len: 1024 [2012/02/20 14:52:43.071407, 10] rpc_server/srv_pipe_hnd.c:346(read_from_internal_pipe) read_from_pipe: \spoolss: fault_state = 0 : data_sent_length = 0, p->out_data.rdata.length = 4112. [2012/02/20 14:52:43.071515, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) &r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_RESPONSE (2) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x1028 (4136) auth_length : 0x0000 (0) call_id : 0x00000003 (3) u : union dcerpc_payload(case 2) response: struct dcerpc_response alloc_hint : 0x00001010 (4112) context_id : 0x0000 (0) cancel_count : 0x00 (0) _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=4112 [0000] 04 00 02 00 00 10 00 00 F0 0F 00 00 D4 0F 00 00 ........ ........ [0010] C8 0F 00 00 A2 0F 00 00 A0 0F 00 00 60 0F 00 00 ........ ....`... [0020] 44 0F 00 00 48 0E 00 00 42 0F 00 00 30 0F 00 00 D...H... B...0... [0030] 28 0F 00 00 26 0F 00 00 50 0D 00 00 48 10 00 00 (...&... P...H... [0040] 01 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0050] 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0200] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0210] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0220] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0230] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0240] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0250] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0260] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0270] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0280] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0290] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0300] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0310] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0320] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0330] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0340] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0350] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0360] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0370] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0380] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0390] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0400] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0410] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0420] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0430] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0440] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0450] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0460] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0470] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0480] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0490] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0500] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0510] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0520] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0530] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0540] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0550] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0560] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0570] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0580] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0590] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0600] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0610] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0620] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0630] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0640] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0650] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0660] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0670] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0680] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0690] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0700] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0710] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0720] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0730] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0740] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0750] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0760] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0770] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0780] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0790] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0800] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0810] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0820] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0830] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0840] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0850] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0860] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0870] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0880] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0890] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0900] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0910] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0920] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0930] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0940] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0950] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0960] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0970] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0980] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0990] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D50] 00 00 00 00 00 00 00 00 01 00 04 80 D8 00 00 00 ........ ........ [0D60] E8 00 00 00 00 00 00 00 14 00 00 00 02 00 C4 00 ........ ........ [0D70] 07 00 00 00 00 02 14 00 08 00 02 20 01 01 00 00 ........ ... .... [0D80] 00 00 00 01 00 00 00 00 00 09 24 00 0C 00 0F 10 ........ ..$..... [0D90] 01 05 00 00 00 00 00 05 15 00 00 00 D3 42 9F 90 ........ .....B.. [0DA0] 94 5F 64 FD EB 17 72 3B 00 02 00 00 00 02 24 00 ._d...r; ......$. [0DB0] 0C 00 0F 10 01 05 00 00 00 00 00 05 15 00 00 00 ........ ........ [0DC0] D3 42 9F 90 94 5F 64 FD EB 17 72 3B 00 02 00 00 .B..._d. ..r;.... [0DD0] 00 09 18 00 0C 00 0F 10 01 02 00 00 00 00 00 05 ........ ........ [0DE0] 20 00 00 00 20 02 00 00 00 02 18 00 0C 00 0F 10 ... ... ........ [0DF0] 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 ........ ... ... [0E00] 00 09 18 00 0C 00 0F 10 01 02 00 00 00 00 00 05 ........ ........ [0E10] 20 00 00 00 26 02 00 00 00 02 18 00 0C 00 0F 10 ...&... ........ [0E20] 01 02 00 00 00 00 00 05 20 00 00 00 26 02 00 00 ........ ...&... [0E30] 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 ........ ... ... [0E40] 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 ........ ... ... [0E50] 5C 00 5C 00 45 00 41 00 52 00 54 00 48 00 5C 00 \.\.E.A. R.T.H.\. [0E60] 66 00 72 00 6F 00 73 00 74 00 00 00 00 00 00 00 f.r.o.s. t....... [0E70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E90] 01 04 00 04 DC 00 00 00 13 47 01 00 01 00 01 00 ........ .G...... [0EA0] 00 00 00 00 64 00 01 00 0F 00 FC FF 01 00 01 00 ....d... ........ [0EB0] 00 00 03 00 00 00 4C 00 65 00 74 00 74 00 65 00 ......L. e.t.t.e. [0EC0] 72 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 r....... ........ [0ED0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F30] 52 00 41 00 57 00 00 00 77 00 69 00 6E 00 70 00 R.A.W... w.i.n.p. [0F40] 72 00 69 00 6E 00 74 00 00 00 00 00 43 00 6F 00 r.i.n.t. ....C.o. [0F50] 6D 00 70 00 75 00 74 00 65 00 72 00 20 00 52 00 m.p.u.t. e.r. .R. [0F60] 6F 00 6F 00 6D 00 00 00 48 00 50 00 20 00 4C 00 o.o.m... H.P. .L. [0F70] 61 00 73 00 65 00 72 00 4A 00 65 00 74 00 20 00 a.s.e.r. J.e.t. . [0F80] 35 00 6D 00 20 00 69 00 6E 00 20 00 43 00 6F 00 5.m. .i. n. .C.o. [0F90] 6D 00 70 00 75 00 74 00 65 00 72 00 20 00 52 00 m.p.u.t. e.r. .R. [0FA0] 6F 00 6F 00 6D 00 00 00 00 00 53 00 61 00 6D 00 o.o.m... ..S.a.m. [0FB0] 62 00 61 00 20 00 50 00 72 00 69 00 6E 00 74 00 b.a. .P. r.i.n.t. [0FC0] 65 00 72 00 20 00 50 00 6F 00 72 00 74 00 00 00 e.r. .P. o.r.t... [0FD0] 66 00 72 00 6F 00 73 00 74 00 00 00 5C 00 5C 00 f.r.o.s. t...\.\. [0FE0] 45 00 41 00 52 00 54 00 48 00 5C 00 66 00 72 00 E.A.R.T. H.\.f.r. [0FF0] 6F 00 73 00 74 00 00 00 5C 00 5C 00 45 00 41 00 o.s.t... \.\.E.A. [1000] 52 00 54 00 48 00 00 00 30 03 00 00 00 00 00 00 R.T.H... 0....... [2012/02/20 14:52:43.097551, 10] rpc_server/srv_pipe_hnd.c:788(np_read_recv) Received 1024 bytes. There is more data outstanding [2012/02/20 14:52:43.097670, 5] smbd/ipc.c:103(send_trans_reply) send_trans_reply: buffer 1024 too large [2012/02/20 14:52:43.097763, 5] smbd/ipc.c:62(copy_trans_params_and_data) copy_trans_params_and_data: params[0..0] data[0..1024] (align 0) [2012/02/20 14:52:43.097854, 3] smbd/error.c:81(error_packet_set) error packet at smbd/ipc.c(137) cmd=37 (SMBtrans) STATUS_BUFFER_OVERFLOW [2012/02/20 14:52:43.097946, 5] lib/util.c:332(show_msg) [2012/02/20 14:52:43.098007, 5] lib/util.c:342(show_msg) size=1080 smb_com=0x25 smb_rcls=5 smb_reh=0 smb_err=32768 smb_flg=136 smb_flg2=51203 smb_tid=2 smb_pid=1620 smb_uid=100 smb_mid=23490 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 1024 (0x400) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 1024 (0x400) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=1025 [2012/02/20 14:52:43.098825, 10] ../lib/util/util.c:415(dump_data) [0000] 00 05 00 02 03 10 00 00 00 28 10 00 00 03 00 00 ........ .(...... [0010] 00 10 10 00 00 00 00 00 00 04 00 02 00 00 10 00 ........ ........ [0020] 00 F0 0F 00 00 D4 0F 00 00 C8 0F 00 00 A2 0F 00 ........ ........ [0030] 00 A0 0F 00 00 60 0F 00 00 44 0F 00 00 48 0E 00 .....`.. .D...H.. [0040] 00 42 0F 00 00 30 0F 00 00 28 0F 00 00 26 0F 00 .B...0.. .(...&.. [0050] 00 50 0D 00 00 48 10 00 00 01 00 00 00 01 00 00 .P...H.. ........ [0060] 00 00 00 00 00 00 00 00 00 01 00 00 00 00 00 00 ........ ........ [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [2012/02/20 14:52:43.101742, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 59 [2012/02/20 14:52:43.101873, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x3b [2012/02/20 14:52:43.101971, 3] smbd/process.c:1662(process_smb) Transaction 48 of length 63 (0 toread) [2012/02/20 14:52:43.102063, 5] lib/util.c:332(show_msg) [2012/02/20 14:52:43.102147, 5] lib/util.c:342(show_msg) size=59 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=65279 smb_uid=100 smb_mid=23554 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]=15586 (0x3CE2) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 3112 (0xC28) smb_vwv[ 6]= 3112 (0xC28) smb_vwv[ 7]=65535 (0xFFFF) smb_vwv[ 8]=65535 (0xFFFF) smb_vwv[ 9]= 3112 (0xC28) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=0 [2012/02/20 14:52:43.103039, 10] ../lib/util/util.c:415(dump_data) [2012/02/20 14:52:43.103096, 3] smbd/process.c:1467(switch_message) switch message SMBreadX (pid 27737) conn 0x9697a50 [2012/02/20 14:52:43.103187, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/02/20 14:52:43.103282, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) name: \spoolss len: 3112 [2012/02/20 14:52:43.103377, 10] rpc_server/srv_pipe_hnd.c:325(read_from_internal_pipe) read_from_pipe: \spoolss: current_pdu_len = 4136, current_pdu_sent = 1024 returning 3112 bytes. [2012/02/20 14:52:43.103480, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) free_pipe_context: destroying talloc pool of size 4122 [2012/02/20 14:52:43.103596, 10] rpc_server/rpc_handles.c:307(close_policy_by_pipe) close_policy_by_pipe: deleted handle list for pipe \winreg [2012/02/20 14:52:43.103712, 10] rpc_server/srv_pipe_hnd.c:788(np_read_recv) Received 3112 bytes. There is more data outstanding [2012/02/20 14:52:43.103803, 3] smbd/pipes.c:485(pipe_read_andx_done) readX-IPC min=3112 max=3112 nread=3112 [2012/02/20 14:52:43.104764, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 4240 [2012/02/20 14:52:43.104953, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x1090 [2012/02/20 14:52:43.105133, 3] smbd/process.c:1662(process_smb) Transaction 49 of length 4244 (0 toread) [2012/02/20 14:52:43.105224, 5] lib/util.c:332(show_msg) [2012/02/20 14:52:43.105274, 5] lib/util.c:342(show_msg) size=4240 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=1620 smb_uid=100 smb_mid=23618 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 4156 (0x103C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4136 (0x1028) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 4156 (0x103C) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=15586 (0x3CE2) smb_bcc=4173 [2012/02/20 14:52:43.106309, 10] ../lib/util/util.c:415(dump_data) [0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [0010] 00 05 00 00 03 10 00 00 00 3C 10 00 00 04 00 00 ........ .<...... [0020] 00 24 10 00 00 00 00 08 00 00 00 00 00 21 00 00 .$...... .....!.. [0030] 00 00 00 00 00 42 4F AA C0 59 6C 00 00 02 00 00 .....BO. .Yl..... [0040] 00 00 00 02 00 00 10 00 00 00 00 00 00 00 00 00 ........ ........ [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [2012/02/20 14:52:43.108743, 3] smbd/process.c:1467(switch_message) switch message SMBtrans (pid 27737) conn 0x9697a50 [2012/02/20 14:52:43.108835, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/02/20 14:52:43.108941, 3] smbd/ipc.c:560(handle_trans) trans <\PIPE\> data=4156 params=0 setup=2 [2012/02/20 14:52:43.109043, 5] smbd/ipc.c:593(handle_trans) calling named_pipe [2012/02/20 14:52:43.109128, 3] smbd/ipc.c:511(named_pipe) named pipe command on <> name [2012/02/20 14:52:43.109214, 5] smbd/ipc.c:434(api_fd_reply) api_fd_reply [2012/02/20 14:52:43.109299, 3] smbd/ipc.c:475(api_fd_reply) Got API command 0x26 on pipe "spoolss" (pnum 3ce2) [2012/02/20 14:52:43.109387, 10] smbd/ipc.c:477(api_fd_reply) api_fd_reply: p:0x96a87b8 max_trans_reply: 4136 [2012/02/20 14:52:43.109483, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 4156 [2012/02/20 14:52:43.109575, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 4156 [2012/02/20 14:52:43.109662, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 4156 [2012/02/20 14:52:43.109752, 10] rpc_server/srv_pipe_hnd.c:50(fill_rpc_header) fill_rpc_header: data_to_copy = 4156, len_needed_to_complete_hdr = 16, receive_len = 0 [2012/02/20 14:52:43.109842, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 16 [2012/02/20 14:52:43.109928, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 4140 [2012/02/20 14:52:43.110021, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 4140 [2012/02/20 14:52:43.110113, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 0 [2012/02/20 14:52:43.110198, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 4140 [2012/02/20 14:52:43.110283, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 4140, incoming data = 4140 [2012/02/20 14:52:43.110375, 10] rpc_server/srv_pipe.c:1877(process_complete_pdu) PDU is in Little Endian format! [2012/02/20 14:52:43.110478, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_REQUEST (0) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x103c (4156) auth_length : 0x0000 (0) call_id : 0x00000004 (4) u : union dcerpc_payload(case 0) request: struct dcerpc_request alloc_hint : 0x00001024 (4132) context_id : 0x0000 (0) opnum : 0x0008 (8) object : union dcerpc_object(case 0) empty: struct dcerpc_empty _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=4132 [0000] 00 00 00 00 21 00 00 00 00 00 00 00 42 4F AA C0 ....!... ....BO.. [0010] 59 6C 00 00 02 00 00 00 00 00 02 00 00 10 00 00 Yl...... ........ [0020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0040] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0200] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0210] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0220] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0230] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0240] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0250] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0260] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0270] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0280] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0290] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0300] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0310] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0320] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0330] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0340] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0350] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0360] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0370] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0380] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0390] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0400] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0410] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0420] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0430] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0440] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0450] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0460] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0470] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0480] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0490] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0500] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0510] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0520] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0530] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0540] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0550] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0560] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0570] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0580] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0590] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0600] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0610] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0620] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0630] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0640] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0650] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0660] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0670] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0680] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0690] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0700] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0710] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0720] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0730] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0740] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0750] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0760] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0770] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0780] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0790] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0800] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0810] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0820] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0830] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0840] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0850] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0860] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0870] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0880] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0890] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0900] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0910] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0920] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0930] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0940] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0950] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0960] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0970] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0980] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0990] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0ED0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1010] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1020] 00 10 00 00 .... [2012/02/20 14:52:43.136870, 10] rpc_server/srv_pipe.c:1890(process_complete_pdu) Processing packet type 0 [2012/02/20 14:52:43.136989, 10] rpc_server/srv_pipe.c:1734(dcesrv_auth_request) Checking request auth. [2012/02/20 14:52:43.137093, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) Requested \PIPE\\spoolss [2012/02/20 14:52:43.137192, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) api_rpcTNP: \spoolss op 0x8 - api_rpcTNP: rpc command: SPOOLSS_GETPRINTER [2012/02/20 14:52:43.137287, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) api_rpc_cmds[8].fn == 0x442b10 [2012/02/20 14:52:43.137386, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) spoolss_GetPrinter: struct spoolss_GetPrinter in: struct spoolss_GetPrinter handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000021-0000-0000-424f-aac0596c0000 level : 0x00000002 (2) buffer : * buffer : DATA_BLOB length=4096 [0000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0010] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0040] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0200] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0210] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0220] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0230] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0240] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0250] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0260] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0270] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0280] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0290] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0300] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0310] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0320] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0330] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0340] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0350] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0360] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0370] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0380] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0390] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0400] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0410] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0420] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0430] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0440] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0450] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0460] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0470] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0480] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0490] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0500] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0510] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0520] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0530] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0540] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0550] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0560] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0570] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0580] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0590] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0600] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0610] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0620] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0630] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0640] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0650] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0660] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0670] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0680] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0690] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0700] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0710] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0720] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0730] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0740] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0750] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0760] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0770] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0780] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0790] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0800] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0810] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0820] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0830] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0840] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0850] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0860] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0870] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0880] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0890] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0900] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0910] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0920] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0930] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0940] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0950] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0960] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0970] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0980] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0990] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0ED0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ offered : 0x00001000 (4096) [2012/02/20 14:52:43.163031, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 21 00 00 00 00 00 00 00 42 4F AA C0 ....!... ....BO.. [0010] 59 6C 00 00 Yl.. [2012/02/20 14:52:43.163252, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 21 00 00 00 00 00 00 00 42 4F AA C0 ....!... ....BO.. [0010] 59 6C 00 00 Yl.. [2012/02/20 14:52:43.163447, 4] rpc_server/spoolss/srv_spoolss_nt.c:504(get_printer_snum) short name:frost [2012/02/20 14:52:43.163556, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) Create pipe requested \winreg [2012/02/20 14:52:43.163662, 10] rpc_server/rpc_handles.c:116(init_pipe_handles) init_pipe_handle_list: created handle list for pipe \winreg [2012/02/20 14:52:43.163755, 10] rpc_server/rpc_handles.c:133(init_pipe_handles) init_pipe_handle_list: pipe_handles ref count = 1 for pipe \winreg [2012/02/20 14:52:43.163869, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) Created internal pipe \winreg (pipes_open=0) [2012/02/20 14:52:43.164010, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM in: struct winreg_OpenHKLM system_name : NULL access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2012/02/20 14:52:43.164549, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2012/02/20 14:52:43.164648, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(7000, 1001) : sec_ctx_stack_ndx = 1 [2012/02/20 14:52:43.164745, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(100) : conn_ctx_stack_ndx = 0 [2012/02/20 14:52:43.164831, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2012/02/20 14:52:43.164918, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2012/02/20 14:52:43.165013, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2012/02/20 14:52:43.165339, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (7000, 1001) - sec_ctx_stack_ndx = 0 [2012/02/20 14:52:43.165440, 10] registry/reg_backend_db.c:602(regdb_open) regdb_open: registry db opened. refcount reset (1) [2012/02/20 14:52:43.165535, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM] [2012/02/20 14:52:43.165622, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM] [2012/02/20 14:52:43.165710, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/02/20 14:52:43.165795, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0xb037c0 for key [\HKLM] [2012/02/20 14:52:43.165958, 10] registry/reg_backend_db.c:1871(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM] [2012/02/20 14:52:43.166113, 10] ../libcli/security/access_check.c:178(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2012/02/20 14:52:43.166217, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[1] [0000] 00 00 00 00 2A 00 00 00 00 00 00 00 42 4F AB C0 ....*... ....BO.. [0010] 59 6C 00 00 Yl.. [2012/02/20 14:52:43.166414, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM out: struct winreg_OpenHKLM handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000002a-0000-0000-424f-abc0596c0000 result : WERR_OK [2012/02/20 14:52:43.166817, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey in: struct winreg_OpenKey parent_handle : * parent_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000002a-0000-0000-424f-abc0596c0000 keyname: struct winreg_String name_len : 0x0084 (132) name_size : 0x0084 (132) name : * name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\frost' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2012/02/20 14:52:43.167890, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 2A 00 00 00 00 00 00 00 42 4F AB C0 ....*... ....BO.. [0010] 59 6C 00 00 Yl.. [2012/02/20 14:52:43.168094, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2012/02/20 14:52:43.168187, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (1->2) [2012/02/20 14:52:43.168281, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] [2012/02/20 14:52:43.168379, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE] [2012/02/20 14:52:43.168532, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/02/20 14:52:43.168732, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0xb037c0 for key [\HKLM\SOFTWARE] [2012/02/20 14:52:43.168943, 10] registry/reg_backend_db.c:1871(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE] [2012/02/20 14:52:43.169099, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2012/02/20 14:52:43.169196, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (2->3) [2012/02/20 14:52:43.169292, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] [2012/02/20 14:52:43.169380, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] [2012/02/20 14:52:43.169469, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/02/20 14:52:43.169554, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0xb037c0 for key [\HKLM\SOFTWARE\Microsoft] [2012/02/20 14:52:43.169697, 10] registry/reg_backend_db.c:1871(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft] [2012/02/20 14:52:43.169829, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (3->2) [2012/02/20 14:52:43.169921, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2012/02/20 14:52:43.170021, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (2->3) [2012/02/20 14:52:43.170115, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] [2012/02/20 14:52:43.170202, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] [2012/02/20 14:52:43.170290, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/02/20 14:52:43.170375, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0xb037c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] [2012/02/20 14:52:43.170517, 10] registry/reg_backend_db.c:1871(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT] [2012/02/20 14:52:43.170650, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (3->2) [2012/02/20 14:52:43.170741, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2012/02/20 14:52:43.170832, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (2->3) [2012/02/20 14:52:43.170925, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2012/02/20 14:52:43.171022, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2012/02/20 14:52:43.171113, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/02/20 14:52:43.171197, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0xb03a20 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2012/02/20 14:52:43.171364, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (3->2) [2012/02/20 14:52:43.171456, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2012/02/20 14:52:43.171549, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (2->3) [2012/02/20 14:52:43.171643, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2012/02/20 14:52:43.171732, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2012/02/20 14:52:43.171823, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/02/20 14:52:43.171908, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0xb03a20 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2012/02/20 14:52:43.172100, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (3->2) [2012/02/20 14:52:43.172194, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2012/02/20 14:52:43.172285, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (2->3) [2012/02/20 14:52:43.172379, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2012/02/20 14:52:43.172468, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2012/02/20 14:52:43.172560, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/02/20 14:52:43.172645, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0xb037c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2012/02/20 14:52:43.172794, 10] registry/reg_backend_db.c:1871(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2012/02/20 14:52:43.172931, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (3->2) [2012/02/20 14:52:43.173061, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [frost] [2012/02/20 14:52:43.173200, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (2->3) [2012/02/20 14:52:43.173351, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\frost] [2012/02/20 14:52:43.173518, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\frost] [2012/02/20 14:52:43.173664, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/02/20 14:52:43.173794, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0xb037c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\frost] [2012/02/20 14:52:43.174076, 10] registry/reg_backend_db.c:1871(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\frost] [2012/02/20 14:52:43.174324, 10] ../libcli/security/access_check.c:178(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2012/02/20 14:52:43.174484, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (3->2) [2012/02/20 14:52:43.174624, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[2] [0000] 00 00 00 00 2B 00 00 00 00 00 00 00 42 4F AB C0 ....+... ....BO.. [0010] 59 6C 00 00 Yl.. [2012/02/20 14:52:43.174906, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey out: struct winreg_OpenKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000002b-0000-0000-424f-abc0596c0000 result : WERR_OK [2012/02/20 14:52:43.175343, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_QueryInfoKey: struct winreg_QueryInfoKey in: struct winreg_QueryInfoKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000002b-0000-0000-424f-abc0596c0000 classname : * classname: struct winreg_String name_len : 0x0000 (0) name_size : 0x0000 (0) name : NULL [2012/02/20 14:52:43.175974, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 2B 00 00 00 00 00 00 00 42 4F AB C0 ....+... ....BO.. [0010] 59 6C 00 00 Yl.. [2012/02/20 14:52:43.176264, 10] registry/reg_dispatcher.c:150(fetch_reg_values) fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\frost' (ops 0xb037c0) [2012/02/20 14:52:43.176364, 10] registry/reg_backend_db.c:1764(regdb_fetch_values_internal) regdb_fetch_values: Looking for value of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\frost] [2012/02/20 14:52:43.176504, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) specific: [Attributes], len: 4 [2012/02/20 14:52:43.176599, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) specific: [Description], len: 2 [2012/02/20 14:52:43.176688, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) specific: [Datatype], len: 8 [2012/02/20 14:52:43.176778, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) specific: [Default Priority], len: 4 [2012/02/20 14:52:43.176867, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) specific: [Port], len: 38 [2012/02/20 14:52:43.176957, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) specific: [Name], len: 12 [2012/02/20 14:52:43.177057, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) specific: [Print Processor], len: 18 [2012/02/20 14:52:43.177147, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) specific: [Priority], len: 4 [2012/02/20 14:52:43.177237, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) specific: [Security], len: 248 [2012/02/20 14:52:43.177327, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) specific: [Share Name], len: 12 [2012/02/20 14:52:43.177416, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) specific: [StartTime], len: 4 [2012/02/20 14:52:43.177507, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) specific: [UntilTime], len: 4 [2012/02/20 14:52:43.177596, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) specific: [ChangeID], len: 4 [2012/02/20 14:52:43.177687, 10] registry/reg_backend_db.c:1871(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\frost] [2012/02/20 14:52:43.177828, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_QueryInfoKey: struct winreg_QueryInfoKey out: struct winreg_QueryInfoKey classname : * classname: struct winreg_String name_len : 0x0000 (0) name_size : 0x0000 (0) name : NULL num_subkeys : * num_subkeys : 0x00000003 (3) max_subkeylen : * max_subkeylen : 0x00000022 (34) max_classlen : * max_classlen : 0x00000000 (0) num_values : * num_values : 0x0000000d (13) max_valnamelen : * max_valnamelen : 0x00000022 (34) max_valbufsize : * max_valbufsize : 0x000000f8 (248) secdescsize : * secdescsize : 0x00000078 (120) last_changed_time : * last_changed_time : NTTIME(0) result : WERR_OK [2012/02/20 14:52:43.178896, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000002b-0000-0000-424f-abc0596c0000 enum_index : 0x00000000 (0) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2012/02/20 14:52:43.179842, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 2B 00 00 00 00 00 00 00 42 4F AB C0 ....+... ....BO.. [0010] 59 6C 00 00 Yl.. [2012/02/20 14:52:43.180035, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\frost] [2012/02/20 14:52:43.180136, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0016 (22) size : 0x0024 (36) name : * name : 'Attributes' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x48 (72) [1] : 0x10 (16) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2012/02/20 14:52:43.181199, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000002b-0000-0000-424f-abc0596c0000 enum_index : 0x00000001 (1) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2012/02/20 14:52:43.182257, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 2B 00 00 00 00 00 00 00 42 4F AB C0 ....+... ....BO.. [0010] 59 6C 00 00 Yl.. [2012/02/20 14:52:43.182454, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\frost] [2012/02/20 14:52:43.182589, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0018 (24) size : 0x0024 (36) name : * name : 'Description' type : * type : REG_SZ (1) value : * value: ARRAY(2) [0] : 0x00 (0) [1] : 0x00 (0) size : * size : 0x00000002 (2) length : * length : 0x00000002 (2) result : WERR_OK [2012/02/20 14:52:43.183522, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000002b-0000-0000-424f-abc0596c0000 enum_index : 0x00000002 (2) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2012/02/20 14:52:43.184489, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 2B 00 00 00 00 00 00 00 42 4F AB C0 ....+... ....BO.. [0010] 59 6C 00 00 Yl.. [2012/02/20 14:52:43.184678, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\frost] [2012/02/20 14:52:43.184775, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0024 (36) name : * name : 'Datatype' type : * type : REG_SZ (1) value : * value: ARRAY(8) [0] : 0x52 (82) [1] : 0x00 (0) [2] : 0x41 (65) [3] : 0x00 (0) [4] : 0x57 (87) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) size : * size : 0x00000008 (8) length : * length : 0x00000008 (8) result : WERR_OK [2012/02/20 14:52:43.186007, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000002b-0000-0000-424f-abc0596c0000 enum_index : 0x00000003 (3) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2012/02/20 14:52:43.186981, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 2B 00 00 00 00 00 00 00 42 4F AB C0 ....+... ....BO.. [0010] 59 6C 00 00 Yl.. [2012/02/20 14:52:43.187202, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\frost] [2012/02/20 14:52:43.187301, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0022 (34) size : 0x0024 (36) name : * name : 'Default Priority' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2012/02/20 14:52:43.188417, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000002b-0000-0000-424f-abc0596c0000 enum_index : 0x00000004 (4) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2012/02/20 14:52:43.189407, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 2B 00 00 00 00 00 00 00 42 4F AB C0 ....+... ....BO.. [0010] 59 6C 00 00 Yl.. [2012/02/20 14:52:43.189667, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\frost] [2012/02/20 14:52:43.189765, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x000a (10) size : 0x0024 (36) name : * name : 'Port' type : * type : REG_SZ (1) value : * value: ARRAY(38) [0] : 0x53 (83) [1] : 0x00 (0) [2] : 0x61 (97) [3] : 0x00 (0) [4] : 0x6d (109) [5] : 0x00 (0) [6] : 0x62 (98) [7] : 0x00 (0) [8] : 0x61 (97) [9] : 0x00 (0) [10] : 0x20 (32) [11] : 0x00 (0) [12] : 0x50 (80) [13] : 0x00 (0) [14] : 0x72 (114) [15] : 0x00 (0) [16] : 0x69 (105) [17] : 0x00 (0) [18] : 0x6e (110) [19] : 0x00 (0) [20] : 0x74 (116) [21] : 0x00 (0) [22] : 0x65 (101) [23] : 0x00 (0) [24] : 0x72 (114) [25] : 0x00 (0) [26] : 0x20 (32) [27] : 0x00 (0) [28] : 0x50 (80) [29] : 0x00 (0) [30] : 0x6f (111) [31] : 0x00 (0) [32] : 0x72 (114) [33] : 0x00 (0) [34] : 0x74 (116) [35] : 0x00 (0) [36] : 0x00 (0) [37] : 0x00 (0) size : * size : 0x00000026 (38) length : * length : 0x00000026 (38) result : WERR_OK [2012/02/20 14:52:43.192397, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000002b-0000-0000-424f-abc0596c0000 enum_index : 0x00000005 (5) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2012/02/20 14:52:43.193530, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 2B 00 00 00 00 00 00 00 42 4F AB C0 ....+... ....BO.. [0010] 59 6C 00 00 Yl.. [2012/02/20 14:52:43.193740, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\frost] [2012/02/20 14:52:43.193843, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x000a (10) size : 0x0024 (36) name : * name : 'Name' type : * type : REG_SZ (1) value : * value: ARRAY(12) [0] : 0x66 (102) [1] : 0x00 (0) [2] : 0x72 (114) [3] : 0x00 (0) [4] : 0x6f (111) [5] : 0x00 (0) [6] : 0x73 (115) [7] : 0x00 (0) [8] : 0x74 (116) [9] : 0x00 (0) [10] : 0x00 (0) [11] : 0x00 (0) size : * size : 0x0000000c (12) length : * length : 0x0000000c (12) result : WERR_OK [2012/02/20 14:52:43.195265, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000002b-0000-0000-424f-abc0596c0000 enum_index : 0x00000006 (6) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2012/02/20 14:52:43.196228, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 2B 00 00 00 00 00 00 00 42 4F AB C0 ....+... ....BO.. [0010] 59 6C 00 00 Yl.. [2012/02/20 14:52:43.196453, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\frost] [2012/02/20 14:52:43.196552, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0020 (32) size : 0x0024 (36) name : * name : 'Print Processor' type : * type : REG_SZ (1) value : * value: ARRAY(18) [0] : 0x77 (119) [1] : 0x00 (0) [2] : 0x69 (105) [3] : 0x00 (0) [4] : 0x6e (110) [5] : 0x00 (0) [6] : 0x70 (112) [7] : 0x00 (0) [8] : 0x72 (114) [9] : 0x00 (0) [10] : 0x69 (105) [11] : 0x00 (0) [12] : 0x6e (110) [13] : 0x00 (0) [14] : 0x74 (116) [15] : 0x00 (0) [16] : 0x00 (0) [17] : 0x00 (0) size : * size : 0x00000012 (18) length : * length : 0x00000012 (18) result : WERR_OK [2012/02/20 14:52:43.198075, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000002b-0000-0000-424f-abc0596c0000 enum_index : 0x00000007 (7) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2012/02/20 14:52:43.199063, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 2B 00 00 00 00 00 00 00 42 4F AB C0 ....+... ....BO.. [0010] 59 6C 00 00 Yl.. [2012/02/20 14:52:43.199307, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\frost] [2012/02/20 14:52:43.199413, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0024 (36) name : * name : 'Priority' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2012/02/20 14:52:43.200538, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000002b-0000-0000-424f-abc0596c0000 enum_index : 0x00000008 (8) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2012/02/20 14:52:43.201542, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 2B 00 00 00 00 00 00 00 42 4F AB C0 ....+... ....BO.. [0010] 59 6C 00 00 Yl.. [2012/02/20 14:52:43.201734, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\frost] [2012/02/20 14:52:43.201833, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0024 (36) name : * name : 'Security' type : * type : REG_BINARY (3) value : * value: ARRAY(248) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x04 (4) [3] : 0x80 (128) [4] : 0x14 (20) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) [8] : 0x24 (36) [9] : 0x00 (0) [10] : 0x00 (0) [11] : 0x00 (0) [12] : 0x00 (0) [13] : 0x00 (0) [14] : 0x00 (0) [15] : 0x00 (0) [16] : 0x34 (52) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) [20] : 0x01 (1) [21] : 0x02 (2) [22] : 0x00 (0) [23] : 0x00 (0) [24] : 0x00 (0) [25] : 0x00 (0) [26] : 0x00 (0) [27] : 0x05 (5) [28] : 0x20 (32) [29] : 0x00 (0) [30] : 0x00 (0) [31] : 0x00 (0) [32] : 0x20 (32) [33] : 0x02 (2) [34] : 0x00 (0) [35] : 0x00 (0) [36] : 0x01 (1) [37] : 0x02 (2) [38] : 0x00 (0) [39] : 0x00 (0) [40] : 0x00 (0) [41] : 0x00 (0) [42] : 0x00 (0) [43] : 0x05 (5) [44] : 0x20 (32) [45] : 0x00 (0) [46] : 0x00 (0) [47] : 0x00 (0) [48] : 0x20 (32) [49] : 0x02 (2) [50] : 0x00 (0) [51] : 0x00 (0) [52] : 0x02 (2) [53] : 0x00 (0) [54] : 0xc4 (196) [55] : 0x00 (0) [56] : 0x07 (7) [57] : 0x00 (0) [58] : 0x00 (0) [59] : 0x00 (0) [60] : 0x00 (0) [61] : 0x02 (2) [62] : 0x14 (20) [63] : 0x00 (0) [64] : 0x08 (8) [65] : 0x00 (0) [66] : 0x02 (2) [67] : 0x20 (32) [68] : 0x01 (1) [69] : 0x01 (1) [70] : 0x00 (0) [71] : 0x00 (0) [72] : 0x00 (0) [73] : 0x00 (0) [74] : 0x00 (0) [75] : 0x01 (1) [76] : 0x00 (0) [77] : 0x00 (0) [78] : 0x00 (0) [79] : 0x00 (0) [80] : 0x00 (0) [81] : 0x09 (9) [82] : 0x24 (36) [83] : 0x00 (0) [84] : 0x0c (12) [85] : 0x00 (0) [86] : 0x0f (15) [87] : 0x10 (16) [88] : 0x01 (1) [89] : 0x05 (5) [90] : 0x00 (0) [91] : 0x00 (0) [92] : 0x00 (0) [93] : 0x00 (0) [94] : 0x00 (0) [95] : 0x05 (5) [96] : 0x15 (21) [97] : 0x00 (0) [98] : 0x00 (0) [99] : 0x00 (0) [100] : 0xd3 (211) [101] : 0x42 (66) [102] : 0x9f (159) [103] : 0x90 (144) [104] : 0x94 (148) [105] : 0x5f (95) [106] : 0x64 (100) [107] : 0xfd (253) [108] : 0xeb (235) [109] : 0x17 (23) [110] : 0x72 (114) [111] : 0x3b (59) [112] : 0x00 (0) [113] : 0x02 (2) [114] : 0x00 (0) [115] : 0x00 (0) [116] : 0x00 (0) [117] : 0x02 (2) [118] : 0x24 (36) [119] : 0x00 (0) [120] : 0x0c (12) [121] : 0x00 (0) [122] : 0x0f (15) [123] : 0x10 (16) [124] : 0x01 (1) [125] : 0x05 (5) [126] : 0x00 (0) [127] : 0x00 (0) [128] : 0x00 (0) [129] : 0x00 (0) [130] : 0x00 (0) [131] : 0x05 (5) [132] : 0x15 (21) [133] : 0x00 (0) [134] : 0x00 (0) [135] : 0x00 (0) [136] : 0xd3 (211) [137] : 0x42 (66) [138] : 0x9f (159) [139] : 0x90 (144) [140] : 0x94 (148) [141] : 0x5f (95) [142] : 0x64 (100) [143] : 0xfd (253) [144] : 0xeb (235) [145] : 0x17 (23) [146] : 0x72 (114) [147] : 0x3b (59) [148] : 0x00 (0) [149] : 0x02 (2) [150] : 0x00 (0) [151] : 0x00 (0) [152] : 0x00 (0) [153] : 0x09 (9) [154] : 0x18 (24) [155] : 0x00 (0) [156] : 0x0c (12) [157] : 0x00 (0) [158] : 0x0f (15) [159] : 0x10 (16) [160] : 0x01 (1) [161] : 0x02 (2) [162] : 0x00 (0) [163] : 0x00 (0) [164] : 0x00 (0) [165] : 0x00 (0) [166] : 0x00 (0) [167] : 0x05 (5) [168] : 0x20 (32) [169] : 0x00 (0) [170] : 0x00 (0) [171] : 0x00 (0) [172] : 0x20 (32) [173] : 0x02 (2) [174] : 0x00 (0) [175] : 0x00 (0) [176] : 0x00 (0) [177] : 0x02 (2) [178] : 0x18 (24) [179] : 0x00 (0) [180] : 0x0c (12) [181] : 0x00 (0) [182] : 0x0f (15) [183] : 0x10 (16) [184] : 0x01 (1) [185] : 0x02 (2) [186] : 0x00 (0) [187] : 0x00 (0) [188] : 0x00 (0) [189] : 0x00 (0) [190] : 0x00 (0) [191] : 0x05 (5) [192] : 0x20 (32) [193] : 0x00 (0) [194] : 0x00 (0) [195] : 0x00 (0) [196] : 0x20 (32) [197] : 0x02 (2) [198] : 0x00 (0) [199] : 0x00 (0) [200] : 0x00 (0) [201] : 0x09 (9) [202] : 0x18 (24) [203] : 0x00 (0) [204] : 0x0c (12) [205] : 0x00 (0) [206] : 0x0f (15) [207] : 0x10 (16) [208] : 0x01 (1) [209] : 0x02 (2) [210] : 0x00 (0) [211] : 0x00 (0) [212] : 0x00 (0) [213] : 0x00 (0) [214] : 0x00 (0) [215] : 0x05 (5) [216] : 0x20 (32) [217] : 0x00 (0) [218] : 0x00 (0) [219] : 0x00 (0) [220] : 0x26 (38) [221] : 0x02 (2) [222] : 0x00 (0) [223] : 0x00 (0) [224] : 0x00 (0) [225] : 0x02 (2) [226] : 0x18 (24) [227] : 0x00 (0) [228] : 0x0c (12) [229] : 0x00 (0) [230] : 0x0f (15) [231] : 0x10 (16) [232] : 0x01 (1) [233] : 0x02 (2) [234] : 0x00 (0) [235] : 0x00 (0) [236] : 0x00 (0) [237] : 0x00 (0) [238] : 0x00 (0) [239] : 0x05 (5) [240] : 0x20 (32) [241] : 0x00 (0) [242] : 0x00 (0) [243] : 0x00 (0) [244] : 0x26 (38) [245] : 0x02 (2) [246] : 0x00 (0) [247] : 0x00 (0) size : * size : 0x000000f8 (248) length : * length : 0x000000f8 (248) result : WERR_OK [2012/02/20 14:52:43.214342, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000002b-0000-0000-424f-abc0596c0000 enum_index : 0x00000009 (9) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2012/02/20 14:52:43.215324, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 2B 00 00 00 00 00 00 00 42 4F AB C0 ....+... ....BO.. [0010] 59 6C 00 00 Yl.. [2012/02/20 14:52:43.215518, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\frost] [2012/02/20 14:52:43.215618, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0016 (22) size : 0x0024 (36) name : * name : 'Share Name' type : * type : REG_SZ (1) value : * value: ARRAY(12) [0] : 0x66 (102) [1] : 0x00 (0) [2] : 0x72 (114) [3] : 0x00 (0) [4] : 0x6f (111) [5] : 0x00 (0) [6] : 0x73 (115) [7] : 0x00 (0) [8] : 0x74 (116) [9] : 0x00 (0) [10] : 0x00 (0) [11] : 0x00 (0) size : * size : 0x0000000c (12) length : * length : 0x0000000c (12) result : WERR_OK [2012/02/20 14:52:43.217022, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000002b-0000-0000-424f-abc0596c0000 enum_index : 0x0000000a (10) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2012/02/20 14:52:43.217981, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 2B 00 00 00 00 00 00 00 42 4F AB C0 ....+... ....BO.. [0010] 59 6C 00 00 Yl.. [2012/02/20 14:52:43.218262, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\frost] [2012/02/20 14:52:43.218372, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0014 (20) size : 0x0024 (36) name : * name : 'StartTime' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x00 (0) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2012/02/20 14:52:43.219399, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000002b-0000-0000-424f-abc0596c0000 enum_index : 0x0000000b (11) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2012/02/20 14:52:43.220564, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 2B 00 00 00 00 00 00 00 42 4F AB C0 ....+... ....BO.. [0010] 59 6C 00 00 Yl.. [2012/02/20 14:52:43.220775, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\frost] [2012/02/20 14:52:43.220902, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0014 (20) size : 0x0024 (36) name : * name : 'UntilTime' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x00 (0) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2012/02/20 14:52:43.222496, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000002b-0000-0000-424f-abc0596c0000 enum_index : 0x0000000c (12) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2012/02/20 14:52:43.223556, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 2B 00 00 00 00 00 00 00 42 4F AB C0 ....+... ....BO.. [0010] 59 6C 00 00 Yl.. [2012/02/20 14:52:43.223754, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\frost] [2012/02/20 14:52:43.223856, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0024 (36) name : * name : 'ChangeID' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x3b (59) [1] : 0x86 (134) [2] : 0xbe (190) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2012/02/20 14:52:43.224982, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000002b-0000-0000-424f-abc0596c0000 value_name : * value_name: struct winreg_String name_len : 0x0020 (32) name_size : 0x0020 (32) name : * name : 'Default DevMode' type : * type : REG_NONE (0) data : NULL data_size : * data_size : 0x00000000 (0) data_length : * data_length : 0x00000000 (0) [2012/02/20 14:52:43.225810, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 2B 00 00 00 00 00 00 00 42 4F AB C0 ....+... ....BO.. [0010] 59 6C 00 00 Yl.. [2012/02/20 14:52:43.226026, 7] rpc_server/winreg/srv_winreg_nt.c:262(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\frost] [2012/02/20 14:52:43.226188, 7] rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2012/02/20 14:52:43.226303, 10] rpc_server/winreg/srv_winreg_nt.c:315(_winreg_QueryValue) _winreg_QueryValue: reg_queryvalue failed with: WERR_BADFILE [2012/02/20 14:52:43.226392, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_NONE (0) data : NULL data_size : * data_size : 0x00000000 (0) data_length : * data_length : 0x00000000 (0) result : WERR_BADFILE [2012/02/20 14:52:43.226902, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM in: struct winreg_OpenHKLM system_name : NULL access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2012/02/20 14:52:43.227486, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2012/02/20 14:52:43.227581, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (2->3) [2012/02/20 14:52:43.227676, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM] [2012/02/20 14:52:43.227763, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM] [2012/02/20 14:52:43.227851, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/02/20 14:52:43.227936, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0xb037c0 for key [\HKLM] [2012/02/20 14:52:43.228101, 10] registry/reg_backend_db.c:1871(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM] [2012/02/20 14:52:43.228234, 10] ../libcli/security/access_check.c:178(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2012/02/20 14:52:43.228333, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[3] [0000] 00 00 00 00 2C 00 00 00 00 00 00 00 42 4F AB C0 ....,... ....BO.. [0010] 59 6C 00 00 Yl.. [2012/02/20 14:52:43.228525, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM out: struct winreg_OpenHKLM handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000002c-0000-0000-424f-abc0596c0000 result : WERR_OK [2012/02/20 14:52:43.228914, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey in: struct winreg_OpenKey parent_handle : * parent_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000002c-0000-0000-424f-abc0596c0000 keyname: struct winreg_String name_len : 0x0084 (132) name_size : 0x0084 (132) name : * name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\frost' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2012/02/20 14:52:43.230007, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 2C 00 00 00 00 00 00 00 42 4F AB C0 ....,... ....BO.. [0010] 59 6C 00 00 Yl.. [2012/02/20 14:52:43.230201, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2012/02/20 14:52:43.230293, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (3->4) [2012/02/20 14:52:43.230386, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] [2012/02/20 14:52:43.230473, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE] [2012/02/20 14:52:43.230562, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/02/20 14:52:43.230674, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0xb037c0 for key [\HKLM\SOFTWARE] [2012/02/20 14:52:43.230830, 10] registry/reg_backend_db.c:1871(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE] [2012/02/20 14:52:43.231005, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2012/02/20 14:52:43.231122, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (4->5) [2012/02/20 14:52:43.231216, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] [2012/02/20 14:52:43.231303, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] [2012/02/20 14:52:43.231392, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/02/20 14:52:43.231478, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0xb037c0 for key [\HKLM\SOFTWARE\Microsoft] [2012/02/20 14:52:43.231673, 10] registry/reg_backend_db.c:1871(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft] [2012/02/20 14:52:43.231941, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (5->4) [2012/02/20 14:52:43.232120, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2012/02/20 14:52:43.232221, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (4->5) [2012/02/20 14:52:43.232317, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] [2012/02/20 14:52:43.232405, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] [2012/02/20 14:52:43.232498, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/02/20 14:52:43.232584, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0xb037c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] [2012/02/20 14:52:43.232726, 10] registry/reg_backend_db.c:1871(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT] [2012/02/20 14:52:43.232860, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (5->4) [2012/02/20 14:52:43.232951, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2012/02/20 14:52:43.233055, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (4->5) [2012/02/20 14:52:43.233149, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2012/02/20 14:52:43.233237, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2012/02/20 14:52:43.233345, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/02/20 14:52:43.233448, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0xb03a20 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2012/02/20 14:52:43.233616, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (5->4) [2012/02/20 14:52:43.233708, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2012/02/20 14:52:43.233799, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (4->5) [2012/02/20 14:52:43.233893, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2012/02/20 14:52:43.233995, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2012/02/20 14:52:43.234088, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/02/20 14:52:43.234173, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0xb03a20 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2012/02/20 14:52:43.234500, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (5->4) [2012/02/20 14:52:43.234610, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2012/02/20 14:52:43.234728, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (4->5) [2012/02/20 14:52:43.234896, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2012/02/20 14:52:43.235091, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2012/02/20 14:52:43.235268, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/02/20 14:52:43.235368, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0xb037c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2012/02/20 14:52:43.235559, 10] registry/reg_backend_db.c:1871(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2012/02/20 14:52:43.235708, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (5->4) [2012/02/20 14:52:43.235803, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [frost] [2012/02/20 14:52:43.235899, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (4->5) [2012/02/20 14:52:43.236047, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\frost] [2012/02/20 14:52:43.236143, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\frost] [2012/02/20 14:52:43.236235, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/02/20 14:52:43.236320, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0xb037c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\frost] [2012/02/20 14:52:43.236472, 10] registry/reg_backend_db.c:1871(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\frost] [2012/02/20 14:52:43.236613, 10] ../libcli/security/access_check.c:178(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2012/02/20 14:52:43.236711, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (5->4) [2012/02/20 14:52:43.236806, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[4] [0000] 00 00 00 00 2D 00 00 00 00 00 00 00 42 4F AB C0 ....-... ....BO.. [0010] 59 6C 00 00 Yl.. [2012/02/20 14:52:43.237041, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey out: struct winreg_OpenKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000002d-0000-0000-424f-abc0596c0000 result : WERR_OK [2012/02/20 14:52:43.237571, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000002d-0000-0000-424f-abc0596c0000 value_name : * value_name: struct winreg_String name_len : 0x0012 (18) name_size : 0x0012 (18) name : * name : 'Security' type : * type : REG_NONE (0) data : NULL data_size : * data_size : 0x00000000 (0) data_length : * data_length : 0x00000000 (0) [2012/02/20 14:52:43.238481, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 2D 00 00 00 00 00 00 00 42 4F AB C0 ....-... ....BO.. [0010] 59 6C 00 00 Yl.. [2012/02/20 14:52:43.238670, 7] rpc_server/winreg/srv_winreg_nt.c:262(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\frost] [2012/02/20 14:52:43.238761, 7] rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2012/02/20 14:52:43.238851, 10] registry/reg_dispatcher.c:150(fetch_reg_values) fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\frost' (ops 0xb037c0) [2012/02/20 14:52:43.238944, 10] registry/reg_backend_db.c:1764(regdb_fetch_values_internal) regdb_fetch_values: Looking for value of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\frost] [2012/02/20 14:52:43.239158, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) specific: [Attributes], len: 4 [2012/02/20 14:52:43.239256, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) specific: [Description], len: 2 [2012/02/20 14:52:43.239346, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) specific: [Datatype], len: 8 [2012/02/20 14:52:43.239437, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) specific: [Default Priority], len: 4 [2012/02/20 14:52:43.239528, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) specific: [Port], len: 38 [2012/02/20 14:52:43.239618, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) specific: [Name], len: 12 [2012/02/20 14:52:43.239709, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) specific: [Print Processor], len: 18 [2012/02/20 14:52:43.239799, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) specific: [Priority], len: 4 [2012/02/20 14:52:43.239889, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) specific: [Security], len: 248 [2012/02/20 14:52:43.239990, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) specific: [Share Name], len: 12 [2012/02/20 14:52:43.240082, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) specific: [StartTime], len: 4 [2012/02/20 14:52:43.240172, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) specific: [UntilTime], len: 4 [2012/02/20 14:52:43.240262, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) specific: [ChangeID], len: 4 [2012/02/20 14:52:43.240356, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_BINARY (3) data : NULL data_size : * data_size : 0x000000f8 (248) data_length : * data_length : 0x00000000 (0) result : WERR_OK [2012/02/20 14:52:43.240874, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000002d-0000-0000-424f-abc0596c0000 value_name : * value_name: struct winreg_String name_len : 0x0012 (18) name_size : 0x0012 (18) name : * name : 'Security' type : * type : REG_BINARY (3) data : * data: ARRAY(0) data_size : * data_size : 0x000000f8 (248) data_length : * data_length : 0x00000000 (0) [2012/02/20 14:52:43.242047, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 2D 00 00 00 00 00 00 00 42 4F AB C0 ....-... ....BO.. [0010] 59 6C 00 00 Yl.. [2012/02/20 14:52:43.242316, 7] rpc_server/winreg/srv_winreg_nt.c:262(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\frost] [2012/02/20 14:52:43.242436, 7] rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2012/02/20 14:52:43.242564, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_BINARY (3) data : * data: ARRAY(248) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x04 (4) [3] : 0x80 (128) [4] : 0x14 (20) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) [8] : 0x24 (36) [9] : 0x00 (0) [10] : 0x00 (0) [11] : 0x00 (0) [12] : 0x00 (0) [13] : 0x00 (0) [14] : 0x00 (0) [15] : 0x00 (0) [16] : 0x34 (52) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) [20] : 0x01 (1) [21] : 0x02 (2) [22] : 0x00 (0) [23] : 0x00 (0) [24] : 0x00 (0) [25] : 0x00 (0) [26] : 0x00 (0) [27] : 0x05 (5) [28] : 0x20 (32) [29] : 0x00 (0) [30] : 0x00 (0) [31] : 0x00 (0) [32] : 0x20 (32) [33] : 0x02 (2) [34] : 0x00 (0) [35] : 0x00 (0) [36] : 0x01 (1) [37] : 0x02 (2) [38] : 0x00 (0) [39] : 0x00 (0) [40] : 0x00 (0) [41] : 0x00 (0) [42] : 0x00 (0) [43] : 0x05 (5) [44] : 0x20 (32) [45] : 0x00 (0) [46] : 0x00 (0) [47] : 0x00 (0) [48] : 0x20 (32) [49] : 0x02 (2) [50] : 0x00 (0) [51] : 0x00 (0) [52] : 0x02 (2) [53] : 0x00 (0) [54] : 0xc4 (196) [55] : 0x00 (0) [56] : 0x07 (7) [57] : 0x00 (0) [58] : 0x00 (0) [59] : 0x00 (0) [60] : 0x00 (0) [61] : 0x02 (2) [62] : 0x14 (20) [63] : 0x00 (0) [64] : 0x08 (8) [65] : 0x00 (0) [66] : 0x02 (2) [67] : 0x20 (32) [68] : 0x01 (1) [69] : 0x01 (1) [70] : 0x00 (0) [71] : 0x00 (0) [72] : 0x00 (0) [73] : 0x00 (0) [74] : 0x00 (0) [75] : 0x01 (1) [76] : 0x00 (0) [77] : 0x00 (0) [78] : 0x00 (0) [79] : 0x00 (0) [80] : 0x00 (0) [81] : 0x09 (9) [82] : 0x24 (36) [83] : 0x00 (0) [84] : 0x0c (12) [85] : 0x00 (0) [86] : 0x0f (15) [87] : 0x10 (16) [88] : 0x01 (1) [89] : 0x05 (5) [90] : 0x00 (0) [91] : 0x00 (0) [92] : 0x00 (0) [93] : 0x00 (0) [94] : 0x00 (0) [95] : 0x05 (5) [96] : 0x15 (21) [97] : 0x00 (0) [98] : 0x00 (0) [99] : 0x00 (0) [100] : 0xd3 (211) [101] : 0x42 (66) [102] : 0x9f (159) [103] : 0x90 (144) [104] : 0x94 (148) [105] : 0x5f (95) [106] : 0x64 (100) [107] : 0xfd (253) [108] : 0xeb (235) [109] : 0x17 (23) [110] : 0x72 (114) [111] : 0x3b (59) [112] : 0x00 (0) [113] : 0x02 (2) [114] : 0x00 (0) [115] : 0x00 (0) [116] : 0x00 (0) [117] : 0x02 (2) [118] : 0x24 (36) [119] : 0x00 (0) [120] : 0x0c (12) [121] : 0x00 (0) [122] : 0x0f (15) [123] : 0x10 (16) [124] : 0x01 (1) [125] : 0x05 (5) [126] : 0x00 (0) [127] : 0x00 (0) [128] : 0x00 (0) [129] : 0x00 (0) [130] : 0x00 (0) [131] : 0x05 (5) [132] : 0x15 (21) [133] : 0x00 (0) [134] : 0x00 (0) [135] : 0x00 (0) [136] : 0xd3 (211) [137] : 0x42 (66) [138] : 0x9f (159) [139] : 0x90 (144) [140] : 0x94 (148) [141] : 0x5f (95) [142] : 0x64 (100) [143] : 0xfd (253) [144] : 0xeb (235) [145] : 0x17 (23) [146] : 0x72 (114) [147] : 0x3b (59) [148] : 0x00 (0) [149] : 0x02 (2) [150] : 0x00 (0) [151] : 0x00 (0) [152] : 0x00 (0) [153] : 0x09 (9) [154] : 0x18 (24) [155] : 0x00 (0) [156] : 0x0c (12) [157] : 0x00 (0) [158] : 0x0f (15) [159] : 0x10 (16) [160] : 0x01 (1) [161] : 0x02 (2) [162] : 0x00 (0) [163] : 0x00 (0) [164] : 0x00 (0) [165] : 0x00 (0) [166] : 0x00 (0) [167] : 0x05 (5) [168] : 0x20 (32) [169] : 0x00 (0) [170] : 0x00 (0) [171] : 0x00 (0) [172] : 0x20 (32) [173] : 0x02 (2) [174] : 0x00 (0) [175] : 0x00 (0) [176] : 0x00 (0) [177] : 0x02 (2) [178] : 0x18 (24) [179] : 0x00 (0) [180] : 0x0c (12) [181] : 0x00 (0) [182] : 0x0f (15) [183] : 0x10 (16) [184] : 0x01 (1) [185] : 0x02 (2) [186] : 0x00 (0) [187] : 0x00 (0) [188] : 0x00 (0) [189] : 0x00 (0) [190] : 0x00 (0) [191] : 0x05 (5) [192] : 0x20 (32) [193] : 0x00 (0) [194] : 0x00 (0) [195] : 0x00 (0) [196] : 0x20 (32) [197] : 0x02 (2) [198] : 0x00 (0) [199] : 0x00 (0) [200] : 0x00 (0) [201] : 0x09 (9) [202] : 0x18 (24) [203] : 0x00 (0) [204] : 0x0c (12) [205] : 0x00 (0) [206] : 0x0f (15) [207] : 0x10 (16) [208] : 0x01 (1) [209] : 0x02 (2) [210] : 0x00 (0) [211] : 0x00 (0) [212] : 0x00 (0) [213] : 0x00 (0) [214] : 0x00 (0) [215] : 0x05 (5) [216] : 0x20 (32) [217] : 0x00 (0) [218] : 0x00 (0) [219] : 0x00 (0) [220] : 0x26 (38) [221] : 0x02 (2) [222] : 0x00 (0) [223] : 0x00 (0) [224] : 0x00 (0) [225] : 0x02 (2) [226] : 0x18 (24) [227] : 0x00 (0) [228] : 0x0c (12) [229] : 0x00 (0) [230] : 0x0f (15) [231] : 0x10 (16) [232] : 0x01 (1) [233] : 0x02 (2) [234] : 0x00 (0) [235] : 0x00 (0) [236] : 0x00 (0) [237] : 0x00 (0) [238] : 0x00 (0) [239] : 0x05 (5) [240] : 0x20 (32) [241] : 0x00 (0) [242] : 0x00 (0) [243] : 0x00 (0) [244] : 0x26 (38) [245] : 0x02 (2) [246] : 0x00 (0) [247] : 0x00 (0) data_size : * data_size : 0x000000f8 (248) data_length : * data_length : 0x000000f8 (248) result : WERR_OK [2012/02/20 14:52:43.255115, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000002d-0000-0000-424f-abc0596c0000 [2012/02/20 14:52:43.255485, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 2D 00 00 00 00 00 00 00 42 4F AB C0 ....-... ....BO.. [0010] 59 6C 00 00 Yl.. [2012/02/20 14:52:43.255679, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 2D 00 00 00 00 00 00 00 42 4F AB C0 ....-... ....BO.. [0010] 59 6C 00 00 Yl.. [2012/02/20 14:52:43.255865, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/02/20 14:52:43.255959, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (4->3) [2012/02/20 14:52:43.256059, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2012/02/20 14:52:43.256429, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000002c-0000-0000-424f-abc0596c0000 [2012/02/20 14:52:43.256729, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 2C 00 00 00 00 00 00 00 42 4F AB C0 ....,... ....BO.. [0010] 59 6C 00 00 Yl.. [2012/02/20 14:52:43.256909, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 2C 00 00 00 00 00 00 00 42 4F AB C0 ....,... ....BO.. [0010] 59 6C 00 00 Yl.. [2012/02/20 14:52:43.257098, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/02/20 14:52:43.257184, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (3->2) [2012/02/20 14:52:43.257271, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2012/02/20 14:52:43.257642, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000002b-0000-0000-424f-abc0596c0000 [2012/02/20 14:52:43.257944, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 2B 00 00 00 00 00 00 00 42 4F AB C0 ....+... ....BO.. [0010] 59 6C 00 00 Yl.. [2012/02/20 14:52:43.258138, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 2B 00 00 00 00 00 00 00 42 4F AB C0 ....+... ....BO.. [0010] 59 6C 00 00 Yl.. [2012/02/20 14:52:43.258322, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/02/20 14:52:43.258442, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (2->1) [2012/02/20 14:52:43.258532, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2012/02/20 14:52:43.259142, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000002a-0000-0000-424f-abc0596c0000 [2012/02/20 14:52:43.259470, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 2A 00 00 00 00 00 00 00 42 4F AB C0 ....*... ....BO.. [0010] 59 6C 00 00 Yl.. [2012/02/20 14:52:43.259663, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 2A 00 00 00 00 00 00 00 42 4F AB C0 ....*... ....BO.. [0010] 59 6C 00 00 Yl.. [2012/02/20 14:52:43.259850, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/02/20 14:52:43.259938, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (1->0) [2012/02/20 14:52:43.260072, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2012/02/20 14:52:43.260617, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) spoolss_GetPrinter: struct spoolss_GetPrinter out: struct spoolss_GetPrinter info : * info : union spoolss_PrinterInfo(case 2) info2: struct spoolss_PrinterInfo2 servername : * servername : '\\EARTH' printername : * printername : '\\EARTH\frost' sharename : * sharename : 'frost' portname : * portname : 'Samba Printer Port' drivername : * drivername : '' comment : * comment : 'HP LaserJet 5m in Computer Room' location : * location : 'Computer Room' devmode : * devmode: struct spoolss_DeviceMode devicename : '\\EARTH\frost' specversion : DMSPEC_NT4_AND_ABOVE (1025) driverversion : 0x0400 (1024) size : 0x00dc (220) __driverextra_length : 0x0000 (0) fields : 0x00014713 (83731) 1: DEVMODE_ORIENTATION 1: DEVMODE_PAPERSIZE 0: DEVMODE_PAPERLENGTH 0: DEVMODE_PAPERWIDTH 1: DEVMODE_SCALE 0: DEVMODE_POSITION 0: DEVMODE_NUP 1: DEVMODE_COPIES 1: DEVMODE_DEFAULTSOURCE 1: DEVMODE_PRINTQUALITY 0: DEVMODE_COLOR 0: DEVMODE_DUPLEX 0: DEVMODE_YRESOLUTION 1: DEVMODE_TTOPTION 0: DEVMODE_COLLATE 1: DEVMODE_FORMNAME 0: DEVMODE_LOGPIXELS 0: DEVMODE_BITSPERPEL 0: DEVMODE_PELSWIDTH 0: DEVMODE_PELSHEIGHT 0: DEVMODE_DISPLAYFLAGS 0: DEVMODE_DISPLAYFREQUENCY 0: DEVMODE_ICMMETHOD 0: DEVMODE_ICMINTENT 0: DEVMODE_MEDIATYPE 0: DEVMODE_DITHERTYPE 0: DEVMODE_PANNINGWIDTH 0: DEVMODE_PANNINGHEIGHT orientation : DMORIENT_PORTRAIT (1) papersize : DMPAPER_LETTER (1) paperlength : 0x0000 (0) paperwidth : 0x0000 (0) scale : 0x0064 (100) copies : 0x0001 (1) defaultsource : DMBIN_FORMSOURCE (15) printquality : DMRES_HIGH (65532) color : DMRES_MONOCHROME (1) duplex : DMDUP_SIMPLEX (1) yresolution : 0x0000 (0) ttoption : DMTT_SUBDEV (3) collate : DMCOLLATE_FALSE (0) formname : 'Letter' logpixels : 0x0000 (0) bitsperpel : 0x00000000 (0) pelswidth : 0x00000000 (0) pelsheight : 0x00000000 (0) displayflags : UNKNOWN_ENUM_VALUE (0) displayfrequency : 0x00000000 (0) icmmethod : UNKNOWN_ENUM_VALUE (0) icmintent : UNKNOWN_ENUM_VALUE (0) mediatype : UNKNOWN_ENUM_VALUE (0) dithertype : UNKNOWN_ENUM_VALUE (0) reserved1 : 0x00000000 (0) reserved2 : 0x00000000 (0) panningwidth : 0x00000000 (0) panningheight : 0x00000000 (0) driverextra_data : DATA_BLOB length=0 sepfile : * sepfile : '' printprocessor : * printprocessor : 'winprint' datatype : * datatype : 'RAW' parameters : * parameters : '' secdesc : * secdesc: struct security_descriptor revision : SECURITY_DESCRIPTOR_REVISION_1 (1) type : 0x8004 (32772) 0: SEC_DESC_OWNER_DEFAULTED 0: SEC_DESC_GROUP_DEFAULTED 1: SEC_DESC_DACL_PRESENT 0: SEC_DESC_DACL_DEFAULTED 0: SEC_DESC_SACL_PRESENT 0: SEC_DESC_SACL_DEFAULTED 0: SEC_DESC_DACL_TRUSTED 0: SEC_DESC_SERVER_SECURITY 0: SEC_DESC_DACL_AUTO_INHERIT_REQ 0: SEC_DESC_SACL_AUTO_INHERIT_REQ 0: SEC_DESC_DACL_AUTO_INHERITED 0: SEC_DESC_SACL_AUTO_INHERITED 0: SEC_DESC_DACL_PROTECTED 0: SEC_DESC_SACL_PROTECTED 0: SEC_DESC_RM_CONTROL_VALID 1: SEC_DESC_SELF_RELATIVE owner_sid : * owner_sid : S-1-5-32-544 group_sid : * group_sid : S-1-5-32-544 sacl : NULL dacl : * dacl: struct security_acl revision : SECURITY_ACL_REVISION_NT4 (2) size : 0x00c4 (196) num_aces : 0x00000007 (7) aces: ARRAY(7) aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x02 (2) 0: SEC_ACE_FLAG_OBJECT_INHERIT 1: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 0: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0014 (20) access_mask : 0x20020008 (537001992) object : union security_ace_object_ctr(case 0) trustee : S-1-1-0 aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x09 (9) 1: SEC_ACE_FLAG_OBJECT_INHERIT 0: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 1: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x09: SEC_ACE_FLAG_VALID_INHERIT (9) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0024 (36) access_mask : 0x100f000c (269418508) object : union security_ace_object_ctr(case 0) trustee : S-1-5-21-2426356435-4251213716-997332971-512 aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x02 (2) 0: SEC_ACE_FLAG_OBJECT_INHERIT 1: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 0: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0024 (36) access_mask : 0x100f000c (269418508) object : union security_ace_object_ctr(case 0) trustee : S-1-5-21-2426356435-4251213716-997332971-512 aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x09 (9) 1: SEC_ACE_FLAG_OBJECT_INHERIT 0: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 1: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x09: SEC_ACE_FLAG_VALID_INHERIT (9) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0018 (24) access_mask : 0x100f000c (269418508) object : union security_ace_object_ctr(case 0) trustee : S-1-5-32-544 aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x02 (2) 0: SEC_ACE_FLAG_OBJECT_INHERIT 1: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 0: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0018 (24) access_mask : 0x100f000c (269418508) object : union security_ace_object_ctr(case 0) trustee : S-1-5-32-544 aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x09 (9) 1: SEC_ACE_FLAG_OBJECT_INHERIT 0: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 1: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x09: SEC_ACE_FLAG_VALID_INHERIT (9) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0018 (24) access_mask : 0x100f000c (269418508) object : union security_ace_object_ctr(case 0) trustee : S-1-5-32-550 aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x02 (2) 0: SEC_ACE_FLAG_OBJECT_INHERIT 1: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 0: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0018 (24) access_mask : 0x100f000c (269418508) object : union security_ace_object_ctr(case 0) trustee : S-1-5-32-550 attributes : 0x00001048 (4168) 0: PRINTER_ATTRIBUTE_QUEUED 0: PRINTER_ATTRIBUTE_DIRECT 0: PRINTER_ATTRIBUTE_DEFAULT 1: PRINTER_ATTRIBUTE_SHARED 0: PRINTER_ATTRIBUTE_NETWORK 0: PRINTER_ATTRIBUTE_HIDDEN 1: PRINTER_ATTRIBUTE_LOCAL 0: PRINTER_ATTRIBUTE_ENABLE_DEVQ 0: PRINTER_ATTRIBUTE_KEEPPRINTEDJOBS 0: PRINTER_ATTRIBUTE_DO_COMPLETE_FIRST 0: PRINTER_ATTRIBUTE_WORK_OFFLINE 0: PRINTER_ATTRIBUTE_ENABLE_BIDI 1: PRINTER_ATTRIBUTE_RAW_ONLY 0: PRINTER_ATTRIBUTE_PUBLISHED 0: PRINTER_ATTRIBUTE_FAX 0: PRINTER_ATTRIBUTE_TS priority : 0x00000001 (1) defaultpriority : 0x00000001 (1) starttime : 0x00000000 (0) untiltime : 0x00000000 (0) status : 0x00000001 (1) 1: PRINTER_STATUS_PAUSED 0: PRINTER_STATUS_ERROR 0: PRINTER_STATUS_PENDING_DELETION 0: PRINTER_STATUS_PAPER_JAM 0: PRINTER_STATUS_PAPER_OUT 0: PRINTER_STATUS_MANUAL_FEED 0: PRINTER_STATUS_PAPER_PROBLEM 0: PRINTER_STATUS_OFFLINE 0: PRINTER_STATUS_IO_ACTIVE 0: PRINTER_STATUS_BUSY 0: PRINTER_STATUS_PRINTING 0: PRINTER_STATUS_OUTPUT_BIN_FULL 0: PRINTER_STATUS_NOT_AVAILABLE 0: PRINTER_STATUS_WAITING 0: PRINTER_STATUS_PROCESSING 0: PRINTER_STATUS_INITIALIZING 0: PRINTER_STATUS_WARMING_UP 0: PRINTER_STATUS_TONER_LOW 0: PRINTER_STATUS_NO_TONER 0: PRINTER_STATUS_PAGE_PUNT 0: PRINTER_STATUS_USER_INTERVENTION 0: PRINTER_STATUS_OUT_OF_MEMORY 0: PRINTER_STATUS_DOOR_OPEN 0: PRINTER_STATUS_SERVER_UNKNOWN 0: PRINTER_STATUS_POWER_SAVE cjobs : 0x00000000 (0) averageppm : 0x00000000 (0) needed : * needed : 0x00000330 (816) result : WERR_OK [2012/02/20 14:52:43.273962, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP) api_rpcTNP: called \spoolss successfully [2012/02/20 14:52:43.274123, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 4140 [2012/02/20 14:52:43.274254, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) name: \spoolss len: 4136 [2012/02/20 14:52:43.274350, 10] rpc_server/srv_pipe_hnd.c:346(read_from_internal_pipe) read_from_pipe: \spoolss: fault_state = 0 : data_sent_length = 0, p->out_data.rdata.length = 4112. [2012/02/20 14:52:43.274459, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) &r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_RESPONSE (2) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x1028 (4136) auth_length : 0x0000 (0) call_id : 0x00000004 (4) u : union dcerpc_payload(case 2) response: struct dcerpc_response alloc_hint : 0x00001010 (4112) context_id : 0x0000 (0) cancel_count : 0x00 (0) _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=4112 [0000] 04 00 02 00 00 10 00 00 F0 0F 00 00 D4 0F 00 00 ........ ........ [0010] C8 0F 00 00 A2 0F 00 00 A0 0F 00 00 60 0F 00 00 ........ ....`... [0020] 44 0F 00 00 48 0E 00 00 42 0F 00 00 30 0F 00 00 D...H... B...0... [0030] 28 0F 00 00 26 0F 00 00 50 0D 00 00 48 10 00 00 (...&... P...H... [0040] 01 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0050] 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0200] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0210] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0220] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0230] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0240] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0250] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0260] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0270] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0280] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0290] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0300] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0310] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0320] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0330] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0340] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0350] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0360] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0370] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0380] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0390] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0400] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0410] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0420] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0430] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0440] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0450] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0460] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0470] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0480] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0490] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0500] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0510] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0520] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0530] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0540] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0550] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0560] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0570] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0580] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0590] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0600] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0610] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0620] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0630] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0640] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0650] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0660] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0670] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0680] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0690] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0700] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0710] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0720] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0730] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0740] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0750] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0760] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0770] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0780] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0790] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0800] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0810] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0820] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0830] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0840] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0850] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0860] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0870] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0880] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0890] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0900] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0910] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0920] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0930] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0940] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0950] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0960] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0970] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0980] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0990] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D50] 00 00 00 00 00 00 00 00 01 00 04 80 D8 00 00 00 ........ ........ [0D60] E8 00 00 00 00 00 00 00 14 00 00 00 02 00 C4 00 ........ ........ [0D70] 07 00 00 00 00 02 14 00 08 00 02 20 01 01 00 00 ........ ... .... [0D80] 00 00 00 01 00 00 00 00 00 09 24 00 0C 00 0F 10 ........ ..$..... [0D90] 01 05 00 00 00 00 00 05 15 00 00 00 D3 42 9F 90 ........ .....B.. [0DA0] 94 5F 64 FD EB 17 72 3B 00 02 00 00 00 02 24 00 ._d...r; ......$. [0DB0] 0C 00 0F 10 01 05 00 00 00 00 00 05 15 00 00 00 ........ ........ [0DC0] D3 42 9F 90 94 5F 64 FD EB 17 72 3B 00 02 00 00 .B..._d. ..r;.... [0DD0] 00 09 18 00 0C 00 0F 10 01 02 00 00 00 00 00 05 ........ ........ [0DE0] 20 00 00 00 20 02 00 00 00 02 18 00 0C 00 0F 10 ... ... ........ [0DF0] 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 ........ ... ... [0E00] 00 09 18 00 0C 00 0F 10 01 02 00 00 00 00 00 05 ........ ........ [0E10] 20 00 00 00 26 02 00 00 00 02 18 00 0C 00 0F 10 ...&... ........ [0E20] 01 02 00 00 00 00 00 05 20 00 00 00 26 02 00 00 ........ ...&... [0E30] 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 ........ ... ... [0E40] 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 ........ ... ... [0E50] 5C 00 5C 00 45 00 41 00 52 00 54 00 48 00 5C 00 \.\.E.A. R.T.H.\. [0E60] 66 00 72 00 6F 00 73 00 74 00 00 00 00 00 00 00 f.r.o.s. t....... [0E70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E90] 01 04 00 04 DC 00 00 00 13 47 01 00 01 00 01 00 ........ .G...... [0EA0] 00 00 00 00 64 00 01 00 0F 00 FC FF 01 00 01 00 ....d... ........ [0EB0] 00 00 03 00 00 00 4C 00 65 00 74 00 74 00 65 00 ......L. e.t.t.e. [0EC0] 72 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 r....... ........ [0ED0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F30] 52 00 41 00 57 00 00 00 77 00 69 00 6E 00 70 00 R.A.W... w.i.n.p. [0F40] 72 00 69 00 6E 00 74 00 00 00 00 00 43 00 6F 00 r.i.n.t. ....C.o. [0F50] 6D 00 70 00 75 00 74 00 65 00 72 00 20 00 52 00 m.p.u.t. e.r. .R. [0F60] 6F 00 6F 00 6D 00 00 00 48 00 50 00 20 00 4C 00 o.o.m... H.P. .L. [0F70] 61 00 73 00 65 00 72 00 4A 00 65 00 74 00 20 00 a.s.e.r. J.e.t. . [0F80] 35 00 6D 00 20 00 69 00 6E 00 20 00 43 00 6F 00 5.m. .i. n. .C.o. [0F90] 6D 00 70 00 75 00 74 00 65 00 72 00 20 00 52 00 m.p.u.t. e.r. .R. [0FA0] 6F 00 6F 00 6D 00 00 00 00 00 53 00 61 00 6D 00 o.o.m... ..S.a.m. [0FB0] 62 00 61 00 20 00 50 00 72 00 69 00 6E 00 74 00 b.a. .P. r.i.n.t. [0FC0] 65 00 72 00 20 00 50 00 6F 00 72 00 74 00 00 00 e.r. .P. o.r.t... [0FD0] 66 00 72 00 6F 00 73 00 74 00 00 00 5C 00 5C 00 f.r.o.s. t...\.\. [0FE0] 45 00 41 00 52 00 54 00 48 00 5C 00 66 00 72 00 E.A.R.T. H.\.f.r. [0FF0] 6F 00 73 00 74 00 00 00 5C 00 5C 00 45 00 41 00 o.s.t... \.\.E.A. [1000] 52 00 54 00 48 00 00 00 30 03 00 00 00 00 00 00 R.T.H... 0....... [2012/02/20 14:52:43.300266, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) free_pipe_context: destroying talloc pool of size 4122 [2012/02/20 14:52:43.300407, 10] rpc_server/rpc_handles.c:307(close_policy_by_pipe) close_policy_by_pipe: deleted handle list for pipe \winreg [2012/02/20 14:52:43.300583, 10] rpc_server/srv_pipe_hnd.c:788(np_read_recv) Received 4136 bytes. There is no more data outstanding [2012/02/20 14:52:43.300681, 5] smbd/ipc.c:62(copy_trans_params_and_data) copy_trans_params_and_data: params[0..0] data[0..4136] (align 0) [2012/02/20 14:52:43.300775, 5] lib/util.c:332(show_msg) [2012/02/20 14:52:43.300825, 5] lib/util.c:342(show_msg) size=4192 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=2 smb_pid=1620 smb_uid=100 smb_mid=23618 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 4136 (0x1028) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 4136 (0x1028) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=4137 [2012/02/20 14:52:43.301676, 10] ../lib/util/util.c:415(dump_data) [0000] 00 05 00 02 03 10 00 00 00 28 10 00 00 04 00 00 ........ .(...... [0010] 00 10 10 00 00 00 00 00 00 04 00 02 00 00 10 00 ........ ........ [0020] 00 F0 0F 00 00 D4 0F 00 00 C8 0F 00 00 A2 0F 00 ........ ........ [0030] 00 A0 0F 00 00 60 0F 00 00 44 0F 00 00 48 0E 00 .....`.. .D...H.. [0040] 00 42 0F 00 00 30 0F 00 00 28 0F 00 00 26 0F 00 .B...0.. .(...&.. [0050] 00 50 0D 00 00 48 10 00 00 01 00 00 00 01 00 00 .P...H.. ........ [0060] 00 00 00 00 00 00 00 00 00 01 00 00 00 00 00 00 ........ ........ [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [2012/02/20 14:52:43.305041, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 148 [2012/02/20 14:52:43.305164, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x94 [2012/02/20 14:52:43.305254, 3] smbd/process.c:1662(process_smb) Transaction 50 of length 152 (0 toread) [2012/02/20 14:52:43.305341, 5] lib/util.c:332(show_msg) [2012/02/20 14:52:43.305390, 5] lib/util.c:342(show_msg) size=148 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=1620 smb_uid=100 smb_mid=23682 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 64 (0x40) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4136 (0x1028) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 64 (0x40) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=15586 (0x3CE2) smb_bcc=81 [2012/02/20 14:52:43.306451, 10] ../lib/util/util.c:415(dump_data) [0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [0010] 00 05 00 00 03 10 00 00 00 40 00 00 00 05 00 00 ........ .@...... [0020] 00 28 00 00 00 00 00 04 00 00 00 00 00 21 00 00 .(...... .....!.. [0030] 00 00 00 00 00 42 4F AA C0 59 6C 00 00 00 00 00 .....BO. .Yl..... [0040] 00 FF FF FF FF 02 00 00 00 00 00 00 00 00 00 00 ........ ........ [0050] 00 . [2012/02/20 14:52:43.306925, 3] smbd/process.c:1467(switch_message) switch message SMBtrans (pid 27737) conn 0x9697a50 [2012/02/20 14:52:43.307065, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/02/20 14:52:43.307194, 3] smbd/ipc.c:560(handle_trans) trans <\PIPE\> data=64 params=0 setup=2 [2012/02/20 14:52:43.307289, 5] smbd/ipc.c:593(handle_trans) calling named_pipe [2012/02/20 14:52:43.307373, 3] smbd/ipc.c:511(named_pipe) named pipe command on <> name [2012/02/20 14:52:43.307459, 5] smbd/ipc.c:434(api_fd_reply) api_fd_reply [2012/02/20 14:52:43.307545, 3] smbd/ipc.c:475(api_fd_reply) Got API command 0x26 on pipe "spoolss" (pnum 3ce2) [2012/02/20 14:52:43.307633, 10] smbd/ipc.c:477(api_fd_reply) api_fd_reply: p:0x96a87b8 max_trans_reply: 4136 [2012/02/20 14:52:43.307753, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 64 [2012/02/20 14:52:43.307881, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 64 [2012/02/20 14:52:43.307996, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 64 [2012/02/20 14:52:43.308089, 10] rpc_server/srv_pipe_hnd.c:50(fill_rpc_header) fill_rpc_header: data_to_copy = 64, len_needed_to_complete_hdr = 16, receive_len = 0 [2012/02/20 14:52:43.308179, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 16 [2012/02/20 14:52:43.308264, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 48 [2012/02/20 14:52:43.308350, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 48 [2012/02/20 14:52:43.308441, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 0 [2012/02/20 14:52:43.308528, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 48 [2012/02/20 14:52:43.308614, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 48, incoming data = 48 [2012/02/20 14:52:43.308703, 10] rpc_server/srv_pipe.c:1877(process_complete_pdu) PDU is in Little Endian format! [2012/02/20 14:52:43.308801, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_REQUEST (0) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0040 (64) auth_length : 0x0000 (0) call_id : 0x00000005 (5) u : union dcerpc_payload(case 0) request: struct dcerpc_request alloc_hint : 0x00000028 (40) context_id : 0x0000 (0) opnum : 0x0004 (4) object : union dcerpc_object(case 0) empty: struct dcerpc_empty _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=40 [0000] 00 00 00 00 21 00 00 00 00 00 00 00 42 4F AA C0 ....!... ....BO.. [0010] 59 6C 00 00 00 00 00 00 FF FF FF FF 02 00 00 00 Yl...... ........ [0020] 00 00 00 00 00 00 00 00 ........ [2012/02/20 14:52:43.310051, 10] rpc_server/srv_pipe.c:1890(process_complete_pdu) Processing packet type 0 [2012/02/20 14:52:43.310141, 10] rpc_server/srv_pipe.c:1734(dcesrv_auth_request) Checking request auth. [2012/02/20 14:52:43.310230, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) Requested \PIPE\\spoolss [2012/02/20 14:52:43.310326, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) api_rpcTNP: \spoolss op 0x4 - api_rpcTNP: rpc command: SPOOLSS_ENUMJOBS [2012/02/20 14:52:43.310421, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) api_rpc_cmds[4].fn == 0x4424e0 [2012/02/20 14:52:43.310516, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) spoolss_EnumJobs: struct spoolss_EnumJobs in: struct spoolss_EnumJobs handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000021-0000-0000-424f-aac0596c0000 firstjob : 0x00000000 (0) numjobs : 0xffffffff (4294967295) level : 0x00000002 (2) buffer : NULL offered : 0x00000000 (0) [2012/02/20 14:52:43.311023, 4] rpc_server/spoolss/srv_spoolss_nt.c:7060(_spoolss_EnumJobs) _spoolss_EnumJobs [2012/02/20 14:52:43.311111, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 21 00 00 00 00 00 00 00 42 4F AA C0 ....!... ....BO.. [0010] 59 6C 00 00 Yl.. [2012/02/20 14:52:43.311301, 4] rpc_server/spoolss/srv_spoolss_nt.c:504(get_printer_snum) short name:frost [2012/02/20 14:52:43.311404, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) Create pipe requested \winreg [2012/02/20 14:52:43.311507, 10] rpc_server/rpc_handles.c:116(init_pipe_handles) init_pipe_handle_list: created handle list for pipe \winreg [2012/02/20 14:52:43.311598, 10] rpc_server/rpc_handles.c:133(init_pipe_handles) init_pipe_handle_list: pipe_handles ref count = 1 for pipe \winreg [2012/02/20 14:52:43.311710, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) Created internal pipe \winreg (pipes_open=0) [2012/02/20 14:52:43.311832, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM in: struct winreg_OpenHKLM system_name : NULL access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2012/02/20 14:52:43.312372, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2012/02/20 14:52:43.312470, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(7000, 1001) : sec_ctx_stack_ndx = 1 [2012/02/20 14:52:43.312566, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(100) : conn_ctx_stack_ndx = 0 [2012/02/20 14:52:43.312652, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2012/02/20 14:52:43.312739, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2012/02/20 14:52:43.312854, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2012/02/20 14:52:43.313224, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (7000, 1001) - sec_ctx_stack_ndx = 0 [2012/02/20 14:52:43.313356, 10] registry/reg_backend_db.c:602(regdb_open) regdb_open: registry db opened. refcount reset (1) [2012/02/20 14:52:43.313452, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM] [2012/02/20 14:52:43.313540, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM] [2012/02/20 14:52:43.313628, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/02/20 14:52:43.313713, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0xb037c0 for key [\HKLM] [2012/02/20 14:52:43.313874, 10] registry/reg_backend_db.c:1871(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM] [2012/02/20 14:52:43.314030, 10] ../libcli/security/access_check.c:178(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2012/02/20 14:52:43.314132, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[1] [0000] 00 00 00 00 2E 00 00 00 00 00 00 00 42 4F AB C0 ........ ....BO.. [0010] 59 6C 00 00 Yl.. [2012/02/20 14:52:43.314327, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM out: struct winreg_OpenHKLM handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000002e-0000-0000-424f-abc0596c0000 result : WERR_OK [2012/02/20 14:52:43.314727, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey in: struct winreg_OpenKey parent_handle : * parent_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000002e-0000-0000-424f-abc0596c0000 keyname: struct winreg_String name_len : 0x0084 (132) name_size : 0x0084 (132) name : * name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\frost' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2012/02/20 14:52:43.315804, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 2E 00 00 00 00 00 00 00 42 4F AB C0 ........ ....BO.. [0010] 59 6C 00 00 Yl.. [2012/02/20 14:52:43.316003, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2012/02/20 14:52:43.316096, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (1->2) [2012/02/20 14:52:43.316190, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] [2012/02/20 14:52:43.316276, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE] [2012/02/20 14:52:43.316398, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/02/20 14:52:43.316486, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0xb037c0 for key [\HKLM\SOFTWARE] [2012/02/20 14:52:43.316649, 10] registry/reg_backend_db.c:1871(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE] [2012/02/20 14:52:43.316783, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2012/02/20 14:52:43.316879, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (2->3) [2012/02/20 14:52:43.316983, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] [2012/02/20 14:52:43.317073, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] [2012/02/20 14:52:43.317161, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/02/20 14:52:43.317246, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0xb037c0 for key [\HKLM\SOFTWARE\Microsoft] [2012/02/20 14:52:43.317389, 10] registry/reg_backend_db.c:1871(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft] [2012/02/20 14:52:43.317525, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (3->2) [2012/02/20 14:52:43.317617, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2012/02/20 14:52:43.317709, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (2->3) [2012/02/20 14:52:43.317802, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] [2012/02/20 14:52:43.317889, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] [2012/02/20 14:52:43.317984, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/02/20 14:52:43.318072, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0xb037c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] [2012/02/20 14:52:43.318212, 10] registry/reg_backend_db.c:1871(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT] [2012/02/20 14:52:43.318345, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (3->2) [2012/02/20 14:52:43.318437, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2012/02/20 14:52:43.318530, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (2->3) [2012/02/20 14:52:43.318624, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2012/02/20 14:52:43.318711, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2012/02/20 14:52:43.318801, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/02/20 14:52:43.318887, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0xb03a20 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2012/02/20 14:52:43.319058, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (3->2) [2012/02/20 14:52:43.319153, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2012/02/20 14:52:43.319244, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (2->3) [2012/02/20 14:52:43.319338, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2012/02/20 14:52:43.319428, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2012/02/20 14:52:43.319520, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/02/20 14:52:43.319632, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0xb03a20 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2012/02/20 14:52:43.319785, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (3->2) [2012/02/20 14:52:43.319877, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2012/02/20 14:52:43.319968, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (2->3) [2012/02/20 14:52:43.320073, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2012/02/20 14:52:43.320162, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2012/02/20 14:52:43.320252, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/02/20 14:52:43.320344, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0xb037c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2012/02/20 14:52:43.320620, 10] registry/reg_backend_db.c:1871(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2012/02/20 14:52:43.320882, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (3->2) [2012/02/20 14:52:43.321004, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [frost] [2012/02/20 14:52:43.321102, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (2->3) [2012/02/20 14:52:43.321199, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\frost] [2012/02/20 14:52:43.321289, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\frost] [2012/02/20 14:52:43.321384, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/02/20 14:52:43.321471, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0xb037c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\frost] [2012/02/20 14:52:43.321625, 10] registry/reg_backend_db.c:1871(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\frost] [2012/02/20 14:52:43.321769, 10] ../libcli/security/access_check.c:178(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2012/02/20 14:52:43.321866, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (3->2) [2012/02/20 14:52:43.321961, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[2] [0000] 00 00 00 00 2F 00 00 00 00 00 00 00 42 4F AB C0 ..../... ....BO.. [0010] 59 6C 00 00 Yl.. [2012/02/20 14:52:43.322162, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey out: struct winreg_OpenKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000002f-0000-0000-424f-abc0596c0000 result : WERR_OK [2012/02/20 14:52:43.322570, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_QueryInfoKey: struct winreg_QueryInfoKey in: struct winreg_QueryInfoKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000002f-0000-0000-424f-abc0596c0000 classname : * classname: struct winreg_String name_len : 0x0000 (0) name_size : 0x0000 (0) name : NULL [2012/02/20 14:52:43.323145, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 2F 00 00 00 00 00 00 00 42 4F AB C0 ..../... ....BO.. [0010] 59 6C 00 00 Yl.. [2012/02/20 14:52:43.323410, 10] registry/reg_dispatcher.c:150(fetch_reg_values) fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\frost' (ops 0xb037c0) [2012/02/20 14:52:43.323510, 10] registry/reg_backend_db.c:1764(regdb_fetch_values_internal) regdb_fetch_values: Looking for value of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\frost] [2012/02/20 14:52:43.323648, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) specific: [Attributes], len: 4 [2012/02/20 14:52:43.323740, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) specific: [Description], len: 2 [2012/02/20 14:52:43.323830, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) specific: [Datatype], len: 8 [2012/02/20 14:52:43.323920, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) specific: [Default Priority], len: 4 [2012/02/20 14:52:43.324022, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) specific: [Port], len: 38 [2012/02/20 14:52:43.324112, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) specific: [Name], len: 12 [2012/02/20 14:52:43.324202, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) specific: [Print Processor], len: 18 [2012/02/20 14:52:43.324292, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) specific: [Priority], len: 4 [2012/02/20 14:52:43.324381, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) specific: [Security], len: 248 [2012/02/20 14:52:43.324471, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) specific: [Share Name], len: 12 [2012/02/20 14:52:43.324560, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) specific: [StartTime], len: 4 [2012/02/20 14:52:43.324649, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) specific: [UntilTime], len: 4 [2012/02/20 14:52:43.324739, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) specific: [ChangeID], len: 4 [2012/02/20 14:52:43.324830, 10] registry/reg_backend_db.c:1871(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\frost] [2012/02/20 14:52:43.324969, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_QueryInfoKey: struct winreg_QueryInfoKey out: struct winreg_QueryInfoKey classname : * classname: struct winreg_String name_len : 0x0000 (0) name_size : 0x0000 (0) name : NULL num_subkeys : * num_subkeys : 0x00000003 (3) max_subkeylen : * max_subkeylen : 0x00000022 (34) max_classlen : * max_classlen : 0x00000000 (0) num_values : * num_values : 0x0000000d (13) max_valnamelen : * max_valnamelen : 0x00000022 (34) max_valbufsize : * max_valbufsize : 0x000000f8 (248) secdescsize : * secdescsize : 0x00000078 (120) last_changed_time : * last_changed_time : NTTIME(0) result : WERR_OK [2012/02/20 14:52:43.326234, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000002f-0000-0000-424f-abc0596c0000 enum_index : 0x00000000 (0) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2012/02/20 14:52:43.327283, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 2F 00 00 00 00 00 00 00 42 4F AB C0 ..../... ....BO.. [0010] 59 6C 00 00 Yl.. [2012/02/20 14:52:43.327483, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\frost] [2012/02/20 14:52:43.327584, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0016 (22) size : 0x0024 (36) name : * name : 'Attributes' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x48 (72) [1] : 0x10 (16) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2012/02/20 14:52:43.328620, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000002f-0000-0000-424f-abc0596c0000 enum_index : 0x00000001 (1) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2012/02/20 14:52:43.329544, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 2F 00 00 00 00 00 00 00 42 4F AB C0 ..../... ....BO.. [0010] 59 6C 00 00 Yl.. [2012/02/20 14:52:43.329728, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\frost] [2012/02/20 14:52:43.329860, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0018 (24) size : 0x0024 (36) name : * name : 'Description' type : * type : REG_SZ (1) value : * value: ARRAY(2) [0] : 0x00 (0) [1] : 0x00 (0) size : * size : 0x00000002 (2) length : * length : 0x00000002 (2) result : WERR_OK [2012/02/20 14:52:43.330730, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000002f-0000-0000-424f-abc0596c0000 enum_index : 0x00000002 (2) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2012/02/20 14:52:43.331634, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 2F 00 00 00 00 00 00 00 42 4F AB C0 ..../... ....BO.. [0010] 59 6C 00 00 Yl.. [2012/02/20 14:52:43.331817, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\frost] [2012/02/20 14:52:43.331912, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0024 (36) name : * name : 'Datatype' type : * type : REG_SZ (1) value : * value: ARRAY(8) [0] : 0x52 (82) [1] : 0x00 (0) [2] : 0x41 (65) [3] : 0x00 (0) [4] : 0x57 (87) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) size : * size : 0x00000008 (8) length : * length : 0x00000008 (8) result : WERR_OK [2012/02/20 14:52:43.333061, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000002f-0000-0000-424f-abc0596c0000 enum_index : 0x00000003 (3) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2012/02/20 14:52:43.334164, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 2F 00 00 00 00 00 00 00 42 4F AB C0 ..../... ....BO.. [0010] 59 6C 00 00 Yl.. [2012/02/20 14:52:43.334363, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\frost] [2012/02/20 14:52:43.334463, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0022 (34) size : 0x0024 (36) name : * name : 'Default Priority' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2012/02/20 14:52:43.335426, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000002f-0000-0000-424f-abc0596c0000 enum_index : 0x00000004 (4) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2012/02/20 14:52:43.336379, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 2F 00 00 00 00 00 00 00 42 4F AB C0 ..../... ....BO.. [0010] 59 6C 00 00 Yl.. [2012/02/20 14:52:43.336566, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\frost] [2012/02/20 14:52:43.336663, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x000a (10) size : 0x0024 (36) name : * name : 'Port' type : * type : REG_SZ (1) value : * value: ARRAY(38) [0] : 0x53 (83) [1] : 0x00 (0) [2] : 0x61 (97) [3] : 0x00 (0) [4] : 0x6d (109) [5] : 0x00 (0) [6] : 0x62 (98) [7] : 0x00 (0) [8] : 0x61 (97) [9] : 0x00 (0) [10] : 0x20 (32) [11] : 0x00 (0) [12] : 0x50 (80) [13] : 0x00 (0) [14] : 0x72 (114) [15] : 0x00 (0) [16] : 0x69 (105) [17] : 0x00 (0) [18] : 0x6e (110) [19] : 0x00 (0) [20] : 0x74 (116) [21] : 0x00 (0) [22] : 0x65 (101) [23] : 0x00 (0) [24] : 0x72 (114) [25] : 0x00 (0) [26] : 0x20 (32) [27] : 0x00 (0) [28] : 0x50 (80) [29] : 0x00 (0) [30] : 0x6f (111) [31] : 0x00 (0) [32] : 0x72 (114) [33] : 0x00 (0) [34] : 0x74 (116) [35] : 0x00 (0) [36] : 0x00 (0) [37] : 0x00 (0) size : * size : 0x00000026 (38) length : * length : 0x00000026 (38) result : WERR_OK [2012/02/20 14:52:43.339067, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000002f-0000-0000-424f-abc0596c0000 enum_index : 0x00000005 (5) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2012/02/20 14:52:43.340092, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 2F 00 00 00 00 00 00 00 42 4F AB C0 ..../... ....BO.. [0010] 59 6C 00 00 Yl.. [2012/02/20 14:52:43.340283, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\frost] [2012/02/20 14:52:43.340382, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x000a (10) size : 0x0024 (36) name : * name : 'Name' type : * type : REG_SZ (1) value : * value: ARRAY(12) [0] : 0x66 (102) [1] : 0x00 (0) [2] : 0x72 (114) [3] : 0x00 (0) [4] : 0x6f (111) [5] : 0x00 (0) [6] : 0x73 (115) [7] : 0x00 (0) [8] : 0x74 (116) [9] : 0x00 (0) [10] : 0x00 (0) [11] : 0x00 (0) size : * size : 0x0000000c (12) length : * length : 0x0000000c (12) result : WERR_OK [2012/02/20 14:52:43.341687, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000002f-0000-0000-424f-abc0596c0000 enum_index : 0x00000006 (6) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2012/02/20 14:52:43.342643, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 2F 00 00 00 00 00 00 00 42 4F AB C0 ..../... ....BO.. [0010] 59 6C 00 00 Yl.. [2012/02/20 14:52:43.342860, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\frost] [2012/02/20 14:52:43.342957, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0020 (32) size : 0x0024 (36) name : * name : 'Print Processor' type : * type : REG_SZ (1) value : * value: ARRAY(18) [0] : 0x77 (119) [1] : 0x00 (0) [2] : 0x69 (105) [3] : 0x00 (0) [4] : 0x6e (110) [5] : 0x00 (0) [6] : 0x70 (112) [7] : 0x00 (0) [8] : 0x72 (114) [9] : 0x00 (0) [10] : 0x69 (105) [11] : 0x00 (0) [12] : 0x6e (110) [13] : 0x00 (0) [14] : 0x74 (116) [15] : 0x00 (0) [16] : 0x00 (0) [17] : 0x00 (0) size : * size : 0x00000012 (18) length : * length : 0x00000012 (18) result : WERR_OK [2012/02/20 14:52:43.344492, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000002f-0000-0000-424f-abc0596c0000 enum_index : 0x00000007 (7) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2012/02/20 14:52:43.345455, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 2F 00 00 00 00 00 00 00 42 4F AB C0 ..../... ....BO.. [0010] 59 6C 00 00 Yl.. [2012/02/20 14:52:43.345639, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\frost] [2012/02/20 14:52:43.345736, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0024 (36) name : * name : 'Priority' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2012/02/20 14:52:43.346720, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000002f-0000-0000-424f-abc0596c0000 enum_index : 0x00000008 (8) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2012/02/20 14:52:43.347815, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 2F 00 00 00 00 00 00 00 42 4F AB C0 ..../... ....BO.. [0010] 59 6C 00 00 Yl.. [2012/02/20 14:52:43.348032, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\frost] [2012/02/20 14:52:43.348135, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0024 (36) name : * name : 'Security' type : * type : REG_BINARY (3) value : * value: ARRAY(248) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x04 (4) [3] : 0x80 (128) [4] : 0x14 (20) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) [8] : 0x24 (36) [9] : 0x00 (0) [10] : 0x00 (0) [11] : 0x00 (0) [12] : 0x00 (0) [13] : 0x00 (0) [14] : 0x00 (0) [15] : 0x00 (0) [16] : 0x34 (52) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) [20] : 0x01 (1) [21] : 0x02 (2) [22] : 0x00 (0) [23] : 0x00 (0) [24] : 0x00 (0) [25] : 0x00 (0) [26] : 0x00 (0) [27] : 0x05 (5) [28] : 0x20 (32) [29] : 0x00 (0) [30] : 0x00 (0) [31] : 0x00 (0) [32] : 0x20 (32) [33] : 0x02 (2) [34] : 0x00 (0) [35] : 0x00 (0) [36] : 0x01 (1) [37] : 0x02 (2) [38] : 0x00 (0) [39] : 0x00 (0) [40] : 0x00 (0) [41] : 0x00 (0) [42] : 0x00 (0) [43] : 0x05 (5) [44] : 0x20 (32) [45] : 0x00 (0) [46] : 0x00 (0) [47] : 0x00 (0) [48] : 0x20 (32) [49] : 0x02 (2) [50] : 0x00 (0) [51] : 0x00 (0) [52] : 0x02 (2) [53] : 0x00 (0) [54] : 0xc4 (196) [55] : 0x00 (0) [56] : 0x07 (7) [57] : 0x00 (0) [58] : 0x00 (0) [59] : 0x00 (0) [60] : 0x00 (0) [61] : 0x02 (2) [62] : 0x14 (20) [63] : 0x00 (0) [64] : 0x08 (8) [65] : 0x00 (0) [66] : 0x02 (2) [67] : 0x20 (32) [68] : 0x01 (1) [69] : 0x01 (1) [70] : 0x00 (0) [71] : 0x00 (0) [72] : 0x00 (0) [73] : 0x00 (0) [74] : 0x00 (0) [75] : 0x01 (1) [76] : 0x00 (0) [77] : 0x00 (0) [78] : 0x00 (0) [79] : 0x00 (0) [80] : 0x00 (0) [81] : 0x09 (9) [82] : 0x24 (36) [83] : 0x00 (0) [84] : 0x0c (12) [85] : 0x00 (0) [86] : 0x0f (15) [87] : 0x10 (16) [88] : 0x01 (1) [89] : 0x05 (5) [90] : 0x00 (0) [91] : 0x00 (0) [92] : 0x00 (0) [93] : 0x00 (0) [94] : 0x00 (0) [95] : 0x05 (5) [96] : 0x15 (21) [97] : 0x00 (0) [98] : 0x00 (0) [99] : 0x00 (0) [100] : 0xd3 (211) [101] : 0x42 (66) [102] : 0x9f (159) [103] : 0x90 (144) [104] : 0x94 (148) [105] : 0x5f (95) [106] : 0x64 (100) [107] : 0xfd (253) [108] : 0xeb (235) [109] : 0x17 (23) [110] : 0x72 (114) [111] : 0x3b (59) [112] : 0x00 (0) [113] : 0x02 (2) [114] : 0x00 (0) [115] : 0x00 (0) [116] : 0x00 (0) [117] : 0x02 (2) [118] : 0x24 (36) [119] : 0x00 (0) [120] : 0x0c (12) [121] : 0x00 (0) [122] : 0x0f (15) [123] : 0x10 (16) [124] : 0x01 (1) [125] : 0x05 (5) [126] : 0x00 (0) [127] : 0x00 (0) [128] : 0x00 (0) [129] : 0x00 (0) [130] : 0x00 (0) [131] : 0x05 (5) [132] : 0x15 (21) [133] : 0x00 (0) [134] : 0x00 (0) [135] : 0x00 (0) [136] : 0xd3 (211) [137] : 0x42 (66) [138] : 0x9f (159) [139] : 0x90 (144) [140] : 0x94 (148) [141] : 0x5f (95) [142] : 0x64 (100) [143] : 0xfd (253) [144] : 0xeb (235) [145] : 0x17 (23) [146] : 0x72 (114) [147] : 0x3b (59) [148] : 0x00 (0) [149] : 0x02 (2) [150] : 0x00 (0) [151] : 0x00 (0) [152] : 0x00 (0) [153] : 0x09 (9) [154] : 0x18 (24) [155] : 0x00 (0) [156] : 0x0c (12) [157] : 0x00 (0) [158] : 0x0f (15) [159] : 0x10 (16) [160] : 0x01 (1) [161] : 0x02 (2) [162] : 0x00 (0) [163] : 0x00 (0) [164] : 0x00 (0) [165] : 0x00 (0) [166] : 0x00 (0) [167] : 0x05 (5) [168] : 0x20 (32) [169] : 0x00 (0) [170] : 0x00 (0) [171] : 0x00 (0) [172] : 0x20 (32) [173] : 0x02 (2) [174] : 0x00 (0) [175] : 0x00 (0) [176] : 0x00 (0) [177] : 0x02 (2) [178] : 0x18 (24) [179] : 0x00 (0) [180] : 0x0c (12) [181] : 0x00 (0) [182] : 0x0f (15) [183] : 0x10 (16) [184] : 0x01 (1) [185] : 0x02 (2) [186] : 0x00 (0) [187] : 0x00 (0) [188] : 0x00 (0) [189] : 0x00 (0) [190] : 0x00 (0) [191] : 0x05 (5) [192] : 0x20 (32) [193] : 0x00 (0) [194] : 0x00 (0) [195] : 0x00 (0) [196] : 0x20 (32) [197] : 0x02 (2) [198] : 0x00 (0) [199] : 0x00 (0) [200] : 0x00 (0) [201] : 0x09 (9) [202] : 0x18 (24) [203] : 0x00 (0) [204] : 0x0c (12) [205] : 0x00 (0) [206] : 0x0f (15) [207] : 0x10 (16) [208] : 0x01 (1) [209] : 0x02 (2) [210] : 0x00 (0) [211] : 0x00 (0) [212] : 0x00 (0) [213] : 0x00 (0) [214] : 0x00 (0) [215] : 0x05 (5) [216] : 0x20 (32) [217] : 0x00 (0) [218] : 0x00 (0) [219] : 0x00 (0) [220] : 0x26 (38) [221] : 0x02 (2) [222] : 0x00 (0) [223] : 0x00 (0) [224] : 0x00 (0) [225] : 0x02 (2) [226] : 0x18 (24) [227] : 0x00 (0) [228] : 0x0c (12) [229] : 0x00 (0) [230] : 0x0f (15) [231] : 0x10 (16) [232] : 0x01 (1) [233] : 0x02 (2) [234] : 0x00 (0) [235] : 0x00 (0) [236] : 0x00 (0) [237] : 0x00 (0) [238] : 0x00 (0) [239] : 0x05 (5) [240] : 0x20 (32) [241] : 0x00 (0) [242] : 0x00 (0) [243] : 0x00 (0) [244] : 0x26 (38) [245] : 0x02 (2) [246] : 0x00 (0) [247] : 0x00 (0) size : * size : 0x000000f8 (248) length : * length : 0x000000f8 (248) result : WERR_OK [2012/02/20 14:52:43.359714, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000002f-0000-0000-424f-abc0596c0000 enum_index : 0x00000009 (9) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2012/02/20 14:52:43.360649, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 2F 00 00 00 00 00 00 00 42 4F AB C0 ..../... ....BO.. [0010] 59 6C 00 00 Yl.. [2012/02/20 14:52:43.360835, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\frost] [2012/02/20 14:52:43.360934, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0016 (22) size : 0x0024 (36) name : * name : 'Share Name' type : * type : REG_SZ (1) value : * value: ARRAY(12) [0] : 0x66 (102) [1] : 0x00 (0) [2] : 0x72 (114) [3] : 0x00 (0) [4] : 0x6f (111) [5] : 0x00 (0) [6] : 0x73 (115) [7] : 0x00 (0) [8] : 0x74 (116) [9] : 0x00 (0) [10] : 0x00 (0) [11] : 0x00 (0) size : * size : 0x0000000c (12) length : * length : 0x0000000c (12) result : WERR_OK [2012/02/20 14:52:43.362298, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000002f-0000-0000-424f-abc0596c0000 enum_index : 0x0000000a (10) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2012/02/20 14:52:43.363212, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 2F 00 00 00 00 00 00 00 42 4F AB C0 ..../... ....BO.. [0010] 59 6C 00 00 Yl.. [2012/02/20 14:52:43.363397, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\frost] [2012/02/20 14:52:43.363494, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0014 (20) size : 0x0024 (36) name : * name : 'StartTime' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x00 (0) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2012/02/20 14:52:43.364442, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000002f-0000-0000-424f-abc0596c0000 enum_index : 0x0000000b (11) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2012/02/20 14:52:43.365542, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 2F 00 00 00 00 00 00 00 42 4F AB C0 ..../... ....BO.. [0010] 59 6C 00 00 Yl.. [2012/02/20 14:52:43.365741, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\frost] [2012/02/20 14:52:43.365841, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0014 (20) size : 0x0024 (36) name : * name : 'UntilTime' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x00 (0) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2012/02/20 14:52:43.366817, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000002f-0000-0000-424f-abc0596c0000 enum_index : 0x0000000c (12) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2012/02/20 14:52:43.367732, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 2F 00 00 00 00 00 00 00 42 4F AB C0 ..../... ....BO.. [0010] 59 6C 00 00 Yl.. [2012/02/20 14:52:43.367914, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\frost] [2012/02/20 14:52:43.368050, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0024 (36) name : * name : 'ChangeID' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x3b (59) [1] : 0x86 (134) [2] : 0xbe (190) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2012/02/20 14:52:43.369060, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000002f-0000-0000-424f-abc0596c0000 value_name : * value_name: struct winreg_String name_len : 0x0020 (32) name_size : 0x0020 (32) name : * name : 'Default DevMode' type : * type : REG_NONE (0) data : NULL data_size : * data_size : 0x00000000 (0) data_length : * data_length : 0x00000000 (0) [2012/02/20 14:52:43.369878, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 2F 00 00 00 00 00 00 00 42 4F AB C0 ..../... ....BO.. [0010] 59 6C 00 00 Yl.. [2012/02/20 14:52:43.370135, 7] rpc_server/winreg/srv_winreg_nt.c:262(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\frost] [2012/02/20 14:52:43.370234, 7] rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2012/02/20 14:52:43.370329, 10] rpc_server/winreg/srv_winreg_nt.c:315(_winreg_QueryValue) _winreg_QueryValue: reg_queryvalue failed with: WERR_BADFILE [2012/02/20 14:52:43.370417, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_NONE (0) data : NULL data_size : * data_size : 0x00000000 (0) data_length : * data_length : 0x00000000 (0) result : WERR_BADFILE [2012/02/20 14:52:43.370924, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM in: struct winreg_OpenHKLM system_name : NULL access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2012/02/20 14:52:43.371643, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2012/02/20 14:52:43.371752, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (2->3) [2012/02/20 14:52:43.371847, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM] [2012/02/20 14:52:43.371935, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM] [2012/02/20 14:52:43.372034, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/02/20 14:52:43.372120, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0xb037c0 for key [\HKLM] [2012/02/20 14:52:43.372279, 10] registry/reg_backend_db.c:1871(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM] [2012/02/20 14:52:43.372413, 10] ../libcli/security/access_check.c:178(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2012/02/20 14:52:43.372516, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[3] [0000] 00 00 00 00 30 00 00 00 00 00 00 00 42 4F AB C0 ....0... ....BO.. [0010] 59 6C 00 00 Yl.. [2012/02/20 14:52:43.372707, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM out: struct winreg_OpenHKLM handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000030-0000-0000-424f-abc0596c0000 result : WERR_OK [2012/02/20 14:52:43.373118, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey in: struct winreg_OpenKey parent_handle : * parent_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000030-0000-0000-424f-abc0596c0000 keyname: struct winreg_String name_len : 0x0084 (132) name_size : 0x0084 (132) name : * name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\frost' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2012/02/20 14:52:43.374217, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 30 00 00 00 00 00 00 00 42 4F AB C0 ....0... ....BO.. [0010] 59 6C 00 00 Yl.. [2012/02/20 14:52:43.374410, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2012/02/20 14:52:43.374505, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (3->4) [2012/02/20 14:52:43.374600, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] [2012/02/20 14:52:43.374687, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE] [2012/02/20 14:52:43.374809, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/02/20 14:52:43.374895, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0xb037c0 for key [\HKLM\SOFTWARE] [2012/02/20 14:52:43.375057, 10] registry/reg_backend_db.c:1871(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE] [2012/02/20 14:52:43.375192, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2012/02/20 14:52:43.375288, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (4->5) [2012/02/20 14:52:43.375381, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] [2012/02/20 14:52:43.375471, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] [2012/02/20 14:52:43.375559, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/02/20 14:52:43.375643, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0xb037c0 for key [\HKLM\SOFTWARE\Microsoft] [2012/02/20 14:52:43.375778, 10] registry/reg_backend_db.c:1871(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft] [2012/02/20 14:52:43.375909, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (5->4) [2012/02/20 14:52:43.376033, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2012/02/20 14:52:43.376143, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (4->5) [2012/02/20 14:52:43.376238, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] [2012/02/20 14:52:43.376325, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] [2012/02/20 14:52:43.376412, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/02/20 14:52:43.376498, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0xb037c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] [2012/02/20 14:52:43.376635, 10] registry/reg_backend_db.c:1871(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT] [2012/02/20 14:52:43.376767, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (5->4) [2012/02/20 14:52:43.376858, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2012/02/20 14:52:43.376949, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (4->5) [2012/02/20 14:52:43.377052, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2012/02/20 14:52:43.377139, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2012/02/20 14:52:43.377229, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/02/20 14:52:43.377314, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0xb03a20 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2012/02/20 14:52:43.377474, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (5->4) [2012/02/20 14:52:43.377566, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2012/02/20 14:52:43.377657, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (4->5) [2012/02/20 14:52:43.377752, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2012/02/20 14:52:43.377842, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2012/02/20 14:52:43.377932, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/02/20 14:52:43.378053, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0xb03a20 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2012/02/20 14:52:43.378197, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (5->4) [2012/02/20 14:52:43.378287, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2012/02/20 14:52:43.378377, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (4->5) [2012/02/20 14:52:43.378472, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2012/02/20 14:52:43.378561, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2012/02/20 14:52:43.378650, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/02/20 14:52:43.378735, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0xb037c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2012/02/20 14:52:43.378882, 10] registry/reg_backend_db.c:1871(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2012/02/20 14:52:43.379028, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (5->4) [2012/02/20 14:52:43.379117, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [frost] [2012/02/20 14:52:43.379209, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (4->5) [2012/02/20 14:52:43.379304, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\frost] [2012/02/20 14:52:43.379392, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\frost] [2012/02/20 14:52:43.379483, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/02/20 14:52:43.379568, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0xb037c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\frost] [2012/02/20 14:52:43.379712, 10] registry/reg_backend_db.c:1871(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\frost] [2012/02/20 14:52:43.379850, 10] ../libcli/security/access_check.c:178(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2012/02/20 14:52:43.379945, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (5->4) [2012/02/20 14:52:43.380046, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[4] [0000] 00 00 00 00 31 00 00 00 00 00 00 00 42 4F AB C0 ....1... ....BO.. [0010] 59 6C 00 00 Yl.. [2012/02/20 14:52:43.380235, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey out: struct winreg_OpenKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000031-0000-0000-424f-abc0596c0000 result : WERR_OK [2012/02/20 14:52:43.380717, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000031-0000-0000-424f-abc0596c0000 value_name : * value_name: struct winreg_String name_len : 0x0012 (18) name_size : 0x0012 (18) name : * name : 'Security' type : * type : REG_NONE (0) data : NULL data_size : * data_size : 0x00000000 (0) data_length : * data_length : 0x00000000 (0) [2012/02/20 14:52:43.381590, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 31 00 00 00 00 00 00 00 42 4F AB C0 ....1... ....BO.. [0010] 59 6C 00 00 Yl.. [2012/02/20 14:52:43.381784, 7] rpc_server/winreg/srv_winreg_nt.c:262(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\frost] [2012/02/20 14:52:43.381873, 7] rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2012/02/20 14:52:43.381961, 10] registry/reg_dispatcher.c:150(fetch_reg_values) fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\frost' (ops 0xb037c0) [2012/02/20 14:52:43.382062, 10] registry/reg_backend_db.c:1764(regdb_fetch_values_internal) regdb_fetch_values: Looking for value of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\frost] [2012/02/20 14:52:43.382214, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) specific: [Attributes], len: 4 [2012/02/20 14:52:43.382308, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) specific: [Description], len: 2 [2012/02/20 14:52:43.382398, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) specific: [Datatype], len: 8 [2012/02/20 14:52:43.382488, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) specific: [Default Priority], len: 4 [2012/02/20 14:52:43.382579, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) specific: [Port], len: 38 [2012/02/20 14:52:43.382668, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) specific: [Name], len: 12 [2012/02/20 14:52:43.382758, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) specific: [Print Processor], len: 18 [2012/02/20 14:52:43.382848, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) specific: [Priority], len: 4 [2012/02/20 14:52:43.382938, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) specific: [Security], len: 248 [2012/02/20 14:52:43.383037, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) specific: [Share Name], len: 12 [2012/02/20 14:52:43.383126, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) specific: [StartTime], len: 4 [2012/02/20 14:52:43.383216, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) specific: [UntilTime], len: 4 [2012/02/20 14:52:43.383305, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) specific: [ChangeID], len: 4 [2012/02/20 14:52:43.383398, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_BINARY (3) data : NULL data_size : * data_size : 0x000000f8 (248) data_length : * data_length : 0x00000000 (0) result : WERR_OK [2012/02/20 14:52:43.383888, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000031-0000-0000-424f-abc0596c0000 value_name : * value_name: struct winreg_String name_len : 0x0012 (18) name_size : 0x0012 (18) name : * name : 'Security' type : * type : REG_BINARY (3) data : * data: ARRAY(0) data_size : * data_size : 0x000000f8 (248) data_length : * data_length : 0x00000000 (0) [2012/02/20 14:52:43.384782, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 31 00 00 00 00 00 00 00 42 4F AB C0 ....1... ....BO.. [0010] 59 6C 00 00 Yl.. [2012/02/20 14:52:43.384968, 7] rpc_server/winreg/srv_winreg_nt.c:262(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\frost] [2012/02/20 14:52:43.385066, 7] rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2012/02/20 14:52:43.385158, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_BINARY (3) data : * data: ARRAY(248) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x04 (4) [3] : 0x80 (128) [4] : 0x14 (20) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) [8] : 0x24 (36) [9] : 0x00 (0) [10] : 0x00 (0) [11] : 0x00 (0) [12] : 0x00 (0) [13] : 0x00 (0) [14] : 0x00 (0) [15] : 0x00 (0) [16] : 0x34 (52) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) [20] : 0x01 (1) [21] : 0x02 (2) [22] : 0x00 (0) [23] : 0x00 (0) [24] : 0x00 (0) [25] : 0x00 (0) [26] : 0x00 (0) [27] : 0x05 (5) [28] : 0x20 (32) [29] : 0x00 (0) [30] : 0x00 (0) [31] : 0x00 (0) [32] : 0x20 (32) [33] : 0x02 (2) [34] : 0x00 (0) [35] : 0x00 (0) [36] : 0x01 (1) [37] : 0x02 (2) [38] : 0x00 (0) [39] : 0x00 (0) [40] : 0x00 (0) [41] : 0x00 (0) [42] : 0x00 (0) [43] : 0x05 (5) [44] : 0x20 (32) [45] : 0x00 (0) [46] : 0x00 (0) [47] : 0x00 (0) [48] : 0x20 (32) [49] : 0x02 (2) [50] : 0x00 (0) [51] : 0x00 (0) [52] : 0x02 (2) [53] : 0x00 (0) [54] : 0xc4 (196) [55] : 0x00 (0) [56] : 0x07 (7) [57] : 0x00 (0) [58] : 0x00 (0) [59] : 0x00 (0) [60] : 0x00 (0) [61] : 0x02 (2) [62] : 0x14 (20) [63] : 0x00 (0) [64] : 0x08 (8) [65] : 0x00 (0) [66] : 0x02 (2) [67] : 0x20 (32) [68] : 0x01 (1) [69] : 0x01 (1) [70] : 0x00 (0) [71] : 0x00 (0) [72] : 0x00 (0) [73] : 0x00 (0) [74] : 0x00 (0) [75] : 0x01 (1) [76] : 0x00 (0) [77] : 0x00 (0) [78] : 0x00 (0) [79] : 0x00 (0) [80] : 0x00 (0) [81] : 0x09 (9) [82] : 0x24 (36) [83] : 0x00 (0) [84] : 0x0c (12) [85] : 0x00 (0) [86] : 0x0f (15) [87] : 0x10 (16) [88] : 0x01 (1) [89] : 0x05 (5) [90] : 0x00 (0) [91] : 0x00 (0) [92] : 0x00 (0) [93] : 0x00 (0) [94] : 0x00 (0) [95] : 0x05 (5) [96] : 0x15 (21) [97] : 0x00 (0) [98] : 0x00 (0) [99] : 0x00 (0) [100] : 0xd3 (211) [101] : 0x42 (66) [102] : 0x9f (159) [103] : 0x90 (144) [104] : 0x94 (148) [105] : 0x5f (95) [106] : 0x64 (100) [107] : 0xfd (253) [108] : 0xeb (235) [109] : 0x17 (23) [110] : 0x72 (114) [111] : 0x3b (59) [112] : 0x00 (0) [113] : 0x02 (2) [114] : 0x00 (0) [115] : 0x00 (0) [116] : 0x00 (0) [117] : 0x02 (2) [118] : 0x24 (36) [119] : 0x00 (0) [120] : 0x0c (12) [121] : 0x00 (0) [122] : 0x0f (15) [123] : 0x10 (16) [124] : 0x01 (1) [125] : 0x05 (5) [126] : 0x00 (0) [127] : 0x00 (0) [128] : 0x00 (0) [129] : 0x00 (0) [130] : 0x00 (0) [131] : 0x05 (5) [132] : 0x15 (21) [133] : 0x00 (0) [134] : 0x00 (0) [135] : 0x00 (0) [136] : 0xd3 (211) [137] : 0x42 (66) [138] : 0x9f (159) [139] : 0x90 (144) [140] : 0x94 (148) [141] : 0x5f (95) [142] : 0x64 (100) [143] : 0xfd (253) [144] : 0xeb (235) [145] : 0x17 (23) [146] : 0x72 (114) [147] : 0x3b (59) [148] : 0x00 (0) [149] : 0x02 (2) [150] : 0x00 (0) [151] : 0x00 (0) [152] : 0x00 (0) [153] : 0x09 (9) [154] : 0x18 (24) [155] : 0x00 (0) [156] : 0x0c (12) [157] : 0x00 (0) [158] : 0x0f (15) [159] : 0x10 (16) [160] : 0x01 (1) [161] : 0x02 (2) [162] : 0x00 (0) [163] : 0x00 (0) [164] : 0x00 (0) [165] : 0x00 (0) [166] : 0x00 (0) [167] : 0x05 (5) [168] : 0x20 (32) [169] : 0x00 (0) [170] : 0x00 (0) [171] : 0x00 (0) [172] : 0x20 (32) [173] : 0x02 (2) [174] : 0x00 (0) [175] : 0x00 (0) [176] : 0x00 (0) [177] : 0x02 (2) [178] : 0x18 (24) [179] : 0x00 (0) [180] : 0x0c (12) [181] : 0x00 (0) [182] : 0x0f (15) [183] : 0x10 (16) [184] : 0x01 (1) [185] : 0x02 (2) [186] : 0x00 (0) [187] : 0x00 (0) [188] : 0x00 (0) [189] : 0x00 (0) [190] : 0x00 (0) [191] : 0x05 (5) [192] : 0x20 (32) [193] : 0x00 (0) [194] : 0x00 (0) [195] : 0x00 (0) [196] : 0x20 (32) [197] : 0x02 (2) [198] : 0x00 (0) [199] : 0x00 (0) [200] : 0x00 (0) [201] : 0x09 (9) [202] : 0x18 (24) [203] : 0x00 (0) [204] : 0x0c (12) [205] : 0x00 (0) [206] : 0x0f (15) [207] : 0x10 (16) [208] : 0x01 (1) [209] : 0x02 (2) [210] : 0x00 (0) [211] : 0x00 (0) [212] : 0x00 (0) [213] : 0x00 (0) [214] : 0x00 (0) [215] : 0x05 (5) [216] : 0x20 (32) [217] : 0x00 (0) [218] : 0x00 (0) [219] : 0x00 (0) [220] : 0x26 (38) [221] : 0x02 (2) [222] : 0x00 (0) [223] : 0x00 (0) [224] : 0x00 (0) [225] : 0x02 (2) [226] : 0x18 (24) [227] : 0x00 (0) [228] : 0x0c (12) [229] : 0x00 (0) [230] : 0x0f (15) [231] : 0x10 (16) [232] : 0x01 (1) [233] : 0x02 (2) [234] : 0x00 (0) [235] : 0x00 (0) [236] : 0x00 (0) [237] : 0x00 (0) [238] : 0x00 (0) [239] : 0x05 (5) [240] : 0x20 (32) [241] : 0x00 (0) [242] : 0x00 (0) [243] : 0x00 (0) [244] : 0x26 (38) [245] : 0x02 (2) [246] : 0x00 (0) [247] : 0x00 (0) data_size : * data_size : 0x000000f8 (248) data_length : * data_length : 0x000000f8 (248) result : WERR_OK [2012/02/20 14:52:43.396563, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000031-0000-0000-424f-abc0596c0000 [2012/02/20 14:52:43.396898, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 31 00 00 00 00 00 00 00 42 4F AB C0 ....1... ....BO.. [0010] 59 6C 00 00 Yl.. [2012/02/20 14:52:43.397106, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 31 00 00 00 00 00 00 00 42 4F AB C0 ....1... ....BO.. [0010] 59 6C 00 00 Yl.. [2012/02/20 14:52:43.397294, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/02/20 14:52:43.397388, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (4->3) [2012/02/20 14:52:43.397478, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2012/02/20 14:52:43.397844, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000030-0000-0000-424f-abc0596c0000 [2012/02/20 14:52:43.398151, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 30 00 00 00 00 00 00 00 42 4F AB C0 ....0... ....BO.. [0010] 59 6C 00 00 Yl.. [2012/02/20 14:52:43.398337, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 30 00 00 00 00 00 00 00 42 4F AB C0 ....0... ....BO.. [0010] 59 6C 00 00 Yl.. [2012/02/20 14:52:43.398525, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/02/20 14:52:43.398610, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (3->2) [2012/02/20 14:52:43.398697, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2012/02/20 14:52:43.399076, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000002f-0000-0000-424f-abc0596c0000 [2012/02/20 14:52:43.399378, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 2F 00 00 00 00 00 00 00 42 4F AB C0 ..../... ....BO.. [0010] 59 6C 00 00 Yl.. [2012/02/20 14:52:43.399564, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 2F 00 00 00 00 00 00 00 42 4F AB C0 ..../... ....BO.. [0010] 59 6C 00 00 Yl.. [2012/02/20 14:52:43.399780, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/02/20 14:52:43.399875, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (2->1) [2012/02/20 14:52:43.399964, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2012/02/20 14:52:43.400341, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000002e-0000-0000-424f-abc0596c0000 [2012/02/20 14:52:43.400644, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 2E 00 00 00 00 00 00 00 42 4F AB C0 ........ ....BO.. [0010] 59 6C 00 00 Yl.. [2012/02/20 14:52:43.400831, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 2E 00 00 00 00 00 00 00 42 4F AB C0 ........ ....BO.. [0010] 59 6C 00 00 Yl.. [2012/02/20 14:52:43.401027, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/02/20 14:52:43.401113, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (1->0) [2012/02/20 14:52:43.401232, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2012/02/20 14:52:43.401693, 5] printing/printing.c:3056(get_stored_queue_info) get_stored_queue_info: qcount = 0, extra_count = 0 count:[0], status:[1], [Paused] [2012/02/20 14:52:43.401832, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) spoolss_EnumJobs: struct spoolss_EnumJobs out: struct spoolss_EnumJobs count : * count : 0x00000000 (0) info : * info : NULL needed : * needed : 0x00000000 (0) result : WERR_OK [2012/02/20 14:52:43.402259, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP) api_rpcTNP: called \spoolss successfully [2012/02/20 14:52:43.402360, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 48 [2012/02/20 14:52:43.402481, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) name: \spoolss len: 4136 [2012/02/20 14:52:43.402574, 10] rpc_server/srv_pipe_hnd.c:346(read_from_internal_pipe) read_from_pipe: \spoolss: fault_state = 0 : data_sent_length = 0, p->out_data.rdata.length = 16. [2012/02/20 14:52:43.402678, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) &r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_RESPONSE (2) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0028 (40) auth_length : 0x0000 (0) call_id : 0x00000005 (5) u : union dcerpc_payload(case 2) response: struct dcerpc_response alloc_hint : 0x00000010 (16) context_id : 0x0000 (0) cancel_count : 0x00 (0) _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=16 [0000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [2012/02/20 14:52:43.403729, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) free_pipe_context: destroying talloc pool of size 1341 [2012/02/20 14:52:43.403834, 10] rpc_server/rpc_handles.c:307(close_policy_by_pipe) close_policy_by_pipe: deleted handle list for pipe \winreg [2012/02/20 14:52:43.403954, 10] rpc_server/srv_pipe_hnd.c:788(np_read_recv) Received 40 bytes. There is no more data outstanding [2012/02/20 14:52:43.404063, 5] smbd/ipc.c:62(copy_trans_params_and_data) copy_trans_params_and_data: params[0..0] data[0..40] (align 0) [2012/02/20 14:52:43.404154, 5] lib/util.c:332(show_msg) [2012/02/20 14:52:43.404204, 5] lib/util.c:342(show_msg) size=96 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=2 smb_pid=1620 smb_uid=100 smb_mid=23682 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 40 (0x28) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 40 (0x28) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=41 [2012/02/20 14:52:43.405023, 10] ../lib/util/util.c:415(dump_data) [0000] 00 05 00 02 03 10 00 00 00 28 00 00 00 05 00 00 ........ .(...... [0010] 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0020] 00 00 00 00 00 00 00 00 00 ........ . [2012/02/20 14:52:43.405948, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 128 [2012/02/20 14:52:43.406082, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x80 [2012/02/20 14:52:43.406180, 3] smbd/process.c:1662(process_smb) Transaction 51 of length 132 (0 toread) [2012/02/20 14:52:43.406267, 5] lib/util.c:332(show_msg) [2012/02/20 14:52:43.406317, 5] lib/util.c:342(show_msg) size=128 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=1620 smb_uid=100 smb_mid=23746 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 44 (0x2C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4136 (0x1028) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 44 (0x2C) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=15586 (0x3CE2) smb_bcc=61 [2012/02/20 14:52:43.407340, 10] ../lib/util/util.c:415(dump_data) [0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [0010] 00 05 00 00 03 10 00 00 00 2C 00 00 00 06 00 00 ........ .,...... [0020] 00 14 00 00 00 00 00 1D 00 00 00 00 00 21 00 00 ........ .....!.. [0030] 00 00 00 00 00 42 4F AA C0 59 6C 00 00 .....BO. .Yl.. [2012/02/20 14:52:43.407687, 3] smbd/process.c:1467(switch_message) switch message SMBtrans (pid 27737) conn 0x9697a50 [2012/02/20 14:52:43.407778, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/02/20 14:52:43.407876, 3] smbd/ipc.c:560(handle_trans) trans <\PIPE\> data=44 params=0 setup=2 [2012/02/20 14:52:43.407968, 5] smbd/ipc.c:593(handle_trans) calling named_pipe [2012/02/20 14:52:43.408118, 3] smbd/ipc.c:511(named_pipe) named pipe command on <> name [2012/02/20 14:52:43.408262, 5] smbd/ipc.c:434(api_fd_reply) api_fd_reply [2012/02/20 14:52:43.408353, 3] smbd/ipc.c:475(api_fd_reply) Got API command 0x26 on pipe "spoolss" (pnum 3ce2) [2012/02/20 14:52:43.408479, 10] smbd/ipc.c:477(api_fd_reply) api_fd_reply: p:0x96a87b8 max_trans_reply: 4136 [2012/02/20 14:52:43.408570, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 44 [2012/02/20 14:52:43.408659, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 44 [2012/02/20 14:52:43.408747, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 44 [2012/02/20 14:52:43.408836, 10] rpc_server/srv_pipe_hnd.c:50(fill_rpc_header) fill_rpc_header: data_to_copy = 44, len_needed_to_complete_hdr = 16, receive_len = 0 [2012/02/20 14:52:43.408926, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 16 [2012/02/20 14:52:43.409024, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 28 [2012/02/20 14:52:43.409110, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 28 [2012/02/20 14:52:43.409201, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 0 [2012/02/20 14:52:43.409287, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 28 [2012/02/20 14:52:43.409373, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 28, incoming data = 28 [2012/02/20 14:52:43.409467, 10] rpc_server/srv_pipe.c:1877(process_complete_pdu) PDU is in Little Endian format! [2012/02/20 14:52:43.409563, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_REQUEST (0) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x002c (44) auth_length : 0x0000 (0) call_id : 0x00000006 (6) u : union dcerpc_payload(case 0) request: struct dcerpc_request alloc_hint : 0x00000014 (20) context_id : 0x0000 (0) opnum : 0x001d (29) object : union dcerpc_object(case 0) empty: struct dcerpc_empty _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=20 [0000] 00 00 00 00 21 00 00 00 00 00 00 00 42 4F AA C0 ....!... ....BO.. [0010] 59 6C 00 00 Yl.. [2012/02/20 14:52:43.410663, 10] rpc_server/srv_pipe.c:1890(process_complete_pdu) Processing packet type 0 [2012/02/20 14:52:43.410751, 10] rpc_server/srv_pipe.c:1734(dcesrv_auth_request) Checking request auth. [2012/02/20 14:52:43.410839, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) Requested \PIPE\\spoolss [2012/02/20 14:52:43.410932, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) api_rpcTNP: \spoolss op 0x1d - api_rpcTNP: rpc command: SPOOLSS_CLOSEPRINTER [2012/02/20 14:52:43.411033, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) api_rpc_cmds[29].fn == 0x444cd0 [2012/02/20 14:52:43.411123, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) spoolss_ClosePrinter: struct spoolss_ClosePrinter in: struct spoolss_ClosePrinter handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000021-0000-0000-424f-aac0596c0000 [2012/02/20 14:52:43.411424, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 21 00 00 00 00 00 00 00 42 4F AA C0 ....!... ....BO.. [0010] 59 6C 00 00 Yl.. [2012/02/20 14:52:43.411642, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 21 00 00 00 00 00 00 00 42 4F AA C0 ....!... ....BO.. [0010] 59 6C 00 00 Yl.. [2012/02/20 14:52:43.411830, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 21 00 00 00 00 00 00 00 42 4F AA C0 ....!... ....BO.. [0010] 59 6C 00 00 Yl.. [2012/02/20 14:52:43.412064, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/02/20 14:52:43.412183, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) spoolss_ClosePrinter: struct spoolss_ClosePrinter out: struct spoolss_ClosePrinter handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2012/02/20 14:52:43.412533, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP) api_rpcTNP: called \spoolss successfully [2012/02/20 14:52:43.412629, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 28 [2012/02/20 14:52:43.412752, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) name: \spoolss len: 4136 [2012/02/20 14:52:43.412846, 10] rpc_server/srv_pipe_hnd.c:346(read_from_internal_pipe) read_from_pipe: \spoolss: fault_state = 0 : data_sent_length = 0, p->out_data.rdata.length = 24. [2012/02/20 14:52:43.412951, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) &r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_RESPONSE (2) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0030 (48) auth_length : 0x0000 (0) call_id : 0x00000006 (6) u : union dcerpc_payload(case 2) response: struct dcerpc_response alloc_hint : 0x00000018 (24) context_id : 0x0000 (0) cancel_count : 0x00 (0) _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=24 [0000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0010] 00 00 00 00 00 00 00 00 ........ [2012/02/20 14:52:43.413981, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) free_pipe_context: destroying talloc pool of size 24 [2012/02/20 14:52:43.414087, 10] rpc_server/srv_pipe_hnd.c:788(np_read_recv) Received 48 bytes. There is no more data outstanding [2012/02/20 14:52:43.414180, 5] smbd/ipc.c:62(copy_trans_params_and_data) copy_trans_params_and_data: params[0..0] data[0..48] (align 0) [2012/02/20 14:52:43.414272, 5] lib/util.c:332(show_msg) [2012/02/20 14:52:43.414322, 5] lib/util.c:342(show_msg) size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=2 smb_pid=1620 smb_uid=100 smb_mid=23746 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [2012/02/20 14:52:43.415140, 10] ../lib/util/util.c:415(dump_data) [0000] 00 05 00 02 03 10 00 00 00 30 00 00 00 06 00 00 ........ .0...... [0010] 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0030] 00 . [2012/02/20 14:52:43.415829, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 41 [2012/02/20 14:52:43.415942, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x29 [2012/02/20 14:52:43.416040, 3] smbd/process.c:1662(process_smb) Transaction 52 of length 45 (0 toread) [2012/02/20 14:52:43.416128, 5] lib/util.c:332(show_msg) [2012/02/20 14:52:43.416178, 5] lib/util.c:342(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=65279 smb_uid=100 smb_mid=23810 smt_wct=3 smb_vwv[ 0]=15586 (0x3CE2) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2012/02/20 14:52:43.416924, 10] ../lib/util/util.c:415(dump_data) [2012/02/20 14:52:43.417020, 3] smbd/process.c:1467(switch_message) switch message SMBclose (pid 27737) conn 0x9697a50 [2012/02/20 14:52:43.417144, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/02/20 14:52:43.417235, 3] smbd/reply.c:4846(reply_close) close fd=-1 fnum=15586 (numopen=1) [2012/02/20 14:52:43.417322, 6] smbd/close.c:527(set_close_write_time) close_write_time: Wed Dec 31 16:59:59 1969 [2012/02/20 14:52:43.417434, 5] smbd/files.c:464(file_free) freed files structure 15586 (1 used) [2012/02/20 14:52:43.417526, 5] lib/util.c:332(show_msg) [2012/02/20 14:52:43.417577, 5] lib/util.c:342(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=2 smb_pid=65279 smb_uid=100 smb_mid=23810 smt_wct=0 smb_bcc=0 [2012/02/20 14:52:43.418051, 10] ../lib/util/util.c:415(dump_data) [2012/02/20 14:52:52.426712, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 58 [2012/02/20 14:52:52.427053, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x3a [2012/02/20 14:52:52.427149, 3] smbd/process.c:1662(process_smb) Transaction 53 of length 62 (0 toread) [2012/02/20 14:52:52.427310, 5] lib/util.c:332(show_msg) [2012/02/20 14:52:52.427369, 5] lib/util.c:342(show_msg) size=58 smb_com=0xc0 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=3 smb_pid=1620 smb_uid=100 smb_mid=23874 smt_wct=2 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 1 (0x1) smb_bcc=19 [2012/02/20 14:52:52.427908, 10] ../lib/util/util.c:415(dump_data) [0000] 04 57 00 49 00 4E 00 47 00 55 00 45 00 53 00 54 .W.I.N.G .U.E.S.T [0010] 00 00 00 ... [2012/02/20 14:52:52.428094, 3] smbd/process.c:1467(switch_message) switch message SMBsplopen (pid 27737) conn 0x96a9508 [2012/02/20 14:52:52.428194, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (7000, 1001) - sec_ctx_stack_ndx = 0 [2012/02/20 14:52:52.428331, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (7): SID[ 0]: S-1-5-21-2426356435-4251213716-997332971-501 SID[ 1]: S-1-5-21-2426356435-4251213716-997332971-513 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-22-1-7000 SID[ 6]: S-1-22-2-1001 Privileges (0x 0): Rights (0x 0): [2012/02/20 14:52:52.428778, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 7000 Primary group is 1001 and contains 1 supplementary groups Group[ 0]: 1001 [2012/02/20 14:52:52.428972, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,7000), gid=(0,1001) [2012/02/20 14:52:52.429070, 4] smbd/vfs.c:780(vfs_ChDir) vfs_ChDir to /var/spool/samba [2012/02/20 14:52:52.429252, 5] smbd/files.c:126(file_new) allocated file structure 11491, fnum = 15587 (2 used) [2012/02/20 14:52:52.430117, 10] rpc_server/rpc_handles.c:307(close_policy_by_pipe) close_policy_by_pipe: deleted handle list for pipe \spoolss [2012/02/20 14:52:52.430322, 5] rpc_server/rpc_ncacn_np.c:883(rpc_pipe_open_interface) Connecting to spoolss pipe. [2012/02/20 14:52:52.430470, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) Create pipe requested \spoolss [2012/02/20 14:52:52.430570, 10] rpc_server/rpc_handles.c:116(init_pipe_handles) init_pipe_handle_list: created handle list for pipe \spoolss [2012/02/20 14:52:52.430660, 10] rpc_server/rpc_handles.c:133(init_pipe_handles) init_pipe_handle_list: pipe_handles ref count = 1 for pipe \spoolss [2012/02/20 14:52:52.430763, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) Created internal pipe \spoolss (pipes_open=0) [2012/02/20 14:52:52.430897, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) spoolss_OpenPrinter: struct spoolss_OpenPrinter in: struct spoolss_OpenPrinter printername : * printername : 'miro' datatype : * datatype : 'RAW' devmode_ctr: struct spoolss_DevmodeContainer _ndr_size : 0x00000000 (0) devmode : NULL access_mask : 0x02000000 (33554432) 0: SERVER_ACCESS_ADMINISTER 0: SERVER_ACCESS_ENUMERATE 0: PRINTER_ACCESS_ADMINISTER 0: PRINTER_ACCESS_USE 0: JOB_ACCESS_ADMINISTER 0: JOB_ACCESS_READ checking name: miro [2012/02/20 14:52:52.431650, 10] rpc_server/spoolss/srv_spoolss_nt.c:752(open_printer_hnd) open_printer_hnd: name [miro] [2012/02/20 14:52:52.431828, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[1] [0000] 00 00 00 00 32 00 00 00 00 00 00 00 42 4F B4 C0 ....2... ....BO.. [0010] 59 6C 00 00 Yl.. [2012/02/20 14:52:52.432030, 3] rpc_server/spoolss/srv_spoolss_nt.c:521(set_printer_hnd_printertype) Setting printer type=miro Printer is a printer [2012/02/20 14:52:52.432151, 4] rpc_server/spoolss/srv_spoolss_nt.c:581(set_printer_hnd_name) Setting printer name=miro (len=4) searching for [miro] [2012/02/20 14:52:52.432346, 10] lib/gencache.c:183(gencache_set_data_blob) Adding cache entry with key = PRINTERNAME/miro and timeout = Mon Feb 20 14:57:52 2012 (300 seconds ahead) set_printer_hnd_name: Printer found: miro -> miro [2012/02/20 14:52:52.432598, 5] rpc_server/spoolss/srv_spoolss_nt.c:788(open_printer_hnd) 1 printer handles active [2012/02/20 14:52:52.432688, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 32 00 00 00 00 00 00 00 42 4F B4 C0 ....2... ....BO.. [0010] 59 6C 00 00 Yl.. [2012/02/20 14:52:52.432876, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 32 00 00 00 00 00 00 00 42 4F B4 C0 ....2... ....BO.. [0010] 59 6C 00 00 Yl.. [2012/02/20 14:52:52.433064, 4] rpc_server/spoolss/srv_spoolss_nt.c:504(get_printer_snum) short name:miro [2012/02/20 14:52:52.433170, 3] lib/access.c:338(allow_access) Allowed connection from 10.10.20.205 (10.10.20.205) [2012/02/20 14:52:52.435327, 10] smbd/share_access.c:241(user_ok_token) user_ok_token: share miro is ok for unix user winguest [2012/02/20 14:52:52.435524, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) Create pipe requested \winreg [2012/02/20 14:52:52.435634, 10] rpc_server/rpc_handles.c:116(init_pipe_handles) init_pipe_handle_list: created handle list for pipe \winreg [2012/02/20 14:52:52.435726, 10] rpc_server/rpc_handles.c:133(init_pipe_handles) init_pipe_handle_list: pipe_handles ref count = 1 for pipe \winreg [2012/02/20 14:52:52.435841, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) Created internal pipe \winreg (pipes_open=0) [2012/02/20 14:52:52.435965, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM in: struct winreg_OpenHKLM system_name : NULL access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2012/02/20 14:52:52.436594, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2012/02/20 14:52:52.436695, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(7000, 1001) : sec_ctx_stack_ndx = 1 [2012/02/20 14:52:52.436792, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(100) : conn_ctx_stack_ndx = 0 [2012/02/20 14:52:52.436881, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2012/02/20 14:52:52.437053, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2012/02/20 14:52:52.437140, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2012/02/20 14:52:52.437466, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (7000, 1001) - sec_ctx_stack_ndx = 0 [2012/02/20 14:52:52.437570, 10] registry/reg_backend_db.c:602(regdb_open) regdb_open: registry db opened. refcount reset (1) [2012/02/20 14:52:52.437665, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM] [2012/02/20 14:52:52.437752, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM] [2012/02/20 14:52:52.437841, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/02/20 14:52:52.437969, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0xb037c0 for key [\HKLM] [2012/02/20 14:52:52.438164, 10] registry/reg_backend_db.c:1871(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM] [2012/02/20 14:52:52.438400, 10] ../libcli/security/access_check.c:178(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2012/02/20 14:52:52.438567, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[1] [0000] 00 00 00 00 33 00 00 00 00 00 00 00 42 4F B4 C0 ....3... ....BO.. [0010] 59 6C 00 00 Yl.. [2012/02/20 14:52:52.438766, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM out: struct winreg_OpenHKLM handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000033-0000-0000-424f-b4c0596c0000 result : WERR_OK [2012/02/20 14:52:52.439184, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey in: struct winreg_OpenKey parent_handle : * parent_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000033-0000-0000-424f-b4c0596c0000 keyname: struct winreg_String name_len : 0x0082 (130) name_size : 0x0082 (130) name : * name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\miro' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2012/02/20 14:52:52.440363, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 33 00 00 00 00 00 00 00 42 4F B4 C0 ....3... ....BO.. [0010] 59 6C 00 00 Yl.. [2012/02/20 14:52:52.440561, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2012/02/20 14:52:52.440655, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (1->2) [2012/02/20 14:52:52.440751, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] [2012/02/20 14:52:52.440839, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE] [2012/02/20 14:52:52.440929, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/02/20 14:52:52.441019, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0xb037c0 for key [\HKLM\SOFTWARE] [2012/02/20 14:52:52.441188, 10] registry/reg_backend_db.c:1871(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE] [2012/02/20 14:52:52.441335, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2012/02/20 14:52:52.441430, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (2->3) [2012/02/20 14:52:52.441524, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] [2012/02/20 14:52:52.441612, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] [2012/02/20 14:52:52.441701, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/02/20 14:52:52.441786, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0xb037c0 for key [\HKLM\SOFTWARE\Microsoft] [2012/02/20 14:52:52.441929, 10] registry/reg_backend_db.c:1871(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft] [2012/02/20 14:52:52.442062, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (3->2) [2012/02/20 14:52:52.442192, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2012/02/20 14:52:52.442313, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (2->3) [2012/02/20 14:52:52.442409, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] [2012/02/20 14:52:52.442498, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] [2012/02/20 14:52:52.442660, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/02/20 14:52:52.442752, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0xb037c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] [2012/02/20 14:52:52.442913, 10] registry/reg_backend_db.c:1871(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT] [2012/02/20 14:52:52.443105, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (3->2) [2012/02/20 14:52:52.443201, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2012/02/20 14:52:52.443346, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (2->3) [2012/02/20 14:52:52.443445, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2012/02/20 14:52:52.443535, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2012/02/20 14:52:52.443659, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/02/20 14:52:52.443747, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0xb03a20 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2012/02/20 14:52:52.443922, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (3->2) [2012/02/20 14:52:52.444022, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2012/02/20 14:52:52.444113, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (2->3) [2012/02/20 14:52:52.444209, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2012/02/20 14:52:52.444359, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2012/02/20 14:52:52.444454, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/02/20 14:52:52.444540, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0xb03a20 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2012/02/20 14:52:52.444698, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (3->2) [2012/02/20 14:52:52.444792, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2012/02/20 14:52:52.444910, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (2->3) [2012/02/20 14:52:52.445091, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2012/02/20 14:52:52.445245, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2012/02/20 14:52:52.445414, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/02/20 14:52:52.445530, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0xb037c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2012/02/20 14:52:52.445710, 10] registry/reg_backend_db.c:1871(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2012/02/20 14:52:52.445857, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (3->2) [2012/02/20 14:52:52.445950, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [miro] [2012/02/20 14:52:52.446045, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (2->3) [2012/02/20 14:52:52.446142, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\miro] [2012/02/20 14:52:52.446256, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\miro] [2012/02/20 14:52:52.446352, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/02/20 14:52:52.446436, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0xb037c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\miro] [2012/02/20 14:52:52.446582, 10] registry/reg_backend_db.c:1871(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\miro] [2012/02/20 14:52:52.446720, 10] ../libcli/security/access_check.c:178(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2012/02/20 14:52:52.446816, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (3->2) [2012/02/20 14:52:52.446911, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[2] [0000] 00 00 00 00 34 00 00 00 00 00 00 00 42 4F B4 C0 ....4... ....BO.. [0010] 59 6C 00 00 Yl.. [2012/02/20 14:52:52.447141, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey out: struct winreg_OpenKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000034-0000-0000-424f-b4c0596c0000 result : WERR_OK [2012/02/20 14:52:52.447639, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000034-0000-0000-424f-b4c0596c0000 value_name : * value_name: struct winreg_String name_len : 0x0012 (18) name_size : 0x0012 (18) name : * name : 'Security' type : * type : REG_NONE (0) data : NULL data_size : * data_size : 0x00000000 (0) data_length : * data_length : 0x00000000 (0) [2012/02/20 14:52:52.448509, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 34 00 00 00 00 00 00 00 42 4F B4 C0 ....4... ....BO.. [0010] 59 6C 00 00 Yl.. [2012/02/20 14:52:52.448703, 7] rpc_server/winreg/srv_winreg_nt.c:262(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\miro] [2012/02/20 14:52:52.448794, 7] rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2012/02/20 14:52:52.448883, 10] registry/reg_dispatcher.c:150(fetch_reg_values) fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\miro' (ops 0xb037c0) [2012/02/20 14:52:52.448975, 10] registry/reg_backend_db.c:1764(regdb_fetch_values_internal) regdb_fetch_values: Looking for value of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\miro] [2012/02/20 14:52:52.449142, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) specific: [Attributes], len: 4 [2012/02/20 14:52:52.449263, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) specific: [Description], len: 14 [2012/02/20 14:52:52.449368, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) specific: [Datatype], len: 8 [2012/02/20 14:52:52.449459, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) specific: [Default Priority], len: 4 [2012/02/20 14:52:52.449550, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) specific: [Default DevMode], len: 220 [2012/02/20 14:52:52.449640, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) specific: [Printer Driver], len: 56 [2012/02/20 14:52:52.449730, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) specific: [Location], len: 26 [2012/02/20 14:52:52.449820, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) specific: [Parameters], len: 2 [2012/02/20 14:52:52.449910, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) specific: [Port], len: 38 [2012/02/20 14:52:52.450003, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) specific: [Name], len: 10 [2012/02/20 14:52:52.450094, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) specific: [Print Processor], len: 42 [2012/02/20 14:52:52.450184, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) specific: [Priority], len: 4 [2012/02/20 14:52:52.450400, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) specific: [Separator File], len: 2 [2012/02/20 14:52:52.450520, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) specific: [Share Name], len: 10 [2012/02/20 14:52:52.450612, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) specific: [StartTime], len: 4 [2012/02/20 14:52:52.450702, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) specific: [Status], len: 4 [2012/02/20 14:52:52.450792, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) specific: [UntilTime], len: 4 [2012/02/20 14:52:52.450884, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) specific: [Security], len: 232 [2012/02/20 14:52:52.450975, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) specific: [ChangeID], len: 4 [2012/02/20 14:52:52.451077, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_BINARY (3) data : NULL data_size : * data_size : 0x000000e8 (232) data_length : * data_length : 0x00000000 (0) result : WERR_OK [2012/02/20 14:52:52.451629, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000034-0000-0000-424f-b4c0596c0000 value_name : * value_name: struct winreg_String name_len : 0x0012 (18) name_size : 0x0012 (18) name : * name : 'Security' type : * type : REG_BINARY (3) data : * data: ARRAY(0) data_size : * data_size : 0x000000e8 (232) data_length : * data_length : 0x00000000 (0) [2012/02/20 14:52:52.452518, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 34 00 00 00 00 00 00 00 42 4F B4 C0 ....4... ....BO.. [0010] 59 6C 00 00 Yl.. [2012/02/20 14:52:52.452706, 7] rpc_server/winreg/srv_winreg_nt.c:262(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\miro] [2012/02/20 14:52:52.452796, 7] rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2012/02/20 14:52:52.452892, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_BINARY (3) data : * data: ARRAY(232) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x0c (12) [3] : 0x80 (128) [4] : 0x14 (20) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) [8] : 0x20 (32) [9] : 0x00 (0) [10] : 0x00 (0) [11] : 0x00 (0) [12] : 0x00 (0) [13] : 0x00 (0) [14] : 0x00 (0) [15] : 0x00 (0) [16] : 0x2c (44) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) [20] : 0x01 (1) [21] : 0x01 (1) [22] : 0x00 (0) [23] : 0x00 (0) [24] : 0x00 (0) [25] : 0x00 (0) [26] : 0x00 (0) [27] : 0x05 (5) [28] : 0x12 (18) [29] : 0x00 (0) [30] : 0x00 (0) [31] : 0x00 (0) [32] : 0x01 (1) [33] : 0x01 (1) [34] : 0x00 (0) [35] : 0x00 (0) [36] : 0x00 (0) [37] : 0x00 (0) [38] : 0x00 (0) [39] : 0x05 (5) [40] : 0x12 (18) [41] : 0x00 (0) [42] : 0x00 (0) [43] : 0x00 (0) [44] : 0x02 (2) [45] : 0x00 (0) [46] : 0xbc (188) [47] : 0x00 (0) [48] : 0x07 (7) [49] : 0x00 (0) [50] : 0x00 (0) [51] : 0x00 (0) [52] : 0x00 (0) [53] : 0x00 (0) [54] : 0x24 (36) [55] : 0x00 (0) [56] : 0x0c (12) [57] : 0x00 (0) [58] : 0x0f (15) [59] : 0x00 (0) [60] : 0x01 (1) [61] : 0x05 (5) [62] : 0x00 (0) [63] : 0x00 (0) [64] : 0x00 (0) [65] : 0x00 (0) [66] : 0x00 (0) [67] : 0x05 (5) [68] : 0x15 (21) [69] : 0x00 (0) [70] : 0x00 (0) [71] : 0x00 (0) [72] : 0xd3 (211) [73] : 0x42 (66) [74] : 0x9f (159) [75] : 0x90 (144) [76] : 0x94 (148) [77] : 0x5f (95) [78] : 0x64 (100) [79] : 0xfd (253) [80] : 0xeb (235) [81] : 0x17 (23) [82] : 0x72 (114) [83] : 0x3b (59) [84] : 0x9a (154) [85] : 0x3a (58) [86] : 0x00 (0) [87] : 0x00 (0) [88] : 0x00 (0) [89] : 0x09 (9) [90] : 0x24 (36) [91] : 0x00 (0) [92] : 0x30 (48) [93] : 0x00 (0) [94] : 0x0f (15) [95] : 0x00 (0) [96] : 0x01 (1) [97] : 0x05 (5) [98] : 0x00 (0) [99] : 0x00 (0) [100] : 0x00 (0) [101] : 0x00 (0) [102] : 0x00 (0) [103] : 0x05 (5) [104] : 0x15 (21) [105] : 0x00 (0) [106] : 0x00 (0) [107] : 0x00 (0) [108] : 0xd3 (211) [109] : 0x42 (66) [110] : 0x9f (159) [111] : 0x90 (144) [112] : 0x94 (148) [113] : 0x5f (95) [114] : 0x64 (100) [115] : 0xfd (253) [116] : 0xeb (235) [117] : 0x17 (23) [118] : 0x72 (114) [119] : 0x3b (59) [120] : 0x9a (154) [121] : 0x3a (58) [122] : 0x00 (0) [123] : 0x00 (0) [124] : 0x00 (0) [125] : 0x09 (9) [126] : 0x14 (20) [127] : 0x00 (0) [128] : 0x00 (0) [129] : 0x00 (0) [130] : 0x00 (0) [131] : 0x10 (16) [132] : 0x01 (1) [133] : 0x01 (1) [134] : 0x00 (0) [135] : 0x00 (0) [136] : 0x00 (0) [137] : 0x00 (0) [138] : 0x00 (0) [139] : 0x03 (3) [140] : 0x00 (0) [141] : 0x00 (0) [142] : 0x00 (0) [143] : 0x00 (0) [144] : 0x00 (0) [145] : 0x00 (0) [146] : 0x14 (20) [147] : 0x00 (0) [148] : 0x08 (8) [149] : 0x00 (0) [150] : 0x02 (2) [151] : 0x00 (0) [152] : 0x01 (1) [153] : 0x01 (1) [154] : 0x00 (0) [155] : 0x00 (0) [156] : 0x00 (0) [157] : 0x00 (0) [158] : 0x00 (0) [159] : 0x01 (1) [160] : 0x00 (0) [161] : 0x00 (0) [162] : 0x00 (0) [163] : 0x00 (0) [164] : 0x00 (0) [165] : 0x0a (10) [166] : 0x14 (20) [167] : 0x00 (0) [168] : 0x00 (0) [169] : 0x00 (0) [170] : 0x00 (0) [171] : 0x20 (32) [172] : 0x01 (1) [173] : 0x01 (1) [174] : 0x00 (0) [175] : 0x00 (0) [176] : 0x00 (0) [177] : 0x00 (0) [178] : 0x00 (0) [179] : 0x01 (1) [180] : 0x00 (0) [181] : 0x00 (0) [182] : 0x00 (0) [183] : 0x00 (0) [184] : 0x00 (0) [185] : 0x00 (0) [186] : 0x18 (24) [187] : 0x00 (0) [188] : 0x0c (12) [189] : 0x00 (0) [190] : 0x0f (15) [191] : 0x00 (0) [192] : 0x01 (1) [193] : 0x02 (2) [194] : 0x00 (0) [195] : 0x00 (0) [196] : 0x00 (0) [197] : 0x00 (0) [198] : 0x00 (0) [199] : 0x05 (5) [200] : 0x20 (32) [201] : 0x00 (0) [202] : 0x00 (0) [203] : 0x00 (0) [204] : 0x20 (32) [205] : 0x02 (2) [206] : 0x00 (0) [207] : 0x00 (0) [208] : 0x00 (0) [209] : 0x0b (11) [210] : 0x18 (24) [211] : 0x00 (0) [212] : 0x00 (0) [213] : 0x00 (0) [214] : 0x00 (0) [215] : 0x10 (16) [216] : 0x01 (1) [217] : 0x02 (2) [218] : 0x00 (0) [219] : 0x00 (0) [220] : 0x00 (0) [221] : 0x00 (0) [222] : 0x00 (0) [223] : 0x05 (5) [224] : 0x20 (32) [225] : 0x00 (0) [226] : 0x00 (0) [227] : 0x00 (0) [228] : 0x20 (32) [229] : 0x02 (2) [230] : 0x00 (0) [231] : 0x00 (0) data_size : * data_size : 0x000000e8 (232) data_length : * data_length : 0x000000e8 (232) result : WERR_OK [2012/02/20 14:52:52.464134, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000034-0000-0000-424f-b4c0596c0000 [2012/02/20 14:52:52.464516, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 34 00 00 00 00 00 00 00 42 4F B4 C0 ....4... ....BO.. [0010] 59 6C 00 00 Yl.. [2012/02/20 14:52:52.464711, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 34 00 00 00 00 00 00 00 42 4F B4 C0 ....4... ....BO.. [0010] 59 6C 00 00 Yl.. [2012/02/20 14:52:52.464900, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/02/20 14:52:52.464997, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (2->1) [2012/02/20 14:52:52.465088, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2012/02/20 14:52:52.465470, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000033-0000-0000-424f-b4c0596c0000 [2012/02/20 14:52:52.465774, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 33 00 00 00 00 00 00 00 42 4F B4 C0 ....3... ....BO.. [0010] 59 6C 00 00 Yl.. [2012/02/20 14:52:52.465965, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 33 00 00 00 00 00 00 00 42 4F B4 C0 ....3... ....BO.. [0010] 59 6C 00 00 Yl.. [2012/02/20 14:52:52.466155, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/02/20 14:52:52.466291, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (1->0) [2012/02/20 14:52:52.466429, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2012/02/20 14:52:52.466832, 10] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0x10000000 to 0x000f000c [2012/02/20 14:52:52.466925, 10] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0x20000000 to 0x00020008 [2012/02/20 14:52:52.467014, 10] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0x10000000 to 0x000f000c [2012/02/20 14:52:52.467203, 4] printing/nt_printing.c:1793(print_access_check) access check was FAILURE [2012/02/20 14:52:52.469094, 10] rpc_server/rpc_handles.c:307(close_policy_by_pipe) close_policy_by_pipe: deleted handle list for pipe \winreg [2012/02/20 14:52:52.469337, 3] rpc_server/spoolss/srv_spoolss_nt.c:1904(_spoolss_OpenPrinterEx) access DENIED for printer open [2012/02/20 14:52:52.469433, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 32 00 00 00 00 00 00 00 42 4F B4 C0 ....2... ....BO.. [0010] 59 6C 00 00 Yl.. [2012/02/20 14:52:52.469626, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 32 00 00 00 00 00 00 00 42 4F B4 C0 ....2... ....BO.. [0010] 59 6C 00 00 Yl.. [2012/02/20 14:52:52.469811, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/02/20 14:52:52.469900, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) spoolss_OpenPrinter: struct spoolss_OpenPrinter out: struct spoolss_OpenPrinter handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_ACCESS_DENIED [2012/02/20 14:52:52.470322, 5] smbd/files.c:464(file_free) freed files structure 15587 (1 used) [2012/02/20 14:52:52.470429, 3] smbd/error.c:81(error_packet_set) error packet at smbd/reply.c(5215) cmd=192 (SMBsplopen) NT_STATUS_ACCESS_DENIED [2012/02/20 14:52:52.470523, 5] lib/util.c:332(show_msg) [2012/02/20 14:52:52.470574, 5] lib/util.c:342(show_msg) size=35 smb_com=0xc0 smb_rcls=34 smb_reh=0 smb_err=49152 smb_flg=136 smb_flg2=51203 smb_tid=3 smb_pid=1620 smb_uid=100 smb_mid=23874 smt_wct=0 smb_bcc=0 [2012/02/20 14:52:52.471169, 10] ../lib/util/util.c:415(dump_data) [2012/02/20 14:52:52.749050, 10] lib/messages_local.c:74(messaging_tdb_signal_handler) messaging_tdb_signal_handler: sig[10] count[1] msgs[1] [2012/02/20 14:52:52.749276, 10] lib/messages_local.c:466(message_dispatch) message_dispatch: received_messages = 1 [2012/02/20 14:52:52.749407, 10] lib/messages_local.c:215(messaging_tdb_fetch) messaging_tdb_fetch: [2012/02/20 14:52:52.749498, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) result: struct messaging_array num_messages : 0x00000001 (1) messages: ARRAY(1) messages: struct messaging_rec msg_version : 0x00000002 (2) msg_type : MSG_DEBUG (1) dest: struct server_id pid : 0x00006c59 (27737) vnn : 0xffffffff (4294967295) unique_id : 0x0000000000000000 (0) src: struct server_id pid : 0x00006cac (27820) vnn : 0xffffffff (4294967295) unique_id : 0x0000000000000000 (0) buf : DATA_BLOB length=2 [0000] 31 00 1. [2012/02/20 14:52:52.750336, 3] ../lib/util/debug_s3.c:72(debug_message) INFO: Remote set of debug to `1' (pid 27737 from pid 27820)