The Samba-Bugzilla – Attachment 7334 Details for
Bug 8769
Network printing for non domain admins from Win 7 broken from 3.5 -> 3.6
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
debug 10 log
printfail.log (text/x-log), 1.34 MB, created by
Orion Poplawski
on 2012-02-20 23:59:00 UTC
(
hide
)
Description:
debug 10 log
Filename:
MIME Type:
Creator:
Orion Poplawski
Created:
2012-02-20 23:59:00 UTC
Size:
1.34 MB
patch
obsolete
>[2012/02/20 14:52:03.617617, 1] smbd/service.c:1081(make_connection_snum) > hestia (10.10.20.205) connect to service winguest initially as user winguest (uid=7000, gid=1001) (pid 27737) >[2012/02/20 14:52:33.586458, 5] ../lib/util/debug.c:330(debug_dump_status) > INFO: Current debug levels: > all: 10 > tdb: 10 > printdrivers: 10 > lanman: 10 > smb: 10 > rpc_parse: 10 > rpc_srv: 10 > rpc_cli: 10 > passdb: 10 > sam: 10 > auth: 10 > winbind: 10 > vfs: 10 > idmap: 10 > quota: 10 > acls: 10 > locking: 10 > msdfs: 10 > dmapi: 10 > registry: 10 >[2012/02/20 14:52:42.036663, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 76 >[2012/02/20 14:52:42.036881, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x4c >[2012/02/20 14:52:42.036991, 3] smbd/process.c:1662(process_smb) > Transaction 29 of length 80 (0 toread) >[2012/02/20 14:52:42.037078, 5] lib/util.c:332(show_msg) >[2012/02/20 14:52:42.037128, 5] lib/util.c:342(show_msg) > size=76 > smb_com=0x75 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=0 > smb_pid=65279 > smb_uid=100 > smb_mid=22337 > smt_wct=4 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 76 (0x4C) > smb_vwv[ 2]= 8 (0x8) > smb_vwv[ 3]= 1 (0x1) > smb_bcc=33 >[2012/02/20 14:52:42.037756, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 5C 00 5C 00 45 00 41 00 52 00 54 00 48 00 5C .\.\.E.A .R.T.H.\ > [0010] 00 49 00 50 00 43 00 24 00 00 00 3F 3F 3F 3F 3F .I.P.C.$ ...????? > [0020] 00 . >[2012/02/20 14:52:42.038041, 3] smbd/process.c:1467(switch_message) > switch message SMBtconX (pid 27737) conn 0x0 >[2012/02/20 14:52:42.038131, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2012/02/20 14:52:42.038223, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2012/02/20 14:52:42.038309, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2012/02/20 14:52:42.038454, 5] smbd/uid.c:400(change_to_root_user) > change_to_root_user: now uid=(0,0) gid=(0,0) >[2012/02/20 14:52:42.038564, 4] smbd/reply.c:794(reply_tcon_and_X) > Client requested device type [?????] for share [IPC$] >[2012/02/20 14:52:42.038701, 5] smbd/service.c:1321(make_connection) > making a connection to 'normal' service ipc$ >[2012/02/20 14:52:42.038804, 3] lib/access.c:338(allow_access) > Allowed connection from 10.10.20.205 (10.10.20.205) >[2012/02/20 14:52:42.038904, 10] smbd/share_access.c:241(user_ok_token) > user_ok_token: share IPC$ is ok for unix user winguest >[2012/02/20 14:52:42.039027, 5] lib/username.c:171(Get_Pwnam_alloc) > Finding user winguest >[2012/02/20 14:52:42.039125, 5] lib/username.c:116(Get_Pwnam_internals) > Trying _Get_Pwnam(), username as lowercase is winguest >[2012/02/20 14:52:42.039272, 5] lib/username.c:149(Get_Pwnam_internals) > Get_Pwnam_internals did find user [winguest]! >[2012/02/20 14:52:42.039415, 10] smbd/service.c:162(set_conn_connectpath) > set_conn_connectpath: service IPC$, connectpath = /tmp >[2012/02/20 14:52:42.039509, 3] smbd/service.c:837(make_connection_snum) > Connect path is '/tmp' for service [IPC$] >[2012/02/20 14:52:42.039633, 10] ../libcli/security/access_check.c:58(se_map_generic) > se_map_generic(): mapped mask 0x10000000 to 0x001f01ff >[2012/02/20 14:52:42.039730, 10] ../libcli/security/access_check.c:178(se_access_check) > se_access_check: MAX desired = 0x2000000, granted = 0x101f01ff, remaining = 0x101f01ff >[2012/02/20 14:52:42.039822, 3] smbd/vfs.c:102(vfs_init_default) > Initialising default vfs hooks >[2012/02/20 14:52:42.039908, 3] smbd/vfs.c:128(vfs_init_custom) > Initialising custom vfs hooks from [/[Default VFS]/] >[2012/02/20 14:52:42.040007, 10] smbd/vfs.c:53(vfs_find_backend_entry) > vfs_find_backend_entry called for /[Default VFS]/ > Successfully loaded vfs module [/[Default VFS]/] with the new modules system >[2012/02/20 14:52:42.040136, 5] smbd/connection.c:134(claim_connection) > claiming [IPC$] >[2012/02/20 14:52:42.040404, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) > Locking key 596C0000FFFFFFFFB31B >[2012/02/20 14:52:42.040511, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) > Allocated locked data 0x0x96ad1e0 >[2012/02/20 14:52:42.040657, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) > Unlocking key 596C0000FFFFFFFFB31B >[2012/02/20 14:52:42.040893, 10] smbd/service.c:162(set_conn_connectpath) > set_conn_connectpath: service IPC$, connectpath = /tmp >[2012/02/20 14:52:42.041002, 10] smbd/share_access.c:241(user_ok_token) > user_ok_token: share IPC$ is ok for unix user winguest >[2012/02/20 14:52:42.041113, 10] smbd/share_access.c:286(is_share_read_only_for_token) > is_share_read_only_for_user: share IPC$ is read-only for unix user winguest >[2012/02/20 14:52:42.041230, 10] ../libcli/security/access_check.c:58(se_map_generic) > se_map_generic(): mapped mask 0x10000000 to 0x001f01ff >[2012/02/20 14:52:42.041349, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (7000, 1001) - sec_ctx_stack_ndx = 0 >[2012/02/20 14:52:42.041442, 5] ../libcli/security/security_token.c:63(security_token_debug) > Security token SIDs (7): > SID[ 0]: S-1-5-21-2426356435-4251213716-997332971-501 > SID[ 1]: S-1-5-21-2426356435-4251213716-997332971-513 > SID[ 2]: S-1-1-0 > SID[ 3]: S-1-5-2 > SID[ 4]: S-1-5-11 > SID[ 5]: S-1-22-1-7000 > SID[ 6]: S-1-22-2-1001 > Privileges (0x 0): > Rights (0x 0): >[2012/02/20 14:52:42.041874, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 7000 > Primary group is 1001 and contains 1 supplementary groups > Group[ 0]: 1001 >[2012/02/20 14:52:42.042063, 5] smbd/uid.c:317(change_to_user_internal) > Impersonated user: uid=(0,7000), gid=(0,1001) >[2012/02/20 14:52:42.042184, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2012/02/20 14:52:42.042272, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2012/02/20 14:52:42.042357, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2012/02/20 14:52:42.042496, 5] smbd/uid.c:400(change_to_root_user) > change_to_root_user: now uid=(0,0) gid=(0,0) >[2012/02/20 14:52:42.042600, 10] smbd/service.c:162(set_conn_connectpath) > set_conn_connectpath: service IPC$, connectpath = /tmp >[2012/02/20 14:52:42.042708, 10] modules/vfs_default.c:160(vfswrap_fs_capabilities) > vfswrap_fs_capabilities: timestamp resolution of msec available on share IPC$, directory /tmp >[2012/02/20 14:52:42.042801, 3] smbd/service.c:1081(make_connection_snum) > hestia (10.10.20.205) connect to service IPC$ initially as user winguest (uid=7000, gid=1001) (pid 27737) >[2012/02/20 14:52:42.042912, 3] smbd/reply.c:871(reply_tcon_and_X) > tconX service=IPC$ >[2012/02/20 14:52:42.043407, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 102 >[2012/02/20 14:52:42.043550, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x66 >[2012/02/20 14:52:42.043638, 3] smbd/process.c:1662(process_smb) > Transaction 30 of length 106 (0 toread) >[2012/02/20 14:52:42.043726, 5] lib/util.c:332(show_msg) >[2012/02/20 14:52:42.043775, 5] lib/util.c:342(show_msg) > size=102 > smb_com=0xa2 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=2 > smb_pid=1620 > smb_uid=100 > smb_mid=22401 > smt_wct=24 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]= 4096 (0x1000) > smb_vwv[ 3]= 4096 (0x1000) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]=40704 (0x9F00) > smb_vwv[ 8]= 4609 (0x1201) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_vwv[14]= 0 (0x0) > smb_vwv[15]= 1792 (0x700) > smb_vwv[16]= 0 (0x0) > smb_vwv[17]= 256 (0x100) > smb_vwv[18]= 0 (0x0) > smb_vwv[19]=16384 (0x4000) > smb_vwv[20]=16384 (0x4000) > smb_vwv[21]= 512 (0x200) > smb_vwv[22]= 0 (0x0) > smb_vwv[23]= 768 (0x300) > smb_bcc=19 >[2012/02/20 14:52:42.045126, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 5C 00 73 00 70 00 6F 00 6F 00 6C 00 73 00 73 .\.s.p.o .o.l.s.s > [0010] 00 00 00 ... >[2012/02/20 14:52:42.045313, 3] smbd/process.c:1467(switch_message) > switch message SMBntcreateX (pid 27737) conn 0x9697a50 >[2012/02/20 14:52:42.045410, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (7000, 1001) - sec_ctx_stack_ndx = 0 >[2012/02/20 14:52:42.045502, 5] ../libcli/security/security_token.c:63(security_token_debug) > Security token SIDs (7): > SID[ 0]: S-1-5-21-2426356435-4251213716-997332971-501 > SID[ 1]: S-1-5-21-2426356435-4251213716-997332971-513 > SID[ 2]: S-1-1-0 > SID[ 3]: S-1-5-2 > SID[ 4]: S-1-5-11 > SID[ 5]: S-1-22-1-7000 > SID[ 6]: S-1-22-2-1001 > Privileges (0x 0): > Rights (0x 0): >[2012/02/20 14:52:42.045928, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 7000 > Primary group is 1001 and contains 1 supplementary groups > Group[ 0]: 1001 >[2012/02/20 14:52:42.046118, 5] smbd/uid.c:317(change_to_user_internal) > Impersonated user: uid=(0,7000), gid=(0,1001) >[2012/02/20 14:52:42.046215, 4] smbd/vfs.c:780(vfs_ChDir) > vfs_ChDir to /tmp >[2012/02/20 14:52:42.046317, 10] smbd/nttrans.c:505(reply_ntcreate_and_X) > reply_ntcreate_and_X: flags = 0x10, access_mask = 0x12019f file_attributes = 0x0, share_access = 0x7, create_disposition = 0x1 create_options = 0x400040 root_dir_fid = 0x0, fname = spoolss >[2012/02/20 14:52:42.046428, 4] smbd/nttrans.c:293(nt_open_pipe) > nt_open_pipe: Opening pipe \spoolss. >[2012/02/20 14:52:42.046528, 5] smbd/files.c:126(file_new) > allocated file structure 11488, fnum = 15584 (2 used) >[2012/02/20 14:52:42.046624, 10] smbd/files.c:618(file_name_hash) > file_name_hash: /tmp/spoolss hash 0x7d4e46e5 >[2012/02/20 14:52:42.046750, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) > Create pipe requested \spoolss >[2012/02/20 14:52:42.046882, 10] rpc_server/rpc_handles.c:116(init_pipe_handles) > init_pipe_handle_list: created handle list for pipe \spoolss >[2012/02/20 14:52:42.046982, 10] rpc_server/rpc_handles.c:133(init_pipe_handles) > init_pipe_handle_list: pipe_handles ref count = 1 for pipe \spoolss >[2012/02/20 14:52:42.047085, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) > Created internal pipe \spoolss (pipes_open=0) >[2012/02/20 14:52:42.047179, 5] smbd/nttrans.c:382(do_ntcreate_pipe_open) > do_ntcreate_pipe_open: open pipe = \spoolss >[2012/02/20 14:52:42.047490, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 72 >[2012/02/20 14:52:42.047602, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x48 >[2012/02/20 14:52:42.047690, 3] smbd/process.c:1662(process_smb) > Transaction 31 of length 76 (0 toread) >[2012/02/20 14:52:42.047776, 5] lib/util.c:332(show_msg) >[2012/02/20 14:52:42.047826, 5] lib/util.c:342(show_msg) > size=72 > smb_com=0x32 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=2 > smb_pid=1620 > smb_uid=100 > smb_mid=22465 > smt_wct=15 > smb_vwv[ 0]= 4 (0x4) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]= 2 (0x2) > smb_vwv[ 3]= 24 (0x18) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 4 (0x4) > smb_vwv[10]= 68 (0x44) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 1 (0x1) > smb_vwv[14]= 7 (0x7) > smb_bcc=7 >[2012/02/20 14:52:42.048806, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 00 00 E0 3C ED 03 ....<.. >[2012/02/20 14:52:42.048926, 3] smbd/process.c:1467(switch_message) > switch message SMBtrans2 (pid 27737) conn 0x9697a50 >[2012/02/20 14:52:42.049059, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/02/20 14:52:42.049158, 9] smbd/trans2.c:941(send_trans2_replies) > t2_rep: params_sent_thistime = 2, data_sent_thistime = 24, useable_space = 131010 >[2012/02/20 14:52:42.049293, 9] smbd/trans2.c:943(send_trans2_replies) > t2_rep: params_to_send = 2, data_to_send = 24, paramsize = 2, datasize = 24 >[2012/02/20 14:52:42.049383, 5] lib/util.c:332(show_msg) >[2012/02/20 14:52:42.049433, 5] lib/util.c:342(show_msg) > size=84 > smb_com=0x32 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51203 > smb_tid=2 > smb_pid=1620 > smb_uid=100 > smb_mid=22465 > smt_wct=10 > smb_vwv[ 0]= 2 (0x2) > smb_vwv[ 1]= 24 (0x18) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 2 (0x2) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 24 (0x18) > smb_vwv[ 7]= 60 (0x3C) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=29 >[2012/02/20 14:52:42.050244, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 ........ ........ > [0010] 00 00 00 00 00 01 00 00 00 01 00 00 00 ........ ..... >[2012/02/20 14:52:42.053079, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 180 >[2012/02/20 14:52:42.053191, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0xb4 >[2012/02/20 14:52:42.053279, 3] smbd/process.c:1662(process_smb) > Transaction 32 of length 184 (0 toread) >[2012/02/20 14:52:42.053365, 5] lib/util.c:332(show_msg) >[2012/02/20 14:52:42.053415, 5] lib/util.c:342(show_msg) > size=180 > smb_com=0x2f > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=2 > smb_pid=65279 > smb_uid=100 > smb_mid=22529 > smt_wct=14 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]=15584 (0x3CE0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]=65535 (0xFFFF) > smb_vwv[ 6]=65535 (0xFFFF) > smb_vwv[ 7]= 8 (0x8) > smb_vwv[ 8]= 116 (0x74) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 116 (0x74) > smb_vwv[11]= 64 (0x40) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_bcc=117 >[2012/02/20 14:52:42.054365, 10] ../lib/util/util.c:415(dump_data) > [0000] EE 05 00 0B 03 10 00 00 00 74 00 00 00 02 00 00 ........ .t...... > [0010] 00 B8 10 B8 10 00 00 00 00 02 00 00 00 00 00 01 ........ ........ > [0020] 00 78 56 34 12 34 12 CD AB EF 00 01 23 45 67 89 .xV4.4.. ....#Eg. > [0030] AB 01 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 ......]. ........ > [0040] 00 2B 10 48 60 02 00 00 00 01 00 01 00 78 56 34 .+.H`... .....xV4 > [0050] 12 34 12 CD AB EF 00 01 23 45 67 89 AB 01 00 00 .4...... #Eg..... > [0060] 00 2C 1C B7 6C 12 98 40 45 03 00 00 00 00 00 00 .,..l..@ E....... > [0070] 00 01 00 00 00 ..... >[2012/02/20 14:52:42.055085, 3] smbd/process.c:1467(switch_message) > switch message SMBwriteX (pid 27737) conn 0x9697a50 >[2012/02/20 14:52:42.055195, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/02/20 14:52:42.055304, 6] smbd/pipes.c:300(reply_pipe_write_and_X) > reply_pipe_write_and_X: 3ce0 name: spoolss len: 116 >[2012/02/20 14:52:42.055395, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) > np_write_send: len: 116 >[2012/02/20 14:52:42.055485, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 116 >[2012/02/20 14:52:42.055572, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 116 >[2012/02/20 14:52:42.055662, 10] rpc_server/srv_pipe_hnd.c:50(fill_rpc_header) > fill_rpc_header: data_to_copy = 116, len_needed_to_complete_hdr = 16, receive_len = 0 >[2012/02/20 14:52:42.055752, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 16 >[2012/02/20 14:52:42.055838, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 100 >[2012/02/20 14:52:42.055923, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 100 >[2012/02/20 14:52:42.056032, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 0 >[2012/02/20 14:52:42.056117, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 100 >[2012/02/20 14:52:42.056233, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 100, incoming data = 100 >[2012/02/20 14:52:42.056333, 10] rpc_server/srv_pipe.c:1877(process_complete_pdu) > PDU is in Little Endian format! >[2012/02/20 14:52:42.056470, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) > r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_BIND (11) > pfc_flags : 0x03 (3) > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x0074 (116) > auth_length : 0x0000 (0) > call_id : 0x00000002 (2) > u : union dcerpc_payload(case 11) > bind: struct dcerpc_bind > max_xmit_frag : 0x10b8 (4280) > max_recv_frag : 0x10b8 (4280) > assoc_group_id : 0x00000000 (0) > num_contexts : 0x02 (2) > ctx_list: ARRAY(2) > ctx_list: struct dcerpc_ctx_list > context_id : 0x0000 (0) > num_transfer_syntaxes : 0x01 (1) > abstract_syntax: struct ndr_syntax_id > uuid : 12345678-1234-abcd-ef00-0123456789ab > if_version : 0x00000001 (1) > transfer_syntaxes: ARRAY(1) > transfer_syntaxes: struct ndr_syntax_id > uuid : 8a885d04-1ceb-11c9-9fe8-08002b104860 > if_version : 0x00000002 (2) > ctx_list: struct dcerpc_ctx_list > context_id : 0x0001 (1) > num_transfer_syntaxes : 0x01 (1) > abstract_syntax: struct ndr_syntax_id > uuid : 12345678-1234-abcd-ef00-0123456789ab > if_version : 0x00000001 (1) > transfer_syntaxes: ARRAY(1) > transfer_syntaxes: struct ndr_syntax_id > uuid : 6cb71c2c-9812-4540-0300-000000000000 > if_version : 0x00000001 (1) > auth_info : DATA_BLOB length=0 >[2012/02/20 14:52:42.058257, 10] rpc_server/srv_pipe.c:1890(process_complete_pdu) > Processing packet type 11 >[2012/02/20 14:52:42.058359, 3] rpc_server/srv_pipe.c:889(api_pipe_bind_req) > api_pipe_bind_req: \PIPE\spoolss -> \PIPE\spoolss >[2012/02/20 14:52:42.058452, 5] rpc_server/srv_pipe.c:923(api_pipe_bind_req) > api_pipe_bind_req: make response. 923 >[2012/02/20 14:52:42.058538, 3] rpc_server/srv_pipe.c:339(check_bind_req) > check_bind_req for \spoolss >[2012/02/20 14:52:42.058630, 3] rpc_server/srv_pipe.c:346(check_bind_req) > check_bind_req: \PIPE\spoolss -> \PIPE\spoolss >[2012/02/20 14:52:42.058753, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) > &r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_BIND_ACK (12) > pfc_flags : 0x03 (3) > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x0044 (68) > auth_length : 0x0000 (0) > call_id : 0x00000002 (2) > u : union dcerpc_payload(case 12) > bind_ack: struct dcerpc_bind_ack > max_xmit_frag : 0x10b8 (4280) > max_recv_frag : 0x10b8 (4280) > assoc_group_id : 0x000053f0 (21488) > secondary_address_size : 0x000e (14) > secondary_address : '\PIPE\spoolss' > _pad1 : DATA_BLOB length=0 > num_results : 0x01 (1) > ctx_list: ARRAY(1) > ctx_list: struct dcerpc_ack_ctx > result : 0x0000 (0) > reason : 0x0000 (0) > syntax: struct ndr_syntax_id > uuid : 8a885d04-1ceb-11c9-9fe8-08002b104860 > if_version : 0x00000002 (2) > auth_info : DATA_BLOB length=0 >[2012/02/20 14:52:42.060097, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 100 >[2012/02/20 14:52:42.060266, 3] smbd/pipes.c:361(pipe_write_andx_done) > writeX-IPC nwritten=116 >[2012/02/20 14:52:42.060677, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 59 >[2012/02/20 14:52:42.060792, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x3b >[2012/02/20 14:52:42.060881, 3] smbd/process.c:1662(process_smb) > Transaction 33 of length 63 (0 toread) >[2012/02/20 14:52:42.060980, 5] lib/util.c:332(show_msg) >[2012/02/20 14:52:42.061030, 5] lib/util.c:342(show_msg) > size=59 > smb_com=0x2e > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=2 > smb_pid=65279 > smb_uid=100 > smb_mid=22593 > smt_wct=12 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]=15584 (0x3CE0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 1024 (0x400) > smb_vwv[ 6]= 1024 (0x400) > smb_vwv[ 7]=65535 (0xFFFF) > smb_vwv[ 8]=65535 (0xFFFF) > smb_vwv[ 9]= 1024 (0x400) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_bcc=0 >[2012/02/20 14:52:42.061926, 10] ../lib/util/util.c:415(dump_data) >[2012/02/20 14:52:42.061994, 3] smbd/process.c:1467(switch_message) > switch message SMBreadX (pid 27737) conn 0x9697a50 >[2012/02/20 14:52:42.062086, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/02/20 14:52:42.062188, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) > name: \spoolss len: 1024 >[2012/02/20 14:52:42.062282, 10] rpc_server/srv_pipe_hnd.c:325(read_from_internal_pipe) > read_from_pipe: \spoolss: current_pdu_len = 68, current_pdu_sent = 0 returning 68 bytes. >[2012/02/20 14:52:42.062376, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) > free_pipe_context: destroying talloc pool of size 24 >[2012/02/20 14:52:42.062499, 10] rpc_server/srv_pipe_hnd.c:788(np_read_recv) > Received 68 bytes. There is no more data outstanding >[2012/02/20 14:52:42.062590, 3] smbd/pipes.c:485(pipe_read_andx_done) > readX-IPC min=1024 max=1024 nread=68 >[2012/02/20 14:52:42.062929, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 274 >[2012/02/20 14:52:42.063067, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x112 >[2012/02/20 14:52:42.063155, 3] smbd/process.c:1662(process_smb) > Transaction 34 of length 278 (0 toread) >[2012/02/20 14:52:42.063265, 5] lib/util.c:332(show_msg) >[2012/02/20 14:52:42.063316, 5] lib/util.c:342(show_msg) > size=274 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=2 > smb_pid=1620 > smb_uid=100 > smb_mid=22657 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 190 (0xBE) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 190 (0xBE) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=15584 (0x3CE0) > smb_bcc=207 >[2012/02/20 14:52:42.064387, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... > [0010] 00 05 00 00 03 10 00 00 00 BE 00 00 00 02 00 00 ........ ........ > [0020] 00 A6 00 00 00 00 00 45 00 00 00 02 00 0C 00 00 .......E ........ > [0030] 00 00 00 00 00 0C 00 00 00 5C 00 5C 00 65 00 61 ........ .\.\.e.a > [0040] 00 72 00 74 00 68 00 5C 00 70 00 6F 00 65 00 00 .r.t.h.\ .p.o.e.. > [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0060] 00 01 00 00 00 01 00 00 00 04 00 02 00 1C 00 00 ........ ........ > [0070] 00 08 00 02 00 0C 00 02 00 B1 1D 00 00 03 00 00 ........ ........ > [0080] 00 00 00 00 00 00 00 00 00 07 00 00 00 00 00 00 ........ ........ > [0090] 00 07 00 00 00 48 00 45 00 53 00 54 00 49 00 41 .....H.E .S.T.I.A > [00A0] 00 00 00 00 00 0F 00 00 00 00 00 00 00 0F 00 00 ........ ........ > [00B0] 00 43 00 4F 00 2D 00 52 00 41 00 5C 00 77 00 69 .C.O.-.R .A.\.w.i > [00C0] 00 6E 00 67 00 75 00 65 00 73 00 74 00 00 00 .n.g.u.e .s.t... >[2012/02/20 14:52:42.065405, 3] smbd/process.c:1467(switch_message) > switch message SMBtrans (pid 27737) conn 0x9697a50 >[2012/02/20 14:52:42.065496, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/02/20 14:52:42.065607, 3] smbd/ipc.c:560(handle_trans) > trans <\PIPE\> data=190 params=0 setup=2 >[2012/02/20 14:52:42.065701, 5] smbd/ipc.c:593(handle_trans) > calling named_pipe >[2012/02/20 14:52:42.065785, 3] smbd/ipc.c:511(named_pipe) > named pipe command on <> name >[2012/02/20 14:52:42.065870, 5] smbd/ipc.c:434(api_fd_reply) > api_fd_reply >[2012/02/20 14:52:42.065969, 3] smbd/ipc.c:475(api_fd_reply) > Got API command 0x26 on pipe "spoolss" (pnum 3ce0) >[2012/02/20 14:52:42.066067, 10] smbd/ipc.c:477(api_fd_reply) > api_fd_reply: p:0x9617028 max_trans_reply: 1024 >[2012/02/20 14:52:42.066155, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) > np_write_send: len: 190 >[2012/02/20 14:52:42.066244, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 190 >[2012/02/20 14:52:42.066331, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 190 >[2012/02/20 14:52:42.066420, 10] rpc_server/srv_pipe_hnd.c:50(fill_rpc_header) > fill_rpc_header: data_to_copy = 190, len_needed_to_complete_hdr = 16, receive_len = 0 >[2012/02/20 14:52:42.066509, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 16 >[2012/02/20 14:52:42.066593, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 174 >[2012/02/20 14:52:42.066683, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 174 >[2012/02/20 14:52:42.066810, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 0 >[2012/02/20 14:52:42.066894, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 174 >[2012/02/20 14:52:42.066987, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 174, incoming data = 174 >[2012/02/20 14:52:42.067076, 10] rpc_server/srv_pipe.c:1877(process_complete_pdu) > PDU is in Little Endian format! >[2012/02/20 14:52:42.067173, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) > r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_REQUEST (0) > pfc_flags : 0x03 (3) > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x00be (190) > auth_length : 0x0000 (0) > call_id : 0x00000002 (2) > u : union dcerpc_payload(case 0) > request: struct dcerpc_request > alloc_hint : 0x000000a6 (166) > context_id : 0x0000 (0) > opnum : 0x0045 (69) > object : union dcerpc_object(case 0) > empty: struct dcerpc_empty > _pad : DATA_BLOB length=0 > stub_and_verifier : DATA_BLOB length=166 > [0000] 00 00 02 00 0C 00 00 00 00 00 00 00 0C 00 00 00 ........ ........ > [0010] 5C 00 5C 00 65 00 61 00 72 00 74 00 68 00 5C 00 \.\.e.a. r.t.h.\. > [0020] 70 00 6F 00 65 00 00 00 00 00 00 00 00 00 00 00 p.o.e... ........ > [0030] 00 00 00 00 00 00 00 00 01 00 00 00 01 00 00 00 ........ ........ > [0040] 04 00 02 00 1C 00 00 00 08 00 02 00 0C 00 02 00 ........ ........ > [0050] B1 1D 00 00 03 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0060] 07 00 00 00 00 00 00 00 07 00 00 00 48 00 45 00 ........ ....H.E. > [0070] 53 00 54 00 49 00 41 00 00 00 00 00 0F 00 00 00 S.T.I.A. ........ > [0080] 00 00 00 00 0F 00 00 00 43 00 4F 00 2D 00 52 00 ........ C.O.-.R. > [0090] 41 00 5C 00 77 00 69 00 6E 00 67 00 75 00 65 00 A.\.w.i. n.g.u.e. > [00A0] 73 00 74 00 00 00 s.t... >[2012/02/20 14:52:42.069253, 10] rpc_server/srv_pipe.c:1890(process_complete_pdu) > Processing packet type 0 >[2012/02/20 14:52:42.069347, 10] rpc_server/srv_pipe.c:1734(dcesrv_auth_request) > Checking request auth. >[2012/02/20 14:52:42.069441, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) > Requested \PIPE\\spoolss >[2012/02/20 14:52:42.069566, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) > api_rpcTNP: \spoolss op 0x45 - api_rpcTNP: rpc command: SPOOLSS_OPENPRINTEREX >[2012/02/20 14:52:42.069730, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) > api_rpc_cmds[69].fn == 0x4473d0 >[2012/02/20 14:52:42.069892, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > spoolss_OpenPrinterEx: struct spoolss_OpenPrinterEx > in: struct spoolss_OpenPrinterEx > printername : * > printername : '\\earth\poe' > datatype : NULL > devmode_ctr: struct spoolss_DevmodeContainer > _ndr_size : 0x00000000 (0) > devmode : NULL > access_mask : 0x00000000 (0) > 0: SERVER_ACCESS_ADMINISTER > 0: SERVER_ACCESS_ENUMERATE > 0: PRINTER_ACCESS_ADMINISTER > 0: PRINTER_ACCESS_USE > 0: JOB_ACCESS_ADMINISTER > 0: JOB_ACCESS_READ > level : 0x00000001 (1) > userlevel : union spoolss_UserLevel(case 1) > level1 : * > level1: struct spoolss_UserLevel1 > size : 0x0000001c (28) > client : * > client : 'HESTIA' > user : * > user : 'CO-RA\winguest' > build : 0x00001db1 (7601) > major : UNKNOWN_ENUM_VALUE (3) > minor : SPOOLSS_MINOR_VERSION_0 (0) > processor : PROCESSOR_ARCHITECTURE_INTEL (0) > checking name: \\earth\poe >[2012/02/20 14:52:42.071190, 10] rpc_server/spoolss/srv_spoolss_nt.c:752(open_printer_hnd) > open_printer_hnd: name [\\earth\poe] >[2012/02/20 14:52:42.071304, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[1] [0000] 00 00 00 00 0D 00 00 00 00 00 00 00 42 4F AA C0 ........ ....BO.. > [0010] 59 6C 00 00 Yl.. >[2012/02/20 14:52:42.071507, 3] rpc_server/spoolss/srv_spoolss_nt.c:521(set_printer_hnd_printertype) > Setting printer type=\\earth\poe > Printer is a printer >[2012/02/20 14:52:42.071661, 4] rpc_server/spoolss/srv_spoolss_nt.c:581(set_printer_hnd_name) > Setting printer name=\\earth\poe (len=11) > searching for [poe] >[2012/02/20 14:52:42.071869, 10] lib/gencache.c:183(gencache_set_data_blob) > Adding cache entry with key = PRINTERNAME/poe and timeout = Mon Feb 20 14:57:42 2012 > (300 seconds ahead) > set_printer_hnd_name: Printer found: poe -> poe >[2012/02/20 14:52:42.072158, 5] rpc_server/spoolss/srv_spoolss_nt.c:788(open_printer_hnd) > 1 printer handles active >[2012/02/20 14:52:42.072268, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 0D 00 00 00 00 00 00 00 42 4F AA C0 ........ ....BO.. > [0010] 59 6C 00 00 Yl.. >[2012/02/20 14:52:42.072464, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 0D 00 00 00 00 00 00 00 42 4F AA C0 ........ ....BO.. > [0010] 59 6C 00 00 Yl.. >[2012/02/20 14:52:42.072653, 4] rpc_server/spoolss/srv_spoolss_nt.c:504(get_printer_snum) > short name:poe >[2012/02/20 14:52:42.072771, 3] lib/access.c:338(allow_access) > Allowed connection from 10.10.20.205 (10.10.20.205) >[2012/02/20 14:52:42.074487, 10] smbd/share_access.c:241(user_ok_token) > user_ok_token: share poe is ok for unix user winguest >[2012/02/20 14:52:42.074701, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) > Create pipe requested \winreg >[2012/02/20 14:52:42.074814, 10] rpc_server/rpc_handles.c:116(init_pipe_handles) > init_pipe_handle_list: created handle list for pipe \winreg >[2012/02/20 14:52:42.074903, 10] rpc_server/rpc_handles.c:133(init_pipe_handles) > init_pipe_handle_list: pipe_handles ref count = 1 for pipe \winreg >[2012/02/20 14:52:42.075076, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) > Created internal pipe \winreg (pipes_open=0) >[2012/02/20 14:52:42.075263, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_OpenHKLM: struct winreg_OpenHKLM > in: struct winreg_OpenHKLM > system_name : NULL > access_mask : 0x02000000 (33554432) > 0: KEY_QUERY_VALUE > 0: KEY_SET_VALUE > 0: KEY_CREATE_SUB_KEY > 0: KEY_ENUMERATE_SUB_KEYS > 0: KEY_NOTIFY > 0: KEY_CREATE_LINK > 0: KEY_WOW64_64KEY > 0: KEY_WOW64_32KEY >[2012/02/20 14:52:42.075829, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [HKLM] >[2012/02/20 14:52:42.075945, 4] smbd/sec_ctx.c:214(push_sec_ctx) > push_sec_ctx(7000, 1001) : sec_ctx_stack_ndx = 1 >[2012/02/20 14:52:42.076046, 4] smbd/uid.c:460(push_conn_ctx) > push_conn_ctx(100) : conn_ctx_stack_ndx = 0 >[2012/02/20 14:52:42.076132, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2012/02/20 14:52:42.076219, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2012/02/20 14:52:42.076305, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2012/02/20 14:52:42.076615, 4] smbd/sec_ctx.c:422(pop_sec_ctx) > pop_sec_ctx (7000, 1001) - sec_ctx_stack_ndx = 0 >[2012/02/20 14:52:42.076718, 10] registry/reg_backend_db.c:602(regdb_open) > regdb_open: registry db opened. refcount reset (1) >[2012/02/20 14:52:42.076823, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM] >[2012/02/20 14:52:42.076911, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM] >[2012/02/20 14:52:42.077013, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/02/20 14:52:42.077100, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0xb037c0 for key [\HKLM] >[2012/02/20 14:52:42.077311, 10] registry/reg_backend_db.c:1871(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM] >[2012/02/20 14:52:42.077455, 10] ../libcli/security/access_check.c:178(se_access_check) > se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f >[2012/02/20 14:52:42.077557, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[1] [0000] 00 00 00 00 0E 00 00 00 00 00 00 00 42 4F AA C0 ........ ....BO.. > [0010] 59 6C 00 00 Yl.. >[2012/02/20 14:52:42.077768, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_OpenHKLM: struct winreg_OpenHKLM > out: struct winreg_OpenHKLM > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000000e-0000-0000-424f-aac0596c0000 > result : WERR_OK >[2012/02/20 14:52:42.078475, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_OpenKey: struct winreg_OpenKey > in: struct winreg_OpenKey > parent_handle : * > parent_handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000000e-0000-0000-424f-aac0596c0000 > keyname: struct winreg_String > name_len : 0x0080 (128) > name_size : 0x0080 (128) > name : * > name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\poe' > options : 0x00000000 (0) > 0: REG_OPTION_VOLATILE > 0: REG_OPTION_CREATE_LINK > 0: REG_OPTION_BACKUP_RESTORE > 0: REG_OPTION_OPEN_LINK > access_mask : 0x02000000 (33554432) > 0: KEY_QUERY_VALUE > 0: KEY_SET_VALUE > 0: KEY_CREATE_SUB_KEY > 0: KEY_ENUMERATE_SUB_KEYS > 0: KEY_NOTIFY > 0: KEY_CREATE_LINK > 0: KEY_WOW64_64KEY > 0: KEY_WOW64_32KEY >[2012/02/20 14:52:42.079602, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 0E 00 00 00 00 00 00 00 42 4F AA C0 ........ ....BO.. > [0010] 59 6C 00 00 Yl.. >[2012/02/20 14:52:42.079799, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [SOFTWARE] >[2012/02/20 14:52:42.079894, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (1->2) >[2012/02/20 14:52:42.079999, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] >[2012/02/20 14:52:42.080085, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE] >[2012/02/20 14:52:42.080175, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/02/20 14:52:42.080260, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0xb037c0 for key [\HKLM\SOFTWARE] >[2012/02/20 14:52:42.080431, 10] registry/reg_backend_db.c:1871(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE] >[2012/02/20 14:52:42.080567, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Microsoft] >[2012/02/20 14:52:42.080664, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (2->3) >[2012/02/20 14:52:42.080757, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] >[2012/02/20 14:52:42.080845, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] >[2012/02/20 14:52:42.081006, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/02/20 14:52:42.081142, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0xb037c0 for key [\HKLM\SOFTWARE\Microsoft] >[2012/02/20 14:52:42.081304, 10] registry/reg_backend_db.c:1871(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft] >[2012/02/20 14:52:42.081440, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (3->2) >[2012/02/20 14:52:42.081532, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Windows NT] >[2012/02/20 14:52:42.081624, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (2->3) >[2012/02/20 14:52:42.081720, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] >[2012/02/20 14:52:42.081808, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] >[2012/02/20 14:52:42.081897, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/02/20 14:52:42.081999, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0xb037c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] >[2012/02/20 14:52:42.082141, 10] registry/reg_backend_db.c:1871(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT] >[2012/02/20 14:52:42.082273, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (3->2) >[2012/02/20 14:52:42.082364, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [CurrentVersion] >[2012/02/20 14:52:42.082456, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (2->3) >[2012/02/20 14:52:42.082550, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] >[2012/02/20 14:52:42.082638, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] >[2012/02/20 14:52:42.082730, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/02/20 14:52:42.082816, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0xb03a20 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] >[2012/02/20 14:52:42.083048, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (3->2) >[2012/02/20 14:52:42.083205, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Print] >[2012/02/20 14:52:42.083302, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (2->3) >[2012/02/20 14:52:42.083399, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] >[2012/02/20 14:52:42.083489, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] >[2012/02/20 14:52:42.083582, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/02/20 14:52:42.083669, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0xb03a20 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] >[2012/02/20 14:52:42.083829, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (3->2) >[2012/02/20 14:52:42.083922, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Printers] >[2012/02/20 14:52:42.084028, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (2->3) >[2012/02/20 14:52:42.084124, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] >[2012/02/20 14:52:42.084214, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] >[2012/02/20 14:52:42.084336, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/02/20 14:52:42.084446, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0xb037c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] >[2012/02/20 14:52:42.084611, 10] registry/reg_backend_db.c:1871(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] >[2012/02/20 14:52:42.084752, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (3->2) >[2012/02/20 14:52:42.084843, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [poe] >[2012/02/20 14:52:42.084935, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (2->3) >[2012/02/20 14:52:42.085044, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\poe] >[2012/02/20 14:52:42.085133, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\poe] >[2012/02/20 14:52:42.085226, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/02/20 14:52:42.085311, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0xb037c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\poe] >[2012/02/20 14:52:42.085457, 10] registry/reg_backend_db.c:1871(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\poe] >[2012/02/20 14:52:42.085595, 10] ../libcli/security/access_check.c:178(se_access_check) > se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f >[2012/02/20 14:52:42.085693, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (3->2) >[2012/02/20 14:52:42.085787, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[2] [0000] 00 00 00 00 0F 00 00 00 00 00 00 00 42 4F AA C0 ........ ....BO.. > [0010] 59 6C 00 00 Yl.. >[2012/02/20 14:52:42.085990, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_OpenKey: struct winreg_OpenKey > out: struct winreg_OpenKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000000f-0000-0000-424f-aac0596c0000 > result : WERR_OK >[2012/02/20 14:52:42.086433, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_QueryValue: struct winreg_QueryValue > in: struct winreg_QueryValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000000f-0000-0000-424f-aac0596c0000 > value_name : * > value_name: struct winreg_String > name_len : 0x0012 (18) > name_size : 0x0012 (18) > name : * > name : 'Security' > type : * > type : REG_NONE (0) > data : NULL > data_size : * > data_size : 0x00000000 (0) > data_length : * > data_length : 0x00000000 (0) >[2012/02/20 14:52:42.087292, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 0F 00 00 00 00 00 00 00 42 4F AA C0 ........ ....BO.. > [0010] 59 6C 00 00 Yl.. >[2012/02/20 14:52:42.087536, 7] rpc_server/winreg/srv_winreg_nt.c:262(_winreg_QueryValue) > _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\poe] >[2012/02/20 14:52:42.087631, 7] rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) > _winreg_QueryValue: policy key type = [00000000] >[2012/02/20 14:52:42.087726, 10] registry/reg_dispatcher.c:150(fetch_reg_values) > fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\poe' (ops 0xb037c0) >[2012/02/20 14:52:42.087819, 10] registry/reg_backend_db.c:1764(regdb_fetch_values_internal) > regdb_fetch_values: Looking for value of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\poe] >[2012/02/20 14:52:42.087980, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) > specific: [Attributes], len: 4 >[2012/02/20 14:52:42.088076, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) > specific: [Description], len: 2 >[2012/02/20 14:52:42.088166, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) > specific: [Datatype], len: 8 >[2012/02/20 14:52:42.088257, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) > specific: [Default Priority], len: 4 >[2012/02/20 14:52:42.088347, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) > specific: [Port], len: 38 >[2012/02/20 14:52:42.088437, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) > specific: [Name], len: 8 >[2012/02/20 14:52:42.088527, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) > specific: [Print Processor], len: 18 >[2012/02/20 14:52:42.088617, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) > specific: [Priority], len: 4 >[2012/02/20 14:52:42.088709, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) > specific: [Security], len: 248 >[2012/02/20 14:52:42.088799, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) > specific: [Share Name], len: 8 >[2012/02/20 14:52:42.088889, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) > specific: [StartTime], len: 4 >[2012/02/20 14:52:42.088989, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) > specific: [UntilTime], len: 4 >[2012/02/20 14:52:42.089100, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) > specific: [ChangeID], len: 4 >[2012/02/20 14:52:42.089199, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_QueryValue: struct winreg_QueryValue > out: struct winreg_QueryValue > type : * > type : REG_BINARY (3) > data : NULL > data_size : * > data_size : 0x000000f8 (248) > data_length : * > data_length : 0x00000000 (0) > result : WERR_OK >[2012/02/20 14:52:42.089697, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_QueryValue: struct winreg_QueryValue > in: struct winreg_QueryValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000000f-0000-0000-424f-aac0596c0000 > value_name : * > value_name: struct winreg_String > name_len : 0x0012 (18) > name_size : 0x0012 (18) > name : * > name : 'Security' > type : * > type : REG_BINARY (3) > data : * > data: ARRAY(0) > data_size : * > data_size : 0x000000f8 (248) > data_length : * > data_length : 0x00000000 (0) >[2012/02/20 14:52:42.090594, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 0F 00 00 00 00 00 00 00 42 4F AA C0 ........ ....BO.. > [0010] 59 6C 00 00 Yl.. >[2012/02/20 14:52:42.090819, 7] rpc_server/winreg/srv_winreg_nt.c:262(_winreg_QueryValue) > _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\poe] >[2012/02/20 14:52:42.090912, 7] rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) > _winreg_QueryValue: policy key type = [00000000] >[2012/02/20 14:52:42.091015, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_QueryValue: struct winreg_QueryValue > out: struct winreg_QueryValue > type : * > type : REG_BINARY (3) > data : * > data: ARRAY(248) > [0] : 0x01 (1) > [1] : 0x00 (0) > [2] : 0x04 (4) > [3] : 0x80 (128) > [4] : 0x14 (20) > [5] : 0x00 (0) > [6] : 0x00 (0) > [7] : 0x00 (0) > [8] : 0x24 (36) > [9] : 0x00 (0) > [10] : 0x00 (0) > [11] : 0x00 (0) > [12] : 0x00 (0) > [13] : 0x00 (0) > [14] : 0x00 (0) > [15] : 0x00 (0) > [16] : 0x34 (52) > [17] : 0x00 (0) > [18] : 0x00 (0) > [19] : 0x00 (0) > [20] : 0x01 (1) > [21] : 0x02 (2) > [22] : 0x00 (0) > [23] : 0x00 (0) > [24] : 0x00 (0) > [25] : 0x00 (0) > [26] : 0x00 (0) > [27] : 0x05 (5) > [28] : 0x20 (32) > [29] : 0x00 (0) > [30] : 0x00 (0) > [31] : 0x00 (0) > [32] : 0x20 (32) > [33] : 0x02 (2) > [34] : 0x00 (0) > [35] : 0x00 (0) > [36] : 0x01 (1) > [37] : 0x02 (2) > [38] : 0x00 (0) > [39] : 0x00 (0) > [40] : 0x00 (0) > [41] : 0x00 (0) > [42] : 0x00 (0) > [43] : 0x05 (5) > [44] : 0x20 (32) > [45] : 0x00 (0) > [46] : 0x00 (0) > [47] : 0x00 (0) > [48] : 0x20 (32) > [49] : 0x02 (2) > [50] : 0x00 (0) > [51] : 0x00 (0) > [52] : 0x02 (2) > [53] : 0x00 (0) > [54] : 0xc4 (196) > [55] : 0x00 (0) > [56] : 0x07 (7) > [57] : 0x00 (0) > [58] : 0x00 (0) > [59] : 0x00 (0) > [60] : 0x00 (0) > [61] : 0x02 (2) > [62] : 0x14 (20) > [63] : 0x00 (0) > [64] : 0x08 (8) > [65] : 0x00 (0) > [66] : 0x02 (2) > [67] : 0x20 (32) > [68] : 0x01 (1) > [69] : 0x01 (1) > [70] : 0x00 (0) > [71] : 0x00 (0) > [72] : 0x00 (0) > [73] : 0x00 (0) > [74] : 0x00 (0) > [75] : 0x01 (1) > [76] : 0x00 (0) > [77] : 0x00 (0) > [78] : 0x00 (0) > [79] : 0x00 (0) > [80] : 0x00 (0) > [81] : 0x09 (9) > [82] : 0x24 (36) > [83] : 0x00 (0) > [84] : 0x0c (12) > [85] : 0x00 (0) > [86] : 0x0f (15) > [87] : 0x10 (16) > [88] : 0x01 (1) > [89] : 0x05 (5) > [90] : 0x00 (0) > [91] : 0x00 (0) > [92] : 0x00 (0) > [93] : 0x00 (0) > [94] : 0x00 (0) > [95] : 0x05 (5) > [96] : 0x15 (21) > [97] : 0x00 (0) > [98] : 0x00 (0) > [99] : 0x00 (0) > [100] : 0xd3 (211) > [101] : 0x42 (66) > [102] : 0x9f (159) > [103] : 0x90 (144) > [104] : 0x94 (148) > [105] : 0x5f (95) > [106] : 0x64 (100) > [107] : 0xfd (253) > [108] : 0xeb (235) > [109] : 0x17 (23) > [110] : 0x72 (114) > [111] : 0x3b (59) > [112] : 0x00 (0) > [113] : 0x02 (2) > [114] : 0x00 (0) > [115] : 0x00 (0) > [116] : 0x00 (0) > [117] : 0x02 (2) > [118] : 0x24 (36) > [119] : 0x00 (0) > [120] : 0x0c (12) > [121] : 0x00 (0) > [122] : 0x0f (15) > [123] : 0x10 (16) > [124] : 0x01 (1) > [125] : 0x05 (5) > [126] : 0x00 (0) > [127] : 0x00 (0) > [128] : 0x00 (0) > [129] : 0x00 (0) > [130] : 0x00 (0) > [131] : 0x05 (5) > [132] : 0x15 (21) > [133] : 0x00 (0) > [134] : 0x00 (0) > [135] : 0x00 (0) > [136] : 0xd3 (211) > [137] : 0x42 (66) > [138] : 0x9f (159) > [139] : 0x90 (144) > [140] : 0x94 (148) > [141] : 0x5f (95) > [142] : 0x64 (100) > [143] : 0xfd (253) > [144] : 0xeb (235) > [145] : 0x17 (23) > [146] : 0x72 (114) > [147] : 0x3b (59) > [148] : 0x00 (0) > [149] : 0x02 (2) > [150] : 0x00 (0) > [151] : 0x00 (0) > [152] : 0x00 (0) > [153] : 0x09 (9) > [154] : 0x18 (24) > [155] : 0x00 (0) > [156] : 0x0c (12) > [157] : 0x00 (0) > [158] : 0x0f (15) > [159] : 0x10 (16) > [160] : 0x01 (1) > [161] : 0x02 (2) > [162] : 0x00 (0) > [163] : 0x00 (0) > [164] : 0x00 (0) > [165] : 0x00 (0) > [166] : 0x00 (0) > [167] : 0x05 (5) > [168] : 0x20 (32) > [169] : 0x00 (0) > [170] : 0x00 (0) > [171] : 0x00 (0) > [172] : 0x20 (32) > [173] : 0x02 (2) > [174] : 0x00 (0) > [175] : 0x00 (0) > [176] : 0x00 (0) > [177] : 0x02 (2) > [178] : 0x18 (24) > [179] : 0x00 (0) > [180] : 0x0c (12) > [181] : 0x00 (0) > [182] : 0x0f (15) > [183] : 0x10 (16) > [184] : 0x01 (1) > [185] : 0x02 (2) > [186] : 0x00 (0) > [187] : 0x00 (0) > [188] : 0x00 (0) > [189] : 0x00 (0) > [190] : 0x00 (0) > [191] : 0x05 (5) > [192] : 0x20 (32) > [193] : 0x00 (0) > [194] : 0x00 (0) > [195] : 0x00 (0) > [196] : 0x20 (32) > [197] : 0x02 (2) > [198] : 0x00 (0) > [199] : 0x00 (0) > [200] : 0x00 (0) > [201] : 0x09 (9) > [202] : 0x18 (24) > [203] : 0x00 (0) > [204] : 0x0c (12) > [205] : 0x00 (0) > [206] : 0x0f (15) > [207] : 0x10 (16) > [208] : 0x01 (1) > [209] : 0x02 (2) > [210] : 0x00 (0) > [211] : 0x00 (0) > [212] : 0x00 (0) > [213] : 0x00 (0) > [214] : 0x00 (0) > [215] : 0x05 (5) > [216] : 0x20 (32) > [217] : 0x00 (0) > [218] : 0x00 (0) > [219] : 0x00 (0) > [220] : 0x26 (38) > [221] : 0x02 (2) > [222] : 0x00 (0) > [223] : 0x00 (0) > [224] : 0x00 (0) > [225] : 0x02 (2) > [226] : 0x18 (24) > [227] : 0x00 (0) > [228] : 0x0c (12) > [229] : 0x00 (0) > [230] : 0x0f (15) > [231] : 0x10 (16) > [232] : 0x01 (1) > [233] : 0x02 (2) > [234] : 0x00 (0) > [235] : 0x00 (0) > [236] : 0x00 (0) > [237] : 0x00 (0) > [238] : 0x00 (0) > [239] : 0x05 (5) > [240] : 0x20 (32) > [241] : 0x00 (0) > [242] : 0x00 (0) > [243] : 0x00 (0) > [244] : 0x26 (38) > [245] : 0x02 (2) > [246] : 0x00 (0) > [247] : 0x00 (0) > data_size : * > data_size : 0x000000f8 (248) > data_length : * > data_length : 0x000000f8 (248) > result : WERR_OK >[2012/02/20 14:52:42.102162, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > in: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000000f-0000-0000-424f-aac0596c0000 >[2012/02/20 14:52:42.102490, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 0F 00 00 00 00 00 00 00 42 4F AA C0 ........ ....BO.. > [0010] 59 6C 00 00 Yl.. >[2012/02/20 14:52:42.102680, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 0F 00 00 00 00 00 00 00 42 4F AA C0 ........ ....BO.. > [0010] 59 6C 00 00 Yl.. >[2012/02/20 14:52:42.102891, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/02/20 14:52:42.103030, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (2->1) >[2012/02/20 14:52:42.103136, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > out: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000000-0000-0000-0000-000000000000 > result : WERR_OK >[2012/02/20 14:52:42.103508, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > in: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000000e-0000-0000-424f-aac0596c0000 >[2012/02/20 14:52:42.103808, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 0E 00 00 00 00 00 00 00 42 4F AA C0 ........ ....BO.. > [0010] 59 6C 00 00 Yl.. >[2012/02/20 14:52:42.104001, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 0E 00 00 00 00 00 00 00 42 4F AA C0 ........ ....BO.. > [0010] 59 6C 00 00 Yl.. >[2012/02/20 14:52:42.104180, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/02/20 14:52:42.104266, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (1->0) >[2012/02/20 14:52:42.104385, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > out: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000000-0000-0000-0000-000000000000 > result : WERR_OK >[2012/02/20 14:52:42.104747, 10] ../libcli/security/access_check.c:58(se_map_generic) > se_map_generic(): mapped mask 0x20020008 to 0x00020008 >[2012/02/20 14:52:42.104837, 10] ../libcli/security/access_check.c:58(se_map_generic) > se_map_generic(): mapped mask 0x100f000c to 0x000f000c >[2012/02/20 14:52:42.104923, 10] ../libcli/security/access_check.c:58(se_map_generic) > se_map_generic(): mapped mask 0x100f000c to 0x000f000c >[2012/02/20 14:52:42.105021, 10] ../libcli/security/access_check.c:58(se_map_generic) > se_map_generic(): mapped mask 0x100f000c to 0x000f000c >[2012/02/20 14:52:42.105106, 10] ../libcli/security/access_check.c:58(se_map_generic) > se_map_generic(): mapped mask 0x100f000c to 0x000f000c >[2012/02/20 14:52:42.105192, 10] ../libcli/security/access_check.c:58(se_map_generic) > se_map_generic(): mapped mask 0x100f000c to 0x000f000c >[2012/02/20 14:52:42.105277, 10] ../libcli/security/access_check.c:58(se_map_generic) > se_map_generic(): mapped mask 0x100f000c to 0x000f000c >[2012/02/20 14:52:42.105365, 4] printing/nt_printing.c:1793(print_access_check) > access check was SUCCESS >[2012/02/20 14:52:42.105453, 10] rpc_server/rpc_handles.c:307(close_policy_by_pipe) > close_policy_by_pipe: deleted handle list for pipe \winreg >[2012/02/20 14:52:42.105551, 4] rpc_server/spoolss/srv_spoolss_nt.c:1923(_spoolss_OpenPrinterEx) > Setting printer access = PRINTER_ACCESS_USE >[2012/02/20 14:52:42.105654, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) > Create pipe requested \winreg >[2012/02/20 14:52:42.105751, 10] rpc_server/rpc_handles.c:116(init_pipe_handles) > init_pipe_handle_list: created handle list for pipe \winreg >[2012/02/20 14:52:42.105840, 10] rpc_server/rpc_handles.c:133(init_pipe_handles) > init_pipe_handle_list: pipe_handles ref count = 1 for pipe \winreg >[2012/02/20 14:52:42.105986, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) > Created internal pipe \winreg (pipes_open=0) >[2012/02/20 14:52:42.106106, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_OpenHKLM: struct winreg_OpenHKLM > in: struct winreg_OpenHKLM > system_name : NULL > access_mask : 0x02000000 (33554432) > 0: KEY_QUERY_VALUE > 0: KEY_SET_VALUE > 0: KEY_CREATE_SUB_KEY > 0: KEY_ENUMERATE_SUB_KEYS > 0: KEY_NOTIFY > 0: KEY_CREATE_LINK > 0: KEY_WOW64_64KEY > 0: KEY_WOW64_32KEY >[2012/02/20 14:52:42.106630, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [HKLM] >[2012/02/20 14:52:42.106726, 4] smbd/sec_ctx.c:214(push_sec_ctx) > push_sec_ctx(7000, 1001) : sec_ctx_stack_ndx = 1 >[2012/02/20 14:52:42.106820, 4] smbd/uid.c:460(push_conn_ctx) > push_conn_ctx(100) : conn_ctx_stack_ndx = 0 >[2012/02/20 14:52:42.106906, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2012/02/20 14:52:42.107002, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2012/02/20 14:52:42.107087, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2012/02/20 14:52:42.107361, 4] smbd/sec_ctx.c:422(pop_sec_ctx) > pop_sec_ctx (7000, 1001) - sec_ctx_stack_ndx = 0 >[2012/02/20 14:52:42.107463, 10] registry/reg_backend_db.c:602(regdb_open) > regdb_open: registry db opened. refcount reset (1) >[2012/02/20 14:52:42.107557, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM] >[2012/02/20 14:52:42.107645, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM] >[2012/02/20 14:52:42.107734, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/02/20 14:52:42.107819, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0xb037c0 for key [\HKLM] >[2012/02/20 14:52:42.108020, 10] registry/reg_backend_db.c:1871(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM] >[2012/02/20 14:52:42.108169, 10] ../libcli/security/access_check.c:178(se_access_check) > se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f >[2012/02/20 14:52:42.108270, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[1] [0000] 00 00 00 00 10 00 00 00 00 00 00 00 42 4F AA C0 ........ ....BO.. > [0010] 59 6C 00 00 Yl.. >[2012/02/20 14:52:42.108529, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_OpenHKLM: struct winreg_OpenHKLM > out: struct winreg_OpenHKLM > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000010-0000-0000-424f-aac0596c0000 > result : WERR_OK >[2012/02/20 14:52:42.108961, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_OpenKey: struct winreg_OpenKey > in: struct winreg_OpenKey > parent_handle : * > parent_handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000010-0000-0000-424f-aac0596c0000 > keyname: struct winreg_String > name_len : 0x0080 (128) > name_size : 0x0080 (128) > name : * > name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\poe' > options : 0x00000000 (0) > 0: REG_OPTION_VOLATILE > 0: REG_OPTION_CREATE_LINK > 0: REG_OPTION_BACKUP_RESTORE > 0: REG_OPTION_OPEN_LINK > access_mask : 0x02000000 (33554432) > 0: KEY_QUERY_VALUE > 0: KEY_SET_VALUE > 0: KEY_CREATE_SUB_KEY > 0: KEY_ENUMERATE_SUB_KEYS > 0: KEY_NOTIFY > 0: KEY_CREATE_LINK > 0: KEY_WOW64_64KEY > 0: KEY_WOW64_32KEY >[2012/02/20 14:52:42.110345, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 10 00 00 00 00 00 00 00 42 4F AA C0 ........ ....BO.. > [0010] 59 6C 00 00 Yl.. >[2012/02/20 14:52:42.110559, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [SOFTWARE] >[2012/02/20 14:52:42.110658, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (1->2) >[2012/02/20 14:52:42.110757, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] >[2012/02/20 14:52:42.110844, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE] >[2012/02/20 14:52:42.110934, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/02/20 14:52:42.111031, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0xb037c0 for key [\HKLM\SOFTWARE] >[2012/02/20 14:52:42.111209, 10] registry/reg_backend_db.c:1871(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE] >[2012/02/20 14:52:42.111347, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Microsoft] >[2012/02/20 14:52:42.111443, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (2->3) >[2012/02/20 14:52:42.111537, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] >[2012/02/20 14:52:42.111626, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] >[2012/02/20 14:52:42.111715, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/02/20 14:52:42.111801, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0xb037c0 for key [\HKLM\SOFTWARE\Microsoft] >[2012/02/20 14:52:42.111954, 10] registry/reg_backend_db.c:1871(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft] >[2012/02/20 14:52:42.112091, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (3->2) >[2012/02/20 14:52:42.112182, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Windows NT] >[2012/02/20 14:52:42.112275, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (2->3) >[2012/02/20 14:52:42.112369, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] >[2012/02/20 14:52:42.112458, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] >[2012/02/20 14:52:42.112547, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/02/20 14:52:42.112633, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0xb037c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] >[2012/02/20 14:52:42.112772, 10] registry/reg_backend_db.c:1871(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT] >[2012/02/20 14:52:42.112903, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (3->2) >[2012/02/20 14:52:42.113004, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [CurrentVersion] >[2012/02/20 14:52:42.113097, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (2->3) >[2012/02/20 14:52:42.113219, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] >[2012/02/20 14:52:42.113309, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] >[2012/02/20 14:52:42.113399, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/02/20 14:52:42.113485, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0xb03a20 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] >[2012/02/20 14:52:42.113655, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (3->2) >[2012/02/20 14:52:42.113748, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Print] >[2012/02/20 14:52:42.113839, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (2->3) >[2012/02/20 14:52:42.113934, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] >[2012/02/20 14:52:42.114033, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] >[2012/02/20 14:52:42.114125, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/02/20 14:52:42.114210, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0xb03a20 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] >[2012/02/20 14:52:42.114360, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (3->2) >[2012/02/20 14:52:42.114451, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Printers] >[2012/02/20 14:52:42.114542, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (2->3) >[2012/02/20 14:52:42.114637, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] >[2012/02/20 14:52:42.114729, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] >[2012/02/20 14:52:42.114820, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/02/20 14:52:42.114905, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0xb037c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] >[2012/02/20 14:52:42.115146, 10] registry/reg_backend_db.c:1871(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] >[2012/02/20 14:52:42.115311, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (3->2) >[2012/02/20 14:52:42.115403, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [poe] >[2012/02/20 14:52:42.115497, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (2->3) >[2012/02/20 14:52:42.115594, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\poe] >[2012/02/20 14:52:42.115687, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\poe] >[2012/02/20 14:52:42.115780, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/02/20 14:52:42.115866, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0xb037c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\poe] >[2012/02/20 14:52:42.116025, 10] registry/reg_backend_db.c:1871(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\poe] >[2012/02/20 14:52:42.116163, 10] ../libcli/security/access_check.c:178(se_access_check) > se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f >[2012/02/20 14:52:42.116292, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (3->2) >[2012/02/20 14:52:42.116387, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[2] [0000] 00 00 00 00 11 00 00 00 00 00 00 00 42 4F AA C0 ........ ....BO.. > [0010] 59 6C 00 00 Yl.. >[2012/02/20 14:52:42.116576, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_OpenKey: struct winreg_OpenKey > out: struct winreg_OpenKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000011-0000-0000-424f-aac0596c0000 > result : WERR_OK >[2012/02/20 14:52:42.116969, 2] rpc_client/cli_winreg_spoolss.c:898(winreg_create_printer) > winreg_create_printer: Skipping, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\poe already exists >[2012/02/20 14:52:42.117102, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > in: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000011-0000-0000-424f-aac0596c0000 >[2012/02/20 14:52:42.117405, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 11 00 00 00 00 00 00 00 42 4F AA C0 ........ ....BO.. > [0010] 59 6C 00 00 Yl.. >[2012/02/20 14:52:42.117595, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 11 00 00 00 00 00 00 00 42 4F AA C0 ........ ....BO.. > [0010] 59 6C 00 00 Yl.. >[2012/02/20 14:52:42.117782, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/02/20 14:52:42.117870, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (2->1) >[2012/02/20 14:52:42.117965, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > out: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000000-0000-0000-0000-000000000000 > result : WERR_OK >[2012/02/20 14:52:42.118335, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > in: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000010-0000-0000-424f-aac0596c0000 >[2012/02/20 14:52:42.118641, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 10 00 00 00 00 00 00 00 42 4F AA C0 ........ ....BO.. > [0010] 59 6C 00 00 Yl.. >[2012/02/20 14:52:42.118831, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 10 00 00 00 00 00 00 00 42 4F AA C0 ........ ....BO.. > [0010] 59 6C 00 00 Yl.. >[2012/02/20 14:52:42.119052, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/02/20 14:52:42.119141, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (1->0) >[2012/02/20 14:52:42.119261, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > out: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000000-0000-0000-0000-000000000000 > result : WERR_OK >[2012/02/20 14:52:42.119678, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > spoolss_OpenPrinterEx: struct spoolss_OpenPrinterEx > out: struct spoolss_OpenPrinterEx > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000000d-0000-0000-424f-aac0596c0000 > result : WERR_OK >[2012/02/20 14:52:42.120052, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP) > api_rpcTNP: called \spoolss successfully >[2012/02/20 14:52:42.120153, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 174 >[2012/02/20 14:52:42.120278, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) > name: \spoolss len: 1024 >[2012/02/20 14:52:42.120371, 10] rpc_server/srv_pipe_hnd.c:346(read_from_internal_pipe) > read_from_pipe: \spoolss: fault_state = 0 : data_sent_length = 0, p->out_data.rdata.length = 24. >[2012/02/20 14:52:42.120480, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) > &r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_RESPONSE (2) > pfc_flags : 0x03 (3) > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x0030 (48) > auth_length : 0x0000 (0) > call_id : 0x00000002 (2) > u : union dcerpc_payload(case 2) > response: struct dcerpc_response > alloc_hint : 0x00000018 (24) > context_id : 0x0000 (0) > cancel_count : 0x00 (0) > _pad : DATA_BLOB length=0 > stub_and_verifier : DATA_BLOB length=24 > [0000] 00 00 00 00 0D 00 00 00 00 00 00 00 42 4F AA C0 ........ ....BO.. > [0010] 59 6C 00 00 00 00 00 00 Yl...... >[2012/02/20 14:52:42.121503, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) > free_pipe_context: destroying talloc pool of size 1341 >[2012/02/20 14:52:42.121596, 10] rpc_server/rpc_handles.c:307(close_policy_by_pipe) > close_policy_by_pipe: deleted handle list for pipe \winreg >[2012/02/20 14:52:42.121708, 10] rpc_server/srv_pipe_hnd.c:788(np_read_recv) > Received 48 bytes. There is no more data outstanding >[2012/02/20 14:52:42.121801, 5] smbd/ipc.c:62(copy_trans_params_and_data) > copy_trans_params_and_data: params[0..0] data[0..48] (align 0) >[2012/02/20 14:52:42.121891, 5] lib/util.c:332(show_msg) >[2012/02/20 14:52:42.121948, 5] lib/util.c:342(show_msg) > size=104 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51203 > smb_tid=2 > smb_pid=1620 > smb_uid=100 > smb_mid=22657 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 48 (0x30) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 48 (0x30) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=49 >[2012/02/20 14:52:42.122756, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 05 00 02 03 10 00 00 00 30 00 00 00 02 00 00 ........ .0...... > [0010] 00 18 00 00 00 00 00 00 00 00 00 00 00 0D 00 00 ........ ........ > [0020] 00 00 00 00 00 42 4F AA C0 59 6C 00 00 00 00 00 .....BO. .Yl..... > [0030] 00 . >[2012/02/20 14:52:42.123180, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 76 >[2012/02/20 14:52:42.123301, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x4c >[2012/02/20 14:52:42.123422, 3] smbd/process.c:1662(process_smb) > Transaction 35 of length 80 (0 toread) >[2012/02/20 14:52:42.123508, 5] lib/util.c:332(show_msg) >[2012/02/20 14:52:42.123558, 5] lib/util.c:342(show_msg) > size=76 > smb_com=0x75 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=0 > smb_pid=65279 > smb_uid=100 > smb_mid=22722 > smt_wct=4 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 76 (0x4C) > smb_vwv[ 2]= 8 (0x8) > smb_vwv[ 3]= 1 (0x1) > smb_bcc=33 >[2012/02/20 14:52:42.124227, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 5C 00 5C 00 45 00 41 00 52 00 54 00 48 00 5C .\.\.E.A .R.T.H.\ > [0010] 00 4D 00 49 00 52 00 4F 00 00 00 3F 3F 3F 3F 3F .M.I.R.O ...????? > [0020] 00 . >[2012/02/20 14:52:42.124486, 3] smbd/process.c:1467(switch_message) > switch message SMBtconX (pid 27737) conn 0x0 >[2012/02/20 14:52:42.124576, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2012/02/20 14:52:42.124666, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2012/02/20 14:52:42.124752, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2012/02/20 14:52:42.124901, 5] smbd/uid.c:400(change_to_root_user) > change_to_root_user: now uid=(0,0) gid=(0,0) >[2012/02/20 14:52:42.125020, 4] smbd/reply.c:794(reply_tcon_and_X) > Client requested device type [?????] for share [MIRO] >[2012/02/20 14:52:42.125132, 5] smbd/service.c:1321(make_connection) > making a connection to 'normal' service miro >[2012/02/20 14:52:42.125233, 3] lib/access.c:338(allow_access) > Allowed connection from 10.10.20.205 (10.10.20.205) >[2012/02/20 14:52:42.125324, 10] smbd/share_access.c:241(user_ok_token) > user_ok_token: share miro is ok for unix user winguest >[2012/02/20 14:52:42.125432, 5] lib/username.c:171(Get_Pwnam_alloc) > Finding user winguest >[2012/02/20 14:52:42.125522, 5] lib/username.c:116(Get_Pwnam_internals) > Trying _Get_Pwnam(), username as lowercase is winguest >[2012/02/20 14:52:42.125613, 5] lib/username.c:149(Get_Pwnam_internals) > Get_Pwnam_internals did find user [winguest]! >[2012/02/20 14:52:42.125717, 10] smbd/service.c:162(set_conn_connectpath) > set_conn_connectpath: service miro, connectpath = /var/spool/samba >[2012/02/20 14:52:42.125810, 3] smbd/service.c:837(make_connection_snum) > Connect path is '/var/spool/samba' for service [miro] >[2012/02/20 14:52:42.125931, 10] ../libcli/security/access_check.c:58(se_map_generic) > se_map_generic(): mapped mask 0x10000000 to 0x001f01ff >[2012/02/20 14:52:42.126039, 10] ../libcli/security/access_check.c:178(se_access_check) > se_access_check: MAX desired = 0x2000000, granted = 0x101f01ff, remaining = 0x101f01ff >[2012/02/20 14:52:42.126130, 3] smbd/vfs.c:102(vfs_init_default) > Initialising default vfs hooks >[2012/02/20 14:52:42.126216, 3] smbd/vfs.c:128(vfs_init_custom) > Initialising custom vfs hooks from [/[Default VFS]/] >[2012/02/20 14:52:42.126303, 10] smbd/vfs.c:53(vfs_find_backend_entry) > vfs_find_backend_entry called for /[Default VFS]/ > Successfully loaded vfs module [/[Default VFS]/] with the new modules system >[2012/02/20 14:52:42.126432, 5] smbd/connection.c:134(claim_connection) > claiming [miro] >[2012/02/20 14:52:42.126649, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) > Locking key 596C0000FFFFFFFFB31B >[2012/02/20 14:52:42.126753, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) > Allocated locked data 0x0x96ad180 >[2012/02/20 14:52:42.126873, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) > Unlocking key 596C0000FFFFFFFFB31B >[2012/02/20 14:52:42.127137, 10] smbd/service.c:162(set_conn_connectpath) > set_conn_connectpath: service miro, connectpath = /var/spool/samba >[2012/02/20 14:52:42.127235, 10] smbd/share_access.c:241(user_ok_token) > user_ok_token: share miro is ok for unix user winguest >[2012/02/20 14:52:42.127332, 3] ../libcli/security/dom_sid.c:208(dom_sid_parse_endp) > string_to_sid: SID @Domain is not in a valid format >[2012/02/20 14:52:42.127548, 5] auth/user_util.c:148(user_in_netgroup) > Unable to get default yp domain, let's try without specifying it >[2012/02/20 14:52:42.127663, 5] auth/user_util.c:152(user_in_netgroup) > looking for user winguest of domain (ANY) in netgroup Domain >[2012/02/20 14:52:42.130117, 10] passdb/lookup_sid.c:76(lookup_name) > lookup_name: CO-RA\Domain => domain=[CO-RA], name=[Domain] >[2012/02/20 14:52:42.130378, 10] passdb/lookup_sid.c:77(lookup_name) > lookup_name: flags = 0x077 >[2012/02/20 14:52:42.130530, 4] smbd/sec_ctx.c:214(push_sec_ctx) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >[2012/02/20 14:52:42.130678, 4] smbd/uid.c:460(push_conn_ctx) > push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >[2012/02/20 14:52:42.130815, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2012/02/20 14:52:42.130966, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2012/02/20 14:52:42.131101, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2012/02/20 14:52:42.131355, 5] lib/smbldap.c:1439(smbldap_search_ext) > smbldap_search_ext: base => [dc=nwra,dc=com], filter => [(&(objectClass=sambaGroupMapping)(|(displayName=Domain)(cn=Domain)))], scope => [2] >[2012/02/20 14:52:42.134324, 4] passdb/pdb_ldap.c:2543(ldapsam_getgroup) > ldapsam_getgroup: Did not find group, filter was (&(objectClass=sambaGroupMapping)(|(displayName=Domain)(cn=Domain))) >[2012/02/20 14:52:42.134643, 4] smbd/sec_ctx.c:422(pop_sec_ctx) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2012/02/20 14:52:42.134818, 10] passdb/lookup_sid.c:76(lookup_name) > lookup_name: Unix Group\Domain => domain=[Unix Group], name=[Domain] >[2012/02/20 14:52:42.134971, 10] passdb/lookup_sid.c:77(lookup_name) > lookup_name: flags = 0x077 >[2012/02/20 14:52:42.143244, 5] smbd/share_access.c:120(token_contains_name) > lookup_name Domain failed >[2012/02/20 14:52:42.143606, 3] ../libcli/security/dom_sid.c:208(dom_sid_parse_endp) > string_to_sid: SID Admins is not in a valid format >[2012/02/20 14:52:42.143777, 10] passdb/lookup_sid.c:76(lookup_name) > lookup_name: CO-RA\Admins => domain=[CO-RA], name=[Admins] >[2012/02/20 14:52:42.143905, 10] passdb/lookup_sid.c:77(lookup_name) > lookup_name: flags = 0x073 >[2012/02/20 14:52:42.144051, 4] smbd/sec_ctx.c:214(push_sec_ctx) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >[2012/02/20 14:52:42.144149, 4] smbd/uid.c:460(push_conn_ctx) > push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >[2012/02/20 14:52:42.144236, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2012/02/20 14:52:42.144322, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2012/02/20 14:52:42.144408, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2012/02/20 14:52:42.144598, 5] lib/smbldap.c:1439(smbldap_search_ext) > smbldap_search_ext: base => [dc=nwra,dc=com], filter => [(&(uid=Admins)(objectclass=sambaSamAccount))], scope => [2] >[2012/02/20 14:52:42.146693, 4] passdb/pdb_ldap.c:1581(ldapsam_getsampwnam) > ldapsam_getsampwnam: Unable to locate user [Admins] count=0 >[2012/02/20 14:52:42.147045, 4] smbd/sec_ctx.c:422(pop_sec_ctx) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2012/02/20 14:52:42.147213, 4] smbd/sec_ctx.c:214(push_sec_ctx) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >[2012/02/20 14:52:42.147362, 4] smbd/uid.c:460(push_conn_ctx) > push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >[2012/02/20 14:52:42.147492, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2012/02/20 14:52:42.147622, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2012/02/20 14:52:42.147752, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2012/02/20 14:52:42.148010, 5] lib/smbldap.c:1439(smbldap_search_ext) > smbldap_search_ext: base => [dc=nwra,dc=com], filter => [(&(objectClass=sambaGroupMapping)(|(displayName=Admins)(cn=Admins)))], scope => [2] >[2012/02/20 14:52:42.151569, 4] passdb/pdb_ldap.c:2543(ldapsam_getgroup) > ldapsam_getgroup: Did not find group, filter was (&(objectClass=sambaGroupMapping)(|(displayName=Admins)(cn=Admins))) >[2012/02/20 14:52:42.151905, 4] smbd/sec_ctx.c:422(pop_sec_ctx) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2012/02/20 14:52:42.152083, 10] passdb/lookup_sid.c:76(lookup_name) > lookup_name: Unix User\Admins => domain=[Unix User], name=[Admins] >[2012/02/20 14:52:42.152220, 10] passdb/lookup_sid.c:77(lookup_name) > lookup_name: flags = 0x073 >[2012/02/20 14:52:42.152395, 5] lib/username.c:171(Get_Pwnam_alloc) > Finding user Admins >[2012/02/20 14:52:42.152541, 5] lib/username.c:116(Get_Pwnam_internals) > Trying _Get_Pwnam(), username as lowercase is admins >[2012/02/20 14:52:42.157548, 5] lib/username.c:124(Get_Pwnam_internals) > Trying _Get_Pwnam(), username as given is Admins >[2012/02/20 14:52:42.162316, 5] lib/username.c:134(Get_Pwnam_internals) > Trying _Get_Pwnam(), username as uppercase is ADMINS >[2012/02/20 14:52:42.167066, 5] lib/username.c:143(Get_Pwnam_internals) > Checking combinations of 0 uppercase letters in admins >[2012/02/20 14:52:42.167335, 5] lib/username.c:149(Get_Pwnam_internals) > Get_Pwnam_internals didn't find user [Admins]! >[2012/02/20 14:52:42.167476, 5] smbd/share_access.c:104(token_contains_name) > lookup_name Admins failed >[2012/02/20 14:52:42.167610, 10] smbd/share_access.c:286(is_share_read_only_for_token) > is_share_read_only_for_user: share miro is read-write for unix user winguest >[2012/02/20 14:52:42.167811, 10] ../libcli/security/access_check.c:58(se_map_generic) > se_map_generic(): mapped mask 0x10000000 to 0x001f01ff >[2012/02/20 14:52:42.168009, 10] ../libcli/security/access_check.c:58(se_map_generic) > se_map_generic(): mapped mask 0x10000000 to 0x001f01ff >[2012/02/20 14:52:42.168223, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (7000, 1001) - sec_ctx_stack_ndx = 0 >[2012/02/20 14:52:42.168376, 5] ../libcli/security/security_token.c:63(security_token_debug) > Security token SIDs (7): > SID[ 0]: S-1-5-21-2426356435-4251213716-997332971-501 > SID[ 1]: S-1-5-21-2426356435-4251213716-997332971-513 > SID[ 2]: S-1-1-0 > SID[ 3]: S-1-5-2 > SID[ 4]: S-1-5-11 > SID[ 5]: S-1-22-1-7000 > SID[ 6]: S-1-22-2-1001 > Privileges (0x 0): > Rights (0x 0): >[2012/02/20 14:52:42.169102, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 7000 > Primary group is 1001 and contains 1 supplementary groups > Group[ 0]: 1001 >[2012/02/20 14:52:42.169379, 5] smbd/uid.c:317(change_to_user_internal) > Impersonated user: uid=(0,7000), gid=(0,1001) >[2012/02/20 14:52:42.169494, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2012/02/20 14:52:42.169584, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2012/02/20 14:52:42.169670, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2012/02/20 14:52:42.169809, 5] smbd/uid.c:400(change_to_root_user) > change_to_root_user: now uid=(0,0) gid=(0,0) >[2012/02/20 14:52:42.169932, 10] smbd/service.c:162(set_conn_connectpath) > set_conn_connectpath: service miro, connectpath = /var/spool/samba >[2012/02/20 14:52:42.170060, 1] smbd/service.c:1081(make_connection_snum) > hestia (10.10.20.205) connect to service miro initially as user winguest (uid=7000, gid=1001) (pid 27737) >[2012/02/20 14:52:42.170176, 3] smbd/reply.c:871(reply_tcon_and_X) > tconX service=MIRO >[2012/02/20 14:52:42.170354, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 4240 >[2012/02/20 14:52:42.170474, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x1090 >[2012/02/20 14:52:42.170563, 3] smbd/process.c:1662(process_smb) > Transaction 36 of length 4244 (0 toread) >[2012/02/20 14:52:42.170689, 5] lib/util.c:332(show_msg) >[2012/02/20 14:52:42.170740, 5] lib/util.c:342(show_msg) > size=4240 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=2 > smb_pid=1620 > smb_uid=100 > smb_mid=22785 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 4156 (0x103C) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 4156 (0x103C) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=15584 (0x3CE0) > smb_bcc=4173 >[2012/02/20 14:52:42.171797, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... > [0010] 00 05 00 00 03 10 00 00 00 3C 10 00 00 03 00 00 ........ .<...... > [0020] 00 24 10 00 00 00 00 08 00 00 00 00 00 0D 00 00 .$...... ........ > [0030] 00 00 00 00 00 42 4F AA C0 59 6C 00 00 02 00 00 .....BO. .Yl..... > [0040] 00 00 00 02 00 00 10 00 00 00 00 00 00 00 00 00 ........ ........ > [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ >[2012/02/20 14:52:42.174253, 3] smbd/process.c:1467(switch_message) > switch message SMBtrans (pid 27737) conn 0x9697a50 >[2012/02/20 14:52:42.174351, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (7000, 1001) - sec_ctx_stack_ndx = 0 >[2012/02/20 14:52:42.174443, 5] ../libcli/security/security_token.c:63(security_token_debug) > Security token SIDs (7): > SID[ 0]: S-1-5-21-2426356435-4251213716-997332971-501 > SID[ 1]: S-1-5-21-2426356435-4251213716-997332971-513 > SID[ 2]: S-1-1-0 > SID[ 3]: S-1-5-2 > SID[ 4]: S-1-5-11 > SID[ 5]: S-1-22-1-7000 > SID[ 6]: S-1-22-2-1001 > Privileges (0x 0): > Rights (0x 0): >[2012/02/20 14:52:42.174876, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 7000 > Primary group is 1001 and contains 1 supplementary groups > Group[ 0]: 1001 >[2012/02/20 14:52:42.175094, 5] smbd/uid.c:317(change_to_user_internal) > Impersonated user: uid=(0,7000), gid=(0,1001) >[2012/02/20 14:52:42.175209, 3] smbd/ipc.c:560(handle_trans) > trans <\PIPE\> data=4156 params=0 setup=2 >[2012/02/20 14:52:42.175303, 5] smbd/ipc.c:593(handle_trans) > calling named_pipe >[2012/02/20 14:52:42.175387, 3] smbd/ipc.c:511(named_pipe) > named pipe command on <> name >[2012/02/20 14:52:42.175473, 5] smbd/ipc.c:434(api_fd_reply) > api_fd_reply >[2012/02/20 14:52:42.175557, 3] smbd/ipc.c:475(api_fd_reply) > Got API command 0x26 on pipe "spoolss" (pnum 3ce0) >[2012/02/20 14:52:42.175645, 10] smbd/ipc.c:477(api_fd_reply) > api_fd_reply: p:0x9617028 max_trans_reply: 1024 >[2012/02/20 14:52:42.175737, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) > np_write_send: len: 4156 >[2012/02/20 14:52:42.175827, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 4156 >[2012/02/20 14:52:42.175914, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 4156 >[2012/02/20 14:52:42.176011, 10] rpc_server/srv_pipe_hnd.c:50(fill_rpc_header) > fill_rpc_header: data_to_copy = 4156, len_needed_to_complete_hdr = 16, receive_len = 0 >[2012/02/20 14:52:42.176101, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 16 >[2012/02/20 14:52:42.176186, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 4140 >[2012/02/20 14:52:42.176272, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 4140 >[2012/02/20 14:52:42.176362, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 0 >[2012/02/20 14:52:42.176447, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 4140 >[2012/02/20 14:52:42.176532, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 4140, incoming data = 4140 >[2012/02/20 14:52:42.176627, 10] rpc_server/srv_pipe.c:1877(process_complete_pdu) > PDU is in Little Endian format! >[2012/02/20 14:52:42.176730, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) > r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_REQUEST (0) > pfc_flags : 0x03 (3) > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x103c (4156) > auth_length : 0x0000 (0) > call_id : 0x00000003 (3) > u : union dcerpc_payload(case 0) > request: struct dcerpc_request > alloc_hint : 0x00001024 (4132) > context_id : 0x0000 (0) > opnum : 0x0008 (8) > object : union dcerpc_object(case 0) > empty: struct dcerpc_empty > _pad : DATA_BLOB length=0 > stub_and_verifier : DATA_BLOB length=4132 > [0000] 00 00 00 00 0D 00 00 00 00 00 00 00 42 4F AA C0 ........ ....BO.. > [0010] 59 6C 00 00 02 00 00 00 00 00 02 00 00 10 00 00 Yl...... ........ > [0020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0040] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0200] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0210] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0220] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0230] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0240] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0250] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0260] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0270] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0280] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0290] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [02A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [02B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [02C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [02D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [02E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [02F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0300] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0310] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0320] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0330] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0340] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0350] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0360] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0370] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0380] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0390] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [03A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [03B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [03C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [03D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [03E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [03F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0400] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0410] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0420] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0430] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0440] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0450] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0460] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0470] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0480] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0490] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [04A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [04B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [04C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [04D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [04E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [04F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0500] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0510] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0520] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0530] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0540] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0550] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0560] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0570] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0580] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0590] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [05A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [05B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [05C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [05D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [05E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [05F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0600] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0610] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0620] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0630] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0640] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0650] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0660] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0670] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0680] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0690] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [06A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [06B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [06C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [06D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [06E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [06F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0700] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0710] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0720] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0730] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0740] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0750] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0760] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0770] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0780] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0790] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [07A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [07B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [07C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [07D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [07E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [07F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0800] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0810] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0820] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0830] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0840] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0850] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0860] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0870] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0880] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0890] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [08A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [08B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [08C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [08D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [08E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [08F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0900] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0910] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0920] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0930] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0940] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0950] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0960] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0970] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0980] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0990] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [09A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [09B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [09C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [09D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [09E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [09F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0A00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0A10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0A20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0A30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0A40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0A50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0A60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0A70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0A80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0A90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0AA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0AB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0AC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0AD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0AE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0AF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0B00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0B10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0B20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0B30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0B40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0B50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0B60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0B70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0B80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0B90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0BA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0BB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0BC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0BD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0BE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0BF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0C00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0C10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0C20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0C30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0C40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0C50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0C60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0C70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0C80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0C90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0CA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0CB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0CC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0CD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0CE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0CF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0D00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0D10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0D20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0D30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0D40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0D50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0D60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0D70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0D80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0D90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0DA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0DB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0DC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0DD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0DE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0DF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0E00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0E10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0E20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0E30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0E40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0E50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0E60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0E70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0E80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0E90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0EA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0EB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0EC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0ED0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0EE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0EF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0F00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0F10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0F20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0F30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0F40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0F50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0F60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0F70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0F80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0F90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0FA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0FB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0FC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0FD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0FE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0FF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1010] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1020] 00 10 00 00 .... >[2012/02/20 14:52:42.204428, 10] rpc_server/srv_pipe.c:1890(process_complete_pdu) > Processing packet type 0 >[2012/02/20 14:52:42.204543, 10] rpc_server/srv_pipe.c:1734(dcesrv_auth_request) > Checking request auth. >[2012/02/20 14:52:42.204647, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) > Requested \PIPE\\spoolss >[2012/02/20 14:52:42.204795, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) > api_rpcTNP: \spoolss op 0x8 - api_rpcTNP: rpc command: SPOOLSS_GETPRINTER >[2012/02/20 14:52:42.204891, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) > api_rpc_cmds[8].fn == 0x442b10 >[2012/02/20 14:52:42.205015, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > spoolss_GetPrinter: struct spoolss_GetPrinter > in: struct spoolss_GetPrinter > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000000d-0000-0000-424f-aac0596c0000 > level : 0x00000002 (2) > buffer : * > buffer : DATA_BLOB length=4096 > [0000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0010] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0040] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0200] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0210] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0220] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0230] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0240] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0250] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0260] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0270] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0280] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0290] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [02A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [02B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [02C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [02D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [02E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [02F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0300] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0310] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0320] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0330] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0340] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0350] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0360] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0370] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0380] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0390] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [03A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [03B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [03C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [03D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [03E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [03F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0400] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0410] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0420] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0430] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0440] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0450] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0460] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0470] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0480] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0490] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [04A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [04B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [04C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [04D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [04E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [04F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0500] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0510] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0520] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0530] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0540] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0550] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0560] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0570] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0580] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0590] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [05A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [05B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [05C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [05D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [05E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [05F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0600] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0610] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0620] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0630] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0640] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0650] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0660] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0670] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0680] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0690] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [06A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [06B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [06C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [06D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [06E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [06F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0700] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0710] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0720] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0730] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0740] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0750] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0760] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0770] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0780] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0790] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [07A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [07B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [07C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [07D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [07E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [07F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0800] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0810] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0820] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0830] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0840] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0850] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0860] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0870] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0880] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0890] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [08A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [08B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [08C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [08D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [08E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [08F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0900] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0910] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0920] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0930] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0940] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0950] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0960] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0970] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0980] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0990] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [09A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [09B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [09C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [09D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [09E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [09F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0A00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0A10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0A20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0A30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0A40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0A50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0A60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0A70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0A80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0A90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0AA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0AB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0AC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0AD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0AE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0AF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0B00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0B10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0B20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0B30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0B40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0B50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0B60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0B70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0B80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0B90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0BA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0BB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0BC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0BD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0BE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0BF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0C00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0C10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0C20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0C30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0C40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0C50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0C60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0C70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0C80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0C90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0CA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0CB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0CC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0CD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0CE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0CF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0D00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0D10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0D20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0D30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0D40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0D50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0D60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0D70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0D80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0D90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0DA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0DB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0DC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0DD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0DE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0DF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0E00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0E10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0E20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0E30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0E40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0E50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0E60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0E70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0E80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0E90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0EA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0EB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0EC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0ED0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0EE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0EF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0F00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0F10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0F20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0F30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0F40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0F50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0F60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0F70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0F80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0F90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0FA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0FB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0FC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0FD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0FE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0FF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > offered : 0x00001000 (4096) >[2012/02/20 14:52:42.231083, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 0D 00 00 00 00 00 00 00 42 4F AA C0 ........ ....BO.. > [0010] 59 6C 00 00 Yl.. >[2012/02/20 14:52:42.231297, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 0D 00 00 00 00 00 00 00 42 4F AA C0 ........ ....BO.. > [0010] 59 6C 00 00 Yl.. >[2012/02/20 14:52:42.231485, 4] rpc_server/spoolss/srv_spoolss_nt.c:504(get_printer_snum) > short name:poe >[2012/02/20 14:52:42.231589, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) > Create pipe requested \winreg >[2012/02/20 14:52:42.231692, 10] rpc_server/rpc_handles.c:116(init_pipe_handles) > init_pipe_handle_list: created handle list for pipe \winreg >[2012/02/20 14:52:42.231784, 10] rpc_server/rpc_handles.c:133(init_pipe_handles) > init_pipe_handle_list: pipe_handles ref count = 1 for pipe \winreg >[2012/02/20 14:52:42.231893, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) > Created internal pipe \winreg (pipes_open=0) >[2012/02/20 14:52:42.232058, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_OpenHKLM: struct winreg_OpenHKLM > in: struct winreg_OpenHKLM > system_name : NULL > access_mask : 0x02000000 (33554432) > 0: KEY_QUERY_VALUE > 0: KEY_SET_VALUE > 0: KEY_CREATE_SUB_KEY > 0: KEY_ENUMERATE_SUB_KEYS > 0: KEY_NOTIFY > 0: KEY_CREATE_LINK > 0: KEY_WOW64_64KEY > 0: KEY_WOW64_32KEY >[2012/02/20 14:52:42.232592, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [HKLM] >[2012/02/20 14:52:42.232690, 4] smbd/sec_ctx.c:214(push_sec_ctx) > push_sec_ctx(7000, 1001) : sec_ctx_stack_ndx = 1 >[2012/02/20 14:52:42.232785, 4] smbd/uid.c:460(push_conn_ctx) > push_conn_ctx(100) : conn_ctx_stack_ndx = 0 >[2012/02/20 14:52:42.232870, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2012/02/20 14:52:42.232965, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2012/02/20 14:52:42.233051, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2012/02/20 14:52:42.233330, 4] smbd/sec_ctx.c:422(pop_sec_ctx) > pop_sec_ctx (7000, 1001) - sec_ctx_stack_ndx = 0 >[2012/02/20 14:52:42.233432, 10] registry/reg_backend_db.c:602(regdb_open) > regdb_open: registry db opened. refcount reset (1) >[2012/02/20 14:52:42.233527, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM] >[2012/02/20 14:52:42.233615, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM] >[2012/02/20 14:52:42.233704, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/02/20 14:52:42.233791, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0xb037c0 for key [\HKLM] >[2012/02/20 14:52:42.233966, 10] registry/reg_backend_db.c:1871(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM] >[2012/02/20 14:52:42.234147, 10] ../libcli/security/access_check.c:178(se_access_check) > se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f >[2012/02/20 14:52:42.234252, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[1] [0000] 00 00 00 00 12 00 00 00 00 00 00 00 42 4F AA C0 ........ ....BO.. > [0010] 59 6C 00 00 Yl.. >[2012/02/20 14:52:42.234484, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_OpenHKLM: struct winreg_OpenHKLM > out: struct winreg_OpenHKLM > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000012-0000-0000-424f-aac0596c0000 > result : WERR_OK >[2012/02/20 14:52:42.234893, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_OpenKey: struct winreg_OpenKey > in: struct winreg_OpenKey > parent_handle : * > parent_handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000012-0000-0000-424f-aac0596c0000 > keyname: struct winreg_String > name_len : 0x0080 (128) > name_size : 0x0080 (128) > name : * > name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\poe' > options : 0x00000000 (0) > 0: REG_OPTION_VOLATILE > 0: REG_OPTION_CREATE_LINK > 0: REG_OPTION_BACKUP_RESTORE > 0: REG_OPTION_OPEN_LINK > access_mask : 0x02000000 (33554432) > 0: KEY_QUERY_VALUE > 0: KEY_SET_VALUE > 0: KEY_CREATE_SUB_KEY > 0: KEY_ENUMERATE_SUB_KEYS > 0: KEY_NOTIFY > 0: KEY_CREATE_LINK > 0: KEY_WOW64_64KEY > 0: KEY_WOW64_32KEY >[2012/02/20 14:52:42.236173, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 12 00 00 00 00 00 00 00 42 4F AA C0 ........ ....BO.. > [0010] 59 6C 00 00 Yl.. >[2012/02/20 14:52:42.236381, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [SOFTWARE] >[2012/02/20 14:52:42.236475, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (1->2) >[2012/02/20 14:52:42.236573, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] >[2012/02/20 14:52:42.236663, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE] >[2012/02/20 14:52:42.236753, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/02/20 14:52:42.236839, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0xb037c0 for key [\HKLM\SOFTWARE] >[2012/02/20 14:52:42.237018, 10] registry/reg_backend_db.c:1871(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE] >[2012/02/20 14:52:42.237161, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Microsoft] >[2012/02/20 14:52:42.237256, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (2->3) >[2012/02/20 14:52:42.237350, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] >[2012/02/20 14:52:42.237440, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] >[2012/02/20 14:52:42.237530, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/02/20 14:52:42.237616, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0xb037c0 for key [\HKLM\SOFTWARE\Microsoft] >[2012/02/20 14:52:42.237764, 10] registry/reg_backend_db.c:1871(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft] >[2012/02/20 14:52:42.237900, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (3->2) >[2012/02/20 14:52:42.238077, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Windows NT] >[2012/02/20 14:52:42.238177, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (2->3) >[2012/02/20 14:52:42.238273, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] >[2012/02/20 14:52:42.238362, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] >[2012/02/20 14:52:42.238452, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/02/20 14:52:42.238538, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0xb037c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] >[2012/02/20 14:52:42.238689, 10] registry/reg_backend_db.c:1871(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT] >[2012/02/20 14:52:42.238828, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (3->2) >[2012/02/20 14:52:42.238922, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [CurrentVersion] >[2012/02/20 14:52:42.239054, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (2->3) >[2012/02/20 14:52:42.239152, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] >[2012/02/20 14:52:42.239241, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] >[2012/02/20 14:52:42.239333, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/02/20 14:52:42.239419, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0xb03a20 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] >[2012/02/20 14:52:42.239632, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (3->2) >[2012/02/20 14:52:42.239753, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Print] >[2012/02/20 14:52:42.239847, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (2->3) >[2012/02/20 14:52:42.239944, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] >[2012/02/20 14:52:42.240042, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] >[2012/02/20 14:52:42.240134, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/02/20 14:52:42.240220, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0xb03a20 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] >[2012/02/20 14:52:42.240373, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (3->2) >[2012/02/20 14:52:42.240466, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Printers] >[2012/02/20 14:52:42.240555, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (2->3) >[2012/02/20 14:52:42.240651, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] >[2012/02/20 14:52:42.240741, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] >[2012/02/20 14:52:42.240832, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/02/20 14:52:42.240918, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0xb037c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] >[2012/02/20 14:52:42.241076, 10] registry/reg_backend_db.c:1871(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] >[2012/02/20 14:52:42.241275, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (3->2) >[2012/02/20 14:52:42.241373, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [poe] >[2012/02/20 14:52:42.241464, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (2->3) >[2012/02/20 14:52:42.241559, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\poe] >[2012/02/20 14:52:42.241652, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\poe] >[2012/02/20 14:52:42.241744, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/02/20 14:52:42.241904, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0xb037c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\poe] >[2012/02/20 14:52:42.242077, 10] registry/reg_backend_db.c:1871(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\poe] >[2012/02/20 14:52:42.242219, 10] ../libcli/security/access_check.c:178(se_access_check) > se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f >[2012/02/20 14:52:42.242319, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (3->2) >[2012/02/20 14:52:42.242414, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[2] [0000] 00 00 00 00 13 00 00 00 00 00 00 00 42 4F AA C0 ........ ....BO.. > [0010] 59 6C 00 00 Yl.. >[2012/02/20 14:52:42.242606, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_OpenKey: struct winreg_OpenKey > out: struct winreg_OpenKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000013-0000-0000-424f-aac0596c0000 > result : WERR_OK >[2012/02/20 14:52:42.243017, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_QueryInfoKey: struct winreg_QueryInfoKey > in: struct winreg_QueryInfoKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000013-0000-0000-424f-aac0596c0000 > classname : * > classname: struct winreg_String > name_len : 0x0000 (0) > name_size : 0x0000 (0) > name : NULL >[2012/02/20 14:52:42.243527, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 13 00 00 00 00 00 00 00 42 4F AA C0 ........ ....BO.. > [0010] 59 6C 00 00 Yl.. >[2012/02/20 14:52:42.243820, 10] registry/reg_dispatcher.c:150(fetch_reg_values) > fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\poe' (ops 0xb037c0) >[2012/02/20 14:52:42.243925, 10] registry/reg_backend_db.c:1764(regdb_fetch_values_internal) > regdb_fetch_values: Looking for value of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\poe] >[2012/02/20 14:52:42.244073, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) > specific: [Attributes], len: 4 >[2012/02/20 14:52:42.244166, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) > specific: [Description], len: 2 >[2012/02/20 14:52:42.244256, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) > specific: [Datatype], len: 8 >[2012/02/20 14:52:42.244370, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) > specific: [Default Priority], len: 4 >[2012/02/20 14:52:42.244460, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) > specific: [Port], len: 38 >[2012/02/20 14:52:42.244585, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) > specific: [Name], len: 8 >[2012/02/20 14:52:42.244678, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) > specific: [Print Processor], len: 18 >[2012/02/20 14:52:42.244768, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) > specific: [Priority], len: 4 >[2012/02/20 14:52:42.244859, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) > specific: [Security], len: 248 >[2012/02/20 14:52:42.244960, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) > specific: [Share Name], len: 8 >[2012/02/20 14:52:42.245052, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) > specific: [StartTime], len: 4 >[2012/02/20 14:52:42.245186, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) > specific: [UntilTime], len: 4 >[2012/02/20 14:52:42.245280, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) > specific: [ChangeID], len: 4 >[2012/02/20 14:52:42.245373, 10] registry/reg_backend_db.c:1871(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\poe] >[2012/02/20 14:52:42.245526, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_QueryInfoKey: struct winreg_QueryInfoKey > out: struct winreg_QueryInfoKey > classname : * > classname: struct winreg_String > name_len : 0x0000 (0) > name_size : 0x0000 (0) > name : NULL > num_subkeys : * > num_subkeys : 0x00000003 (3) > max_subkeylen : * > max_subkeylen : 0x00000022 (34) > max_classlen : * > max_classlen : 0x00000000 (0) > num_values : * > num_values : 0x0000000d (13) > max_valnamelen : * > max_valnamelen : 0x00000022 (34) > max_valbufsize : * > max_valbufsize : 0x000000f8 (248) > secdescsize : * > secdescsize : 0x00000078 (120) > last_changed_time : * > last_changed_time : NTTIME(0) > result : WERR_OK >[2012/02/20 14:52:42.246663, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000013-0000-0000-424f-aac0596c0000 > enum_index : 0x00000000 (0) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000f8 (248) > length : * > length : 0x00000000 (0) >[2012/02/20 14:52:42.247663, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 13 00 00 00 00 00 00 00 42 4F AA C0 ........ ....BO.. > [0010] 59 6C 00 00 Yl.. >[2012/02/20 14:52:42.247858, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\poe] >[2012/02/20 14:52:42.247997, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x0016 (22) > size : 0x0024 (36) > name : * > name : 'Attributes' > type : * > type : REG_DWORD (4) > value : * > value: ARRAY(4) > [0] : 0x48 (72) > [1] : 0x10 (16) > [2] : 0x00 (0) > [3] : 0x00 (0) > size : * > size : 0x00000004 (4) > length : * > length : 0x00000004 (4) > result : WERR_OK >[2012/02/20 14:52:42.249039, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000013-0000-0000-424f-aac0596c0000 > enum_index : 0x00000001 (1) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000f8 (248) > length : * > length : 0x00000000 (0) >[2012/02/20 14:52:42.250020, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 13 00 00 00 00 00 00 00 42 4F AA C0 ........ ....BO.. > [0010] 59 6C 00 00 Yl.. >[2012/02/20 14:52:42.250212, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\poe] >[2012/02/20 14:52:42.250309, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x0018 (24) > size : 0x0024 (36) > name : * > name : 'Description' > type : * > type : REG_SZ (1) > value : * > value: ARRAY(2) > [0] : 0x00 (0) > [1] : 0x00 (0) > size : * > size : 0x00000002 (2) > length : * > length : 0x00000002 (2) > result : WERR_OK >[2012/02/20 14:52:42.251228, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000013-0000-0000-424f-aac0596c0000 > enum_index : 0x00000002 (2) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000f8 (248) > length : * > length : 0x00000000 (0) >[2012/02/20 14:52:42.252226, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 13 00 00 00 00 00 00 00 42 4F AA C0 ........ ....BO.. > [0010] 59 6C 00 00 Yl.. >[2012/02/20 14:52:42.252417, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\poe] >[2012/02/20 14:52:42.252514, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x0012 (18) > size : 0x0024 (36) > name : * > name : 'Datatype' > type : * > type : REG_SZ (1) > value : * > value: ARRAY(8) > [0] : 0x52 (82) > [1] : 0x00 (0) > [2] : 0x41 (65) > [3] : 0x00 (0) > [4] : 0x57 (87) > [5] : 0x00 (0) > [6] : 0x00 (0) > [7] : 0x00 (0) > size : * > size : 0x00000008 (8) > length : * > length : 0x00000008 (8) > result : WERR_OK >[2012/02/20 14:52:42.253798, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000013-0000-0000-424f-aac0596c0000 > enum_index : 0x00000003 (3) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000f8 (248) > length : * > length : 0x00000000 (0) >[2012/02/20 14:52:42.254847, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 13 00 00 00 00 00 00 00 42 4F AA C0 ........ ....BO.. > [0010] 59 6C 00 00 Yl.. >[2012/02/20 14:52:42.255115, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\poe] >[2012/02/20 14:52:42.255218, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x0022 (34) > size : 0x0024 (36) > name : * > name : 'Default Priority' > type : * > type : REG_DWORD (4) > value : * > value: ARRAY(4) > [0] : 0x01 (1) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > size : * > size : 0x00000004 (4) > length : * > length : 0x00000004 (4) > result : WERR_OK >[2012/02/20 14:52:42.256224, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000013-0000-0000-424f-aac0596c0000 > enum_index : 0x00000004 (4) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000f8 (248) > length : * > length : 0x00000000 (0) >[2012/02/20 14:52:42.257225, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 13 00 00 00 00 00 00 00 42 4F AA C0 ........ ....BO.. > [0010] 59 6C 00 00 Yl.. >[2012/02/20 14:52:42.257450, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\poe] >[2012/02/20 14:52:42.257550, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x000a (10) > size : 0x0024 (36) > name : * > name : 'Port' > type : * > type : REG_SZ (1) > value : * > value: ARRAY(38) > [0] : 0x53 (83) > [1] : 0x00 (0) > [2] : 0x61 (97) > [3] : 0x00 (0) > [4] : 0x6d (109) > [5] : 0x00 (0) > [6] : 0x62 (98) > [7] : 0x00 (0) > [8] : 0x61 (97) > [9] : 0x00 (0) > [10] : 0x20 (32) > [11] : 0x00 (0) > [12] : 0x50 (80) > [13] : 0x00 (0) > [14] : 0x72 (114) > [15] : 0x00 (0) > [16] : 0x69 (105) > [17] : 0x00 (0) > [18] : 0x6e (110) > [19] : 0x00 (0) > [20] : 0x74 (116) > [21] : 0x00 (0) > [22] : 0x65 (101) > [23] : 0x00 (0) > [24] : 0x72 (114) > [25] : 0x00 (0) > [26] : 0x20 (32) > [27] : 0x00 (0) > [28] : 0x50 (80) > [29] : 0x00 (0) > [30] : 0x6f (111) > [31] : 0x00 (0) > [32] : 0x72 (114) > [33] : 0x00 (0) > [34] : 0x74 (116) > [35] : 0x00 (0) > [36] : 0x00 (0) > [37] : 0x00 (0) > size : * > size : 0x00000026 (38) > length : * > length : 0x00000026 (38) > result : WERR_OK >[2012/02/20 14:52:42.260178, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000013-0000-0000-424f-aac0596c0000 > enum_index : 0x00000005 (5) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000f8 (248) > length : * > length : 0x00000000 (0) >[2012/02/20 14:52:42.261151, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 13 00 00 00 00 00 00 00 42 4F AA C0 ........ ....BO.. > [0010] 59 6C 00 00 Yl.. >[2012/02/20 14:52:42.261345, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\poe] >[2012/02/20 14:52:42.261443, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x000a (10) > size : 0x0024 (36) > name : * > name : 'Name' > type : * > type : REG_SZ (1) > value : * > value: ARRAY(8) > [0] : 0x70 (112) > [1] : 0x00 (0) > [2] : 0x6f (111) > [3] : 0x00 (0) > [4] : 0x65 (101) > [5] : 0x00 (0) > [6] : 0x00 (0) > [7] : 0x00 (0) > size : * > size : 0x00000008 (8) > length : * > length : 0x00000008 (8) > result : WERR_OK >[2012/02/20 14:52:42.262773, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000013-0000-0000-424f-aac0596c0000 > enum_index : 0x00000006 (6) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000f8 (248) > length : * > length : 0x00000000 (0) >[2012/02/20 14:52:42.263750, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 13 00 00 00 00 00 00 00 42 4F AA C0 ........ ....BO.. > [0010] 59 6C 00 00 Yl.. >[2012/02/20 14:52:42.263945, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\poe] >[2012/02/20 14:52:42.264050, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x0020 (32) > size : 0x0024 (36) > name : * > name : 'Print Processor' > type : * > type : REG_SZ (1) > value : * > value: ARRAY(18) > [0] : 0x77 (119) > [1] : 0x00 (0) > [2] : 0x69 (105) > [3] : 0x00 (0) > [4] : 0x6e (110) > [5] : 0x00 (0) > [6] : 0x70 (112) > [7] : 0x00 (0) > [8] : 0x72 (114) > [9] : 0x00 (0) > [10] : 0x69 (105) > [11] : 0x00 (0) > [12] : 0x6e (110) > [13] : 0x00 (0) > [14] : 0x74 (116) > [15] : 0x00 (0) > [16] : 0x00 (0) > [17] : 0x00 (0) > size : * > size : 0x00000012 (18) > length : * > length : 0x00000012 (18) > result : WERR_OK >[2012/02/20 14:52:42.265646, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000013-0000-0000-424f-aac0596c0000 > enum_index : 0x00000007 (7) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000f8 (248) > length : * > length : 0x00000000 (0) >[2012/02/20 14:52:42.266621, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 13 00 00 00 00 00 00 00 42 4F AA C0 ........ ....BO.. > [0010] 59 6C 00 00 Yl.. >[2012/02/20 14:52:42.266811, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\poe] >[2012/02/20 14:52:42.266907, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x0012 (18) > size : 0x0024 (36) > name : * > name : 'Priority' > type : * > type : REG_DWORD (4) > value : * > value: ARRAY(4) > [0] : 0x01 (1) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > size : * > size : 0x00000004 (4) > length : * > length : 0x00000004 (4) > result : WERR_OK >[2012/02/20 14:52:42.268083, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000013-0000-0000-424f-aac0596c0000 > enum_index : 0x00000008 (8) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000f8 (248) > length : * > length : 0x00000000 (0) >[2012/02/20 14:52:42.269099, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 13 00 00 00 00 00 00 00 42 4F AA C0 ........ ....BO.. > [0010] 59 6C 00 00 Yl.. >[2012/02/20 14:52:42.269291, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\poe] >[2012/02/20 14:52:42.269392, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x0012 (18) > size : 0x0024 (36) > name : * > name : 'Security' > type : * > type : REG_BINARY (3) > value : * > value: ARRAY(248) > [0] : 0x01 (1) > [1] : 0x00 (0) > [2] : 0x04 (4) > [3] : 0x80 (128) > [4] : 0x14 (20) > [5] : 0x00 (0) > [6] : 0x00 (0) > [7] : 0x00 (0) > [8] : 0x24 (36) > [9] : 0x00 (0) > [10] : 0x00 (0) > [11] : 0x00 (0) > [12] : 0x00 (0) > [13] : 0x00 (0) > [14] : 0x00 (0) > [15] : 0x00 (0) > [16] : 0x34 (52) > [17] : 0x00 (0) > [18] : 0x00 (0) > [19] : 0x00 (0) > [20] : 0x01 (1) > [21] : 0x02 (2) > [22] : 0x00 (0) > [23] : 0x00 (0) > [24] : 0x00 (0) > [25] : 0x00 (0) > [26] : 0x00 (0) > [27] : 0x05 (5) > [28] : 0x20 (32) > [29] : 0x00 (0) > [30] : 0x00 (0) > [31] : 0x00 (0) > [32] : 0x20 (32) > [33] : 0x02 (2) > [34] : 0x00 (0) > [35] : 0x00 (0) > [36] : 0x01 (1) > [37] : 0x02 (2) > [38] : 0x00 (0) > [39] : 0x00 (0) > [40] : 0x00 (0) > [41] : 0x00 (0) > [42] : 0x00 (0) > [43] : 0x05 (5) > [44] : 0x20 (32) > [45] : 0x00 (0) > [46] : 0x00 (0) > [47] : 0x00 (0) > [48] : 0x20 (32) > [49] : 0x02 (2) > [50] : 0x00 (0) > [51] : 0x00 (0) > [52] : 0x02 (2) > [53] : 0x00 (0) > [54] : 0xc4 (196) > [55] : 0x00 (0) > [56] : 0x07 (7) > [57] : 0x00 (0) > [58] : 0x00 (0) > [59] : 0x00 (0) > [60] : 0x00 (0) > [61] : 0x02 (2) > [62] : 0x14 (20) > [63] : 0x00 (0) > [64] : 0x08 (8) > [65] : 0x00 (0) > [66] : 0x02 (2) > [67] : 0x20 (32) > [68] : 0x01 (1) > [69] : 0x01 (1) > [70] : 0x00 (0) > [71] : 0x00 (0) > [72] : 0x00 (0) > [73] : 0x00 (0) > [74] : 0x00 (0) > [75] : 0x01 (1) > [76] : 0x00 (0) > [77] : 0x00 (0) > [78] : 0x00 (0) > [79] : 0x00 (0) > [80] : 0x00 (0) > [81] : 0x09 (9) > [82] : 0x24 (36) > [83] : 0x00 (0) > [84] : 0x0c (12) > [85] : 0x00 (0) > [86] : 0x0f (15) > [87] : 0x10 (16) > [88] : 0x01 (1) > [89] : 0x05 (5) > [90] : 0x00 (0) > [91] : 0x00 (0) > [92] : 0x00 (0) > [93] : 0x00 (0) > [94] : 0x00 (0) > [95] : 0x05 (5) > [96] : 0x15 (21) > [97] : 0x00 (0) > [98] : 0x00 (0) > [99] : 0x00 (0) > [100] : 0xd3 (211) > [101] : 0x42 (66) > [102] : 0x9f (159) > [103] : 0x90 (144) > [104] : 0x94 (148) > [105] : 0x5f (95) > [106] : 0x64 (100) > [107] : 0xfd (253) > [108] : 0xeb (235) > [109] : 0x17 (23) > [110] : 0x72 (114) > [111] : 0x3b (59) > [112] : 0x00 (0) > [113] : 0x02 (2) > [114] : 0x00 (0) > [115] : 0x00 (0) > [116] : 0x00 (0) > [117] : 0x02 (2) > [118] : 0x24 (36) > [119] : 0x00 (0) > [120] : 0x0c (12) > [121] : 0x00 (0) > [122] : 0x0f (15) > [123] : 0x10 (16) > [124] : 0x01 (1) > [125] : 0x05 (5) > [126] : 0x00 (0) > [127] : 0x00 (0) > [128] : 0x00 (0) > [129] : 0x00 (0) > [130] : 0x00 (0) > [131] : 0x05 (5) > [132] : 0x15 (21) > [133] : 0x00 (0) > [134] : 0x00 (0) > [135] : 0x00 (0) > [136] : 0xd3 (211) > [137] : 0x42 (66) > [138] : 0x9f (159) > [139] : 0x90 (144) > [140] : 0x94 (148) > [141] : 0x5f (95) > [142] : 0x64 (100) > [143] : 0xfd (253) > [144] : 0xeb (235) > [145] : 0x17 (23) > [146] : 0x72 (114) > [147] : 0x3b (59) > [148] : 0x00 (0) > [149] : 0x02 (2) > [150] : 0x00 (0) > [151] : 0x00 (0) > [152] : 0x00 (0) > [153] : 0x09 (9) > [154] : 0x18 (24) > [155] : 0x00 (0) > [156] : 0x0c (12) > [157] : 0x00 (0) > [158] : 0x0f (15) > [159] : 0x10 (16) > [160] : 0x01 (1) > [161] : 0x02 (2) > [162] : 0x00 (0) > [163] : 0x00 (0) > [164] : 0x00 (0) > [165] : 0x00 (0) > [166] : 0x00 (0) > [167] : 0x05 (5) > [168] : 0x20 (32) > [169] : 0x00 (0) > [170] : 0x00 (0) > [171] : 0x00 (0) > [172] : 0x20 (32) > [173] : 0x02 (2) > [174] : 0x00 (0) > [175] : 0x00 (0) > [176] : 0x00 (0) > [177] : 0x02 (2) > [178] : 0x18 (24) > [179] : 0x00 (0) > [180] : 0x0c (12) > [181] : 0x00 (0) > [182] : 0x0f (15) > [183] : 0x10 (16) > [184] : 0x01 (1) > [185] : 0x02 (2) > [186] : 0x00 (0) > [187] : 0x00 (0) > [188] : 0x00 (0) > [189] : 0x00 (0) > [190] : 0x00 (0) > [191] : 0x05 (5) > [192] : 0x20 (32) > [193] : 0x00 (0) > [194] : 0x00 (0) > [195] : 0x00 (0) > [196] : 0x20 (32) > [197] : 0x02 (2) > [198] : 0x00 (0) > [199] : 0x00 (0) > [200] : 0x00 (0) > [201] : 0x09 (9) > [202] : 0x18 (24) > [203] : 0x00 (0) > [204] : 0x0c (12) > [205] : 0x00 (0) > [206] : 0x0f (15) > [207] : 0x10 (16) > [208] : 0x01 (1) > [209] : 0x02 (2) > [210] : 0x00 (0) > [211] : 0x00 (0) > [212] : 0x00 (0) > [213] : 0x00 (0) > [214] : 0x00 (0) > [215] : 0x05 (5) > [216] : 0x20 (32) > [217] : 0x00 (0) > [218] : 0x00 (0) > [219] : 0x00 (0) > [220] : 0x26 (38) > [221] : 0x02 (2) > [222] : 0x00 (0) > [223] : 0x00 (0) > [224] : 0x00 (0) > [225] : 0x02 (2) > [226] : 0x18 (24) > [227] : 0x00 (0) > [228] : 0x0c (12) > [229] : 0x00 (0) > [230] : 0x0f (15) > [231] : 0x10 (16) > [232] : 0x01 (1) > [233] : 0x02 (2) > [234] : 0x00 (0) > [235] : 0x00 (0) > [236] : 0x00 (0) > [237] : 0x00 (0) > [238] : 0x00 (0) > [239] : 0x05 (5) > [240] : 0x20 (32) > [241] : 0x00 (0) > [242] : 0x00 (0) > [243] : 0x00 (0) > [244] : 0x26 (38) > [245] : 0x02 (2) > [246] : 0x00 (0) > [247] : 0x00 (0) > size : * > size : 0x000000f8 (248) > length : * > length : 0x000000f8 (248) > result : WERR_OK >[2012/02/20 14:52:42.281816, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000013-0000-0000-424f-aac0596c0000 > enum_index : 0x00000009 (9) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000f8 (248) > length : * > length : 0x00000000 (0) >[2012/02/20 14:52:42.282816, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 13 00 00 00 00 00 00 00 42 4F AA C0 ........ ....BO.. > [0010] 59 6C 00 00 Yl.. >[2012/02/20 14:52:42.283017, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\poe] >[2012/02/20 14:52:42.283115, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x0016 (22) > size : 0x0024 (36) > name : * > name : 'Share Name' > type : * > type : REG_SZ (1) > value : * > value: ARRAY(8) > [0] : 0x70 (112) > [1] : 0x00 (0) > [2] : 0x6f (111) > [3] : 0x00 (0) > [4] : 0x65 (101) > [5] : 0x00 (0) > [6] : 0x00 (0) > [7] : 0x00 (0) > size : * > size : 0x00000008 (8) > length : * > length : 0x00000008 (8) > result : WERR_OK >[2012/02/20 14:52:42.284305, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000013-0000-0000-424f-aac0596c0000 > enum_index : 0x0000000a (10) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000f8 (248) > length : * > length : 0x00000000 (0) >[2012/02/20 14:52:42.285298, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 13 00 00 00 00 00 00 00 42 4F AA C0 ........ ....BO.. > [0010] 59 6C 00 00 Yl.. >[2012/02/20 14:52:42.285490, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\poe] >[2012/02/20 14:52:42.285586, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x0014 (20) > size : 0x0024 (36) > name : * > name : 'StartTime' > type : * > type : REG_DWORD (4) > value : * > value: ARRAY(4) > [0] : 0x00 (0) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > size : * > size : 0x00000004 (4) > length : * > length : 0x00000004 (4) > result : WERR_OK >[2012/02/20 14:52:42.287001, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000013-0000-0000-424f-aac0596c0000 > enum_index : 0x0000000b (11) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000f8 (248) > length : * > length : 0x00000000 (0) >[2012/02/20 14:52:42.288113, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 13 00 00 00 00 00 00 00 42 4F AA C0 ........ ....BO.. > [0010] 59 6C 00 00 Yl.. >[2012/02/20 14:52:42.288358, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\poe] >[2012/02/20 14:52:42.288461, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x0014 (20) > size : 0x0024 (36) > name : * > name : 'UntilTime' > type : * > type : REG_DWORD (4) > value : * > value: ARRAY(4) > [0] : 0x00 (0) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > size : * > size : 0x00000004 (4) > length : * > length : 0x00000004 (4) > result : WERR_OK >[2012/02/20 14:52:42.289577, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000013-0000-0000-424f-aac0596c0000 > enum_index : 0x0000000c (12) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000f8 (248) > length : * > length : 0x00000000 (0) >[2012/02/20 14:52:42.290588, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 13 00 00 00 00 00 00 00 42 4F AA C0 ........ ....BO.. > [0010] 59 6C 00 00 Yl.. >[2012/02/20 14:52:42.290784, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\poe] >[2012/02/20 14:52:42.290882, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x0012 (18) > size : 0x0024 (36) > name : * > name : 'ChangeID' > type : * > type : REG_DWORD (4) > value : * > value: ARRAY(4) > [0] : 0x6e (110) > [1] : 0xef (239) > [2] : 0xbe (190) > [3] : 0x00 (0) > size : * > size : 0x00000004 (4) > length : * > length : 0x00000004 (4) > result : WERR_OK >[2012/02/20 14:52:42.292051, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_QueryValue: struct winreg_QueryValue > in: struct winreg_QueryValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000013-0000-0000-424f-aac0596c0000 > value_name : * > value_name: struct winreg_String > name_len : 0x0020 (32) > name_size : 0x0020 (32) > name : * > name : 'Default DevMode' > type : * > type : REG_NONE (0) > data : NULL > data_size : * > data_size : 0x00000000 (0) > data_length : * > data_length : 0x00000000 (0) >[2012/02/20 14:52:42.292912, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 13 00 00 00 00 00 00 00 42 4F AA C0 ........ ....BO.. > [0010] 59 6C 00 00 Yl.. >[2012/02/20 14:52:42.293108, 7] rpc_server/winreg/srv_winreg_nt.c:262(_winreg_QueryValue) > _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\poe] >[2012/02/20 14:52:42.293199, 7] rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) > _winreg_QueryValue: policy key type = [00000000] >[2012/02/20 14:52:42.293294, 10] rpc_server/winreg/srv_winreg_nt.c:315(_winreg_QueryValue) > _winreg_QueryValue: reg_queryvalue failed with: WERR_BADFILE >[2012/02/20 14:52:42.293381, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_QueryValue: struct winreg_QueryValue > out: struct winreg_QueryValue > type : * > type : REG_NONE (0) > data : NULL > data_size : * > data_size : 0x00000000 (0) > data_length : * > data_length : 0x00000000 (0) > result : WERR_BADFILE >[2012/02/20 14:52:42.293895, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_OpenHKLM: struct winreg_OpenHKLM > in: struct winreg_OpenHKLM > system_name : NULL > access_mask : 0x02000000 (33554432) > 0: KEY_QUERY_VALUE > 0: KEY_SET_VALUE > 0: KEY_CREATE_SUB_KEY > 0: KEY_ENUMERATE_SUB_KEYS > 0: KEY_NOTIFY > 0: KEY_CREATE_LINK > 0: KEY_WOW64_64KEY > 0: KEY_WOW64_32KEY >[2012/02/20 14:52:42.294441, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [HKLM] >[2012/02/20 14:52:42.294536, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (2->3) >[2012/02/20 14:52:42.294630, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM] >[2012/02/20 14:52:42.294718, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM] >[2012/02/20 14:52:42.294806, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/02/20 14:52:42.294892, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0xb037c0 for key [\HKLM] >[2012/02/20 14:52:42.295054, 10] registry/reg_backend_db.c:1871(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM] >[2012/02/20 14:52:42.295186, 10] ../libcli/security/access_check.c:178(se_access_check) > se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f >[2012/02/20 14:52:42.295287, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[3] [0000] 00 00 00 00 14 00 00 00 00 00 00 00 42 4F AA C0 ........ ....BO.. > [0010] 59 6C 00 00 Yl.. >[2012/02/20 14:52:42.295480, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_OpenHKLM: struct winreg_OpenHKLM > out: struct winreg_OpenHKLM > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000014-0000-0000-424f-aac0596c0000 > result : WERR_OK >[2012/02/20 14:52:42.295897, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_OpenKey: struct winreg_OpenKey > in: struct winreg_OpenKey > parent_handle : * > parent_handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000014-0000-0000-424f-aac0596c0000 > keyname: struct winreg_String > name_len : 0x0080 (128) > name_size : 0x0080 (128) > name : * > name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\poe' > options : 0x00000000 (0) > 0: REG_OPTION_VOLATILE > 0: REG_OPTION_CREATE_LINK > 0: REG_OPTION_BACKUP_RESTORE > 0: REG_OPTION_OPEN_LINK > access_mask : 0x02000000 (33554432) > 0: KEY_QUERY_VALUE > 0: KEY_SET_VALUE > 0: KEY_CREATE_SUB_KEY > 0: KEY_ENUMERATE_SUB_KEYS > 0: KEY_NOTIFY > 0: KEY_CREATE_LINK > 0: KEY_WOW64_64KEY > 0: KEY_WOW64_32KEY >[2012/02/20 14:52:42.297176, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 14 00 00 00 00 00 00 00 42 4F AA C0 ........ ....BO.. > [0010] 59 6C 00 00 Yl.. >[2012/02/20 14:52:42.297386, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [SOFTWARE] >[2012/02/20 14:52:42.297482, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (3->4) >[2012/02/20 14:52:42.297577, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] >[2012/02/20 14:52:42.297669, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE] >[2012/02/20 14:52:42.297758, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/02/20 14:52:42.297843, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0xb037c0 for key [\HKLM\SOFTWARE] >[2012/02/20 14:52:42.298012, 10] registry/reg_backend_db.c:1871(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE] >[2012/02/20 14:52:42.298151, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Microsoft] >[2012/02/20 14:52:42.298246, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (4->5) >[2012/02/20 14:52:42.298340, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] >[2012/02/20 14:52:42.298428, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] >[2012/02/20 14:52:42.298517, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/02/20 14:52:42.298601, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0xb037c0 for key [\HKLM\SOFTWARE\Microsoft] >[2012/02/20 14:52:42.298737, 10] registry/reg_backend_db.c:1871(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft] >[2012/02/20 14:52:42.298869, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (5->4) >[2012/02/20 14:52:42.299063, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Windows NT] >[2012/02/20 14:52:42.299242, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (4->5) >[2012/02/20 14:52:42.299407, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] >[2012/02/20 14:52:42.299527, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] >[2012/02/20 14:52:42.299659, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/02/20 14:52:42.299746, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0xb037c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] >[2012/02/20 14:52:42.299904, 10] registry/reg_backend_db.c:1871(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT] >[2012/02/20 14:52:42.300077, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (5->4) >[2012/02/20 14:52:42.300174, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [CurrentVersion] >[2012/02/20 14:52:42.300268, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (4->5) >[2012/02/20 14:52:42.300363, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] >[2012/02/20 14:52:42.300452, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] >[2012/02/20 14:52:42.300543, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/02/20 14:52:42.300630, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0xb03a20 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] >[2012/02/20 14:52:42.300791, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (5->4) >[2012/02/20 14:52:42.300883, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Print] >[2012/02/20 14:52:42.301005, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (4->5) >[2012/02/20 14:52:42.301129, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] >[2012/02/20 14:52:42.301220, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] >[2012/02/20 14:52:42.301313, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/02/20 14:52:42.301398, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0xb03a20 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] >[2012/02/20 14:52:42.301546, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (5->4) >[2012/02/20 14:52:42.301641, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Printers] >[2012/02/20 14:52:42.301732, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (4->5) >[2012/02/20 14:52:42.301828, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] >[2012/02/20 14:52:42.301918, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] >[2012/02/20 14:52:42.302017, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/02/20 14:52:42.302104, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0xb037c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] >[2012/02/20 14:52:42.302252, 10] registry/reg_backend_db.c:1871(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] >[2012/02/20 14:52:42.302390, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (5->4) >[2012/02/20 14:52:42.302480, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [poe] >[2012/02/20 14:52:42.302572, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (4->5) >[2012/02/20 14:52:42.302666, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\poe] >[2012/02/20 14:52:42.302783, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\poe] >[2012/02/20 14:52:42.302876, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/02/20 14:52:42.302971, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0xb037c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\poe] >[2012/02/20 14:52:42.303120, 10] registry/reg_backend_db.c:1871(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\poe] >[2012/02/20 14:52:42.303260, 10] ../libcli/security/access_check.c:178(se_access_check) > se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f >[2012/02/20 14:52:42.303355, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (5->4) >[2012/02/20 14:52:42.303449, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[4] [0000] 00 00 00 00 15 00 00 00 00 00 00 00 42 4F AA C0 ........ ....BO.. > [0010] 59 6C 00 00 Yl.. >[2012/02/20 14:52:42.303636, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_OpenKey: struct winreg_OpenKey > out: struct winreg_OpenKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000015-0000-0000-424f-aac0596c0000 > result : WERR_OK >[2012/02/20 14:52:42.304134, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_QueryValue: struct winreg_QueryValue > in: struct winreg_QueryValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000015-0000-0000-424f-aac0596c0000 > value_name : * > value_name: struct winreg_String > name_len : 0x0012 (18) > name_size : 0x0012 (18) > name : * > name : 'Security' > type : * > type : REG_NONE (0) > data : NULL > data_size : * > data_size : 0x00000000 (0) > data_length : * > data_length : 0x00000000 (0) >[2012/02/20 14:52:42.305077, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 15 00 00 00 00 00 00 00 42 4F AA C0 ........ ....BO.. > [0010] 59 6C 00 00 Yl.. >[2012/02/20 14:52:42.305268, 7] rpc_server/winreg/srv_winreg_nt.c:262(_winreg_QueryValue) > _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\poe] >[2012/02/20 14:52:42.305360, 7] rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) > _winreg_QueryValue: policy key type = [00000000] >[2012/02/20 14:52:42.305450, 10] registry/reg_dispatcher.c:150(fetch_reg_values) > fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\poe' (ops 0xb037c0) >[2012/02/20 14:52:42.305543, 10] registry/reg_backend_db.c:1764(regdb_fetch_values_internal) > regdb_fetch_values: Looking for value of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\poe] >[2012/02/20 14:52:42.305728, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) > specific: [Attributes], len: 4 >[2012/02/20 14:52:42.305849, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) > specific: [Description], len: 2 >[2012/02/20 14:52:42.305945, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) > specific: [Datatype], len: 8 >[2012/02/20 14:52:42.306083, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) > specific: [Default Priority], len: 4 >[2012/02/20 14:52:42.306174, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) > specific: [Port], len: 38 >[2012/02/20 14:52:42.306265, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) > specific: [Name], len: 8 >[2012/02/20 14:52:42.306355, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) > specific: [Print Processor], len: 18 >[2012/02/20 14:52:42.306445, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) > specific: [Priority], len: 4 >[2012/02/20 14:52:42.306536, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) > specific: [Security], len: 248 >[2012/02/20 14:52:42.306627, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) > specific: [Share Name], len: 8 >[2012/02/20 14:52:42.306717, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) > specific: [StartTime], len: 4 >[2012/02/20 14:52:42.306808, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) > specific: [UntilTime], len: 4 >[2012/02/20 14:52:42.306898, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) > specific: [ChangeID], len: 4 >[2012/02/20 14:52:42.307118, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_QueryValue: struct winreg_QueryValue > out: struct winreg_QueryValue > type : * > type : REG_BINARY (3) > data : NULL > data_size : * > data_size : 0x000000f8 (248) > data_length : * > data_length : 0x00000000 (0) > result : WERR_OK >[2012/02/20 14:52:42.307749, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_QueryValue: struct winreg_QueryValue > in: struct winreg_QueryValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000015-0000-0000-424f-aac0596c0000 > value_name : * > value_name: struct winreg_String > name_len : 0x0012 (18) > name_size : 0x0012 (18) > name : * > name : 'Security' > type : * > type : REG_BINARY (3) > data : * > data: ARRAY(0) > data_size : * > data_size : 0x000000f8 (248) > data_length : * > data_length : 0x00000000 (0) >[2012/02/20 14:52:42.308662, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 15 00 00 00 00 00 00 00 42 4F AA C0 ........ ....BO.. > [0010] 59 6C 00 00 Yl.. >[2012/02/20 14:52:42.308853, 7] rpc_server/winreg/srv_winreg_nt.c:262(_winreg_QueryValue) > _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\poe] >[2012/02/20 14:52:42.308945, 7] rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) > _winreg_QueryValue: policy key type = [00000000] >[2012/02/20 14:52:42.309049, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_QueryValue: struct winreg_QueryValue > out: struct winreg_QueryValue > type : * > type : REG_BINARY (3) > data : * > data: ARRAY(248) > [0] : 0x01 (1) > [1] : 0x00 (0) > [2] : 0x04 (4) > [3] : 0x80 (128) > [4] : 0x14 (20) > [5] : 0x00 (0) > [6] : 0x00 (0) > [7] : 0x00 (0) > [8] : 0x24 (36) > [9] : 0x00 (0) > [10] : 0x00 (0) > [11] : 0x00 (0) > [12] : 0x00 (0) > [13] : 0x00 (0) > [14] : 0x00 (0) > [15] : 0x00 (0) > [16] : 0x34 (52) > [17] : 0x00 (0) > [18] : 0x00 (0) > [19] : 0x00 (0) > [20] : 0x01 (1) > [21] : 0x02 (2) > [22] : 0x00 (0) > [23] : 0x00 (0) > [24] : 0x00 (0) > [25] : 0x00 (0) > [26] : 0x00 (0) > [27] : 0x05 (5) > [28] : 0x20 (32) > [29] : 0x00 (0) > [30] : 0x00 (0) > [31] : 0x00 (0) > [32] : 0x20 (32) > [33] : 0x02 (2) > [34] : 0x00 (0) > [35] : 0x00 (0) > [36] : 0x01 (1) > [37] : 0x02 (2) > [38] : 0x00 (0) > [39] : 0x00 (0) > [40] : 0x00 (0) > [41] : 0x00 (0) > [42] : 0x00 (0) > [43] : 0x05 (5) > [44] : 0x20 (32) > [45] : 0x00 (0) > [46] : 0x00 (0) > [47] : 0x00 (0) > [48] : 0x20 (32) > [49] : 0x02 (2) > [50] : 0x00 (0) > [51] : 0x00 (0) > [52] : 0x02 (2) > [53] : 0x00 (0) > [54] : 0xc4 (196) > [55] : 0x00 (0) > [56] : 0x07 (7) > [57] : 0x00 (0) > [58] : 0x00 (0) > [59] : 0x00 (0) > [60] : 0x00 (0) > [61] : 0x02 (2) > [62] : 0x14 (20) > [63] : 0x00 (0) > [64] : 0x08 (8) > [65] : 0x00 (0) > [66] : 0x02 (2) > [67] : 0x20 (32) > [68] : 0x01 (1) > [69] : 0x01 (1) > [70] : 0x00 (0) > [71] : 0x00 (0) > [72] : 0x00 (0) > [73] : 0x00 (0) > [74] : 0x00 (0) > [75] : 0x01 (1) > [76] : 0x00 (0) > [77] : 0x00 (0) > [78] : 0x00 (0) > [79] : 0x00 (0) > [80] : 0x00 (0) > [81] : 0x09 (9) > [82] : 0x24 (36) > [83] : 0x00 (0) > [84] : 0x0c (12) > [85] : 0x00 (0) > [86] : 0x0f (15) > [87] : 0x10 (16) > [88] : 0x01 (1) > [89] : 0x05 (5) > [90] : 0x00 (0) > [91] : 0x00 (0) > [92] : 0x00 (0) > [93] : 0x00 (0) > [94] : 0x00 (0) > [95] : 0x05 (5) > [96] : 0x15 (21) > [97] : 0x00 (0) > [98] : 0x00 (0) > [99] : 0x00 (0) > [100] : 0xd3 (211) > [101] : 0x42 (66) > [102] : 0x9f (159) > [103] : 0x90 (144) > [104] : 0x94 (148) > [105] : 0x5f (95) > [106] : 0x64 (100) > [107] : 0xfd (253) > [108] : 0xeb (235) > [109] : 0x17 (23) > [110] : 0x72 (114) > [111] : 0x3b (59) > [112] : 0x00 (0) > [113] : 0x02 (2) > [114] : 0x00 (0) > [115] : 0x00 (0) > [116] : 0x00 (0) > [117] : 0x02 (2) > [118] : 0x24 (36) > [119] : 0x00 (0) > [120] : 0x0c (12) > [121] : 0x00 (0) > [122] : 0x0f (15) > [123] : 0x10 (16) > [124] : 0x01 (1) > [125] : 0x05 (5) > [126] : 0x00 (0) > [127] : 0x00 (0) > [128] : 0x00 (0) > [129] : 0x00 (0) > [130] : 0x00 (0) > [131] : 0x05 (5) > [132] : 0x15 (21) > [133] : 0x00 (0) > [134] : 0x00 (0) > [135] : 0x00 (0) > [136] : 0xd3 (211) > [137] : 0x42 (66) > [138] : 0x9f (159) > [139] : 0x90 (144) > [140] : 0x94 (148) > [141] : 0x5f (95) > [142] : 0x64 (100) > [143] : 0xfd (253) > [144] : 0xeb (235) > [145] : 0x17 (23) > [146] : 0x72 (114) > [147] : 0x3b (59) > [148] : 0x00 (0) > [149] : 0x02 (2) > [150] : 0x00 (0) > [151] : 0x00 (0) > [152] : 0x00 (0) > [153] : 0x09 (9) > [154] : 0x18 (24) > [155] : 0x00 (0) > [156] : 0x0c (12) > [157] : 0x00 (0) > [158] : 0x0f (15) > [159] : 0x10 (16) > [160] : 0x01 (1) > [161] : 0x02 (2) > [162] : 0x00 (0) > [163] : 0x00 (0) > [164] : 0x00 (0) > [165] : 0x00 (0) > [166] : 0x00 (0) > [167] : 0x05 (5) > [168] : 0x20 (32) > [169] : 0x00 (0) > [170] : 0x00 (0) > [171] : 0x00 (0) > [172] : 0x20 (32) > [173] : 0x02 (2) > [174] : 0x00 (0) > [175] : 0x00 (0) > [176] : 0x00 (0) > [177] : 0x02 (2) > [178] : 0x18 (24) > [179] : 0x00 (0) > [180] : 0x0c (12) > [181] : 0x00 (0) > [182] : 0x0f (15) > [183] : 0x10 (16) > [184] : 0x01 (1) > [185] : 0x02 (2) > [186] : 0x00 (0) > [187] : 0x00 (0) > [188] : 0x00 (0) > [189] : 0x00 (0) > [190] : 0x00 (0) > [191] : 0x05 (5) > [192] : 0x20 (32) > [193] : 0x00 (0) > [194] : 0x00 (0) > [195] : 0x00 (0) > [196] : 0x20 (32) > [197] : 0x02 (2) > [198] : 0x00 (0) > [199] : 0x00 (0) > [200] : 0x00 (0) > [201] : 0x09 (9) > [202] : 0x18 (24) > [203] : 0x00 (0) > [204] : 0x0c (12) > [205] : 0x00 (0) > [206] : 0x0f (15) > [207] : 0x10 (16) > [208] : 0x01 (1) > [209] : 0x02 (2) > [210] : 0x00 (0) > [211] : 0x00 (0) > [212] : 0x00 (0) > [213] : 0x00 (0) > [214] : 0x00 (0) > [215] : 0x05 (5) > [216] : 0x20 (32) > [217] : 0x00 (0) > [218] : 0x00 (0) > [219] : 0x00 (0) > [220] : 0x26 (38) > [221] : 0x02 (2) > [222] : 0x00 (0) > [223] : 0x00 (0) > [224] : 0x00 (0) > [225] : 0x02 (2) > [226] : 0x18 (24) > [227] : 0x00 (0) > [228] : 0x0c (12) > [229] : 0x00 (0) > [230] : 0x0f (15) > [231] : 0x10 (16) > [232] : 0x01 (1) > [233] : 0x02 (2) > [234] : 0x00 (0) > [235] : 0x00 (0) > [236] : 0x00 (0) > [237] : 0x00 (0) > [238] : 0x00 (0) > [239] : 0x05 (5) > [240] : 0x20 (32) > [241] : 0x00 (0) > [242] : 0x00 (0) > [243] : 0x00 (0) > [244] : 0x26 (38) > [245] : 0x02 (2) > [246] : 0x00 (0) > [247] : 0x00 (0) > data_size : * > data_size : 0x000000f8 (248) > data_length : * > data_length : 0x000000f8 (248) > result : WERR_OK >[2012/02/20 14:52:42.320149, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > in: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000015-0000-0000-424f-aac0596c0000 >[2012/02/20 14:52:42.320472, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 15 00 00 00 00 00 00 00 42 4F AA C0 ........ ....BO.. > [0010] 59 6C 00 00 Yl.. >[2012/02/20 14:52:42.320662, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 15 00 00 00 00 00 00 00 42 4F AA C0 ........ ....BO.. > [0010] 59 6C 00 00 Yl.. >[2012/02/20 14:52:42.320849, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/02/20 14:52:42.320942, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (4->3) >[2012/02/20 14:52:42.321042, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > out: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000000-0000-0000-0000-000000000000 > result : WERR_OK >[2012/02/20 14:52:42.321417, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > in: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000014-0000-0000-424f-aac0596c0000 >[2012/02/20 14:52:42.321754, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 14 00 00 00 00 00 00 00 42 4F AA C0 ........ ....BO.. > [0010] 59 6C 00 00 Yl.. >[2012/02/20 14:52:42.321941, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 14 00 00 00 00 00 00 00 42 4F AA C0 ........ ....BO.. > [0010] 59 6C 00 00 Yl.. >[2012/02/20 14:52:42.322149, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/02/20 14:52:42.322236, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (3->2) >[2012/02/20 14:52:42.322325, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > out: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000000-0000-0000-0000-000000000000 > result : WERR_OK >[2012/02/20 14:52:42.322708, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > in: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000013-0000-0000-424f-aac0596c0000 >[2012/02/20 14:52:42.323049, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 13 00 00 00 00 00 00 00 42 4F AA C0 ........ ....BO.. > [0010] 59 6C 00 00 Yl.. >[2012/02/20 14:52:42.323239, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 13 00 00 00 00 00 00 00 42 4F AA C0 ........ ....BO.. > [0010] 59 6C 00 00 Yl.. >[2012/02/20 14:52:42.323424, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/02/20 14:52:42.323519, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (2->1) >[2012/02/20 14:52:42.323612, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > out: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000000-0000-0000-0000-000000000000 > result : WERR_OK >[2012/02/20 14:52:42.323991, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > in: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000012-0000-0000-424f-aac0596c0000 >[2012/02/20 14:52:42.324300, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 12 00 00 00 00 00 00 00 42 4F AA C0 ........ ....BO.. > [0010] 59 6C 00 00 Yl.. >[2012/02/20 14:52:42.324485, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 12 00 00 00 00 00 00 00 42 4F AA C0 ........ ....BO.. > [0010] 59 6C 00 00 Yl.. >[2012/02/20 14:52:42.324669, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/02/20 14:52:42.324757, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (1->0) >[2012/02/20 14:52:42.324879, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > out: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000000-0000-0000-0000-000000000000 > result : WERR_OK >[2012/02/20 14:52:42.325351, 4] smbd/sec_ctx.c:214(push_sec_ctx) > push_sec_ctx(7000, 1001) : sec_ctx_stack_ndx = 1 >[2012/02/20 14:52:42.325459, 4] smbd/uid.c:460(push_conn_ctx) > push_conn_ctx(100) : conn_ctx_stack_ndx = 0 >[2012/02/20 14:52:42.325546, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2012/02/20 14:52:42.325634, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2012/02/20 14:52:42.325720, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2012/02/20 14:52:42.325987, 4] smbd/sec_ctx.c:422(pop_sec_ctx) > pop_sec_ctx (7000, 1001) - sec_ctx_stack_ndx = 0 >[2012/02/20 14:52:42.326115, 4] printing/printing.c:1288(print_cache_expired) > print_cache_expired: cache expired for queue poe (last_qscan_time = 1329774490, time now = 1329774762, qcachetime = 30) >[2012/02/20 14:52:42.326265, 10] printing/printing.c:1815(print_queue_update) > print_queue_update: Sending message -> printer = poe, type = 8, lpq command = [poe] lprm command = [] >[2012/02/20 14:52:42.326428, 10] lib/messages_local.c:255(messaging_tdb_store) > messaging_tdb_store: >[2012/02/20 14:52:42.326519, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) > array: struct messaging_array > num_messages : 0x00000001 (1) > messages: ARRAY(1) > messages: struct messaging_rec > msg_version : 0x00000002 (2) > msg_type : MSG_PRINTER_UPDATE (517) > dest: struct server_id > pid : 0x00000611 (1553) > vnn : 0xffffffff (4294967295) > unique_id : 0x0d94bc75dd341bb3 (978614233454615475) > src: struct server_id > pid : 0x00006c59 (27737) > vnn : 0xffffffff (4294967295) > unique_id : 0x0d94bc75dd341bb3 (978614233454615475) > buf : DATA_BLOB length=13 > [0000] 70 6F 65 00 08 00 00 00 70 6F 65 00 00 poe..... poe.. >[2012/02/20 14:52:42.327597, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > spoolss_GetPrinter: struct spoolss_GetPrinter > out: struct spoolss_GetPrinter > info : * > info : union spoolss_PrinterInfo(case 2) > info2: struct spoolss_PrinterInfo2 > servername : * > servername : '\\earth' > printername : * > printername : '\\earth\poe' > sharename : * > sharename : 'poe' > portname : * > portname : 'Samba Printer Port' > drivername : * > drivername : '' > comment : * > comment : 'Double sided LaserJet 5m by fax machine' > location : * > location : 'Fax Machine' > devmode : * > devmode: struct spoolss_DeviceMode > devicename : '\\earth\poe' > specversion : DMSPEC_NT4_AND_ABOVE (1025) > driverversion : 0x0400 (1024) > size : 0x00dc (220) > __driverextra_length : 0x0000 (0) > fields : 0x00014713 (83731) > 1: DEVMODE_ORIENTATION > 1: DEVMODE_PAPERSIZE > 0: DEVMODE_PAPERLENGTH > 0: DEVMODE_PAPERWIDTH > 1: DEVMODE_SCALE > 0: DEVMODE_POSITION > 0: DEVMODE_NUP > 1: DEVMODE_COPIES > 1: DEVMODE_DEFAULTSOURCE > 1: DEVMODE_PRINTQUALITY > 0: DEVMODE_COLOR > 0: DEVMODE_DUPLEX > 0: DEVMODE_YRESOLUTION > 1: DEVMODE_TTOPTION > 0: DEVMODE_COLLATE > 1: DEVMODE_FORMNAME > 0: DEVMODE_LOGPIXELS > 0: DEVMODE_BITSPERPEL > 0: DEVMODE_PELSWIDTH > 0: DEVMODE_PELSHEIGHT > 0: DEVMODE_DISPLAYFLAGS > 0: DEVMODE_DISPLAYFREQUENCY > 0: DEVMODE_ICMMETHOD > 0: DEVMODE_ICMINTENT > 0: DEVMODE_MEDIATYPE > 0: DEVMODE_DITHERTYPE > 0: DEVMODE_PANNINGWIDTH > 0: DEVMODE_PANNINGHEIGHT > orientation : DMORIENT_PORTRAIT (1) > papersize : DMPAPER_LETTER (1) > paperlength : 0x0000 (0) > paperwidth : 0x0000 (0) > scale : 0x0064 (100) > copies : 0x0001 (1) > defaultsource : DMBIN_FORMSOURCE (15) > printquality : DMRES_HIGH (65532) > color : DMRES_MONOCHROME (1) > duplex : DMDUP_SIMPLEX (1) > yresolution : 0x0000 (0) > ttoption : DMTT_SUBDEV (3) > collate : DMCOLLATE_FALSE (0) > formname : 'Letter' > logpixels : 0x0000 (0) > bitsperpel : 0x00000000 (0) > pelswidth : 0x00000000 (0) > pelsheight : 0x00000000 (0) > displayflags : UNKNOWN_ENUM_VALUE (0) > displayfrequency : 0x00000000 (0) > icmmethod : UNKNOWN_ENUM_VALUE (0) > icmintent : UNKNOWN_ENUM_VALUE (0) > mediatype : UNKNOWN_ENUM_VALUE (0) > dithertype : UNKNOWN_ENUM_VALUE (0) > reserved1 : 0x00000000 (0) > reserved2 : 0x00000000 (0) > panningwidth : 0x00000000 (0) > panningheight : 0x00000000 (0) > driverextra_data : DATA_BLOB length=0 > sepfile : * > sepfile : '' > printprocessor : * > printprocessor : 'winprint' > datatype : * > datatype : 'RAW' > parameters : * > parameters : '' > secdesc : * > secdesc: struct security_descriptor > revision : SECURITY_DESCRIPTOR_REVISION_1 (1) > type : 0x8004 (32772) > 0: SEC_DESC_OWNER_DEFAULTED > 0: SEC_DESC_GROUP_DEFAULTED > 1: SEC_DESC_DACL_PRESENT > 0: SEC_DESC_DACL_DEFAULTED > 0: SEC_DESC_SACL_PRESENT > 0: SEC_DESC_SACL_DEFAULTED > 0: SEC_DESC_DACL_TRUSTED > 0: SEC_DESC_SERVER_SECURITY > 0: SEC_DESC_DACL_AUTO_INHERIT_REQ > 0: SEC_DESC_SACL_AUTO_INHERIT_REQ > 0: SEC_DESC_DACL_AUTO_INHERITED > 0: SEC_DESC_SACL_AUTO_INHERITED > 0: SEC_DESC_DACL_PROTECTED > 0: SEC_DESC_SACL_PROTECTED > 0: SEC_DESC_RM_CONTROL_VALID > 1: SEC_DESC_SELF_RELATIVE > owner_sid : * > owner_sid : S-1-5-32-544 > group_sid : * > group_sid : S-1-5-32-544 > sacl : NULL > dacl : * > dacl: struct security_acl > revision : SECURITY_ACL_REVISION_NT4 (2) > size : 0x00c4 (196) > num_aces : 0x00000007 (7) > aces: ARRAY(7) > aces: struct security_ace > type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) > flags : 0x02 (2) > 0: SEC_ACE_FLAG_OBJECT_INHERIT > 1: SEC_ACE_FLAG_CONTAINER_INHERIT > 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT > 0: SEC_ACE_FLAG_INHERIT_ONLY > 0: SEC_ACE_FLAG_INHERITED_ACE > 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) > 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS > 0: SEC_ACE_FLAG_FAILED_ACCESS > size : 0x0014 (20) > access_mask : 0x20020008 (537001992) > object : union security_ace_object_ctr(case 0) > trustee : S-1-1-0 > aces: struct security_ace > type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) > flags : 0x09 (9) > 1: SEC_ACE_FLAG_OBJECT_INHERIT > 0: SEC_ACE_FLAG_CONTAINER_INHERIT > 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT > 1: SEC_ACE_FLAG_INHERIT_ONLY > 0: SEC_ACE_FLAG_INHERITED_ACE > 0x09: SEC_ACE_FLAG_VALID_INHERIT (9) > 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS > 0: SEC_ACE_FLAG_FAILED_ACCESS > size : 0x0024 (36) > access_mask : 0x100f000c (269418508) > object : union security_ace_object_ctr(case 0) > trustee : S-1-5-21-2426356435-4251213716-997332971-512 > aces: struct security_ace > type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) > flags : 0x02 (2) > 0: SEC_ACE_FLAG_OBJECT_INHERIT > 1: SEC_ACE_FLAG_CONTAINER_INHERIT > 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT > 0: SEC_ACE_FLAG_INHERIT_ONLY > 0: SEC_ACE_FLAG_INHERITED_ACE > 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) > 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS > 0: SEC_ACE_FLAG_FAILED_ACCESS > size : 0x0024 (36) > access_mask : 0x100f000c (269418508) > object : union security_ace_object_ctr(case 0) > trustee : S-1-5-21-2426356435-4251213716-997332971-512 > aces: struct security_ace > type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) > flags : 0x09 (9) > 1: SEC_ACE_FLAG_OBJECT_INHERIT > 0: SEC_ACE_FLAG_CONTAINER_INHERIT > 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT > 1: SEC_ACE_FLAG_INHERIT_ONLY > 0: SEC_ACE_FLAG_INHERITED_ACE > 0x09: SEC_ACE_FLAG_VALID_INHERIT (9) > 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS > 0: SEC_ACE_FLAG_FAILED_ACCESS > size : 0x0018 (24) > access_mask : 0x100f000c (269418508) > object : union security_ace_object_ctr(case 0) > trustee : S-1-5-32-544 > aces: struct security_ace > type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) > flags : 0x02 (2) > 0: SEC_ACE_FLAG_OBJECT_INHERIT > 1: SEC_ACE_FLAG_CONTAINER_INHERIT > 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT > 0: SEC_ACE_FLAG_INHERIT_ONLY > 0: SEC_ACE_FLAG_INHERITED_ACE > 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) > 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS > 0: SEC_ACE_FLAG_FAILED_ACCESS > size : 0x0018 (24) > access_mask : 0x100f000c (269418508) > object : union security_ace_object_ctr(case 0) > trustee : S-1-5-32-544 > aces: struct security_ace > type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) > flags : 0x09 (9) > 1: SEC_ACE_FLAG_OBJECT_INHERIT > 0: SEC_ACE_FLAG_CONTAINER_INHERIT > 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT > 1: SEC_ACE_FLAG_INHERIT_ONLY > 0: SEC_ACE_FLAG_INHERITED_ACE > 0x09: SEC_ACE_FLAG_VALID_INHERIT (9) > 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS > 0: SEC_ACE_FLAG_FAILED_ACCESS > size : 0x0018 (24) > access_mask : 0x100f000c (269418508) > object : union security_ace_object_ctr(case 0) > trustee : S-1-5-32-550 > aces: struct security_ace > type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) > flags : 0x02 (2) > 0: SEC_ACE_FLAG_OBJECT_INHERIT > 1: SEC_ACE_FLAG_CONTAINER_INHERIT > 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT > 0: SEC_ACE_FLAG_INHERIT_ONLY > 0: SEC_ACE_FLAG_INHERITED_ACE > 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) > 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS > 0: SEC_ACE_FLAG_FAILED_ACCESS > size : 0x0018 (24) > access_mask : 0x100f000c (269418508) > object : union security_ace_object_ctr(case 0) > trustee : S-1-5-32-550 > attributes : 0x00001048 (4168) > 0: PRINTER_ATTRIBUTE_QUEUED > 0: PRINTER_ATTRIBUTE_DIRECT > 0: PRINTER_ATTRIBUTE_DEFAULT > 1: PRINTER_ATTRIBUTE_SHARED > 0: PRINTER_ATTRIBUTE_NETWORK > 0: PRINTER_ATTRIBUTE_HIDDEN > 1: PRINTER_ATTRIBUTE_LOCAL > 0: PRINTER_ATTRIBUTE_ENABLE_DEVQ > 0: PRINTER_ATTRIBUTE_KEEPPRINTEDJOBS > 0: PRINTER_ATTRIBUTE_DO_COMPLETE_FIRST > 0: PRINTER_ATTRIBUTE_WORK_OFFLINE > 0: PRINTER_ATTRIBUTE_ENABLE_BIDI > 1: PRINTER_ATTRIBUTE_RAW_ONLY > 0: PRINTER_ATTRIBUTE_PUBLISHED > 0: PRINTER_ATTRIBUTE_FAX > 0: PRINTER_ATTRIBUTE_TS > priority : 0x00000001 (1) > defaultpriority : 0x00000001 (1) > starttime : 0x00000000 (0) > untiltime : 0x00000000 (0) > status : 0x00000000 (0) > 0: PRINTER_STATUS_PAUSED > 0: PRINTER_STATUS_ERROR > 0: PRINTER_STATUS_PENDING_DELETION > 0: PRINTER_STATUS_PAPER_JAM > 0: PRINTER_STATUS_PAPER_OUT > 0: PRINTER_STATUS_MANUAL_FEED > 0: PRINTER_STATUS_PAPER_PROBLEM > 0: PRINTER_STATUS_OFFLINE > 0: PRINTER_STATUS_IO_ACTIVE > 0: PRINTER_STATUS_BUSY > 0: PRINTER_STATUS_PRINTING > 0: PRINTER_STATUS_OUTPUT_BIN_FULL > 0: PRINTER_STATUS_NOT_AVAILABLE > 0: PRINTER_STATUS_WAITING > 0: PRINTER_STATUS_PROCESSING > 0: PRINTER_STATUS_INITIALIZING > 0: PRINTER_STATUS_WARMING_UP > 0: PRINTER_STATUS_TONER_LOW > 0: PRINTER_STATUS_NO_TONER > 0: PRINTER_STATUS_PAGE_PUNT > 0: PRINTER_STATUS_USER_INTERVENTION > 0: PRINTER_STATUS_OUT_OF_MEMORY > 0: PRINTER_STATUS_DOOR_OPEN > 0: PRINTER_STATUS_SERVER_UNKNOWN > 0: PRINTER_STATUS_POWER_SAVE > cjobs : 0x00000000 (0) > averageppm : 0x00000000 (0) > needed : * > needed : 0x00000328 (808) > result : WERR_OK >[2012/02/20 14:52:42.342260, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP) > api_rpcTNP: called \spoolss successfully >[2012/02/20 14:52:42.342465, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 4140 >[2012/02/20 14:52:42.342589, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) > name: \spoolss len: 1024 >[2012/02/20 14:52:42.342683, 10] rpc_server/srv_pipe_hnd.c:346(read_from_internal_pipe) > read_from_pipe: \spoolss: fault_state = 0 : data_sent_length = 0, p->out_data.rdata.length = 4112. >[2012/02/20 14:52:42.342792, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) > &r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_RESPONSE (2) > pfc_flags : 0x03 (3) > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x1028 (4136) > auth_length : 0x0000 (0) > call_id : 0x00000003 (3) > u : union dcerpc_payload(case 2) > response: struct dcerpc_response > alloc_hint : 0x00001010 (4112) > context_id : 0x0000 (0) > cancel_count : 0x00 (0) > _pad : DATA_BLOB length=0 > stub_and_verifier : DATA_BLOB length=4112 > [0000] 04 00 02 00 00 10 00 00 F0 0F 00 00 D8 0F 00 00 ........ ........ > [0010] D0 0F 00 00 AA 0F 00 00 A8 0F 00 00 58 0F 00 00 ........ ....X... > [0020] 40 0F 00 00 44 0E 00 00 3E 0F 00 00 2C 0F 00 00 @...D... >...,... > [0030] 24 0F 00 00 22 0F 00 00 4C 0D 00 00 48 10 00 00 $..."... L...H... > [0040] 01 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0200] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0210] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0220] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0230] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0240] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0250] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0260] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0270] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0280] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0290] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [02A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [02B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [02C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [02D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [02E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [02F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0300] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0310] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0320] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0330] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0340] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0350] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0360] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0370] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0380] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0390] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [03A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [03B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [03C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [03D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [03E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [03F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0400] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0410] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0420] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0430] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0440] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0450] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0460] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0470] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0480] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0490] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [04A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [04B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [04C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [04D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [04E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [04F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0500] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0510] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0520] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0530] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0540] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0550] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0560] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0570] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0580] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0590] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [05A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [05B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [05C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [05D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [05E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [05F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0600] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0610] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0620] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0630] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0640] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0650] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0660] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0670] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0680] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0690] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [06A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [06B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [06C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [06D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [06E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [06F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0700] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0710] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0720] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0730] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0740] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0750] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0760] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0770] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0780] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0790] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [07A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [07B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [07C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [07D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [07E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [07F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0800] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0810] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0820] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0830] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0840] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0850] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0860] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0870] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0880] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0890] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [08A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [08B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [08C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [08D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [08E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [08F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0900] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0910] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0920] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0930] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0940] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0950] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0960] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0970] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0980] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0990] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [09A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [09B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [09C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [09D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [09E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [09F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0A00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0A10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0A20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0A30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0A40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0A50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0A60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0A70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0A80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0A90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0AA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0AB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0AC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0AD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0AE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0AF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0B00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0B10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0B20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0B30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0B40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0B50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0B60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0B70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0B80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0B90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0BA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0BB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0BC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0BD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0BE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0BF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0C00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0C10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0C20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0C30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0C40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0C50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0C60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0C70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0C80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0C90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0CA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0CB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0CC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0CD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0CE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0CF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0D00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0D10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0D20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0D30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0D40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0D50] 00 00 00 00 01 00 04 80 D8 00 00 00 E8 00 00 00 ........ ........ > [0D60] 00 00 00 00 14 00 00 00 02 00 C4 00 07 00 00 00 ........ ........ > [0D70] 00 02 14 00 08 00 02 20 01 01 00 00 00 00 00 01 ....... ........ > [0D80] 00 00 00 00 00 09 24 00 0C 00 0F 10 01 05 00 00 ......$. ........ > [0D90] 00 00 00 05 15 00 00 00 D3 42 9F 90 94 5F 64 FD ........ .B..._d. > [0DA0] EB 17 72 3B 00 02 00 00 00 02 24 00 0C 00 0F 10 ..r;.... ..$..... > [0DB0] 01 05 00 00 00 00 00 05 15 00 00 00 D3 42 9F 90 ........ .....B.. > [0DC0] 94 5F 64 FD EB 17 72 3B 00 02 00 00 00 09 18 00 ._d...r; ........ > [0DD0] 0C 00 0F 10 01 02 00 00 00 00 00 05 20 00 00 00 ........ .... ... > [0DE0] 20 02 00 00 00 02 18 00 0C 00 0F 10 01 02 00 00 ....... ........ > [0DF0] 00 00 00 05 20 00 00 00 20 02 00 00 00 09 18 00 .... ... ....... > [0E00] 0C 00 0F 10 01 02 00 00 00 00 00 05 20 00 00 00 ........ .... ... > [0E10] 26 02 00 00 00 02 18 00 0C 00 0F 10 01 02 00 00 &....... ........ > [0E20] 00 00 00 05 20 00 00 00 26 02 00 00 01 02 00 00 .... ... &....... > [0E30] 00 00 00 05 20 00 00 00 20 02 00 00 01 02 00 00 .... ... ....... > [0E40] 00 00 00 05 20 00 00 00 20 02 00 00 5C 00 5C 00 .... ... ...\.\. > [0E50] 65 00 61 00 72 00 74 00 68 00 5C 00 70 00 6F 00 e.a.r.t. h.\.p.o. > [0E60] 65 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e....... ........ > [0E70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0E80] 00 00 00 00 00 00 00 00 00 00 00 00 01 04 00 04 ........ ........ > [0E90] DC 00 00 00 13 47 01 00 01 00 01 00 00 00 00 00 .....G.. ........ > [0EA0] 64 00 01 00 0F 00 FC FF 01 00 01 00 00 00 03 00 d....... ........ > [0EB0] 00 00 4C 00 65 00 74 00 74 00 65 00 72 00 00 00 ..L.e.t. t.e.r... > [0EC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0ED0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0EE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0EF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0F00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0F10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0F20] 00 00 00 00 00 00 00 00 00 00 00 00 52 00 41 00 ........ ....R.A. > [0F30] 57 00 00 00 77 00 69 00 6E 00 70 00 72 00 69 00 W...w.i. n.p.r.i. > [0F40] 6E 00 74 00 00 00 00 00 46 00 61 00 78 00 20 00 n.t..... F.a.x. . > [0F50] 4D 00 61 00 63 00 68 00 69 00 6E 00 65 00 00 00 M.a.c.h. i.n.e... > [0F60] 44 00 6F 00 75 00 62 00 6C 00 65 00 20 00 73 00 D.o.u.b. l.e. .s. > [0F70] 69 00 64 00 65 00 64 00 20 00 4C 00 61 00 73 00 i.d.e.d. .L.a.s. > [0F80] 65 00 72 00 4A 00 65 00 74 00 20 00 35 00 6D 00 e.r.J.e. t. .5.m. > [0F90] 20 00 62 00 79 00 20 00 66 00 61 00 78 00 20 00 .b.y. . f.a.x. . > [0FA0] 6D 00 61 00 63 00 68 00 69 00 6E 00 65 00 00 00 m.a.c.h. i.n.e... > [0FB0] 00 00 53 00 61 00 6D 00 62 00 61 00 20 00 50 00 ..S.a.m. b.a. .P. > [0FC0] 72 00 69 00 6E 00 74 00 65 00 72 00 20 00 50 00 r.i.n.t. e.r. .P. > [0FD0] 6F 00 72 00 74 00 00 00 70 00 6F 00 65 00 00 00 o.r.t... p.o.e... > [0FE0] 5C 00 5C 00 65 00 61 00 72 00 74 00 68 00 5C 00 \.\.e.a. r.t.h.\. > [0FF0] 70 00 6F 00 65 00 00 00 5C 00 5C 00 65 00 61 00 p.o.e... \.\.e.a. > [1000] 72 00 74 00 68 00 00 00 28 03 00 00 00 00 00 00 r.t.h... (....... >[2012/02/20 14:52:42.368967, 10] rpc_server/srv_pipe_hnd.c:788(np_read_recv) > Received 1024 bytes. There is more data outstanding >[2012/02/20 14:52:42.369162, 5] smbd/ipc.c:103(send_trans_reply) > send_trans_reply: buffer 1024 too large >[2012/02/20 14:52:42.369270, 5] smbd/ipc.c:62(copy_trans_params_and_data) > copy_trans_params_and_data: params[0..0] data[0..1024] (align 0) >[2012/02/20 14:52:42.369383, 3] smbd/error.c:81(error_packet_set) > error packet at smbd/ipc.c(137) cmd=37 (SMBtrans) STATUS_BUFFER_OVERFLOW >[2012/02/20 14:52:42.369493, 5] lib/util.c:332(show_msg) >[2012/02/20 14:52:42.369546, 5] lib/util.c:342(show_msg) > size=1080 > smb_com=0x25 > smb_rcls=5 > smb_reh=0 > smb_err=32768 > smb_flg=136 > smb_flg2=51203 > smb_tid=2 > smb_pid=1620 > smb_uid=100 > smb_mid=22785 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 1024 (0x400) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 1024 (0x400) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=1025 >[2012/02/20 14:52:42.370454, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 05 00 02 03 10 00 00 00 28 10 00 00 03 00 00 ........ .(...... > [0010] 00 10 10 00 00 00 00 00 00 04 00 02 00 00 10 00 ........ ........ > [0020] 00 F0 0F 00 00 D8 0F 00 00 D0 0F 00 00 AA 0F 00 ........ ........ > [0030] 00 A8 0F 00 00 58 0F 00 00 40 0F 00 00 44 0E 00 .....X.. .@...D.. > [0040] 00 3E 0F 00 00 2C 0F 00 00 24 0F 00 00 22 0F 00 .>...,.. .$...".. > [0050] 00 4C 0D 00 00 48 10 00 00 01 00 00 00 01 00 00 .L...H.. ........ > [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ >[2012/02/20 14:52:42.373426, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 58 >[2012/02/20 14:52:42.373561, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x3a >[2012/02/20 14:52:42.373702, 3] smbd/process.c:1662(process_smb) > Transaction 37 of length 62 (0 toread) >[2012/02/20 14:52:42.373798, 5] lib/util.c:332(show_msg) >[2012/02/20 14:52:42.373848, 5] lib/util.c:342(show_msg) > size=58 > smb_com=0xc0 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=3 > smb_pid=1620 > smb_uid=100 > smb_mid=22850 > smt_wct=2 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 1 (0x1) > smb_bcc=19 >[2012/02/20 14:52:42.374398, 10] ../lib/util/util.c:415(dump_data) > [0000] 04 57 00 49 00 4E 00 47 00 55 00 45 00 53 00 54 .W.I.N.G .U.E.S.T > [0010] 00 00 00 ... >[2012/02/20 14:52:42.374587, 3] smbd/process.c:1467(switch_message) > switch message SMBsplopen (pid 27737) conn 0x96a9508 >[2012/02/20 14:52:42.374687, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (7000, 1001) - sec_ctx_stack_ndx = 0 >[2012/02/20 14:52:42.374780, 5] ../libcli/security/security_token.c:63(security_token_debug) > Security token SIDs (7): > SID[ 0]: S-1-5-21-2426356435-4251213716-997332971-501 > SID[ 1]: S-1-5-21-2426356435-4251213716-997332971-513 > SID[ 2]: S-1-1-0 > SID[ 3]: S-1-5-2 > SID[ 4]: S-1-5-11 > SID[ 5]: S-1-22-1-7000 > SID[ 6]: S-1-22-2-1001 > Privileges (0x 0): > Rights (0x 0): >[2012/02/20 14:52:42.375350, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 7000 > Primary group is 1001 and contains 1 supplementary groups > Group[ 0]: 1001 >[2012/02/20 14:52:42.375605, 5] smbd/uid.c:317(change_to_user_internal) > Impersonated user: uid=(0,7000), gid=(0,1001) >[2012/02/20 14:52:42.375772, 4] smbd/vfs.c:780(vfs_ChDir) > vfs_ChDir to /var/spool/samba >[2012/02/20 14:52:42.375975, 5] smbd/files.c:126(file_new) > allocated file structure 11489, fnum = 15585 (3 used) >[2012/02/20 14:52:42.376835, 5] rpc_server/rpc_ncacn_np.c:883(rpc_pipe_open_interface) > Connecting to spoolss pipe. >[2012/02/20 14:52:42.377041, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) > Create pipe requested \spoolss >[2012/02/20 14:52:42.377148, 10] rpc_server/rpc_handles.c:133(init_pipe_handles) > init_pipe_handle_list: pipe_handles ref count = 2 for pipe \spoolss >[2012/02/20 14:52:42.377254, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) > Created internal pipe \spoolss (pipes_open=0) >[2012/02/20 14:52:42.377414, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > spoolss_OpenPrinter: struct spoolss_OpenPrinter > in: struct spoolss_OpenPrinter > printername : * > printername : 'miro' > datatype : * > datatype : 'RAW' > devmode_ctr: struct spoolss_DevmodeContainer > _ndr_size : 0x00000000 (0) > devmode : NULL > access_mask : 0x02000000 (33554432) > 0: SERVER_ACCESS_ADMINISTER > 0: SERVER_ACCESS_ENUMERATE > 0: PRINTER_ACCESS_ADMINISTER > 0: PRINTER_ACCESS_USE > 0: JOB_ACCESS_ADMINISTER > 0: JOB_ACCESS_READ > checking name: miro >[2012/02/20 14:52:42.378150, 10] rpc_server/spoolss/srv_spoolss_nt.c:752(open_printer_hnd) > open_printer_hnd: name [miro] >[2012/02/20 14:52:42.378242, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[2] [0000] 00 00 00 00 16 00 00 00 00 00 00 00 42 4F AA C0 ........ ....BO.. > [0010] 59 6C 00 00 Yl.. >[2012/02/20 14:52:42.378432, 3] rpc_server/spoolss/srv_spoolss_nt.c:521(set_printer_hnd_printertype) > Setting printer type=miro > Printer is a printer >[2012/02/20 14:52:42.378552, 4] rpc_server/spoolss/srv_spoolss_nt.c:581(set_printer_hnd_name) > Setting printer name=miro (len=4) > searching for [miro] >[2012/02/20 14:52:42.378732, 10] lib/gencache.c:183(gencache_set_data_blob) > Adding cache entry with key = PRINTERNAME/miro and timeout = Mon Feb 20 14:57:42 2012 > (300 seconds ahead) > set_printer_hnd_name: Printer found: miro -> miro >[2012/02/20 14:52:42.379068, 5] rpc_server/spoolss/srv_spoolss_nt.c:788(open_printer_hnd) > 2 printer handles active >[2012/02/20 14:52:42.379165, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 16 00 00 00 00 00 00 00 42 4F AA C0 ........ ....BO.. > [0010] 59 6C 00 00 Yl.. >[2012/02/20 14:52:42.379376, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 16 00 00 00 00 00 00 00 42 4F AA C0 ........ ....BO.. > [0010] 59 6C 00 00 Yl.. >[2012/02/20 14:52:42.379560, 4] rpc_server/spoolss/srv_spoolss_nt.c:504(get_printer_snum) > short name:miro >[2012/02/20 14:52:42.379687, 3] lib/access.c:338(allow_access) > Allowed connection from 10.10.20.205 (10.10.20.205) >[2012/02/20 14:52:42.381455, 10] smbd/share_access.c:241(user_ok_token) > user_ok_token: share miro is ok for unix user winguest >[2012/02/20 14:52:42.381667, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) > Create pipe requested \winreg >[2012/02/20 14:52:42.381788, 10] rpc_server/rpc_handles.c:133(init_pipe_handles) > init_pipe_handle_list: pipe_handles ref count = 2 for pipe \winreg >[2012/02/20 14:52:42.381917, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) > Created internal pipe \winreg (pipes_open=0) >[2012/02/20 14:52:42.382060, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_OpenHKLM: struct winreg_OpenHKLM > in: struct winreg_OpenHKLM > system_name : NULL > access_mask : 0x02000000 (33554432) > 0: KEY_QUERY_VALUE > 0: KEY_SET_VALUE > 0: KEY_CREATE_SUB_KEY > 0: KEY_ENUMERATE_SUB_KEYS > 0: KEY_NOTIFY > 0: KEY_CREATE_LINK > 0: KEY_WOW64_64KEY > 0: KEY_WOW64_32KEY >[2012/02/20 14:52:42.382590, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [HKLM] >[2012/02/20 14:52:42.382689, 4] smbd/sec_ctx.c:214(push_sec_ctx) > push_sec_ctx(7000, 1001) : sec_ctx_stack_ndx = 1 >[2012/02/20 14:52:42.382799, 4] smbd/uid.c:460(push_conn_ctx) > push_conn_ctx(100) : conn_ctx_stack_ndx = 0 >[2012/02/20 14:52:42.382891, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2012/02/20 14:52:42.382989, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2012/02/20 14:52:42.383077, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2012/02/20 14:52:42.383374, 4] smbd/sec_ctx.c:422(pop_sec_ctx) > pop_sec_ctx (7000, 1001) - sec_ctx_stack_ndx = 0 >[2012/02/20 14:52:42.383482, 10] registry/reg_backend_db.c:602(regdb_open) > regdb_open: registry db opened. refcount reset (1) >[2012/02/20 14:52:42.383577, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM] >[2012/02/20 14:52:42.383668, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM] >[2012/02/20 14:52:42.383756, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/02/20 14:52:42.383841, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0xb037c0 for key [\HKLM] >[2012/02/20 14:52:42.384022, 10] registry/reg_backend_db.c:1871(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM] >[2012/02/20 14:52:42.384169, 10] ../libcli/security/access_check.c:178(se_access_check) > se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f >[2012/02/20 14:52:42.384271, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[1] [0000] 00 00 00 00 17 00 00 00 00 00 00 00 42 4F AA C0 ........ ....BO.. > [0010] 59 6C 00 00 Yl.. >[2012/02/20 14:52:42.384507, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_OpenHKLM: struct winreg_OpenHKLM > out: struct winreg_OpenHKLM > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000017-0000-0000-424f-aac0596c0000 > result : WERR_OK >[2012/02/20 14:52:42.384916, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_OpenKey: struct winreg_OpenKey > in: struct winreg_OpenKey > parent_handle : * > parent_handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000017-0000-0000-424f-aac0596c0000 > keyname: struct winreg_String > name_len : 0x0082 (130) > name_size : 0x0082 (130) > name : * > name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\miro' > options : 0x00000000 (0) > 0: REG_OPTION_VOLATILE > 0: REG_OPTION_CREATE_LINK > 0: REG_OPTION_BACKUP_RESTORE > 0: REG_OPTION_OPEN_LINK > access_mask : 0x02000000 (33554432) > 0: KEY_QUERY_VALUE > 0: KEY_SET_VALUE > 0: KEY_CREATE_SUB_KEY > 0: KEY_ENUMERATE_SUB_KEYS > 0: KEY_NOTIFY > 0: KEY_CREATE_LINK > 0: KEY_WOW64_64KEY > 0: KEY_WOW64_32KEY >[2012/02/20 14:52:42.386008, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 17 00 00 00 00 00 00 00 42 4F AA C0 ........ ....BO.. > [0010] 59 6C 00 00 Yl.. >[2012/02/20 14:52:42.386195, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [SOFTWARE] >[2012/02/20 14:52:42.386287, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (1->2) >[2012/02/20 14:52:42.386381, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] >[2012/02/20 14:52:42.386467, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE] >[2012/02/20 14:52:42.386557, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/02/20 14:52:42.386643, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0xb037c0 for key [\HKLM\SOFTWARE] >[2012/02/20 14:52:42.386822, 10] registry/reg_backend_db.c:1871(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE] >[2012/02/20 14:52:42.386976, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Microsoft] >[2012/02/20 14:52:42.387074, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (2->3) >[2012/02/20 14:52:42.387169, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] >[2012/02/20 14:52:42.387257, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] >[2012/02/20 14:52:42.387345, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/02/20 14:52:42.387430, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0xb037c0 for key [\HKLM\SOFTWARE\Microsoft] >[2012/02/20 14:52:42.387571, 10] registry/reg_backend_db.c:1871(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft] >[2012/02/20 14:52:42.387706, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (3->2) >[2012/02/20 14:52:42.387830, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Windows NT] >[2012/02/20 14:52:42.387922, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (2->3) >[2012/02/20 14:52:42.388031, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] >[2012/02/20 14:52:42.388118, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] >[2012/02/20 14:52:42.388207, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/02/20 14:52:42.388292, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0xb037c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] >[2012/02/20 14:52:42.388433, 10] registry/reg_backend_db.c:1871(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT] >[2012/02/20 14:52:42.388567, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (3->2) >[2012/02/20 14:52:42.388659, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [CurrentVersion] >[2012/02/20 14:52:42.388751, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (2->3) >[2012/02/20 14:52:42.388845, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] >[2012/02/20 14:52:42.388933, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] >[2012/02/20 14:52:42.389056, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/02/20 14:52:42.389144, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0xb03a20 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] >[2012/02/20 14:52:42.389336, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (3->2) >[2012/02/20 14:52:42.389440, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Print] >[2012/02/20 14:52:42.389538, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (2->3) >[2012/02/20 14:52:42.389635, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] >[2012/02/20 14:52:42.389724, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] >[2012/02/20 14:52:42.389815, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/02/20 14:52:42.389900, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0xb03a20 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] >[2012/02/20 14:52:42.390088, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (3->2) >[2012/02/20 14:52:42.390183, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Printers] >[2012/02/20 14:52:42.390274, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (2->3) >[2012/02/20 14:52:42.390369, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] >[2012/02/20 14:52:42.390458, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] >[2012/02/20 14:52:42.390550, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/02/20 14:52:42.390635, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0xb037c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] >[2012/02/20 14:52:42.390784, 10] registry/reg_backend_db.c:1871(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] >[2012/02/20 14:52:42.390985, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (3->2) >[2012/02/20 14:52:42.391083, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [miro] >[2012/02/20 14:52:42.391175, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (2->3) >[2012/02/20 14:52:42.391270, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\miro] >[2012/02/20 14:52:42.391360, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\miro] >[2012/02/20 14:52:42.391452, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/02/20 14:52:42.391537, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0xb037c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\miro] >[2012/02/20 14:52:42.391684, 10] registry/reg_backend_db.c:1871(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\miro] >[2012/02/20 14:52:42.391841, 10] ../libcli/security/access_check.c:178(se_access_check) > se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f >[2012/02/20 14:52:42.391944, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (3->2) >[2012/02/20 14:52:42.392057, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[2] [0000] 00 00 00 00 18 00 00 00 00 00 00 00 42 4F AA C0 ........ ....BO.. > [0010] 59 6C 00 00 Yl.. >[2012/02/20 14:52:42.392257, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_OpenKey: struct winreg_OpenKey > out: struct winreg_OpenKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000018-0000-0000-424f-aac0596c0000 > result : WERR_OK >[2012/02/20 14:52:42.392664, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_QueryValue: struct winreg_QueryValue > in: struct winreg_QueryValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000018-0000-0000-424f-aac0596c0000 > value_name : * > value_name: struct winreg_String > name_len : 0x0012 (18) > name_size : 0x0012 (18) > name : * > name : 'Security' > type : * > type : REG_NONE (0) > data : NULL > data_size : * > data_size : 0x00000000 (0) > data_length : * > data_length : 0x00000000 (0) >[2012/02/20 14:52:42.393492, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 18 00 00 00 00 00 00 00 42 4F AA C0 ........ ....BO.. > [0010] 59 6C 00 00 Yl.. >[2012/02/20 14:52:42.393675, 7] rpc_server/winreg/srv_winreg_nt.c:262(_winreg_QueryValue) > _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\miro] >[2012/02/20 14:52:42.393766, 7] rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) > _winreg_QueryValue: policy key type = [00000000] >[2012/02/20 14:52:42.393854, 10] registry/reg_dispatcher.c:150(fetch_reg_values) > fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\miro' (ops 0xb037c0) >[2012/02/20 14:52:42.393984, 10] registry/reg_backend_db.c:1764(regdb_fetch_values_internal) > regdb_fetch_values: Looking for value of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\miro] >[2012/02/20 14:52:42.394164, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) > specific: [Attributes], len: 4 >[2012/02/20 14:52:42.394267, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) > specific: [Description], len: 14 >[2012/02/20 14:52:42.394357, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) > specific: [Datatype], len: 8 >[2012/02/20 14:52:42.394446, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) > specific: [Default Priority], len: 4 >[2012/02/20 14:52:42.394537, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) > specific: [Default DevMode], len: 220 >[2012/02/20 14:52:42.394629, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) > specific: [Printer Driver], len: 56 >[2012/02/20 14:52:42.394719, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) > specific: [Location], len: 26 >[2012/02/20 14:52:42.394809, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) > specific: [Parameters], len: 2 >[2012/02/20 14:52:42.394898, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) > specific: [Port], len: 38 >[2012/02/20 14:52:42.395000, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) > specific: [Name], len: 10 >[2012/02/20 14:52:42.395090, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) > specific: [Print Processor], len: 42 >[2012/02/20 14:52:42.395181, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) > specific: [Priority], len: 4 >[2012/02/20 14:52:42.395272, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) > specific: [Separator File], len: 2 >[2012/02/20 14:52:42.395418, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) > specific: [Share Name], len: 10 >[2012/02/20 14:52:42.395510, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) > specific: [StartTime], len: 4 >[2012/02/20 14:52:42.395602, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) > specific: [Status], len: 4 >[2012/02/20 14:52:42.395694, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) > specific: [UntilTime], len: 4 >[2012/02/20 14:52:42.395786, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) > specific: [Security], len: 232 >[2012/02/20 14:52:42.395906, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) > specific: [ChangeID], len: 4 >[2012/02/20 14:52:42.396025, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_QueryValue: struct winreg_QueryValue > out: struct winreg_QueryValue > type : * > type : REG_BINARY (3) > data : NULL > data_size : * > data_size : 0x000000e8 (232) > data_length : * > data_length : 0x00000000 (0) > result : WERR_OK >[2012/02/20 14:52:42.396559, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_QueryValue: struct winreg_QueryValue > in: struct winreg_QueryValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000018-0000-0000-424f-aac0596c0000 > value_name : * > value_name: struct winreg_String > name_len : 0x0012 (18) > name_size : 0x0012 (18) > name : * > name : 'Security' > type : * > type : REG_BINARY (3) > data : * > data: ARRAY(0) > data_size : * > data_size : 0x000000e8 (232) > data_length : * > data_length : 0x00000000 (0) >[2012/02/20 14:52:42.397828, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 18 00 00 00 00 00 00 00 42 4F AA C0 ........ ....BO.. > [0010] 59 6C 00 00 Yl.. >[2012/02/20 14:52:42.398095, 7] rpc_server/winreg/srv_winreg_nt.c:262(_winreg_QueryValue) > _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\miro] >[2012/02/20 14:52:42.398190, 7] rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) > _winreg_QueryValue: policy key type = [00000000] >[2012/02/20 14:52:42.398294, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_QueryValue: struct winreg_QueryValue > out: struct winreg_QueryValue > type : * > type : REG_BINARY (3) > data : * > data: ARRAY(232) > [0] : 0x01 (1) > [1] : 0x00 (0) > [2] : 0x0c (12) > [3] : 0x80 (128) > [4] : 0x14 (20) > [5] : 0x00 (0) > [6] : 0x00 (0) > [7] : 0x00 (0) > [8] : 0x20 (32) > [9] : 0x00 (0) > [10] : 0x00 (0) > [11] : 0x00 (0) > [12] : 0x00 (0) > [13] : 0x00 (0) > [14] : 0x00 (0) > [15] : 0x00 (0) > [16] : 0x2c (44) > [17] : 0x00 (0) > [18] : 0x00 (0) > [19] : 0x00 (0) > [20] : 0x01 (1) > [21] : 0x01 (1) > [22] : 0x00 (0) > [23] : 0x00 (0) > [24] : 0x00 (0) > [25] : 0x00 (0) > [26] : 0x00 (0) > [27] : 0x05 (5) > [28] : 0x12 (18) > [29] : 0x00 (0) > [30] : 0x00 (0) > [31] : 0x00 (0) > [32] : 0x01 (1) > [33] : 0x01 (1) > [34] : 0x00 (0) > [35] : 0x00 (0) > [36] : 0x00 (0) > [37] : 0x00 (0) > [38] : 0x00 (0) > [39] : 0x05 (5) > [40] : 0x12 (18) > [41] : 0x00 (0) > [42] : 0x00 (0) > [43] : 0x00 (0) > [44] : 0x02 (2) > [45] : 0x00 (0) > [46] : 0xbc (188) > [47] : 0x00 (0) > [48] : 0x07 (7) > [49] : 0x00 (0) > [50] : 0x00 (0) > [51] : 0x00 (0) > [52] : 0x00 (0) > [53] : 0x00 (0) > [54] : 0x24 (36) > [55] : 0x00 (0) > [56] : 0x0c (12) > [57] : 0x00 (0) > [58] : 0x0f (15) > [59] : 0x00 (0) > [60] : 0x01 (1) > [61] : 0x05 (5) > [62] : 0x00 (0) > [63] : 0x00 (0) > [64] : 0x00 (0) > [65] : 0x00 (0) > [66] : 0x00 (0) > [67] : 0x05 (5) > [68] : 0x15 (21) > [69] : 0x00 (0) > [70] : 0x00 (0) > [71] : 0x00 (0) > [72] : 0xd3 (211) > [73] : 0x42 (66) > [74] : 0x9f (159) > [75] : 0x90 (144) > [76] : 0x94 (148) > [77] : 0x5f (95) > [78] : 0x64 (100) > [79] : 0xfd (253) > [80] : 0xeb (235) > [81] : 0x17 (23) > [82] : 0x72 (114) > [83] : 0x3b (59) > [84] : 0x9a (154) > [85] : 0x3a (58) > [86] : 0x00 (0) > [87] : 0x00 (0) > [88] : 0x00 (0) > [89] : 0x09 (9) > [90] : 0x24 (36) > [91] : 0x00 (0) > [92] : 0x30 (48) > [93] : 0x00 (0) > [94] : 0x0f (15) > [95] : 0x00 (0) > [96] : 0x01 (1) > [97] : 0x05 (5) > [98] : 0x00 (0) > [99] : 0x00 (0) > [100] : 0x00 (0) > [101] : 0x00 (0) > [102] : 0x00 (0) > [103] : 0x05 (5) > [104] : 0x15 (21) > [105] : 0x00 (0) > [106] : 0x00 (0) > [107] : 0x00 (0) > [108] : 0xd3 (211) > [109] : 0x42 (66) > [110] : 0x9f (159) > [111] : 0x90 (144) > [112] : 0x94 (148) > [113] : 0x5f (95) > [114] : 0x64 (100) > [115] : 0xfd (253) > [116] : 0xeb (235) > [117] : 0x17 (23) > [118] : 0x72 (114) > [119] : 0x3b (59) > [120] : 0x9a (154) > [121] : 0x3a (58) > [122] : 0x00 (0) > [123] : 0x00 (0) > [124] : 0x00 (0) > [125] : 0x09 (9) > [126] : 0x14 (20) > [127] : 0x00 (0) > [128] : 0x00 (0) > [129] : 0x00 (0) > [130] : 0x00 (0) > [131] : 0x10 (16) > [132] : 0x01 (1) > [133] : 0x01 (1) > [134] : 0x00 (0) > [135] : 0x00 (0) > [136] : 0x00 (0) > [137] : 0x00 (0) > [138] : 0x00 (0) > [139] : 0x03 (3) > [140] : 0x00 (0) > [141] : 0x00 (0) > [142] : 0x00 (0) > [143] : 0x00 (0) > [144] : 0x00 (0) > [145] : 0x00 (0) > [146] : 0x14 (20) > [147] : 0x00 (0) > [148] : 0x08 (8) > [149] : 0x00 (0) > [150] : 0x02 (2) > [151] : 0x00 (0) > [152] : 0x01 (1) > [153] : 0x01 (1) > [154] : 0x00 (0) > [155] : 0x00 (0) > [156] : 0x00 (0) > [157] : 0x00 (0) > [158] : 0x00 (0) > [159] : 0x01 (1) > [160] : 0x00 (0) > [161] : 0x00 (0) > [162] : 0x00 (0) > [163] : 0x00 (0) > [164] : 0x00 (0) > [165] : 0x0a (10) > [166] : 0x14 (20) > [167] : 0x00 (0) > [168] : 0x00 (0) > [169] : 0x00 (0) > [170] : 0x00 (0) > [171] : 0x20 (32) > [172] : 0x01 (1) > [173] : 0x01 (1) > [174] : 0x00 (0) > [175] : 0x00 (0) > [176] : 0x00 (0) > [177] : 0x00 (0) > [178] : 0x00 (0) > [179] : 0x01 (1) > [180] : 0x00 (0) > [181] : 0x00 (0) > [182] : 0x00 (0) > [183] : 0x00 (0) > [184] : 0x00 (0) > [185] : 0x00 (0) > [186] : 0x18 (24) > [187] : 0x00 (0) > [188] : 0x0c (12) > [189] : 0x00 (0) > [190] : 0x0f (15) > [191] : 0x00 (0) > [192] : 0x01 (1) > [193] : 0x02 (2) > [194] : 0x00 (0) > [195] : 0x00 (0) > [196] : 0x00 (0) > [197] : 0x00 (0) > [198] : 0x00 (0) > [199] : 0x05 (5) > [200] : 0x20 (32) > [201] : 0x00 (0) > [202] : 0x00 (0) > [203] : 0x00 (0) > [204] : 0x20 (32) > [205] : 0x02 (2) > [206] : 0x00 (0) > [207] : 0x00 (0) > [208] : 0x00 (0) > [209] : 0x0b (11) > [210] : 0x18 (24) > [211] : 0x00 (0) > [212] : 0x00 (0) > [213] : 0x00 (0) > [214] : 0x00 (0) > [215] : 0x10 (16) > [216] : 0x01 (1) > [217] : 0x02 (2) > [218] : 0x00 (0) > [219] : 0x00 (0) > [220] : 0x00 (0) > [221] : 0x00 (0) > [222] : 0x00 (0) > [223] : 0x05 (5) > [224] : 0x20 (32) > [225] : 0x00 (0) > [226] : 0x00 (0) > [227] : 0x00 (0) > [228] : 0x20 (32) > [229] : 0x02 (2) > [230] : 0x00 (0) > [231] : 0x00 (0) > data_size : * > data_size : 0x000000e8 (232) > data_length : * > data_length : 0x000000e8 (232) > result : WERR_OK >[2012/02/20 14:52:42.408631, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > in: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000018-0000-0000-424f-aac0596c0000 >[2012/02/20 14:52:42.408968, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 18 00 00 00 00 00 00 00 42 4F AA C0 ........ ....BO.. > [0010] 59 6C 00 00 Yl.. >[2012/02/20 14:52:42.409181, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 18 00 00 00 00 00 00 00 42 4F AA C0 ........ ....BO.. > [0010] 59 6C 00 00 Yl.. >[2012/02/20 14:52:42.409366, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/02/20 14:52:42.409462, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (2->1) >[2012/02/20 14:52:42.409551, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > out: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000000-0000-0000-0000-000000000000 > result : WERR_OK >[2012/02/20 14:52:42.409986, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > in: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000017-0000-0000-424f-aac0596c0000 >[2012/02/20 14:52:42.410320, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 17 00 00 00 00 00 00 00 42 4F AA C0 ........ ....BO.. > [0010] 59 6C 00 00 Yl.. >[2012/02/20 14:52:42.410653, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 17 00 00 00 00 00 00 00 42 4F AA C0 ........ ....BO.. > [0010] 59 6C 00 00 Yl.. >[2012/02/20 14:52:42.410984, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/02/20 14:52:42.411087, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (1->0) >[2012/02/20 14:52:42.411211, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > out: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000000-0000-0000-0000-000000000000 > result : WERR_OK >[2012/02/20 14:52:42.411596, 10] ../libcli/security/access_check.c:58(se_map_generic) > se_map_generic(): mapped mask 0x10000000 to 0x000f000c >[2012/02/20 14:52:42.411691, 10] ../libcli/security/access_check.c:58(se_map_generic) > se_map_generic(): mapped mask 0x20000000 to 0x00020008 >[2012/02/20 14:52:42.411778, 10] ../libcli/security/access_check.c:58(se_map_generic) > se_map_generic(): mapped mask 0x10000000 to 0x000f000c >[2012/02/20 14:52:42.411867, 4] printing/nt_printing.c:1793(print_access_check) > access check was FAILURE >[2012/02/20 14:52:42.413505, 3] rpc_server/spoolss/srv_spoolss_nt.c:1904(_spoolss_OpenPrinterEx) > access DENIED for printer open >[2012/02/20 14:52:42.413684, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 16 00 00 00 00 00 00 00 42 4F AA C0 ........ ....BO.. > [0010] 59 6C 00 00 Yl.. >[2012/02/20 14:52:42.413872, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 16 00 00 00 00 00 00 00 42 4F AA C0 ........ ....BO.. > [0010] 59 6C 00 00 Yl.. >[2012/02/20 14:52:42.414117, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/02/20 14:52:42.414217, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > spoolss_OpenPrinter: struct spoolss_OpenPrinter > out: struct spoolss_OpenPrinter > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000000-0000-0000-0000-000000000000 > result : WERR_ACCESS_DENIED >[2012/02/20 14:52:42.414623, 5] smbd/files.c:464(file_free) > freed files structure 15585 (2 used) >[2012/02/20 14:52:42.414725, 3] smbd/error.c:81(error_packet_set) > error packet at smbd/reply.c(5215) cmd=192 (SMBsplopen) NT_STATUS_ACCESS_DENIED >[2012/02/20 14:52:42.414819, 5] lib/util.c:332(show_msg) >[2012/02/20 14:52:42.414871, 5] lib/util.c:342(show_msg) > size=35 > smb_com=0xc0 > smb_rcls=34 > smb_reh=0 > smb_err=49152 > smb_flg=136 > smb_flg2=51203 > smb_tid=3 > smb_pid=1620 > smb_uid=100 > smb_mid=22850 > smt_wct=0 > smb_bcc=0 >[2012/02/20 14:52:42.415350, 10] ../lib/util/util.c:415(dump_data) >[2012/02/20 14:52:42.415472, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 59 >[2012/02/20 14:52:42.415633, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x3b >[2012/02/20 14:52:42.415722, 3] smbd/process.c:1662(process_smb) > Transaction 38 of length 63 (0 toread) >[2012/02/20 14:52:42.415810, 5] lib/util.c:332(show_msg) >[2012/02/20 14:52:42.415860, 5] lib/util.c:342(show_msg) > size=59 > smb_com=0x2e > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=2 > smb_pid=65279 > smb_uid=100 > smb_mid=22913 > smt_wct=12 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]=15584 (0x3CE0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 3112 (0xC28) > smb_vwv[ 6]= 3112 (0xC28) > smb_vwv[ 7]=65535 (0xFFFF) > smb_vwv[ 8]=65535 (0xFFFF) > smb_vwv[ 9]= 3112 (0xC28) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_bcc=0 >[2012/02/20 14:52:42.416787, 10] ../lib/util/util.c:415(dump_data) >[2012/02/20 14:52:42.416848, 3] smbd/process.c:1467(switch_message) > switch message SMBreadX (pid 27737) conn 0x9697a50 >[2012/02/20 14:52:42.416953, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (7000, 1001) - sec_ctx_stack_ndx = 0 >[2012/02/20 14:52:42.417074, 5] ../libcli/security/security_token.c:63(security_token_debug) > Security token SIDs (7): > SID[ 0]: S-1-5-21-2426356435-4251213716-997332971-501 > SID[ 1]: S-1-5-21-2426356435-4251213716-997332971-513 > SID[ 2]: S-1-1-0 > SID[ 3]: S-1-5-2 > SID[ 4]: S-1-5-11 > SID[ 5]: S-1-22-1-7000 > SID[ 6]: S-1-22-2-1001 > Privileges (0x 0): > Rights (0x 0): >[2012/02/20 14:52:42.417520, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 7000 > Primary group is 1001 and contains 1 supplementary groups > Group[ 0]: 1001 >[2012/02/20 14:52:42.417715, 5] smbd/uid.c:317(change_to_user_internal) > Impersonated user: uid=(0,7000), gid=(0,1001) >[2012/02/20 14:52:42.417814, 4] smbd/vfs.c:780(vfs_ChDir) > vfs_ChDir to /tmp >[2012/02/20 14:52:42.417918, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) > name: \spoolss len: 3112 >[2012/02/20 14:52:42.418068, 10] rpc_server/srv_pipe_hnd.c:325(read_from_internal_pipe) > read_from_pipe: \spoolss: current_pdu_len = 4136, current_pdu_sent = 1024 returning 3112 bytes. >[2012/02/20 14:52:42.418178, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) > free_pipe_context: destroying talloc pool of size 4092 >[2012/02/20 14:52:42.418292, 10] rpc_server/rpc_handles.c:307(close_policy_by_pipe) > close_policy_by_pipe: deleted handle list for pipe \winreg >[2012/02/20 14:52:42.418412, 10] rpc_server/srv_pipe_hnd.c:788(np_read_recv) > Received 3112 bytes. There is more data outstanding >[2012/02/20 14:52:42.418506, 3] smbd/pipes.c:485(pipe_read_andx_done) > readX-IPC min=3112 max=3112 nread=3112 >[2012/02/20 14:52:42.419736, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 4240 >[2012/02/20 14:52:42.420076, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x1090 >[2012/02/20 14:52:42.420292, 3] smbd/process.c:1662(process_smb) > Transaction 39 of length 4244 (0 toread) >[2012/02/20 14:52:42.420433, 5] lib/util.c:332(show_msg) >[2012/02/20 14:52:42.420509, 5] lib/util.c:342(show_msg) > size=4240 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=2 > smb_pid=1620 > smb_uid=100 > smb_mid=22977 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 4156 (0x103C) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 4136 (0x1028) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 4156 (0x103C) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=15584 (0x3CE0) > smb_bcc=4173 >[2012/02/20 14:52:42.421775, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... > [0010] 00 05 00 00 03 10 00 00 00 3C 10 00 00 04 00 00 ........ .<...... > [0020] 00 24 10 00 00 00 00 08 00 00 00 00 00 0D 00 00 .$...... ........ > [0030] 00 00 00 00 00 42 4F AA C0 59 6C 00 00 02 00 00 .....BO. .Yl..... > [0040] 00 00 00 02 00 00 10 00 00 00 00 00 00 00 00 00 ........ ........ > [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ >[2012/02/20 14:52:42.424297, 3] smbd/process.c:1467(switch_message) > switch message SMBtrans (pid 27737) conn 0x9697a50 >[2012/02/20 14:52:42.424394, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/02/20 14:52:42.424532, 3] smbd/ipc.c:560(handle_trans) > trans <\PIPE\> data=4156 params=0 setup=2 >[2012/02/20 14:52:42.424654, 5] smbd/ipc.c:593(handle_trans) > calling named_pipe >[2012/02/20 14:52:42.424741, 3] smbd/ipc.c:511(named_pipe) > named pipe command on <> name >[2012/02/20 14:52:42.424828, 5] smbd/ipc.c:434(api_fd_reply) > api_fd_reply >[2012/02/20 14:52:42.424912, 3] smbd/ipc.c:475(api_fd_reply) > Got API command 0x26 on pipe "spoolss" (pnum 3ce0) >[2012/02/20 14:52:42.425010, 10] smbd/ipc.c:477(api_fd_reply) > api_fd_reply: p:0x9617028 max_trans_reply: 4136 >[2012/02/20 14:52:42.425131, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) > np_write_send: len: 4156 >[2012/02/20 14:52:42.425223, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 4156 >[2012/02/20 14:52:42.425310, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 4156 >[2012/02/20 14:52:42.425400, 10] rpc_server/srv_pipe_hnd.c:50(fill_rpc_header) > fill_rpc_header: data_to_copy = 4156, len_needed_to_complete_hdr = 16, receive_len = 0 >[2012/02/20 14:52:42.425490, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 16 >[2012/02/20 14:52:42.425576, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 4140 >[2012/02/20 14:52:42.425664, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 4140 >[2012/02/20 14:52:42.425811, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 0 >[2012/02/20 14:52:42.425898, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 4140 >[2012/02/20 14:52:42.426009, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 4140, incoming data = 4140 >[2012/02/20 14:52:42.426112, 10] rpc_server/srv_pipe.c:1877(process_complete_pdu) > PDU is in Little Endian format! >[2012/02/20 14:52:42.426219, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) > r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_REQUEST (0) > pfc_flags : 0x03 (3) > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x103c (4156) > auth_length : 0x0000 (0) > call_id : 0x00000004 (4) > u : union dcerpc_payload(case 0) > request: struct dcerpc_request > alloc_hint : 0x00001024 (4132) > context_id : 0x0000 (0) > opnum : 0x0008 (8) > object : union dcerpc_object(case 0) > empty: struct dcerpc_empty > _pad : DATA_BLOB length=0 > stub_and_verifier : DATA_BLOB length=4132 > [0000] 00 00 00 00 0D 00 00 00 00 00 00 00 42 4F AA C0 ........ ....BO.. > [0010] 59 6C 00 00 02 00 00 00 00 00 02 00 00 10 00 00 Yl...... ........ > [0020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0040] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0200] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0210] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0220] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0230] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0240] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0250] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0260] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0270] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0280] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0290] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [02A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [02B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [02C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [02D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [02E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [02F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0300] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0310] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0320] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0330] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0340] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0350] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0360] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0370] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0380] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0390] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [03A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [03B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [03C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [03D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [03E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [03F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0400] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0410] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0420] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0430] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0440] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0450] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0460] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0470] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0480] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0490] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [04A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [04B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [04C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [04D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [04E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [04F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0500] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0510] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0520] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0530] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0540] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0550] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0560] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0570] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0580] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0590] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [05A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [05B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [05C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [05D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [05E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [05F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0600] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0610] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0620] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0630] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0640] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0650] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0660] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0670] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0680] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0690] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [06A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [06B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [06C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [06D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [06E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [06F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0700] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0710] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0720] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0730] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0740] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0750] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0760] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0770] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0780] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0790] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [07A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [07B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [07C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [07D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [07E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [07F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0800] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0810] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0820] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0830] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0840] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0850] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0860] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0870] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0880] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0890] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [08A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [08B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [08C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [08D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [08E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [08F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0900] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0910] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0920] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0930] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0940] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0950] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0960] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0970] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0980] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0990] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [09A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [09B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [09C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [09D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [09E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [09F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0A00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0A10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0A20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0A30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0A40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0A50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0A60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0A70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0A80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0A90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0AA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0AB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0AC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0AD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0AE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0AF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0B00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0B10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0B20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0B30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0B40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0B50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0B60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0B70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0B80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0B90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0BA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0BB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0BC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0BD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0BE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0BF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0C00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0C10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0C20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0C30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0C40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0C50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0C60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0C70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0C80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0C90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0CA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0CB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0CC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0CD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0CE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0CF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0D00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0D10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0D20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0D30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0D40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0D50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0D60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0D70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0D80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0D90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0DA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0DB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0DC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0DD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0DE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0DF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0E00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0E10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0E20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0E30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0E40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0E50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0E60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0E70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0E80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0E90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0EA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0EB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0EC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0ED0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0EE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0EF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0F00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0F10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0F20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0F30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0F40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0F50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0F60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0F70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0F80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0F90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0FA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0FB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0FC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0FD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0FE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0FF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1010] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1020] 00 10 00 00 .... >[2012/02/20 14:52:42.454527, 10] rpc_server/srv_pipe.c:1890(process_complete_pdu) > Processing packet type 0 >[2012/02/20 14:52:42.454644, 10] rpc_server/srv_pipe.c:1734(dcesrv_auth_request) > Checking request auth. >[2012/02/20 14:52:42.454746, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) > Requested \PIPE\\spoolss >[2012/02/20 14:52:42.454887, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) > api_rpcTNP: \spoolss op 0x8 - api_rpcTNP: rpc command: SPOOLSS_GETPRINTER >[2012/02/20 14:52:42.454995, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) > api_rpc_cmds[8].fn == 0x442b10 >[2012/02/20 14:52:42.455097, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > spoolss_GetPrinter: struct spoolss_GetPrinter > in: struct spoolss_GetPrinter > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000000d-0000-0000-424f-aac0596c0000 > level : 0x00000002 (2) > buffer : * > buffer : DATA_BLOB length=4096 > [0000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0010] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0040] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0200] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0210] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0220] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0230] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0240] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0250] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0260] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0270] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0280] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0290] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [02A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [02B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [02C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [02D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [02E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [02F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0300] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0310] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0320] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0330] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0340] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0350] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0360] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0370] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0380] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0390] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [03A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [03B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [03C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [03D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [03E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [03F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0400] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0410] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0420] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0430] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0440] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0450] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0460] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0470] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0480] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0490] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [04A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [04B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [04C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [04D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [04E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [04F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0500] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0510] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0520] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0530] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0540] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0550] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0560] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0570] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0580] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0590] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [05A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [05B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [05C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [05D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [05E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [05F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0600] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0610] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0620] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0630] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0640] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0650] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0660] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0670] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0680] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0690] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [06A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [06B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [06C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [06D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [06E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [06F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0700] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0710] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0720] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0730] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0740] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0750] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0760] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0770] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0780] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0790] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [07A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [07B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [07C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [07D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [07E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [07F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0800] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0810] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0820] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0830] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0840] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0850] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0860] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0870] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0880] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0890] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [08A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [08B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [08C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [08D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [08E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [08F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0900] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0910] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0920] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0930] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0940] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0950] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0960] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0970] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0980] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0990] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [09A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [09B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [09C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [09D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [09E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [09F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0A00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0A10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0A20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0A30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0A40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0A50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0A60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0A70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0A80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0A90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0AA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0AB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0AC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0AD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0AE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0AF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0B00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0B10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0B20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0B30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0B40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0B50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0B60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0B70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0B80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0B90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0BA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0BB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0BC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0BD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0BE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0BF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0C00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0C10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0C20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0C30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0C40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0C50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0C60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0C70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0C80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0C90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0CA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0CB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0CC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0CD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0CE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0CF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0D00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0D10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0D20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0D30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0D40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0D50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0D60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0D70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0D80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0D90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0DA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0DB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0DC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0DD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0DE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0DF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0E00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0E10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0E20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0E30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0E40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0E50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0E60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0E70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0E80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0E90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0EA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0EB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0EC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0ED0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0EE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0EF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0F00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0F10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0F20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0F30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0F40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0F50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0F60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0F70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0F80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0F90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0FA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0FB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0FC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0FD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0FE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0FF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > offered : 0x00001000 (4096) >[2012/02/20 14:52:42.480443, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 0D 00 00 00 00 00 00 00 42 4F AA C0 ........ ....BO.. > [0010] 59 6C 00 00 Yl.. >[2012/02/20 14:52:42.480651, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 0D 00 00 00 00 00 00 00 42 4F AA C0 ........ ....BO.. > [0010] 59 6C 00 00 Yl.. >[2012/02/20 14:52:42.480833, 4] rpc_server/spoolss/srv_spoolss_nt.c:504(get_printer_snum) > short name:poe >[2012/02/20 14:52:42.480938, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) > Create pipe requested \winreg >[2012/02/20 14:52:42.481050, 10] rpc_server/rpc_handles.c:116(init_pipe_handles) > init_pipe_handle_list: created handle list for pipe \winreg >[2012/02/20 14:52:42.481143, 10] rpc_server/rpc_handles.c:133(init_pipe_handles) > init_pipe_handle_list: pipe_handles ref count = 1 for pipe \winreg >[2012/02/20 14:52:42.481255, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) > Created internal pipe \winreg (pipes_open=0) >[2012/02/20 14:52:42.481380, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_OpenHKLM: struct winreg_OpenHKLM > in: struct winreg_OpenHKLM > system_name : NULL > access_mask : 0x02000000 (33554432) > 0: KEY_QUERY_VALUE > 0: KEY_SET_VALUE > 0: KEY_CREATE_SUB_KEY > 0: KEY_ENUMERATE_SUB_KEYS > 0: KEY_NOTIFY > 0: KEY_CREATE_LINK > 0: KEY_WOW64_64KEY > 0: KEY_WOW64_32KEY >[2012/02/20 14:52:42.481948, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [HKLM] >[2012/02/20 14:52:42.482056, 4] smbd/sec_ctx.c:214(push_sec_ctx) > push_sec_ctx(7000, 1001) : sec_ctx_stack_ndx = 1 >[2012/02/20 14:52:42.482153, 4] smbd/uid.c:460(push_conn_ctx) > push_conn_ctx(100) : conn_ctx_stack_ndx = 0 >[2012/02/20 14:52:42.482239, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2012/02/20 14:52:42.482326, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2012/02/20 14:52:42.482411, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2012/02/20 14:52:42.482690, 4] smbd/sec_ctx.c:422(pop_sec_ctx) > pop_sec_ctx (7000, 1001) - sec_ctx_stack_ndx = 0 >[2012/02/20 14:52:42.482791, 10] registry/reg_backend_db.c:602(regdb_open) > regdb_open: registry db opened. refcount reset (1) >[2012/02/20 14:52:42.482904, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM] >[2012/02/20 14:52:42.483046, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM] >[2012/02/20 14:52:42.483164, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/02/20 14:52:42.483252, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0xb037c0 for key [\HKLM] >[2012/02/20 14:52:42.483427, 10] registry/reg_backend_db.c:1871(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM] >[2012/02/20 14:52:42.483605, 10] ../libcli/security/access_check.c:178(se_access_check) > se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f >[2012/02/20 14:52:42.483835, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[1] [0000] 00 00 00 00 19 00 00 00 00 00 00 00 42 4F AA C0 ........ ....BO.. > [0010] 59 6C 00 00 Yl.. >[2012/02/20 14:52:42.484111, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_OpenHKLM: struct winreg_OpenHKLM > out: struct winreg_OpenHKLM > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000019-0000-0000-424f-aac0596c0000 > result : WERR_OK >[2012/02/20 14:52:42.484533, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_OpenKey: struct winreg_OpenKey > in: struct winreg_OpenKey > parent_handle : * > parent_handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000019-0000-0000-424f-aac0596c0000 > keyname: struct winreg_String > name_len : 0x0080 (128) > name_size : 0x0080 (128) > name : * > name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\poe' > options : 0x00000000 (0) > 0: REG_OPTION_VOLATILE > 0: REG_OPTION_CREATE_LINK > 0: REG_OPTION_BACKUP_RESTORE > 0: REG_OPTION_OPEN_LINK > access_mask : 0x02000000 (33554432) > 0: KEY_QUERY_VALUE > 0: KEY_SET_VALUE > 0: KEY_CREATE_SUB_KEY > 0: KEY_ENUMERATE_SUB_KEYS > 0: KEY_NOTIFY > 0: KEY_CREATE_LINK > 0: KEY_WOW64_64KEY > 0: KEY_WOW64_32KEY >[2012/02/20 14:52:42.485644, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 19 00 00 00 00 00 00 00 42 4F AA C0 ........ ....BO.. > [0010] 59 6C 00 00 Yl.. >[2012/02/20 14:52:42.485832, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [SOFTWARE] >[2012/02/20 14:52:42.485925, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (1->2) >[2012/02/20 14:52:42.486055, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] >[2012/02/20 14:52:42.486144, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE] >[2012/02/20 14:52:42.486234, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/02/20 14:52:42.486320, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0xb037c0 for key [\HKLM\SOFTWARE] >[2012/02/20 14:52:42.486493, 10] registry/reg_backend_db.c:1871(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE] >[2012/02/20 14:52:42.486631, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Microsoft] >[2012/02/20 14:52:42.486727, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (2->3) >[2012/02/20 14:52:42.486819, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] >[2012/02/20 14:52:42.486907, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] >[2012/02/20 14:52:42.487027, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/02/20 14:52:42.487114, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0xb037c0 for key [\HKLM\SOFTWARE\Microsoft] >[2012/02/20 14:52:42.487261, 10] registry/reg_backend_db.c:1871(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft] >[2012/02/20 14:52:42.487395, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (3->2) >[2012/02/20 14:52:42.487487, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Windows NT] >[2012/02/20 14:52:42.487578, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (2->3) >[2012/02/20 14:52:42.487673, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] >[2012/02/20 14:52:42.487760, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] >[2012/02/20 14:52:42.487848, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/02/20 14:52:42.487933, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0xb037c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] >[2012/02/20 14:52:42.488083, 10] registry/reg_backend_db.c:1871(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT] >[2012/02/20 14:52:42.488215, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (3->2) >[2012/02/20 14:52:42.488306, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [CurrentVersion] >[2012/02/20 14:52:42.488398, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (2->3) >[2012/02/20 14:52:42.488492, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] >[2012/02/20 14:52:42.488583, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] >[2012/02/20 14:52:42.488673, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/02/20 14:52:42.488795, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0xb03a20 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] >[2012/02/20 14:52:42.488983, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (3->2) >[2012/02/20 14:52:42.489095, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Print] >[2012/02/20 14:52:42.489188, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (2->3) >[2012/02/20 14:52:42.489283, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] >[2012/02/20 14:52:42.489373, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] >[2012/02/20 14:52:42.489465, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/02/20 14:52:42.489551, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0xb03a20 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] >[2012/02/20 14:52:42.489704, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (3->2) >[2012/02/20 14:52:42.489796, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Printers] >[2012/02/20 14:52:42.489887, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (2->3) >[2012/02/20 14:52:42.489992, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] >[2012/02/20 14:52:42.490082, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] >[2012/02/20 14:52:42.490173, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/02/20 14:52:42.490258, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0xb037c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] >[2012/02/20 14:52:42.490407, 10] registry/reg_backend_db.c:1871(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] >[2012/02/20 14:52:42.490545, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (3->2) >[2012/02/20 14:52:42.490637, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [poe] >[2012/02/20 14:52:42.490728, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (2->3) >[2012/02/20 14:52:42.490822, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\poe] >[2012/02/20 14:52:42.490912, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\poe] >[2012/02/20 14:52:42.491012, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/02/20 14:52:42.491098, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0xb037c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\poe] >[2012/02/20 14:52:42.491244, 10] registry/reg_backend_db.c:1871(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\poe] >[2012/02/20 14:52:42.491381, 10] ../libcli/security/access_check.c:178(se_access_check) > se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f >[2012/02/20 14:52:42.491477, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (3->2) >[2012/02/20 14:52:42.491570, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[2] [0000] 00 00 00 00 1A 00 00 00 00 00 00 00 42 4F AA C0 ........ ....BO.. > [0010] 59 6C 00 00 Yl.. >[2012/02/20 14:52:42.491788, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_OpenKey: struct winreg_OpenKey > out: struct winreg_OpenKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000001a-0000-0000-424f-aac0596c0000 > result : WERR_OK >[2012/02/20 14:52:42.492193, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_QueryInfoKey: struct winreg_QueryInfoKey > in: struct winreg_QueryInfoKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000001a-0000-0000-424f-aac0596c0000 > classname : * > classname: struct winreg_String > name_len : 0x0000 (0) > name_size : 0x0000 (0) > name : NULL >[2012/02/20 14:52:42.492695, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 1A 00 00 00 00 00 00 00 42 4F AA C0 ........ ....BO.. > [0010] 59 6C 00 00 Yl.. >[2012/02/20 14:52:42.492952, 10] registry/reg_dispatcher.c:150(fetch_reg_values) > fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\poe' (ops 0xb037c0) >[2012/02/20 14:52:42.493057, 10] registry/reg_backend_db.c:1764(regdb_fetch_values_internal) > regdb_fetch_values: Looking for value of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\poe] >[2012/02/20 14:52:42.493194, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) > specific: [Attributes], len: 4 >[2012/02/20 14:52:42.493412, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) > specific: [Description], len: 2 >[2012/02/20 14:52:42.493547, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) > specific: [Datatype], len: 8 >[2012/02/20 14:52:42.493640, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) > specific: [Default Priority], len: 4 >[2012/02/20 14:52:42.493730, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) > specific: [Port], len: 38 >[2012/02/20 14:52:42.493821, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) > specific: [Name], len: 8 >[2012/02/20 14:52:42.493911, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) > specific: [Print Processor], len: 18 >[2012/02/20 14:52:42.494011, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) > specific: [Priority], len: 4 >[2012/02/20 14:52:42.494102, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) > specific: [Security], len: 248 >[2012/02/20 14:52:42.494192, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) > specific: [Share Name], len: 8 >[2012/02/20 14:52:42.494281, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) > specific: [StartTime], len: 4 >[2012/02/20 14:52:42.494371, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) > specific: [UntilTime], len: 4 >[2012/02/20 14:52:42.494460, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) > specific: [ChangeID], len: 4 >[2012/02/20 14:52:42.494554, 10] registry/reg_backend_db.c:1871(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\poe] >[2012/02/20 14:52:42.494711, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_QueryInfoKey: struct winreg_QueryInfoKey > out: struct winreg_QueryInfoKey > classname : * > classname: struct winreg_String > name_len : 0x0000 (0) > name_size : 0x0000 (0) > name : NULL > num_subkeys : * > num_subkeys : 0x00000003 (3) > max_subkeylen : * > max_subkeylen : 0x00000022 (34) > max_classlen : * > max_classlen : 0x00000000 (0) > num_values : * > num_values : 0x0000000d (13) > max_valnamelen : * > max_valnamelen : 0x00000022 (34) > max_valbufsize : * > max_valbufsize : 0x000000f8 (248) > secdescsize : * > secdescsize : 0x00000078 (120) > last_changed_time : * > last_changed_time : NTTIME(0) > result : WERR_OK >[2012/02/20 14:52:42.495817, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000001a-0000-0000-424f-aac0596c0000 > enum_index : 0x00000000 (0) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000f8 (248) > length : * > length : 0x00000000 (0) >[2012/02/20 14:52:42.496777, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 1A 00 00 00 00 00 00 00 42 4F AA C0 ........ ....BO.. > [0010] 59 6C 00 00 Yl.. >[2012/02/20 14:52:42.496975, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\poe] >[2012/02/20 14:52:42.497074, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x0016 (22) > size : 0x0024 (36) > name : * > name : 'Attributes' > type : * > type : REG_DWORD (4) > value : * > value: ARRAY(4) > [0] : 0x48 (72) > [1] : 0x10 (16) > [2] : 0x00 (0) > [3] : 0x00 (0) > size : * > size : 0x00000004 (4) > length : * > length : 0x00000004 (4) > result : WERR_OK >[2012/02/20 14:52:42.498075, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000001a-0000-0000-424f-aac0596c0000 > enum_index : 0x00000001 (1) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000f8 (248) > length : * > length : 0x00000000 (0) >[2012/02/20 14:52:42.499090, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 1A 00 00 00 00 00 00 00 42 4F AA C0 ........ ....BO.. > [0010] 59 6C 00 00 Yl.. >[2012/02/20 14:52:42.499283, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\poe] >[2012/02/20 14:52:42.499380, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x0018 (24) > size : 0x0024 (36) > name : * > name : 'Description' > type : * > type : REG_SZ (1) > value : * > value: ARRAY(2) > [0] : 0x00 (0) > [1] : 0x00 (0) > size : * > size : 0x00000002 (2) > length : * > length : 0x00000002 (2) > result : WERR_OK >[2012/02/20 14:52:42.500402, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000001a-0000-0000-424f-aac0596c0000 > enum_index : 0x00000002 (2) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000f8 (248) > length : * > length : 0x00000000 (0) >[2012/02/20 14:52:42.501373, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 1A 00 00 00 00 00 00 00 42 4F AA C0 ........ ....BO.. > [0010] 59 6C 00 00 Yl.. >[2012/02/20 14:52:42.501564, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\poe] >[2012/02/20 14:52:42.501663, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x0012 (18) > size : 0x0024 (36) > name : * > name : 'Datatype' > type : * > type : REG_SZ (1) > value : * > value: ARRAY(8) > [0] : 0x52 (82) > [1] : 0x00 (0) > [2] : 0x41 (65) > [3] : 0x00 (0) > [4] : 0x57 (87) > [5] : 0x00 (0) > [6] : 0x00 (0) > [7] : 0x00 (0) > size : * > size : 0x00000008 (8) > length : * > length : 0x00000008 (8) > result : WERR_OK >[2012/02/20 14:52:42.502879, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000001a-0000-0000-424f-aac0596c0000 > enum_index : 0x00000003 (3) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000f8 (248) > length : * > length : 0x00000000 (0) >[2012/02/20 14:52:42.503834, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 1A 00 00 00 00 00 00 00 42 4F AA C0 ........ ....BO.. > [0010] 59 6C 00 00 Yl.. >[2012/02/20 14:52:42.504033, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\poe] >[2012/02/20 14:52:42.504130, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x0022 (34) > size : 0x0024 (36) > name : * > name : 'Default Priority' > type : * > type : REG_DWORD (4) > value : * > value: ARRAY(4) > [0] : 0x01 (1) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > size : * > size : 0x00000004 (4) > length : * > length : 0x00000004 (4) > result : WERR_OK >[2012/02/20 14:52:42.505173, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000001a-0000-0000-424f-aac0596c0000 > enum_index : 0x00000004 (4) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000f8 (248) > length : * > length : 0x00000000 (0) >[2012/02/20 14:52:42.506203, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 1A 00 00 00 00 00 00 00 42 4F AA C0 ........ ....BO.. > [0010] 59 6C 00 00 Yl.. >[2012/02/20 14:52:42.506392, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\poe] >[2012/02/20 14:52:42.506490, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x000a (10) > size : 0x0024 (36) > name : * > name : 'Port' > type : * > type : REG_SZ (1) > value : * > value: ARRAY(38) > [0] : 0x53 (83) > [1] : 0x00 (0) > [2] : 0x61 (97) > [3] : 0x00 (0) > [4] : 0x6d (109) > [5] : 0x00 (0) > [6] : 0x62 (98) > [7] : 0x00 (0) > [8] : 0x61 (97) > [9] : 0x00 (0) > [10] : 0x20 (32) > [11] : 0x00 (0) > [12] : 0x50 (80) > [13] : 0x00 (0) > [14] : 0x72 (114) > [15] : 0x00 (0) > [16] : 0x69 (105) > [17] : 0x00 (0) > [18] : 0x6e (110) > [19] : 0x00 (0) > [20] : 0x74 (116) > [21] : 0x00 (0) > [22] : 0x65 (101) > [23] : 0x00 (0) > [24] : 0x72 (114) > [25] : 0x00 (0) > [26] : 0x20 (32) > [27] : 0x00 (0) > [28] : 0x50 (80) > [29] : 0x00 (0) > [30] : 0x6f (111) > [31] : 0x00 (0) > [32] : 0x72 (114) > [33] : 0x00 (0) > [34] : 0x74 (116) > [35] : 0x00 (0) > [36] : 0x00 (0) > [37] : 0x00 (0) > size : * > size : 0x00000026 (38) > length : * > length : 0x00000026 (38) > result : WERR_OK >[2012/02/20 14:52:42.509268, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000001a-0000-0000-424f-aac0596c0000 > enum_index : 0x00000005 (5) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000f8 (248) > length : * > length : 0x00000000 (0) >[2012/02/20 14:52:42.510244, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 1A 00 00 00 00 00 00 00 42 4F AA C0 ........ ....BO.. > [0010] 59 6C 00 00 Yl.. >[2012/02/20 14:52:42.510436, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\poe] >[2012/02/20 14:52:42.510535, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x000a (10) > size : 0x0024 (36) > name : * > name : 'Name' > type : * > type : REG_SZ (1) > value : * > value: ARRAY(8) > [0] : 0x70 (112) > [1] : 0x00 (0) > [2] : 0x6f (111) > [3] : 0x00 (0) > [4] : 0x65 (101) > [5] : 0x00 (0) > [6] : 0x00 (0) > [7] : 0x00 (0) > size : * > size : 0x00000008 (8) > length : * > length : 0x00000008 (8) > result : WERR_OK >[2012/02/20 14:52:42.511712, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000001a-0000-0000-424f-aac0596c0000 > enum_index : 0x00000006 (6) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000f8 (248) > length : * > length : 0x00000000 (0) >[2012/02/20 14:52:42.512792, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 1A 00 00 00 00 00 00 00 42 4F AA C0 ........ ....BO.. > [0010] 59 6C 00 00 Yl.. >[2012/02/20 14:52:42.513027, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\poe] >[2012/02/20 14:52:42.513134, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x0020 (32) > size : 0x0024 (36) > name : * > name : 'Print Processor' > type : * > type : REG_SZ (1) > value : * > value: ARRAY(18) > [0] : 0x77 (119) > [1] : 0x00 (0) > [2] : 0x69 (105) > [3] : 0x00 (0) > [4] : 0x6e (110) > [5] : 0x00 (0) > [6] : 0x70 (112) > [7] : 0x00 (0) > [8] : 0x72 (114) > [9] : 0x00 (0) > [10] : 0x69 (105) > [11] : 0x00 (0) > [12] : 0x6e (110) > [13] : 0x00 (0) > [14] : 0x74 (116) > [15] : 0x00 (0) > [16] : 0x00 (0) > [17] : 0x00 (0) > size : * > size : 0x00000012 (18) > length : * > length : 0x00000012 (18) > result : WERR_OK >[2012/02/20 14:52:42.514668, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000001a-0000-0000-424f-aac0596c0000 > enum_index : 0x00000007 (7) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000f8 (248) > length : * > length : 0x00000000 (0) >[2012/02/20 14:52:42.515671, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 1A 00 00 00 00 00 00 00 42 4F AA C0 ........ ....BO.. > [0010] 59 6C 00 00 Yl.. >[2012/02/20 14:52:42.515891, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\poe] >[2012/02/20 14:52:42.515993, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x0012 (18) > size : 0x0024 (36) > name : * > name : 'Priority' > type : * > type : REG_DWORD (4) > value : * > value: ARRAY(4) > [0] : 0x01 (1) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > size : * > size : 0x00000004 (4) > length : * > length : 0x00000004 (4) > result : WERR_OK >[2012/02/20 14:52:42.517034, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000001a-0000-0000-424f-aac0596c0000 > enum_index : 0x00000008 (8) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000f8 (248) > length : * > length : 0x00000000 (0) >[2012/02/20 14:52:42.518064, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 1A 00 00 00 00 00 00 00 42 4F AA C0 ........ ....BO.. > [0010] 59 6C 00 00 Yl.. >[2012/02/20 14:52:42.518258, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\poe] >[2012/02/20 14:52:42.518358, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x0012 (18) > size : 0x0024 (36) > name : * > name : 'Security' > type : * > type : REG_BINARY (3) > value : * > value: ARRAY(248) > [0] : 0x01 (1) > [1] : 0x00 (0) > [2] : 0x04 (4) > [3] : 0x80 (128) > [4] : 0x14 (20) > [5] : 0x00 (0) > [6] : 0x00 (0) > [7] : 0x00 (0) > [8] : 0x24 (36) > [9] : 0x00 (0) > [10] : 0x00 (0) > [11] : 0x00 (0) > [12] : 0x00 (0) > [13] : 0x00 (0) > [14] : 0x00 (0) > [15] : 0x00 (0) > [16] : 0x34 (52) > [17] : 0x00 (0) > [18] : 0x00 (0) > [19] : 0x00 (0) > [20] : 0x01 (1) > [21] : 0x02 (2) > [22] : 0x00 (0) > [23] : 0x00 (0) > [24] : 0x00 (0) > [25] : 0x00 (0) > [26] : 0x00 (0) > [27] : 0x05 (5) > [28] : 0x20 (32) > [29] : 0x00 (0) > [30] : 0x00 (0) > [31] : 0x00 (0) > [32] : 0x20 (32) > [33] : 0x02 (2) > [34] : 0x00 (0) > [35] : 0x00 (0) > [36] : 0x01 (1) > [37] : 0x02 (2) > [38] : 0x00 (0) > [39] : 0x00 (0) > [40] : 0x00 (0) > [41] : 0x00 (0) > [42] : 0x00 (0) > [43] : 0x05 (5) > [44] : 0x20 (32) > [45] : 0x00 (0) > [46] : 0x00 (0) > [47] : 0x00 (0) > [48] : 0x20 (32) > [49] : 0x02 (2) > [50] : 0x00 (0) > [51] : 0x00 (0) > [52] : 0x02 (2) > [53] : 0x00 (0) > [54] : 0xc4 (196) > [55] : 0x00 (0) > [56] : 0x07 (7) > [57] : 0x00 (0) > [58] : 0x00 (0) > [59] : 0x00 (0) > [60] : 0x00 (0) > [61] : 0x02 (2) > [62] : 0x14 (20) > [63] : 0x00 (0) > [64] : 0x08 (8) > [65] : 0x00 (0) > [66] : 0x02 (2) > [67] : 0x20 (32) > [68] : 0x01 (1) > [69] : 0x01 (1) > [70] : 0x00 (0) > [71] : 0x00 (0) > [72] : 0x00 (0) > [73] : 0x00 (0) > [74] : 0x00 (0) > [75] : 0x01 (1) > [76] : 0x00 (0) > [77] : 0x00 (0) > [78] : 0x00 (0) > [79] : 0x00 (0) > [80] : 0x00 (0) > [81] : 0x09 (9) > [82] : 0x24 (36) > [83] : 0x00 (0) > [84] : 0x0c (12) > [85] : 0x00 (0) > [86] : 0x0f (15) > [87] : 0x10 (16) > [88] : 0x01 (1) > [89] : 0x05 (5) > [90] : 0x00 (0) > [91] : 0x00 (0) > [92] : 0x00 (0) > [93] : 0x00 (0) > [94] : 0x00 (0) > [95] : 0x05 (5) > [96] : 0x15 (21) > [97] : 0x00 (0) > [98] : 0x00 (0) > [99] : 0x00 (0) > [100] : 0xd3 (211) > [101] : 0x42 (66) > [102] : 0x9f (159) > [103] : 0x90 (144) > [104] : 0x94 (148) > [105] : 0x5f (95) > [106] : 0x64 (100) > [107] : 0xfd (253) > [108] : 0xeb (235) > [109] : 0x17 (23) > [110] : 0x72 (114) > [111] : 0x3b (59) > [112] : 0x00 (0) > [113] : 0x02 (2) > [114] : 0x00 (0) > [115] : 0x00 (0) > [116] : 0x00 (0) > [117] : 0x02 (2) > [118] : 0x24 (36) > [119] : 0x00 (0) > [120] : 0x0c (12) > [121] : 0x00 (0) > [122] : 0x0f (15) > [123] : 0x10 (16) > [124] : 0x01 (1) > [125] : 0x05 (5) > [126] : 0x00 (0) > [127] : 0x00 (0) > [128] : 0x00 (0) > [129] : 0x00 (0) > [130] : 0x00 (0) > [131] : 0x05 (5) > [132] : 0x15 (21) > [133] : 0x00 (0) > [134] : 0x00 (0) > [135] : 0x00 (0) > [136] : 0xd3 (211) > [137] : 0x42 (66) > [138] : 0x9f (159) > [139] : 0x90 (144) > [140] : 0x94 (148) > [141] : 0x5f (95) > [142] : 0x64 (100) > [143] : 0xfd (253) > [144] : 0xeb (235) > [145] : 0x17 (23) > [146] : 0x72 (114) > [147] : 0x3b (59) > [148] : 0x00 (0) > [149] : 0x02 (2) > [150] : 0x00 (0) > [151] : 0x00 (0) > [152] : 0x00 (0) > [153] : 0x09 (9) > [154] : 0x18 (24) > [155] : 0x00 (0) > [156] : 0x0c (12) > [157] : 0x00 (0) > [158] : 0x0f (15) > [159] : 0x10 (16) > [160] : 0x01 (1) > [161] : 0x02 (2) > [162] : 0x00 (0) > [163] : 0x00 (0) > [164] : 0x00 (0) > [165] : 0x00 (0) > [166] : 0x00 (0) > [167] : 0x05 (5) > [168] : 0x20 (32) > [169] : 0x00 (0) > [170] : 0x00 (0) > [171] : 0x00 (0) > [172] : 0x20 (32) > [173] : 0x02 (2) > [174] : 0x00 (0) > [175] : 0x00 (0) > [176] : 0x00 (0) > [177] : 0x02 (2) > [178] : 0x18 (24) > [179] : 0x00 (0) > [180] : 0x0c (12) > [181] : 0x00 (0) > [182] : 0x0f (15) > [183] : 0x10 (16) > [184] : 0x01 (1) > [185] : 0x02 (2) > [186] : 0x00 (0) > [187] : 0x00 (0) > [188] : 0x00 (0) > [189] : 0x00 (0) > [190] : 0x00 (0) > [191] : 0x05 (5) > [192] : 0x20 (32) > [193] : 0x00 (0) > [194] : 0x00 (0) > [195] : 0x00 (0) > [196] : 0x20 (32) > [197] : 0x02 (2) > [198] : 0x00 (0) > [199] : 0x00 (0) > [200] : 0x00 (0) > [201] : 0x09 (9) > [202] : 0x18 (24) > [203] : 0x00 (0) > [204] : 0x0c (12) > [205] : 0x00 (0) > [206] : 0x0f (15) > [207] : 0x10 (16) > [208] : 0x01 (1) > [209] : 0x02 (2) > [210] : 0x00 (0) > [211] : 0x00 (0) > [212] : 0x00 (0) > [213] : 0x00 (0) > [214] : 0x00 (0) > [215] : 0x05 (5) > [216] : 0x20 (32) > [217] : 0x00 (0) > [218] : 0x00 (0) > [219] : 0x00 (0) > [220] : 0x26 (38) > [221] : 0x02 (2) > [222] : 0x00 (0) > [223] : 0x00 (0) > [224] : 0x00 (0) > [225] : 0x02 (2) > [226] : 0x18 (24) > [227] : 0x00 (0) > [228] : 0x0c (12) > [229] : 0x00 (0) > [230] : 0x0f (15) > [231] : 0x10 (16) > [232] : 0x01 (1) > [233] : 0x02 (2) > [234] : 0x00 (0) > [235] : 0x00 (0) > [236] : 0x00 (0) > [237] : 0x00 (0) > [238] : 0x00 (0) > [239] : 0x05 (5) > [240] : 0x20 (32) > [241] : 0x00 (0) > [242] : 0x00 (0) > [243] : 0x00 (0) > [244] : 0x26 (38) > [245] : 0x02 (2) > [246] : 0x00 (0) > [247] : 0x00 (0) > size : * > size : 0x000000f8 (248) > length : * > length : 0x000000f8 (248) > result : WERR_OK >[2012/02/20 14:52:42.530726, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000001a-0000-0000-424f-aac0596c0000 > enum_index : 0x00000009 (9) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000f8 (248) > length : * > length : 0x00000000 (0) >[2012/02/20 14:52:42.531707, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 1A 00 00 00 00 00 00 00 42 4F AA C0 ........ ....BO.. > [0010] 59 6C 00 00 Yl.. >[2012/02/20 14:52:42.531900, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\poe] >[2012/02/20 14:52:42.532036, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x0016 (22) > size : 0x0024 (36) > name : * > name : 'Share Name' > type : * > type : REG_SZ (1) > value : * > value: ARRAY(8) > [0] : 0x70 (112) > [1] : 0x00 (0) > [2] : 0x6f (111) > [3] : 0x00 (0) > [4] : 0x65 (101) > [5] : 0x00 (0) > [6] : 0x00 (0) > [7] : 0x00 (0) > size : * > size : 0x00000008 (8) > length : * > length : 0x00000008 (8) > result : WERR_OK >[2012/02/20 14:52:42.533344, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000001a-0000-0000-424f-aac0596c0000 > enum_index : 0x0000000a (10) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000f8 (248) > length : * > length : 0x00000000 (0) >[2012/02/20 14:52:42.534319, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 1A 00 00 00 00 00 00 00 42 4F AA C0 ........ ....BO.. > [0010] 59 6C 00 00 Yl.. >[2012/02/20 14:52:42.534511, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\poe] >[2012/02/20 14:52:42.534611, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x0014 (20) > size : 0x0024 (36) > name : * > name : 'StartTime' > type : * > type : REG_DWORD (4) > value : * > value: ARRAY(4) > [0] : 0x00 (0) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > size : * > size : 0x00000004 (4) > length : * > length : 0x00000004 (4) > result : WERR_OK >[2012/02/20 14:52:42.535667, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000001a-0000-0000-424f-aac0596c0000 > enum_index : 0x0000000b (11) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000f8 (248) > length : * > length : 0x00000000 (0) >[2012/02/20 14:52:42.536619, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 1A 00 00 00 00 00 00 00 42 4F AA C0 ........ ....BO.. > [0010] 59 6C 00 00 Yl.. >[2012/02/20 14:52:42.536807, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\poe] >[2012/02/20 14:52:42.536903, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x0014 (20) > size : 0x0024 (36) > name : * > name : 'UntilTime' > type : * > type : REG_DWORD (4) > value : * > value: ARRAY(4) > [0] : 0x00 (0) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > size : * > size : 0x00000004 (4) > length : * > length : 0x00000004 (4) > result : WERR_OK >[2012/02/20 14:52:42.537896, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000001a-0000-0000-424f-aac0596c0000 > enum_index : 0x0000000c (12) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000f8 (248) > length : * > length : 0x00000000 (0) >[2012/02/20 14:52:42.539090, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 1A 00 00 00 00 00 00 00 42 4F AA C0 ........ ....BO.. > [0010] 59 6C 00 00 Yl.. >[2012/02/20 14:52:42.539298, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\poe] >[2012/02/20 14:52:42.539400, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x0012 (18) > size : 0x0024 (36) > name : * > name : 'ChangeID' > type : * > type : REG_DWORD (4) > value : * > value: ARRAY(4) > [0] : 0x6e (110) > [1] : 0xef (239) > [2] : 0xbe (190) > [3] : 0x00 (0) > size : * > size : 0x00000004 (4) > length : * > length : 0x00000004 (4) > result : WERR_OK >[2012/02/20 14:52:42.540479, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_QueryValue: struct winreg_QueryValue > in: struct winreg_QueryValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000001a-0000-0000-424f-aac0596c0000 > value_name : * > value_name: struct winreg_String > name_len : 0x0020 (32) > name_size : 0x0020 (32) > name : * > name : 'Default DevMode' > type : * > type : REG_NONE (0) > data : NULL > data_size : * > data_size : 0x00000000 (0) > data_length : * > data_length : 0x00000000 (0) >[2012/02/20 14:52:42.541308, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 1A 00 00 00 00 00 00 00 42 4F AA C0 ........ ....BO.. > [0010] 59 6C 00 00 Yl.. >[2012/02/20 14:52:42.541492, 7] rpc_server/winreg/srv_winreg_nt.c:262(_winreg_QueryValue) > _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\poe] >[2012/02/20 14:52:42.541582, 7] rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) > _winreg_QueryValue: policy key type = [00000000] >[2012/02/20 14:52:42.541675, 10] rpc_server/winreg/srv_winreg_nt.c:315(_winreg_QueryValue) > _winreg_QueryValue: reg_queryvalue failed with: WERR_BADFILE >[2012/02/20 14:52:42.541762, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_QueryValue: struct winreg_QueryValue > out: struct winreg_QueryValue > type : * > type : REG_NONE (0) > data : NULL > data_size : * > data_size : 0x00000000 (0) > data_length : * > data_length : 0x00000000 (0) > result : WERR_BADFILE >[2012/02/20 14:52:42.542392, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_OpenHKLM: struct winreg_OpenHKLM > in: struct winreg_OpenHKLM > system_name : NULL > access_mask : 0x02000000 (33554432) > 0: KEY_QUERY_VALUE > 0: KEY_SET_VALUE > 0: KEY_CREATE_SUB_KEY > 0: KEY_ENUMERATE_SUB_KEYS > 0: KEY_NOTIFY > 0: KEY_CREATE_LINK > 0: KEY_WOW64_64KEY > 0: KEY_WOW64_32KEY >[2012/02/20 14:52:42.542942, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [HKLM] >[2012/02/20 14:52:42.543047, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (2->3) >[2012/02/20 14:52:42.543141, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM] >[2012/02/20 14:52:42.543229, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM] >[2012/02/20 14:52:42.543317, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/02/20 14:52:42.543403, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0xb037c0 for key [\HKLM] >[2012/02/20 14:52:42.543558, 10] registry/reg_backend_db.c:1871(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM] >[2012/02/20 14:52:42.543690, 10] ../libcli/security/access_check.c:178(se_access_check) > se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f >[2012/02/20 14:52:42.543790, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[3] [0000] 00 00 00 00 1B 00 00 00 00 00 00 00 42 4F AA C0 ........ ....BO.. > [0010] 59 6C 00 00 Yl.. >[2012/02/20 14:52:42.543989, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_OpenHKLM: struct winreg_OpenHKLM > out: struct winreg_OpenHKLM > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000001b-0000-0000-424f-aac0596c0000 > result : WERR_OK >[2012/02/20 14:52:42.544379, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_OpenKey: struct winreg_OpenKey > in: struct winreg_OpenKey > parent_handle : * > parent_handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000001b-0000-0000-424f-aac0596c0000 > keyname: struct winreg_String > name_len : 0x0080 (128) > name_size : 0x0080 (128) > name : * > name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\poe' > options : 0x00000000 (0) > 0: REG_OPTION_VOLATILE > 0: REG_OPTION_CREATE_LINK > 0: REG_OPTION_BACKUP_RESTORE > 0: REG_OPTION_OPEN_LINK > access_mask : 0x02000000 (33554432) > 0: KEY_QUERY_VALUE > 0: KEY_SET_VALUE > 0: KEY_CREATE_SUB_KEY > 0: KEY_ENUMERATE_SUB_KEYS > 0: KEY_NOTIFY > 0: KEY_CREATE_LINK > 0: KEY_WOW64_64KEY > 0: KEY_WOW64_32KEY >[2012/02/20 14:52:42.545472, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 1B 00 00 00 00 00 00 00 42 4F AA C0 ........ ....BO.. > [0010] 59 6C 00 00 Yl.. >[2012/02/20 14:52:42.545702, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [SOFTWARE] >[2012/02/20 14:52:42.545795, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (3->4) >[2012/02/20 14:52:42.545889, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] >[2012/02/20 14:52:42.545983, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE] >[2012/02/20 14:52:42.546072, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/02/20 14:52:42.546157, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0xb037c0 for key [\HKLM\SOFTWARE] >[2012/02/20 14:52:42.546310, 10] registry/reg_backend_db.c:1871(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE] >[2012/02/20 14:52:42.546441, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Microsoft] >[2012/02/20 14:52:42.546535, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (4->5) >[2012/02/20 14:52:42.546627, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] >[2012/02/20 14:52:42.546714, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] >[2012/02/20 14:52:42.546802, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/02/20 14:52:42.546887, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0xb037c0 for key [\HKLM\SOFTWARE\Microsoft] >[2012/02/20 14:52:42.547033, 10] registry/reg_backend_db.c:1871(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft] >[2012/02/20 14:52:42.547164, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (5->4) >[2012/02/20 14:52:42.547255, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Windows NT] >[2012/02/20 14:52:42.547435, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (4->5) >[2012/02/20 14:52:42.547565, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] >[2012/02/20 14:52:42.547654, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] >[2012/02/20 14:52:42.547745, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/02/20 14:52:42.547831, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0xb037c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] >[2012/02/20 14:52:42.547987, 10] registry/reg_backend_db.c:1871(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT] >[2012/02/20 14:52:42.548126, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (5->4) >[2012/02/20 14:52:42.548234, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [CurrentVersion] >[2012/02/20 14:52:42.548338, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (4->5) >[2012/02/20 14:52:42.548433, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] >[2012/02/20 14:52:42.548521, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] >[2012/02/20 14:52:42.548612, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/02/20 14:52:42.548699, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0xb03a20 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] >[2012/02/20 14:52:42.548864, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (5->4) >[2012/02/20 14:52:42.548967, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Print] >[2012/02/20 14:52:42.549060, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (4->5) >[2012/02/20 14:52:42.549189, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] >[2012/02/20 14:52:42.549279, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] >[2012/02/20 14:52:42.549371, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/02/20 14:52:42.549457, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0xb03a20 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] >[2012/02/20 14:52:42.549601, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (5->4) >[2012/02/20 14:52:42.549693, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Printers] >[2012/02/20 14:52:42.549783, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (4->5) >[2012/02/20 14:52:42.549877, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] >[2012/02/20 14:52:42.549975, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] >[2012/02/20 14:52:42.550067, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/02/20 14:52:42.550153, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0xb037c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] >[2012/02/20 14:52:42.550301, 10] registry/reg_backend_db.c:1871(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] >[2012/02/20 14:52:42.550438, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (5->4) >[2012/02/20 14:52:42.550527, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [poe] >[2012/02/20 14:52:42.550620, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (4->5) >[2012/02/20 14:52:42.550714, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\poe] >[2012/02/20 14:52:42.550802, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\poe] >[2012/02/20 14:52:42.550893, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/02/20 14:52:42.550985, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0xb037c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\poe] >[2012/02/20 14:52:42.551131, 10] registry/reg_backend_db.c:1871(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\poe] >[2012/02/20 14:52:42.551268, 10] ../libcli/security/access_check.c:178(se_access_check) > se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f >[2012/02/20 14:52:42.551362, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (5->4) >[2012/02/20 14:52:42.551454, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[4] [0000] 00 00 00 00 1C 00 00 00 00 00 00 00 42 4F AA C0 ........ ....BO.. > [0010] 59 6C 00 00 Yl.. >[2012/02/20 14:52:42.551639, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_OpenKey: struct winreg_OpenKey > out: struct winreg_OpenKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000001c-0000-0000-424f-aac0596c0000 > result : WERR_OK >[2012/02/20 14:52:42.552166, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_QueryValue: struct winreg_QueryValue > in: struct winreg_QueryValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000001c-0000-0000-424f-aac0596c0000 > value_name : * > value_name: struct winreg_String > name_len : 0x0012 (18) > name_size : 0x0012 (18) > name : * > name : 'Security' > type : * > type : REG_NONE (0) > data : NULL > data_size : * > data_size : 0x00000000 (0) > data_length : * > data_length : 0x00000000 (0) >[2012/02/20 14:52:42.553045, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 1C 00 00 00 00 00 00 00 42 4F AA C0 ........ ....BO.. > [0010] 59 6C 00 00 Yl.. >[2012/02/20 14:52:42.553238, 7] rpc_server/winreg/srv_winreg_nt.c:262(_winreg_QueryValue) > _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\poe] >[2012/02/20 14:52:42.553328, 7] rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) > _winreg_QueryValue: policy key type = [00000000] >[2012/02/20 14:52:42.553417, 10] registry/reg_dispatcher.c:150(fetch_reg_values) > fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\poe' (ops 0xb037c0) >[2012/02/20 14:52:42.553509, 10] registry/reg_backend_db.c:1764(regdb_fetch_values_internal) > regdb_fetch_values: Looking for value of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\poe] >[2012/02/20 14:52:42.553664, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) > specific: [Attributes], len: 4 >[2012/02/20 14:52:42.553758, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) > specific: [Description], len: 2 >[2012/02/20 14:52:42.553848, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) > specific: [Datatype], len: 8 >[2012/02/20 14:52:42.553938, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) > specific: [Default Priority], len: 4 >[2012/02/20 14:52:42.554036, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) > specific: [Port], len: 38 >[2012/02/20 14:52:42.554126, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) > specific: [Name], len: 8 >[2012/02/20 14:52:42.554215, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) > specific: [Print Processor], len: 18 >[2012/02/20 14:52:42.554306, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) > specific: [Priority], len: 4 >[2012/02/20 14:52:42.554396, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) > specific: [Security], len: 248 >[2012/02/20 14:52:42.554487, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) > specific: [Share Name], len: 8 >[2012/02/20 14:52:42.554577, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) > specific: [StartTime], len: 4 >[2012/02/20 14:52:42.554667, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) > specific: [UntilTime], len: 4 >[2012/02/20 14:52:42.554757, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) > specific: [ChangeID], len: 4 >[2012/02/20 14:52:42.554851, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_QueryValue: struct winreg_QueryValue > out: struct winreg_QueryValue > type : * > type : REG_BINARY (3) > data : NULL > data_size : * > data_size : 0x000000f8 (248) > data_length : * > data_length : 0x00000000 (0) > result : WERR_OK >[2012/02/20 14:52:42.555388, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_QueryValue: struct winreg_QueryValue > in: struct winreg_QueryValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000001c-0000-0000-424f-aac0596c0000 > value_name : * > value_name: struct winreg_String > name_len : 0x0012 (18) > name_size : 0x0012 (18) > name : * > name : 'Security' > type : * > type : REG_BINARY (3) > data : * > data: ARRAY(0) > data_size : * > data_size : 0x000000f8 (248) > data_length : * > data_length : 0x00000000 (0) >[2012/02/20 14:52:42.556284, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 1C 00 00 00 00 00 00 00 42 4F AA C0 ........ ....BO.. > [0010] 59 6C 00 00 Yl.. >[2012/02/20 14:52:42.556472, 7] rpc_server/winreg/srv_winreg_nt.c:262(_winreg_QueryValue) > _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\poe] >[2012/02/20 14:52:42.556672, 7] rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) > _winreg_QueryValue: policy key type = [00000000] >[2012/02/20 14:52:42.556827, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_QueryValue: struct winreg_QueryValue > out: struct winreg_QueryValue > type : * > type : REG_BINARY (3) > data : * > data: ARRAY(248) > [0] : 0x01 (1) > [1] : 0x00 (0) > [2] : 0x04 (4) > [3] : 0x80 (128) > [4] : 0x14 (20) > [5] : 0x00 (0) > [6] : 0x00 (0) > [7] : 0x00 (0) > [8] : 0x24 (36) > [9] : 0x00 (0) > [10] : 0x00 (0) > [11] : 0x00 (0) > [12] : 0x00 (0) > [13] : 0x00 (0) > [14] : 0x00 (0) > [15] : 0x00 (0) > [16] : 0x34 (52) > [17] : 0x00 (0) > [18] : 0x00 (0) > [19] : 0x00 (0) > [20] : 0x01 (1) > [21] : 0x02 (2) > [22] : 0x00 (0) > [23] : 0x00 (0) > [24] : 0x00 (0) > [25] : 0x00 (0) > [26] : 0x00 (0) > [27] : 0x05 (5) > [28] : 0x20 (32) > [29] : 0x00 (0) > [30] : 0x00 (0) > [31] : 0x00 (0) > [32] : 0x20 (32) > [33] : 0x02 (2) > [34] : 0x00 (0) > [35] : 0x00 (0) > [36] : 0x01 (1) > [37] : 0x02 (2) > [38] : 0x00 (0) > [39] : 0x00 (0) > [40] : 0x00 (0) > [41] : 0x00 (0) > [42] : 0x00 (0) > [43] : 0x05 (5) > [44] : 0x20 (32) > [45] : 0x00 (0) > [46] : 0x00 (0) > [47] : 0x00 (0) > [48] : 0x20 (32) > [49] : 0x02 (2) > [50] : 0x00 (0) > [51] : 0x00 (0) > [52] : 0x02 (2) > [53] : 0x00 (0) > [54] : 0xc4 (196) > [55] : 0x00 (0) > [56] : 0x07 (7) > [57] : 0x00 (0) > [58] : 0x00 (0) > [59] : 0x00 (0) > [60] : 0x00 (0) > [61] : 0x02 (2) > [62] : 0x14 (20) > [63] : 0x00 (0) > [64] : 0x08 (8) > [65] : 0x00 (0) > [66] : 0x02 (2) > [67] : 0x20 (32) > [68] : 0x01 (1) > [69] : 0x01 (1) > [70] : 0x00 (0) > [71] : 0x00 (0) > [72] : 0x00 (0) > [73] : 0x00 (0) > [74] : 0x00 (0) > [75] : 0x01 (1) > [76] : 0x00 (0) > [77] : 0x00 (0) > [78] : 0x00 (0) > [79] : 0x00 (0) > [80] : 0x00 (0) > [81] : 0x09 (9) > [82] : 0x24 (36) > [83] : 0x00 (0) > [84] : 0x0c (12) > [85] : 0x00 (0) > [86] : 0x0f (15) > [87] : 0x10 (16) > [88] : 0x01 (1) > [89] : 0x05 (5) > [90] : 0x00 (0) > [91] : 0x00 (0) > [92] : 0x00 (0) > [93] : 0x00 (0) > [94] : 0x00 (0) > [95] : 0x05 (5) > [96] : 0x15 (21) > [97] : 0x00 (0) > [98] : 0x00 (0) > [99] : 0x00 (0) > [100] : 0xd3 (211) > [101] : 0x42 (66) > [102] : 0x9f (159) > [103] : 0x90 (144) > [104] : 0x94 (148) > [105] : 0x5f (95) > [106] : 0x64 (100) > [107] : 0xfd (253) > [108] : 0xeb (235) > [109] : 0x17 (23) > [110] : 0x72 (114) > [111] : 0x3b (59) > [112] : 0x00 (0) > [113] : 0x02 (2) > [114] : 0x00 (0) > [115] : 0x00 (0) > [116] : 0x00 (0) > [117] : 0x02 (2) > [118] : 0x24 (36) > [119] : 0x00 (0) > [120] : 0x0c (12) > [121] : 0x00 (0) > [122] : 0x0f (15) > [123] : 0x10 (16) > [124] : 0x01 (1) > [125] : 0x05 (5) > [126] : 0x00 (0) > [127] : 0x00 (0) > [128] : 0x00 (0) > [129] : 0x00 (0) > [130] : 0x00 (0) > [131] : 0x05 (5) > [132] : 0x15 (21) > [133] : 0x00 (0) > [134] : 0x00 (0) > [135] : 0x00 (0) > [136] : 0xd3 (211) > [137] : 0x42 (66) > [138] : 0x9f (159) > [139] : 0x90 (144) > [140] : 0x94 (148) > [141] : 0x5f (95) > [142] : 0x64 (100) > [143] : 0xfd (253) > [144] : 0xeb (235) > [145] : 0x17 (23) > [146] : 0x72 (114) > [147] : 0x3b (59) > [148] : 0x00 (0) > [149] : 0x02 (2) > [150] : 0x00 (0) > [151] : 0x00 (0) > [152] : 0x00 (0) > [153] : 0x09 (9) > [154] : 0x18 (24) > [155] : 0x00 (0) > [156] : 0x0c (12) > [157] : 0x00 (0) > [158] : 0x0f (15) > [159] : 0x10 (16) > [160] : 0x01 (1) > [161] : 0x02 (2) > [162] : 0x00 (0) > [163] : 0x00 (0) > [164] : 0x00 (0) > [165] : 0x00 (0) > [166] : 0x00 (0) > [167] : 0x05 (5) > [168] : 0x20 (32) > [169] : 0x00 (0) > [170] : 0x00 (0) > [171] : 0x00 (0) > [172] : 0x20 (32) > [173] : 0x02 (2) > [174] : 0x00 (0) > [175] : 0x00 (0) > [176] : 0x00 (0) > [177] : 0x02 (2) > [178] : 0x18 (24) > [179] : 0x00 (0) > [180] : 0x0c (12) > [181] : 0x00 (0) > [182] : 0x0f (15) > [183] : 0x10 (16) > [184] : 0x01 (1) > [185] : 0x02 (2) > [186] : 0x00 (0) > [187] : 0x00 (0) > [188] : 0x00 (0) > [189] : 0x00 (0) > [190] : 0x00 (0) > [191] : 0x05 (5) > [192] : 0x20 (32) > [193] : 0x00 (0) > [194] : 0x00 (0) > [195] : 0x00 (0) > [196] : 0x20 (32) > [197] : 0x02 (2) > [198] : 0x00 (0) > [199] : 0x00 (0) > [200] : 0x00 (0) > [201] : 0x09 (9) > [202] : 0x18 (24) > [203] : 0x00 (0) > [204] : 0x0c (12) > [205] : 0x00 (0) > [206] : 0x0f (15) > [207] : 0x10 (16) > [208] : 0x01 (1) > [209] : 0x02 (2) > [210] : 0x00 (0) > [211] : 0x00 (0) > [212] : 0x00 (0) > [213] : 0x00 (0) > [214] : 0x00 (0) > [215] : 0x05 (5) > [216] : 0x20 (32) > [217] : 0x00 (0) > [218] : 0x00 (0) > [219] : 0x00 (0) > [220] : 0x26 (38) > [221] : 0x02 (2) > [222] : 0x00 (0) > [223] : 0x00 (0) > [224] : 0x00 (0) > [225] : 0x02 (2) > [226] : 0x18 (24) > [227] : 0x00 (0) > [228] : 0x0c (12) > [229] : 0x00 (0) > [230] : 0x0f (15) > [231] : 0x10 (16) > [232] : 0x01 (1) > [233] : 0x02 (2) > [234] : 0x00 (0) > [235] : 0x00 (0) > [236] : 0x00 (0) > [237] : 0x00 (0) > [238] : 0x00 (0) > [239] : 0x05 (5) > [240] : 0x20 (32) > [241] : 0x00 (0) > [242] : 0x00 (0) > [243] : 0x00 (0) > [244] : 0x26 (38) > [245] : 0x02 (2) > [246] : 0x00 (0) > [247] : 0x00 (0) > data_size : * > data_size : 0x000000f8 (248) > data_length : * > data_length : 0x000000f8 (248) > result : WERR_OK >[2012/02/20 14:52:42.568292, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > in: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000001c-0000-0000-424f-aac0596c0000 >[2012/02/20 14:52:42.568685, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 1C 00 00 00 00 00 00 00 42 4F AA C0 ........ ....BO.. > [0010] 59 6C 00 00 Yl.. >[2012/02/20 14:52:42.568911, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 1C 00 00 00 00 00 00 00 42 4F AA C0 ........ ....BO.. > [0010] 59 6C 00 00 Yl.. >[2012/02/20 14:52:42.569141, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/02/20 14:52:42.569247, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (4->3) >[2012/02/20 14:52:42.569347, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > out: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000000-0000-0000-0000-000000000000 > result : WERR_OK >[2012/02/20 14:52:42.569772, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > in: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000001b-0000-0000-424f-aac0596c0000 >[2012/02/20 14:52:42.570274, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 1B 00 00 00 00 00 00 00 42 4F AA C0 ........ ....BO.. > [0010] 59 6C 00 00 Yl.. >[2012/02/20 14:52:42.570585, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 1B 00 00 00 00 00 00 00 42 4F AA C0 ........ ....BO.. > [0010] 59 6C 00 00 Yl.. >[2012/02/20 14:52:42.570777, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/02/20 14:52:42.570865, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (3->2) >[2012/02/20 14:52:42.570956, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > out: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000000-0000-0000-0000-000000000000 > result : WERR_OK >[2012/02/20 14:52:42.571354, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > in: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000001a-0000-0000-424f-aac0596c0000 >[2012/02/20 14:52:42.571692, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 1A 00 00 00 00 00 00 00 42 4F AA C0 ........ ....BO.. > [0010] 59 6C 00 00 Yl.. >[2012/02/20 14:52:42.571876, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 1A 00 00 00 00 00 00 00 42 4F AA C0 ........ ....BO.. > [0010] 59 6C 00 00 Yl.. >[2012/02/20 14:52:42.572065, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/02/20 14:52:42.572160, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (2->1) >[2012/02/20 14:52:42.572249, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > out: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000000-0000-0000-0000-000000000000 > result : WERR_OK >[2012/02/20 14:52:42.572617, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > in: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000019-0000-0000-424f-aac0596c0000 >[2012/02/20 14:52:42.572917, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 19 00 00 00 00 00 00 00 42 4F AA C0 ........ ....BO.. > [0010] 59 6C 00 00 Yl.. >[2012/02/20 14:52:42.573135, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 19 00 00 00 00 00 00 00 42 4F AA C0 ........ ....BO.. > [0010] 59 6C 00 00 Yl.. >[2012/02/20 14:52:42.573322, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/02/20 14:52:42.573409, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (1->0) >[2012/02/20 14:52:42.573530, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > out: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000000-0000-0000-0000-000000000000 > result : WERR_OK >[2012/02/20 14:52:42.574089, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > spoolss_GetPrinter: struct spoolss_GetPrinter > out: struct spoolss_GetPrinter > info : * > info : union spoolss_PrinterInfo(case 2) > info2: struct spoolss_PrinterInfo2 > servername : * > servername : '\\earth' > printername : * > printername : '\\earth\poe' > sharename : * > sharename : 'poe' > portname : * > portname : 'Samba Printer Port' > drivername : * > drivername : '' > comment : * > comment : 'Double sided LaserJet 5m by fax machine' > location : * > location : 'Fax Machine' > devmode : * > devmode: struct spoolss_DeviceMode > devicename : '\\earth\poe' > specversion : DMSPEC_NT4_AND_ABOVE (1025) > driverversion : 0x0400 (1024) > size : 0x00dc (220) > __driverextra_length : 0x0000 (0) > fields : 0x00014713 (83731) > 1: DEVMODE_ORIENTATION > 1: DEVMODE_PAPERSIZE > 0: DEVMODE_PAPERLENGTH > 0: DEVMODE_PAPERWIDTH > 1: DEVMODE_SCALE > 0: DEVMODE_POSITION > 0: DEVMODE_NUP > 1: DEVMODE_COPIES > 1: DEVMODE_DEFAULTSOURCE > 1: DEVMODE_PRINTQUALITY > 0: DEVMODE_COLOR > 0: DEVMODE_DUPLEX > 0: DEVMODE_YRESOLUTION > 1: DEVMODE_TTOPTION > 0: DEVMODE_COLLATE > 1: DEVMODE_FORMNAME > 0: DEVMODE_LOGPIXELS > 0: DEVMODE_BITSPERPEL > 0: DEVMODE_PELSWIDTH > 0: DEVMODE_PELSHEIGHT > 0: DEVMODE_DISPLAYFLAGS > 0: DEVMODE_DISPLAYFREQUENCY > 0: DEVMODE_ICMMETHOD > 0: DEVMODE_ICMINTENT > 0: DEVMODE_MEDIATYPE > 0: DEVMODE_DITHERTYPE > 0: DEVMODE_PANNINGWIDTH > 0: DEVMODE_PANNINGHEIGHT > orientation : DMORIENT_PORTRAIT (1) > papersize : DMPAPER_LETTER (1) > paperlength : 0x0000 (0) > paperwidth : 0x0000 (0) > scale : 0x0064 (100) > copies : 0x0001 (1) > defaultsource : DMBIN_FORMSOURCE (15) > printquality : DMRES_HIGH (65532) > color : DMRES_MONOCHROME (1) > duplex : DMDUP_SIMPLEX (1) > yresolution : 0x0000 (0) > ttoption : DMTT_SUBDEV (3) > collate : DMCOLLATE_FALSE (0) > formname : 'Letter' > logpixels : 0x0000 (0) > bitsperpel : 0x00000000 (0) > pelswidth : 0x00000000 (0) > pelsheight : 0x00000000 (0) > displayflags : UNKNOWN_ENUM_VALUE (0) > displayfrequency : 0x00000000 (0) > icmmethod : UNKNOWN_ENUM_VALUE (0) > icmintent : UNKNOWN_ENUM_VALUE (0) > mediatype : UNKNOWN_ENUM_VALUE (0) > dithertype : UNKNOWN_ENUM_VALUE (0) > reserved1 : 0x00000000 (0) > reserved2 : 0x00000000 (0) > panningwidth : 0x00000000 (0) > panningheight : 0x00000000 (0) > driverextra_data : DATA_BLOB length=0 > sepfile : * > sepfile : '' > printprocessor : * > printprocessor : 'winprint' > datatype : * > datatype : 'RAW' > parameters : * > parameters : '' > secdesc : * > secdesc: struct security_descriptor > revision : SECURITY_DESCRIPTOR_REVISION_1 (1) > type : 0x8004 (32772) > 0: SEC_DESC_OWNER_DEFAULTED > 0: SEC_DESC_GROUP_DEFAULTED > 1: SEC_DESC_DACL_PRESENT > 0: SEC_DESC_DACL_DEFAULTED > 0: SEC_DESC_SACL_PRESENT > 0: SEC_DESC_SACL_DEFAULTED > 0: SEC_DESC_DACL_TRUSTED > 0: SEC_DESC_SERVER_SECURITY > 0: SEC_DESC_DACL_AUTO_INHERIT_REQ > 0: SEC_DESC_SACL_AUTO_INHERIT_REQ > 0: SEC_DESC_DACL_AUTO_INHERITED > 0: SEC_DESC_SACL_AUTO_INHERITED > 0: SEC_DESC_DACL_PROTECTED > 0: SEC_DESC_SACL_PROTECTED > 0: SEC_DESC_RM_CONTROL_VALID > 1: SEC_DESC_SELF_RELATIVE > owner_sid : * > owner_sid : S-1-5-32-544 > group_sid : * > group_sid : S-1-5-32-544 > sacl : NULL > dacl : * > dacl: struct security_acl > revision : SECURITY_ACL_REVISION_NT4 (2) > size : 0x00c4 (196) > num_aces : 0x00000007 (7) > aces: ARRAY(7) > aces: struct security_ace > type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) > flags : 0x02 (2) > 0: SEC_ACE_FLAG_OBJECT_INHERIT > 1: SEC_ACE_FLAG_CONTAINER_INHERIT > 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT > 0: SEC_ACE_FLAG_INHERIT_ONLY > 0: SEC_ACE_FLAG_INHERITED_ACE > 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) > 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS > 0: SEC_ACE_FLAG_FAILED_ACCESS > size : 0x0014 (20) > access_mask : 0x20020008 (537001992) > object : union security_ace_object_ctr(case 0) > trustee : S-1-1-0 > aces: struct security_ace > type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) > flags : 0x09 (9) > 1: SEC_ACE_FLAG_OBJECT_INHERIT > 0: SEC_ACE_FLAG_CONTAINER_INHERIT > 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT > 1: SEC_ACE_FLAG_INHERIT_ONLY > 0: SEC_ACE_FLAG_INHERITED_ACE > 0x09: SEC_ACE_FLAG_VALID_INHERIT (9) > 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS > 0: SEC_ACE_FLAG_FAILED_ACCESS > size : 0x0024 (36) > access_mask : 0x100f000c (269418508) > object : union security_ace_object_ctr(case 0) > trustee : S-1-5-21-2426356435-4251213716-997332971-512 > aces: struct security_ace > type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) > flags : 0x02 (2) > 0: SEC_ACE_FLAG_OBJECT_INHERIT > 1: SEC_ACE_FLAG_CONTAINER_INHERIT > 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT > 0: SEC_ACE_FLAG_INHERIT_ONLY > 0: SEC_ACE_FLAG_INHERITED_ACE > 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) > 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS > 0: SEC_ACE_FLAG_FAILED_ACCESS > size : 0x0024 (36) > access_mask : 0x100f000c (269418508) > object : union security_ace_object_ctr(case 0) > trustee : S-1-5-21-2426356435-4251213716-997332971-512 > aces: struct security_ace > type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) > flags : 0x09 (9) > 1: SEC_ACE_FLAG_OBJECT_INHERIT > 0: SEC_ACE_FLAG_CONTAINER_INHERIT > 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT > 1: SEC_ACE_FLAG_INHERIT_ONLY > 0: SEC_ACE_FLAG_INHERITED_ACE > 0x09: SEC_ACE_FLAG_VALID_INHERIT (9) > 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS > 0: SEC_ACE_FLAG_FAILED_ACCESS > size : 0x0018 (24) > access_mask : 0x100f000c (269418508) > object : union security_ace_object_ctr(case 0) > trustee : S-1-5-32-544 > aces: struct security_ace > type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) > flags : 0x02 (2) > 0: SEC_ACE_FLAG_OBJECT_INHERIT > 1: SEC_ACE_FLAG_CONTAINER_INHERIT > 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT > 0: SEC_ACE_FLAG_INHERIT_ONLY > 0: SEC_ACE_FLAG_INHERITED_ACE > 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) > 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS > 0: SEC_ACE_FLAG_FAILED_ACCESS > size : 0x0018 (24) > access_mask : 0x100f000c (269418508) > object : union security_ace_object_ctr(case 0) > trustee : S-1-5-32-544 > aces: struct security_ace > type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) > flags : 0x09 (9) > 1: SEC_ACE_FLAG_OBJECT_INHERIT > 0: SEC_ACE_FLAG_CONTAINER_INHERIT > 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT > 1: SEC_ACE_FLAG_INHERIT_ONLY > 0: SEC_ACE_FLAG_INHERITED_ACE > 0x09: SEC_ACE_FLAG_VALID_INHERIT (9) > 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS > 0: SEC_ACE_FLAG_FAILED_ACCESS > size : 0x0018 (24) > access_mask : 0x100f000c (269418508) > object : union security_ace_object_ctr(case 0) > trustee : S-1-5-32-550 > aces: struct security_ace > type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) > flags : 0x02 (2) > 0: SEC_ACE_FLAG_OBJECT_INHERIT > 1: SEC_ACE_FLAG_CONTAINER_INHERIT > 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT > 0: SEC_ACE_FLAG_INHERIT_ONLY > 0: SEC_ACE_FLAG_INHERITED_ACE > 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) > 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS > 0: SEC_ACE_FLAG_FAILED_ACCESS > size : 0x0018 (24) > access_mask : 0x100f000c (269418508) > object : union security_ace_object_ctr(case 0) > trustee : S-1-5-32-550 > attributes : 0x00001048 (4168) > 0: PRINTER_ATTRIBUTE_QUEUED > 0: PRINTER_ATTRIBUTE_DIRECT > 0: PRINTER_ATTRIBUTE_DEFAULT > 1: PRINTER_ATTRIBUTE_SHARED > 0: PRINTER_ATTRIBUTE_NETWORK > 0: PRINTER_ATTRIBUTE_HIDDEN > 1: PRINTER_ATTRIBUTE_LOCAL > 0: PRINTER_ATTRIBUTE_ENABLE_DEVQ > 0: PRINTER_ATTRIBUTE_KEEPPRINTEDJOBS > 0: PRINTER_ATTRIBUTE_DO_COMPLETE_FIRST > 0: PRINTER_ATTRIBUTE_WORK_OFFLINE > 0: PRINTER_ATTRIBUTE_ENABLE_BIDI > 1: PRINTER_ATTRIBUTE_RAW_ONLY > 0: PRINTER_ATTRIBUTE_PUBLISHED > 0: PRINTER_ATTRIBUTE_FAX > 0: PRINTER_ATTRIBUTE_TS > priority : 0x00000001 (1) > defaultpriority : 0x00000001 (1) > starttime : 0x00000000 (0) > untiltime : 0x00000000 (0) > status : 0x00000000 (0) > 0: PRINTER_STATUS_PAUSED > 0: PRINTER_STATUS_ERROR > 0: PRINTER_STATUS_PENDING_DELETION > 0: PRINTER_STATUS_PAPER_JAM > 0: PRINTER_STATUS_PAPER_OUT > 0: PRINTER_STATUS_MANUAL_FEED > 0: PRINTER_STATUS_PAPER_PROBLEM > 0: PRINTER_STATUS_OFFLINE > 0: PRINTER_STATUS_IO_ACTIVE > 0: PRINTER_STATUS_BUSY > 0: PRINTER_STATUS_PRINTING > 0: PRINTER_STATUS_OUTPUT_BIN_FULL > 0: PRINTER_STATUS_NOT_AVAILABLE > 0: PRINTER_STATUS_WAITING > 0: PRINTER_STATUS_PROCESSING > 0: PRINTER_STATUS_INITIALIZING > 0: PRINTER_STATUS_WARMING_UP > 0: PRINTER_STATUS_TONER_LOW > 0: PRINTER_STATUS_NO_TONER > 0: PRINTER_STATUS_PAGE_PUNT > 0: PRINTER_STATUS_USER_INTERVENTION > 0: PRINTER_STATUS_OUT_OF_MEMORY > 0: PRINTER_STATUS_DOOR_OPEN > 0: PRINTER_STATUS_SERVER_UNKNOWN > 0: PRINTER_STATUS_POWER_SAVE > cjobs : 0x00000000 (0) > averageppm : 0x00000000 (0) > needed : * > needed : 0x00000328 (808) > result : WERR_OK >[2012/02/20 14:52:42.586739, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP) > api_rpcTNP: called \spoolss successfully >[2012/02/20 14:52:42.586860, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 4140 >[2012/02/20 14:52:42.586990, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) > name: \spoolss len: 4136 >[2012/02/20 14:52:42.587126, 10] rpc_server/srv_pipe_hnd.c:346(read_from_internal_pipe) > read_from_pipe: \spoolss: fault_state = 0 : data_sent_length = 0, p->out_data.rdata.length = 4112. >[2012/02/20 14:52:42.587240, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) > &r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_RESPONSE (2) > pfc_flags : 0x03 (3) > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x1028 (4136) > auth_length : 0x0000 (0) > call_id : 0x00000004 (4) > u : union dcerpc_payload(case 2) > response: struct dcerpc_response > alloc_hint : 0x00001010 (4112) > context_id : 0x0000 (0) > cancel_count : 0x00 (0) > _pad : DATA_BLOB length=0 > stub_and_verifier : DATA_BLOB length=4112 > [0000] 04 00 02 00 00 10 00 00 F0 0F 00 00 D8 0F 00 00 ........ ........ > [0010] D0 0F 00 00 AA 0F 00 00 A8 0F 00 00 58 0F 00 00 ........ ....X... > [0020] 40 0F 00 00 44 0E 00 00 3E 0F 00 00 2C 0F 00 00 @...D... >...,... > [0030] 24 0F 00 00 22 0F 00 00 4C 0D 00 00 48 10 00 00 $..."... L...H... > [0040] 01 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0200] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0210] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0220] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0230] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0240] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0250] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0260] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0270] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0280] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0290] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [02A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [02B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [02C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [02D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [02E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [02F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0300] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0310] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0320] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0330] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0340] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0350] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0360] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0370] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0380] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0390] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [03A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [03B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [03C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [03D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [03E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [03F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0400] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0410] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0420] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0430] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0440] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0450] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0460] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0470] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0480] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0490] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [04A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [04B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [04C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [04D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [04E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [04F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0500] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0510] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0520] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0530] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0540] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0550] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0560] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0570] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0580] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0590] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [05A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [05B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [05C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [05D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [05E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [05F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0600] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0610] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0620] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0630] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0640] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0650] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0660] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0670] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0680] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0690] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [06A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [06B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [06C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [06D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [06E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [06F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0700] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0710] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0720] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0730] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0740] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0750] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0760] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0770] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0780] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0790] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [07A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [07B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [07C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [07D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [07E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [07F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0800] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0810] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0820] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0830] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0840] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0850] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0860] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0870] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0880] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0890] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [08A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [08B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [08C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [08D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [08E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [08F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0900] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0910] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0920] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0930] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0940] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0950] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0960] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0970] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0980] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0990] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [09A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [09B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [09C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [09D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [09E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [09F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0A00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0A10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0A20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0A30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0A40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0A50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0A60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0A70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0A80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0A90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0AA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0AB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0AC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0AD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0AE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0AF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0B00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0B10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0B20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0B30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0B40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0B50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0B60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0B70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0B80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0B90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0BA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0BB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0BC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0BD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0BE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0BF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0C00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0C10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0C20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0C30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0C40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0C50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0C60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0C70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0C80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0C90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0CA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0CB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0CC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0CD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0CE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0CF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0D00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0D10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0D20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0D30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0D40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0D50] 00 00 00 00 01 00 04 80 D8 00 00 00 E8 00 00 00 ........ ........ > [0D60] 00 00 00 00 14 00 00 00 02 00 C4 00 07 00 00 00 ........ ........ > [0D70] 00 02 14 00 08 00 02 20 01 01 00 00 00 00 00 01 ....... ........ > [0D80] 00 00 00 00 00 09 24 00 0C 00 0F 10 01 05 00 00 ......$. ........ > [0D90] 00 00 00 05 15 00 00 00 D3 42 9F 90 94 5F 64 FD ........ .B..._d. > [0DA0] EB 17 72 3B 00 02 00 00 00 02 24 00 0C 00 0F 10 ..r;.... ..$..... > [0DB0] 01 05 00 00 00 00 00 05 15 00 00 00 D3 42 9F 90 ........ .....B.. > [0DC0] 94 5F 64 FD EB 17 72 3B 00 02 00 00 00 09 18 00 ._d...r; ........ > [0DD0] 0C 00 0F 10 01 02 00 00 00 00 00 05 20 00 00 00 ........ .... ... > [0DE0] 20 02 00 00 00 02 18 00 0C 00 0F 10 01 02 00 00 ....... ........ > [0DF0] 00 00 00 05 20 00 00 00 20 02 00 00 00 09 18 00 .... ... ....... > [0E00] 0C 00 0F 10 01 02 00 00 00 00 00 05 20 00 00 00 ........ .... ... > [0E10] 26 02 00 00 00 02 18 00 0C 00 0F 10 01 02 00 00 &....... ........ > [0E20] 00 00 00 05 20 00 00 00 26 02 00 00 01 02 00 00 .... ... &....... > [0E30] 00 00 00 05 20 00 00 00 20 02 00 00 01 02 00 00 .... ... ....... > [0E40] 00 00 00 05 20 00 00 00 20 02 00 00 5C 00 5C 00 .... ... ...\.\. > [0E50] 65 00 61 00 72 00 74 00 68 00 5C 00 70 00 6F 00 e.a.r.t. h.\.p.o. > [0E60] 65 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e....... ........ > [0E70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0E80] 00 00 00 00 00 00 00 00 00 00 00 00 01 04 00 04 ........ ........ > [0E90] DC 00 00 00 13 47 01 00 01 00 01 00 00 00 00 00 .....G.. ........ > [0EA0] 64 00 01 00 0F 00 FC FF 01 00 01 00 00 00 03 00 d....... ........ > [0EB0] 00 00 4C 00 65 00 74 00 74 00 65 00 72 00 00 00 ..L.e.t. t.e.r... > [0EC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0ED0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0EE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0EF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0F00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0F10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0F20] 00 00 00 00 00 00 00 00 00 00 00 00 52 00 41 00 ........ ....R.A. > [0F30] 57 00 00 00 77 00 69 00 6E 00 70 00 72 00 69 00 W...w.i. n.p.r.i. > [0F40] 6E 00 74 00 00 00 00 00 46 00 61 00 78 00 20 00 n.t..... F.a.x. . > [0F50] 4D 00 61 00 63 00 68 00 69 00 6E 00 65 00 00 00 M.a.c.h. i.n.e... > [0F60] 44 00 6F 00 75 00 62 00 6C 00 65 00 20 00 73 00 D.o.u.b. l.e. .s. > [0F70] 69 00 64 00 65 00 64 00 20 00 4C 00 61 00 73 00 i.d.e.d. .L.a.s. > [0F80] 65 00 72 00 4A 00 65 00 74 00 20 00 35 00 6D 00 e.r.J.e. t. .5.m. > [0F90] 20 00 62 00 79 00 20 00 66 00 61 00 78 00 20 00 .b.y. . f.a.x. . > [0FA0] 6D 00 61 00 63 00 68 00 69 00 6E 00 65 00 00 00 m.a.c.h. i.n.e... > [0FB0] 00 00 53 00 61 00 6D 00 62 00 61 00 20 00 50 00 ..S.a.m. b.a. .P. > [0FC0] 72 00 69 00 6E 00 74 00 65 00 72 00 20 00 50 00 r.i.n.t. e.r. .P. > [0FD0] 6F 00 72 00 74 00 00 00 70 00 6F 00 65 00 00 00 o.r.t... p.o.e... > [0FE0] 5C 00 5C 00 65 00 61 00 72 00 74 00 68 00 5C 00 \.\.e.a. r.t.h.\. > [0FF0] 70 00 6F 00 65 00 00 00 5C 00 5C 00 65 00 61 00 p.o.e... \.\.e.a. > [1000] 72 00 74 00 68 00 00 00 28 03 00 00 00 00 00 00 r.t.h... (....... >[2012/02/20 14:52:42.612976, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) > free_pipe_context: destroying talloc pool of size 4092 >[2012/02/20 14:52:42.613137, 10] rpc_server/rpc_handles.c:307(close_policy_by_pipe) > close_policy_by_pipe: deleted handle list for pipe \winreg >[2012/02/20 14:52:42.613263, 10] rpc_server/srv_pipe_hnd.c:788(np_read_recv) > Received 4136 bytes. There is no more data outstanding >[2012/02/20 14:52:42.613360, 5] smbd/ipc.c:62(copy_trans_params_and_data) > copy_trans_params_and_data: params[0..0] data[0..4136] (align 0) >[2012/02/20 14:52:42.613454, 5] lib/util.c:332(show_msg) >[2012/02/20 14:52:42.613504, 5] lib/util.c:342(show_msg) > size=4192 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51203 > smb_tid=2 > smb_pid=1620 > smb_uid=100 > smb_mid=22977 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 4136 (0x1028) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 4136 (0x1028) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=4137 >[2012/02/20 14:52:42.614328, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 05 00 02 03 10 00 00 00 28 10 00 00 04 00 00 ........ .(...... > [0010] 00 10 10 00 00 00 00 00 00 04 00 02 00 00 10 00 ........ ........ > [0020] 00 F0 0F 00 00 D8 0F 00 00 D0 0F 00 00 AA 0F 00 ........ ........ > [0030] 00 A8 0F 00 00 58 0F 00 00 40 0F 00 00 44 0E 00 .....X.. .@...D.. > [0040] 00 3E 0F 00 00 2C 0F 00 00 24 0F 00 00 22 0F 00 .>...,.. .$...".. > [0050] 00 4C 0D 00 00 48 10 00 00 01 00 00 00 01 00 00 .L...H.. ........ > [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ >[2012/02/20 14:52:42.617714, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 148 >[2012/02/20 14:52:42.617909, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x94 >[2012/02/20 14:52:42.618012, 3] smbd/process.c:1662(process_smb) > Transaction 40 of length 152 (0 toread) >[2012/02/20 14:52:42.618100, 5] lib/util.c:332(show_msg) >[2012/02/20 14:52:42.618150, 5] lib/util.c:342(show_msg) > size=148 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=2 > smb_pid=1620 > smb_uid=100 > smb_mid=23041 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 64 (0x40) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 4136 (0x1028) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 64 (0x40) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=15584 (0x3CE0) > smb_bcc=81 >[2012/02/20 14:52:42.619182, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... > [0010] 00 05 00 00 03 10 00 00 00 40 00 00 00 05 00 00 ........ .@...... > [0020] 00 28 00 00 00 00 00 04 00 00 00 00 00 0D 00 00 .(...... ........ > [0030] 00 00 00 00 00 42 4F AA C0 59 6C 00 00 00 00 00 .....BO. .Yl..... > [0040] 00 FF FF FF FF 02 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0050] 00 . >[2012/02/20 14:52:42.619663, 3] smbd/process.c:1467(switch_message) > switch message SMBtrans (pid 27737) conn 0x9697a50 >[2012/02/20 14:52:42.619755, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/02/20 14:52:42.619853, 3] smbd/ipc.c:560(handle_trans) > trans <\PIPE\> data=64 params=0 setup=2 >[2012/02/20 14:52:42.619945, 5] smbd/ipc.c:593(handle_trans) > calling named_pipe >[2012/02/20 14:52:42.620037, 3] smbd/ipc.c:511(named_pipe) > named pipe command on <> name >[2012/02/20 14:52:42.620123, 5] smbd/ipc.c:434(api_fd_reply) > api_fd_reply >[2012/02/20 14:52:42.620208, 3] smbd/ipc.c:475(api_fd_reply) > Got API command 0x26 on pipe "spoolss" (pnum 3ce0) >[2012/02/20 14:52:42.620295, 10] smbd/ipc.c:477(api_fd_reply) > api_fd_reply: p:0x9617028 max_trans_reply: 4136 >[2012/02/20 14:52:42.620396, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) > np_write_send: len: 64 >[2012/02/20 14:52:42.620496, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 64 >[2012/02/20 14:52:42.620588, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 64 >[2012/02/20 14:52:42.620678, 10] rpc_server/srv_pipe_hnd.c:50(fill_rpc_header) > fill_rpc_header: data_to_copy = 64, len_needed_to_complete_hdr = 16, receive_len = 0 >[2012/02/20 14:52:42.620768, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 16 >[2012/02/20 14:52:42.620853, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 48 >[2012/02/20 14:52:42.620939, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 48 >[2012/02/20 14:52:42.621039, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 0 >[2012/02/20 14:52:42.621125, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 48 >[2012/02/20 14:52:42.621212, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 48, incoming data = 48 >[2012/02/20 14:52:42.621302, 10] rpc_server/srv_pipe.c:1877(process_complete_pdu) > PDU is in Little Endian format! >[2012/02/20 14:52:42.621401, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) > r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_REQUEST (0) > pfc_flags : 0x03 (3) > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x0040 (64) > auth_length : 0x0000 (0) > call_id : 0x00000005 (5) > u : union dcerpc_payload(case 0) > request: struct dcerpc_request > alloc_hint : 0x00000028 (40) > context_id : 0x0000 (0) > opnum : 0x0004 (4) > object : union dcerpc_object(case 0) > empty: struct dcerpc_empty > _pad : DATA_BLOB length=0 > stub_and_verifier : DATA_BLOB length=40 > [0000] 00 00 00 00 0D 00 00 00 00 00 00 00 42 4F AA C0 ........ ....BO.. > [0010] 59 6C 00 00 00 00 00 00 FF FF FF FF 02 00 00 00 Yl...... ........ > [0020] 00 00 00 00 00 00 00 00 ........ >[2012/02/20 14:52:42.622656, 10] rpc_server/srv_pipe.c:1890(process_complete_pdu) > Processing packet type 0 >[2012/02/20 14:52:42.622745, 10] rpc_server/srv_pipe.c:1734(dcesrv_auth_request) > Checking request auth. >[2012/02/20 14:52:42.622941, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) > Requested \PIPE\\spoolss >[2012/02/20 14:52:42.623084, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) > api_rpcTNP: \spoolss op 0x4 - api_rpcTNP: rpc command: SPOOLSS_ENUMJOBS >[2012/02/20 14:52:42.623205, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) > api_rpc_cmds[4].fn == 0x4424e0 >[2012/02/20 14:52:42.623332, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > spoolss_EnumJobs: struct spoolss_EnumJobs > in: struct spoolss_EnumJobs > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000000d-0000-0000-424f-aac0596c0000 > firstjob : 0x00000000 (0) > numjobs : 0xffffffff (4294967295) > level : 0x00000002 (2) > buffer : NULL > offered : 0x00000000 (0) >[2012/02/20 14:52:42.624195, 4] rpc_server/spoolss/srv_spoolss_nt.c:7060(_spoolss_EnumJobs) > _spoolss_EnumJobs >[2012/02/20 14:52:42.624370, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 0D 00 00 00 00 00 00 00 42 4F AA C0 ........ ....BO.. > [0010] 59 6C 00 00 Yl.. >[2012/02/20 14:52:42.624907, 4] rpc_server/spoolss/srv_spoolss_nt.c:504(get_printer_snum) > short name:poe >[2012/02/20 14:52:42.625084, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) > Create pipe requested \winreg >[2012/02/20 14:52:42.625462, 10] rpc_server/rpc_handles.c:116(init_pipe_handles) > init_pipe_handle_list: created handle list for pipe \winreg >[2012/02/20 14:52:42.625806, 10] rpc_server/rpc_handles.c:133(init_pipe_handles) > init_pipe_handle_list: pipe_handles ref count = 1 for pipe \winreg >[2012/02/20 14:52:42.626187, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) > Created internal pipe \winreg (pipes_open=0) >[2012/02/20 14:52:42.626436, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_OpenHKLM: struct winreg_OpenHKLM > in: struct winreg_OpenHKLM > system_name : NULL > access_mask : 0x02000000 (33554432) > 0: KEY_QUERY_VALUE > 0: KEY_SET_VALUE > 0: KEY_CREATE_SUB_KEY > 0: KEY_ENUMERATE_SUB_KEYS > 0: KEY_NOTIFY > 0: KEY_CREATE_LINK > 0: KEY_WOW64_64KEY > 0: KEY_WOW64_32KEY >[2012/02/20 14:52:42.627391, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [HKLM] >[2012/02/20 14:52:42.627566, 4] smbd/sec_ctx.c:214(push_sec_ctx) > push_sec_ctx(7000, 1001) : sec_ctx_stack_ndx = 1 >[2012/02/20 14:52:42.627717, 4] smbd/uid.c:460(push_conn_ctx) > push_conn_ctx(100) : conn_ctx_stack_ndx = 0 >[2012/02/20 14:52:42.627853, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2012/02/20 14:52:42.628003, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2012/02/20 14:52:42.628135, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2012/02/20 14:52:42.628519, 4] smbd/sec_ctx.c:422(pop_sec_ctx) > pop_sec_ctx (7000, 1001) - sec_ctx_stack_ndx = 0 >[2012/02/20 14:52:42.628688, 10] registry/reg_backend_db.c:602(regdb_open) > regdb_open: registry db opened. refcount reset (1) >[2012/02/20 14:52:42.628844, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM] >[2012/02/20 14:52:42.629004, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM] >[2012/02/20 14:52:42.629154, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/02/20 14:52:42.629267, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0xb037c0 for key [\HKLM] >[2012/02/20 14:52:42.629736, 10] registry/reg_backend_db.c:1871(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM] >[2012/02/20 14:52:42.630241, 10] ../libcli/security/access_check.c:178(se_access_check) > se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f >[2012/02/20 14:52:42.630588, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[1] [0000] 00 00 00 00 1D 00 00 00 00 00 00 00 42 4F AA C0 ........ ....BO.. > [0010] 59 6C 00 00 Yl.. >[2012/02/20 14:52:42.631214, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_OpenHKLM: struct winreg_OpenHKLM > out: struct winreg_OpenHKLM > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000001d-0000-0000-424f-aac0596c0000 > result : WERR_OK >[2012/02/20 14:52:42.631687, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_OpenKey: struct winreg_OpenKey > in: struct winreg_OpenKey > parent_handle : * > parent_handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000001d-0000-0000-424f-aac0596c0000 > keyname: struct winreg_String > name_len : 0x0080 (128) > name_size : 0x0080 (128) > name : * > name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\poe' > options : 0x00000000 (0) > 0: REG_OPTION_VOLATILE > 0: REG_OPTION_CREATE_LINK > 0: REG_OPTION_BACKUP_RESTORE > 0: REG_OPTION_OPEN_LINK > access_mask : 0x02000000 (33554432) > 0: KEY_QUERY_VALUE > 0: KEY_SET_VALUE > 0: KEY_CREATE_SUB_KEY > 0: KEY_ENUMERATE_SUB_KEYS > 0: KEY_NOTIFY > 0: KEY_CREATE_LINK > 0: KEY_WOW64_64KEY > 0: KEY_WOW64_32KEY >[2012/02/20 14:52:42.632818, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 1D 00 00 00 00 00 00 00 42 4F AA C0 ........ ....BO.. > [0010] 59 6C 00 00 Yl.. >[2012/02/20 14:52:42.633137, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [SOFTWARE] >[2012/02/20 14:52:42.633242, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (1->2) >[2012/02/20 14:52:42.633341, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] >[2012/02/20 14:52:42.633429, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE] >[2012/02/20 14:52:42.633517, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/02/20 14:52:42.633609, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0xb037c0 for key [\HKLM\SOFTWARE] >[2012/02/20 14:52:42.633788, 10] registry/reg_backend_db.c:1871(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE] >[2012/02/20 14:52:42.633926, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Microsoft] >[2012/02/20 14:52:42.634040, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (2->3) >[2012/02/20 14:52:42.634134, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] >[2012/02/20 14:52:42.634222, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] >[2012/02/20 14:52:42.634310, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/02/20 14:52:42.634394, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0xb037c0 for key [\HKLM\SOFTWARE\Microsoft] >[2012/02/20 14:52:42.634539, 10] registry/reg_backend_db.c:1871(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft] >[2012/02/20 14:52:42.634677, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (3->2) >[2012/02/20 14:52:42.634768, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Windows NT] >[2012/02/20 14:52:42.634859, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (2->3) >[2012/02/20 14:52:42.634954, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] >[2012/02/20 14:52:42.635070, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] >[2012/02/20 14:52:42.635160, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/02/20 14:52:42.635246, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0xb037c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] >[2012/02/20 14:52:42.635389, 10] registry/reg_backend_db.c:1871(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT] >[2012/02/20 14:52:42.635522, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (3->2) >[2012/02/20 14:52:42.635618, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [CurrentVersion] >[2012/02/20 14:52:42.635711, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (2->3) >[2012/02/20 14:52:42.635804, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] >[2012/02/20 14:52:42.635892, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] >[2012/02/20 14:52:42.636001, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/02/20 14:52:42.636089, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0xb03a20 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] >[2012/02/20 14:52:42.636257, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (3->2) >[2012/02/20 14:52:42.636349, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Print] >[2012/02/20 14:52:42.636473, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (2->3) >[2012/02/20 14:52:42.636574, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] >[2012/02/20 14:52:42.636664, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] >[2012/02/20 14:52:42.636756, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/02/20 14:52:42.636841, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0xb03a20 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] >[2012/02/20 14:52:42.637004, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (3->2) >[2012/02/20 14:52:42.637096, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Printers] >[2012/02/20 14:52:42.637187, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (2->3) >[2012/02/20 14:52:42.637280, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] >[2012/02/20 14:52:42.637369, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] >[2012/02/20 14:52:42.637460, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/02/20 14:52:42.637545, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0xb037c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] >[2012/02/20 14:52:42.637697, 10] registry/reg_backend_db.c:1871(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] >[2012/02/20 14:52:42.637834, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (3->2) >[2012/02/20 14:52:42.637923, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [poe] >[2012/02/20 14:52:42.638039, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (2->3) >[2012/02/20 14:52:42.638136, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\poe] >[2012/02/20 14:52:42.638225, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\poe] >[2012/02/20 14:52:42.638317, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/02/20 14:52:42.638401, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0xb037c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\poe] >[2012/02/20 14:52:42.638549, 10] registry/reg_backend_db.c:1871(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\poe] >[2012/02/20 14:52:42.638693, 10] ../libcli/security/access_check.c:178(se_access_check) > se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f >[2012/02/20 14:52:42.638789, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (3->2) >[2012/02/20 14:52:42.638882, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[2] [0000] 00 00 00 00 1E 00 00 00 00 00 00 00 42 4F AA C0 ........ ....BO.. > [0010] 59 6C 00 00 Yl.. >[2012/02/20 14:52:42.639093, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_OpenKey: struct winreg_OpenKey > out: struct winreg_OpenKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000001e-0000-0000-424f-aac0596c0000 > result : WERR_OK >[2012/02/20 14:52:42.639527, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_QueryInfoKey: struct winreg_QueryInfoKey > in: struct winreg_QueryInfoKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000001e-0000-0000-424f-aac0596c0000 > classname : * > classname: struct winreg_String > name_len : 0x0000 (0) > name_size : 0x0000 (0) > name : NULL >[2012/02/20 14:52:42.640053, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 1E 00 00 00 00 00 00 00 42 4F AA C0 ........ ....BO.. > [0010] 59 6C 00 00 Yl.. >[2012/02/20 14:52:42.640309, 10] registry/reg_dispatcher.c:150(fetch_reg_values) > fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\poe' (ops 0xb037c0) >[2012/02/20 14:52:42.640405, 10] registry/reg_backend_db.c:1764(regdb_fetch_values_internal) > regdb_fetch_values: Looking for value of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\poe] >[2012/02/20 14:52:42.640544, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) > specific: [Attributes], len: 4 >[2012/02/20 14:52:42.640641, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) > specific: [Description], len: 2 >[2012/02/20 14:52:42.640731, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) > specific: [Datatype], len: 8 >[2012/02/20 14:52:42.640820, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) > specific: [Default Priority], len: 4 >[2012/02/20 14:52:42.640910, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) > specific: [Port], len: 38 >[2012/02/20 14:52:42.641030, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) > specific: [Name], len: 8 >[2012/02/20 14:52:42.641123, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) > specific: [Print Processor], len: 18 >[2012/02/20 14:52:42.641214, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) > specific: [Priority], len: 4 >[2012/02/20 14:52:42.641304, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) > specific: [Security], len: 248 >[2012/02/20 14:52:42.641394, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) > specific: [Share Name], len: 8 >[2012/02/20 14:52:42.641484, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) > specific: [StartTime], len: 4 >[2012/02/20 14:52:42.641580, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) > specific: [UntilTime], len: 4 >[2012/02/20 14:52:42.641670, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) > specific: [ChangeID], len: 4 >[2012/02/20 14:52:42.641761, 10] registry/reg_backend_db.c:1871(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\poe] >[2012/02/20 14:52:42.641902, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_QueryInfoKey: struct winreg_QueryInfoKey > out: struct winreg_QueryInfoKey > classname : * > classname: struct winreg_String > name_len : 0x0000 (0) > name_size : 0x0000 (0) > name : NULL > num_subkeys : * > num_subkeys : 0x00000003 (3) > max_subkeylen : * > max_subkeylen : 0x00000022 (34) > max_classlen : * > max_classlen : 0x00000000 (0) > num_values : * > num_values : 0x0000000d (13) > max_valnamelen : * > max_valnamelen : 0x00000022 (34) > max_valbufsize : * > max_valbufsize : 0x000000f8 (248) > secdescsize : * > secdescsize : 0x00000078 (120) > last_changed_time : * > last_changed_time : NTTIME(0) > result : WERR_OK >[2012/02/20 14:52:42.643029, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000001e-0000-0000-424f-aac0596c0000 > enum_index : 0x00000000 (0) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000f8 (248) > length : * > length : 0x00000000 (0) >[2012/02/20 14:52:42.643947, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 1E 00 00 00 00 00 00 00 42 4F AA C0 ........ ....BO.. > [0010] 59 6C 00 00 Yl.. >[2012/02/20 14:52:42.644159, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\poe] >[2012/02/20 14:52:42.644259, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x0016 (22) > size : 0x0024 (36) > name : * > name : 'Attributes' > type : * > type : REG_DWORD (4) > value : * > value: ARRAY(4) > [0] : 0x48 (72) > [1] : 0x10 (16) > [2] : 0x00 (0) > [3] : 0x00 (0) > size : * > size : 0x00000004 (4) > length : * > length : 0x00000004 (4) > result : WERR_OK >[2012/02/20 14:52:42.645210, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000001e-0000-0000-424f-aac0596c0000 > enum_index : 0x00000001 (1) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000f8 (248) > length : * > length : 0x00000000 (0) >[2012/02/20 14:52:42.646156, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 1E 00 00 00 00 00 00 00 42 4F AA C0 ........ ....BO.. > [0010] 59 6C 00 00 Yl.. >[2012/02/20 14:52:42.646341, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\poe] >[2012/02/20 14:52:42.646437, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x0018 (24) > size : 0x0024 (36) > name : * > name : 'Description' > type : * > type : REG_SZ (1) > value : * > value: ARRAY(2) > [0] : 0x00 (0) > [1] : 0x00 (0) > size : * > size : 0x00000002 (2) > length : * > length : 0x00000002 (2) > result : WERR_OK >[2012/02/20 14:52:42.647325, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000001e-0000-0000-424f-aac0596c0000 > enum_index : 0x00000002 (2) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000f8 (248) > length : * > length : 0x00000000 (0) >[2012/02/20 14:52:42.648247, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 1E 00 00 00 00 00 00 00 42 4F AA C0 ........ ....BO.. > [0010] 59 6C 00 00 Yl.. >[2012/02/20 14:52:42.648431, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\poe] >[2012/02/20 14:52:42.648527, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x0012 (18) > size : 0x0024 (36) > name : * > name : 'Datatype' > type : * > type : REG_SZ (1) > value : * > value: ARRAY(8) > [0] : 0x52 (82) > [1] : 0x00 (0) > [2] : 0x41 (65) > [3] : 0x00 (0) > [4] : 0x57 (87) > [5] : 0x00 (0) > [6] : 0x00 (0) > [7] : 0x00 (0) > size : * > size : 0x00000008 (8) > length : * > length : 0x00000008 (8) > result : WERR_OK >[2012/02/20 14:52:42.649674, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000001e-0000-0000-424f-aac0596c0000 > enum_index : 0x00000003 (3) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000f8 (248) > length : * > length : 0x00000000 (0) >[2012/02/20 14:52:42.650607, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 1E 00 00 00 00 00 00 00 42 4F AA C0 ........ ....BO.. > [0010] 59 6C 00 00 Yl.. >[2012/02/20 14:52:42.650793, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\poe] >[2012/02/20 14:52:42.650889, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x0022 (34) > size : 0x0024 (36) > name : * > name : 'Default Priority' > type : * > type : REG_DWORD (4) > value : * > value: ARRAY(4) > [0] : 0x01 (1) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > size : * > size : 0x00000004 (4) > length : * > length : 0x00000004 (4) > result : WERR_OK >[2012/02/20 14:52:42.651834, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000001e-0000-0000-424f-aac0596c0000 > enum_index : 0x00000004 (4) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000f8 (248) > length : * > length : 0x00000000 (0) >[2012/02/20 14:52:42.652783, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 1E 00 00 00 00 00 00 00 42 4F AA C0 ........ ....BO.. > [0010] 59 6C 00 00 Yl.. >[2012/02/20 14:52:42.652985, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\poe] >[2012/02/20 14:52:42.653089, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x000a (10) > size : 0x0024 (36) > name : * > name : 'Port' > type : * > type : REG_SZ (1) > value : * > value: ARRAY(38) > [0] : 0x53 (83) > [1] : 0x00 (0) > [2] : 0x61 (97) > [3] : 0x00 (0) > [4] : 0x6d (109) > [5] : 0x00 (0) > [6] : 0x62 (98) > [7] : 0x00 (0) > [8] : 0x61 (97) > [9] : 0x00 (0) > [10] : 0x20 (32) > [11] : 0x00 (0) > [12] : 0x50 (80) > [13] : 0x00 (0) > [14] : 0x72 (114) > [15] : 0x00 (0) > [16] : 0x69 (105) > [17] : 0x00 (0) > [18] : 0x6e (110) > [19] : 0x00 (0) > [20] : 0x74 (116) > [21] : 0x00 (0) > [22] : 0x65 (101) > [23] : 0x00 (0) > [24] : 0x72 (114) > [25] : 0x00 (0) > [26] : 0x20 (32) > [27] : 0x00 (0) > [28] : 0x50 (80) > [29] : 0x00 (0) > [30] : 0x6f (111) > [31] : 0x00 (0) > [32] : 0x72 (114) > [33] : 0x00 (0) > [34] : 0x74 (116) > [35] : 0x00 (0) > [36] : 0x00 (0) > [37] : 0x00 (0) > size : * > size : 0x00000026 (38) > length : * > length : 0x00000026 (38) > result : WERR_OK >[2012/02/20 14:52:42.655572, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000001e-0000-0000-424f-aac0596c0000 > enum_index : 0x00000005 (5) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000f8 (248) > length : * > length : 0x00000000 (0) >[2012/02/20 14:52:42.656505, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 1E 00 00 00 00 00 00 00 42 4F AA C0 ........ ....BO.. > [0010] 59 6C 00 00 Yl.. >[2012/02/20 14:52:42.656695, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\poe] >[2012/02/20 14:52:42.656792, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x000a (10) > size : 0x0024 (36) > name : * > name : 'Name' > type : * > type : REG_SZ (1) > value : * > value: ARRAY(8) > [0] : 0x70 (112) > [1] : 0x00 (0) > [2] : 0x6f (111) > [3] : 0x00 (0) > [4] : 0x65 (101) > [5] : 0x00 (0) > [6] : 0x00 (0) > [7] : 0x00 (0) > size : * > size : 0x00000008 (8) > length : * > length : 0x00000008 (8) > result : WERR_OK >[2012/02/20 14:52:42.657990, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000001e-0000-0000-424f-aac0596c0000 > enum_index : 0x00000006 (6) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000f8 (248) > length : * > length : 0x00000000 (0) >[2012/02/20 14:52:42.658932, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 1E 00 00 00 00 00 00 00 42 4F AA C0 ........ ....BO.. > [0010] 59 6C 00 00 Yl.. >[2012/02/20 14:52:42.659143, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\poe] >[2012/02/20 14:52:42.659241, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x0020 (32) > size : 0x0024 (36) > name : * > name : 'Print Processor' > type : * > type : REG_SZ (1) > value : * > value: ARRAY(18) > [0] : 0x77 (119) > [1] : 0x00 (0) > [2] : 0x69 (105) > [3] : 0x00 (0) > [4] : 0x6e (110) > [5] : 0x00 (0) > [6] : 0x70 (112) > [7] : 0x00 (0) > [8] : 0x72 (114) > [9] : 0x00 (0) > [10] : 0x69 (105) > [11] : 0x00 (0) > [12] : 0x6e (110) > [13] : 0x00 (0) > [14] : 0x74 (116) > [15] : 0x00 (0) > [16] : 0x00 (0) > [17] : 0x00 (0) > size : * > size : 0x00000012 (18) > length : * > length : 0x00000012 (18) > result : WERR_OK >[2012/02/20 14:52:42.661194, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000001e-0000-0000-424f-aac0596c0000 > enum_index : 0x00000007 (7) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000f8 (248) > length : * > length : 0x00000000 (0) >[2012/02/20 14:52:42.662484, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 1E 00 00 00 00 00 00 00 42 4F AA C0 ........ ....BO.. > [0010] 59 6C 00 00 Yl.. >[2012/02/20 14:52:42.662722, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\poe] >[2012/02/20 14:52:42.662826, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x0012 (18) > size : 0x0024 (36) > name : * > name : 'Priority' > type : * > type : REG_DWORD (4) > value : * > value: ARRAY(4) > [0] : 0x01 (1) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > size : * > size : 0x00000004 (4) > length : * > length : 0x00000004 (4) > result : WERR_OK >[2012/02/20 14:52:42.663839, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000001e-0000-0000-424f-aac0596c0000 > enum_index : 0x00000008 (8) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000f8 (248) > length : * > length : 0x00000000 (0) >[2012/02/20 14:52:42.664767, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 1E 00 00 00 00 00 00 00 42 4F AA C0 ........ ....BO.. > [0010] 59 6C 00 00 Yl.. >[2012/02/20 14:52:42.664954, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\poe] >[2012/02/20 14:52:42.665083, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x0012 (18) > size : 0x0024 (36) > name : * > name : 'Security' > type : * > type : REG_BINARY (3) > value : * > value: ARRAY(248) > [0] : 0x01 (1) > [1] : 0x00 (0) > [2] : 0x04 (4) > [3] : 0x80 (128) > [4] : 0x14 (20) > [5] : 0x00 (0) > [6] : 0x00 (0) > [7] : 0x00 (0) > [8] : 0x24 (36) > [9] : 0x00 (0) > [10] : 0x00 (0) > [11] : 0x00 (0) > [12] : 0x00 (0) > [13] : 0x00 (0) > [14] : 0x00 (0) > [15] : 0x00 (0) > [16] : 0x34 (52) > [17] : 0x00 (0) > [18] : 0x00 (0) > [19] : 0x00 (0) > [20] : 0x01 (1) > [21] : 0x02 (2) > [22] : 0x00 (0) > [23] : 0x00 (0) > [24] : 0x00 (0) > [25] : 0x00 (0) > [26] : 0x00 (0) > [27] : 0x05 (5) > [28] : 0x20 (32) > [29] : 0x00 (0) > [30] : 0x00 (0) > [31] : 0x00 (0) > [32] : 0x20 (32) > [33] : 0x02 (2) > [34] : 0x00 (0) > [35] : 0x00 (0) > [36] : 0x01 (1) > [37] : 0x02 (2) > [38] : 0x00 (0) > [39] : 0x00 (0) > [40] : 0x00 (0) > [41] : 0x00 (0) > [42] : 0x00 (0) > [43] : 0x05 (5) > [44] : 0x20 (32) > [45] : 0x00 (0) > [46] : 0x00 (0) > [47] : 0x00 (0) > [48] : 0x20 (32) > [49] : 0x02 (2) > [50] : 0x00 (0) > [51] : 0x00 (0) > [52] : 0x02 (2) > [53] : 0x00 (0) > [54] : 0xc4 (196) > [55] : 0x00 (0) > [56] : 0x07 (7) > [57] : 0x00 (0) > [58] : 0x00 (0) > [59] : 0x00 (0) > [60] : 0x00 (0) > [61] : 0x02 (2) > [62] : 0x14 (20) > [63] : 0x00 (0) > [64] : 0x08 (8) > [65] : 0x00 (0) > [66] : 0x02 (2) > [67] : 0x20 (32) > [68] : 0x01 (1) > [69] : 0x01 (1) > [70] : 0x00 (0) > [71] : 0x00 (0) > [72] : 0x00 (0) > [73] : 0x00 (0) > [74] : 0x00 (0) > [75] : 0x01 (1) > [76] : 0x00 (0) > [77] : 0x00 (0) > [78] : 0x00 (0) > [79] : 0x00 (0) > [80] : 0x00 (0) > [81] : 0x09 (9) > [82] : 0x24 (36) > [83] : 0x00 (0) > [84] : 0x0c (12) > [85] : 0x00 (0) > [86] : 0x0f (15) > [87] : 0x10 (16) > [88] : 0x01 (1) > [89] : 0x05 (5) > [90] : 0x00 (0) > [91] : 0x00 (0) > [92] : 0x00 (0) > [93] : 0x00 (0) > [94] : 0x00 (0) > [95] : 0x05 (5) > [96] : 0x15 (21) > [97] : 0x00 (0) > [98] : 0x00 (0) > [99] : 0x00 (0) > [100] : 0xd3 (211) > [101] : 0x42 (66) > [102] : 0x9f (159) > [103] : 0x90 (144) > [104] : 0x94 (148) > [105] : 0x5f (95) > [106] : 0x64 (100) > [107] : 0xfd (253) > [108] : 0xeb (235) > [109] : 0x17 (23) > [110] : 0x72 (114) > [111] : 0x3b (59) > [112] : 0x00 (0) > [113] : 0x02 (2) > [114] : 0x00 (0) > [115] : 0x00 (0) > [116] : 0x00 (0) > [117] : 0x02 (2) > [118] : 0x24 (36) > [119] : 0x00 (0) > [120] : 0x0c (12) > [121] : 0x00 (0) > [122] : 0x0f (15) > [123] : 0x10 (16) > [124] : 0x01 (1) > [125] : 0x05 (5) > [126] : 0x00 (0) > [127] : 0x00 (0) > [128] : 0x00 (0) > [129] : 0x00 (0) > [130] : 0x00 (0) > [131] : 0x05 (5) > [132] : 0x15 (21) > [133] : 0x00 (0) > [134] : 0x00 (0) > [135] : 0x00 (0) > [136] : 0xd3 (211) > [137] : 0x42 (66) > [138] : 0x9f (159) > [139] : 0x90 (144) > [140] : 0x94 (148) > [141] : 0x5f (95) > [142] : 0x64 (100) > [143] : 0xfd (253) > [144] : 0xeb (235) > [145] : 0x17 (23) > [146] : 0x72 (114) > [147] : 0x3b (59) > [148] : 0x00 (0) > [149] : 0x02 (2) > [150] : 0x00 (0) > [151] : 0x00 (0) > [152] : 0x00 (0) > [153] : 0x09 (9) > [154] : 0x18 (24) > [155] : 0x00 (0) > [156] : 0x0c (12) > [157] : 0x00 (0) > [158] : 0x0f (15) > [159] : 0x10 (16) > [160] : 0x01 (1) > [161] : 0x02 (2) > [162] : 0x00 (0) > [163] : 0x00 (0) > [164] : 0x00 (0) > [165] : 0x00 (0) > [166] : 0x00 (0) > [167] : 0x05 (5) > [168] : 0x20 (32) > [169] : 0x00 (0) > [170] : 0x00 (0) > [171] : 0x00 (0) > [172] : 0x20 (32) > [173] : 0x02 (2) > [174] : 0x00 (0) > [175] : 0x00 (0) > [176] : 0x00 (0) > [177] : 0x02 (2) > [178] : 0x18 (24) > [179] : 0x00 (0) > [180] : 0x0c (12) > [181] : 0x00 (0) > [182] : 0x0f (15) > [183] : 0x10 (16) > [184] : 0x01 (1) > [185] : 0x02 (2) > [186] : 0x00 (0) > [187] : 0x00 (0) > [188] : 0x00 (0) > [189] : 0x00 (0) > [190] : 0x00 (0) > [191] : 0x05 (5) > [192] : 0x20 (32) > [193] : 0x00 (0) > [194] : 0x00 (0) > [195] : 0x00 (0) > [196] : 0x20 (32) > [197] : 0x02 (2) > [198] : 0x00 (0) > [199] : 0x00 (0) > [200] : 0x00 (0) > [201] : 0x09 (9) > [202] : 0x18 (24) > [203] : 0x00 (0) > [204] : 0x0c (12) > [205] : 0x00 (0) > [206] : 0x0f (15) > [207] : 0x10 (16) > [208] : 0x01 (1) > [209] : 0x02 (2) > [210] : 0x00 (0) > [211] : 0x00 (0) > [212] : 0x00 (0) > [213] : 0x00 (0) > [214] : 0x00 (0) > [215] : 0x05 (5) > [216] : 0x20 (32) > [217] : 0x00 (0) > [218] : 0x00 (0) > [219] : 0x00 (0) > [220] : 0x26 (38) > [221] : 0x02 (2) > [222] : 0x00 (0) > [223] : 0x00 (0) > [224] : 0x00 (0) > [225] : 0x02 (2) > [226] : 0x18 (24) > [227] : 0x00 (0) > [228] : 0x0c (12) > [229] : 0x00 (0) > [230] : 0x0f (15) > [231] : 0x10 (16) > [232] : 0x01 (1) > [233] : 0x02 (2) > [234] : 0x00 (0) > [235] : 0x00 (0) > [236] : 0x00 (0) > [237] : 0x00 (0) > [238] : 0x00 (0) > [239] : 0x05 (5) > [240] : 0x20 (32) > [241] : 0x00 (0) > [242] : 0x00 (0) > [243] : 0x00 (0) > [244] : 0x26 (38) > [245] : 0x02 (2) > [246] : 0x00 (0) > [247] : 0x00 (0) > size : * > size : 0x000000f8 (248) > length : * > length : 0x000000f8 (248) > result : WERR_OK >[2012/02/20 14:52:42.676585, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000001e-0000-0000-424f-aac0596c0000 > enum_index : 0x00000009 (9) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000f8 (248) > length : * > length : 0x00000000 (0) >[2012/02/20 14:52:42.677531, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 1E 00 00 00 00 00 00 00 42 4F AA C0 ........ ....BO.. > [0010] 59 6C 00 00 Yl.. >[2012/02/20 14:52:42.677722, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\poe] >[2012/02/20 14:52:42.677820, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x0016 (22) > size : 0x0024 (36) > name : * > name : 'Share Name' > type : * > type : REG_SZ (1) > value : * > value: ARRAY(8) > [0] : 0x70 (112) > [1] : 0x00 (0) > [2] : 0x6f (111) > [3] : 0x00 (0) > [4] : 0x65 (101) > [5] : 0x00 (0) > [6] : 0x00 (0) > [7] : 0x00 (0) > size : * > size : 0x00000008 (8) > length : * > length : 0x00000008 (8) > result : WERR_OK >[2012/02/20 14:52:42.678996, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000001e-0000-0000-424f-aac0596c0000 > enum_index : 0x0000000a (10) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000f8 (248) > length : * > length : 0x00000000 (0) >[2012/02/20 14:52:42.679910, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 1E 00 00 00 00 00 00 00 42 4F AA C0 ........ ....BO.. > [0010] 59 6C 00 00 Yl.. >[2012/02/20 14:52:42.680119, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\poe] >[2012/02/20 14:52:42.680218, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x0014 (20) > size : 0x0024 (36) > name : * > name : 'StartTime' > type : * > type : REG_DWORD (4) > value : * > value: ARRAY(4) > [0] : 0x00 (0) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > size : * > size : 0x00000004 (4) > length : * > length : 0x00000004 (4) > result : WERR_OK >[2012/02/20 14:52:42.681187, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000001e-0000-0000-424f-aac0596c0000 > enum_index : 0x0000000b (11) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000f8 (248) > length : * > length : 0x00000000 (0) >[2012/02/20 14:52:42.682187, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 1E 00 00 00 00 00 00 00 42 4F AA C0 ........ ....BO.. > [0010] 59 6C 00 00 Yl.. >[2012/02/20 14:52:42.682378, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\poe] >[2012/02/20 14:52:42.682476, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x0014 (20) > size : 0x0024 (36) > name : * > name : 'UntilTime' > type : * > type : REG_DWORD (4) > value : * > value: ARRAY(4) > [0] : 0x00 (0) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > size : * > size : 0x00000004 (4) > length : * > length : 0x00000004 (4) > result : WERR_OK >[2012/02/20 14:52:42.683455, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000001e-0000-0000-424f-aac0596c0000 > enum_index : 0x0000000c (12) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000f8 (248) > length : * > length : 0x00000000 (0) >[2012/02/20 14:52:42.684378, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 1E 00 00 00 00 00 00 00 42 4F AA C0 ........ ....BO.. > [0010] 59 6C 00 00 Yl.. >[2012/02/20 14:52:42.684565, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\poe] >[2012/02/20 14:52:42.684694, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x0012 (18) > size : 0x0024 (36) > name : * > name : 'ChangeID' > type : * > type : REG_DWORD (4) > value : * > value: ARRAY(4) > [0] : 0x6e (110) > [1] : 0xef (239) > [2] : 0xbe (190) > [3] : 0x00 (0) > size : * > size : 0x00000004 (4) > length : * > length : 0x00000004 (4) > result : WERR_OK >[2012/02/20 14:52:42.685708, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_QueryValue: struct winreg_QueryValue > in: struct winreg_QueryValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000001e-0000-0000-424f-aac0596c0000 > value_name : * > value_name: struct winreg_String > name_len : 0x0020 (32) > name_size : 0x0020 (32) > name : * > name : 'Default DevMode' > type : * > type : REG_NONE (0) > data : NULL > data_size : * > data_size : 0x00000000 (0) > data_length : * > data_length : 0x00000000 (0) >[2012/02/20 14:52:42.686563, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 1E 00 00 00 00 00 00 00 42 4F AA C0 ........ ....BO.. > [0010] 59 6C 00 00 Yl.. >[2012/02/20 14:52:42.686754, 7] rpc_server/winreg/srv_winreg_nt.c:262(_winreg_QueryValue) > _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\poe] >[2012/02/20 14:52:42.686845, 7] rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) > _winreg_QueryValue: policy key type = [00000000] >[2012/02/20 14:52:42.686937, 10] rpc_server/winreg/srv_winreg_nt.c:315(_winreg_QueryValue) > _winreg_QueryValue: reg_queryvalue failed with: WERR_BADFILE >[2012/02/20 14:52:42.687044, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_QueryValue: struct winreg_QueryValue > out: struct winreg_QueryValue > type : * > type : REG_NONE (0) > data : NULL > data_size : * > data_size : 0x00000000 (0) > data_length : * > data_length : 0x00000000 (0) > result : WERR_BADFILE >[2012/02/20 14:52:42.687539, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_OpenHKLM: struct winreg_OpenHKLM > in: struct winreg_OpenHKLM > system_name : NULL > access_mask : 0x02000000 (33554432) > 0: KEY_QUERY_VALUE > 0: KEY_SET_VALUE > 0: KEY_CREATE_SUB_KEY > 0: KEY_ENUMERATE_SUB_KEYS > 0: KEY_NOTIFY > 0: KEY_CREATE_LINK > 0: KEY_WOW64_64KEY > 0: KEY_WOW64_32KEY >[2012/02/20 14:52:42.688117, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [HKLM] >[2012/02/20 14:52:42.688213, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (2->3) >[2012/02/20 14:52:42.688306, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM] >[2012/02/20 14:52:42.688393, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM] >[2012/02/20 14:52:42.688480, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/02/20 14:52:42.688568, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0xb037c0 for key [\HKLM] >[2012/02/20 14:52:42.688721, 10] registry/reg_backend_db.c:1871(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM] >[2012/02/20 14:52:42.688852, 10] ../libcli/security/access_check.c:178(se_access_check) > se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f >[2012/02/20 14:52:42.688952, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[3] [0000] 00 00 00 00 1F 00 00 00 00 00 00 00 42 4F AA C0 ........ ....BO.. > [0010] 59 6C 00 00 Yl.. >[2012/02/20 14:52:42.689173, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_OpenHKLM: struct winreg_OpenHKLM > out: struct winreg_OpenHKLM > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000001f-0000-0000-424f-aac0596c0000 > result : WERR_OK >[2012/02/20 14:52:42.689567, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_OpenKey: struct winreg_OpenKey > in: struct winreg_OpenKey > parent_handle : * > parent_handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000001f-0000-0000-424f-aac0596c0000 > keyname: struct winreg_String > name_len : 0x0080 (128) > name_size : 0x0080 (128) > name : * > name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\poe' > options : 0x00000000 (0) > 0: REG_OPTION_VOLATILE > 0: REG_OPTION_CREATE_LINK > 0: REG_OPTION_BACKUP_RESTORE > 0: REG_OPTION_OPEN_LINK > access_mask : 0x02000000 (33554432) > 0: KEY_QUERY_VALUE > 0: KEY_SET_VALUE > 0: KEY_CREATE_SUB_KEY > 0: KEY_ENUMERATE_SUB_KEYS > 0: KEY_NOTIFY > 0: KEY_CREATE_LINK > 0: KEY_WOW64_64KEY > 0: KEY_WOW64_32KEY >[2012/02/20 14:52:42.690647, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 1F 00 00 00 00 00 00 00 42 4F AA C0 ........ ....BO.. > [0010] 59 6C 00 00 Yl.. >[2012/02/20 14:52:42.690839, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [SOFTWARE] >[2012/02/20 14:52:42.690931, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (3->4) >[2012/02/20 14:52:42.691033, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] >[2012/02/20 14:52:42.691119, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE] >[2012/02/20 14:52:42.691240, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/02/20 14:52:42.691325, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0xb037c0 for key [\HKLM\SOFTWARE] >[2012/02/20 14:52:42.691477, 10] registry/reg_backend_db.c:1871(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE] >[2012/02/20 14:52:42.691613, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Microsoft] >[2012/02/20 14:52:42.691707, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (4->5) >[2012/02/20 14:52:42.691801, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] >[2012/02/20 14:52:42.691888, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] >[2012/02/20 14:52:42.691998, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/02/20 14:52:42.692089, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0xb037c0 for key [\HKLM\SOFTWARE\Microsoft] >[2012/02/20 14:52:42.692228, 10] registry/reg_backend_db.c:1871(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft] >[2012/02/20 14:52:42.692360, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (5->4) >[2012/02/20 14:52:42.692452, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Windows NT] >[2012/02/20 14:52:42.692541, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (4->5) >[2012/02/20 14:52:42.692640, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] >[2012/02/20 14:52:42.692727, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] >[2012/02/20 14:52:42.692815, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/02/20 14:52:42.692900, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0xb037c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] >[2012/02/20 14:52:42.693093, 10] registry/reg_backend_db.c:1871(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT] >[2012/02/20 14:52:42.693230, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (5->4) >[2012/02/20 14:52:42.693322, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [CurrentVersion] >[2012/02/20 14:52:42.693414, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (4->5) >[2012/02/20 14:52:42.693508, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] >[2012/02/20 14:52:42.693599, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] >[2012/02/20 14:52:42.693689, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/02/20 14:52:42.693774, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0xb03a20 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] >[2012/02/20 14:52:42.693930, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (5->4) >[2012/02/20 14:52:42.694033, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Print] >[2012/02/20 14:52:42.694124, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (4->5) >[2012/02/20 14:52:42.694218, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] >[2012/02/20 14:52:42.694307, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] >[2012/02/20 14:52:42.694398, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/02/20 14:52:42.694514, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0xb03a20 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] >[2012/02/20 14:52:42.694662, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (5->4) >[2012/02/20 14:52:42.694754, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Printers] >[2012/02/20 14:52:42.694845, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (4->5) >[2012/02/20 14:52:42.694939, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] >[2012/02/20 14:52:42.695070, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] >[2012/02/20 14:52:42.695164, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/02/20 14:52:42.695249, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0xb037c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] >[2012/02/20 14:52:42.695401, 10] registry/reg_backend_db.c:1871(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] >[2012/02/20 14:52:42.695540, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (5->4) >[2012/02/20 14:52:42.695635, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [poe] >[2012/02/20 14:52:42.695727, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (4->5) >[2012/02/20 14:52:42.695822, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\poe] >[2012/02/20 14:52:42.695911, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\poe] >[2012/02/20 14:52:42.696055, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/02/20 14:52:42.696169, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0xb037c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\poe] >[2012/02/20 14:52:42.696328, 10] registry/reg_backend_db.c:1871(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\poe] >[2012/02/20 14:52:42.696471, 10] ../libcli/security/access_check.c:178(se_access_check) > se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f >[2012/02/20 14:52:42.696574, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (5->4) >[2012/02/20 14:52:42.696668, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[4] [0000] 00 00 00 00 20 00 00 00 00 00 00 00 42 4F AA C0 .... ... ....BO.. > [0010] 59 6C 00 00 Yl.. >[2012/02/20 14:52:42.696859, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_OpenKey: struct winreg_OpenKey > out: struct winreg_OpenKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000020-0000-0000-424f-aac0596c0000 > result : WERR_OK >[2012/02/20 14:52:42.697280, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_QueryValue: struct winreg_QueryValue > in: struct winreg_QueryValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000020-0000-0000-424f-aac0596c0000 > value_name : * > value_name: struct winreg_String > name_len : 0x0012 (18) > name_size : 0x0012 (18) > name : * > name : 'Security' > type : * > type : REG_NONE (0) > data : NULL > data_size : * > data_size : 0x00000000 (0) > data_length : * > data_length : 0x00000000 (0) >[2012/02/20 14:52:42.698164, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 20 00 00 00 00 00 00 00 42 4F AA C0 .... ... ....BO.. > [0010] 59 6C 00 00 Yl.. >[2012/02/20 14:52:42.698357, 7] rpc_server/winreg/srv_winreg_nt.c:262(_winreg_QueryValue) > _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\poe] >[2012/02/20 14:52:42.698447, 7] rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) > _winreg_QueryValue: policy key type = [00000000] >[2012/02/20 14:52:42.698535, 10] registry/reg_dispatcher.c:150(fetch_reg_values) > fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\poe' (ops 0xb037c0) >[2012/02/20 14:52:42.698630, 10] registry/reg_backend_db.c:1764(regdb_fetch_values_internal) > regdb_fetch_values: Looking for value of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\poe] >[2012/02/20 14:52:42.698777, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) > specific: [Attributes], len: 4 >[2012/02/20 14:52:42.698869, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) > specific: [Description], len: 2 >[2012/02/20 14:52:42.698971, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) > specific: [Datatype], len: 8 >[2012/02/20 14:52:42.699069, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) > specific: [Default Priority], len: 4 >[2012/02/20 14:52:42.699159, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) > specific: [Port], len: 38 >[2012/02/20 14:52:42.699249, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) > specific: [Name], len: 8 >[2012/02/20 14:52:42.699339, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) > specific: [Print Processor], len: 18 >[2012/02/20 14:52:42.699428, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) > specific: [Priority], len: 4 >[2012/02/20 14:52:42.699518, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) > specific: [Security], len: 248 >[2012/02/20 14:52:42.699611, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) > specific: [Share Name], len: 8 >[2012/02/20 14:52:42.699699, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) > specific: [StartTime], len: 4 >[2012/02/20 14:52:42.699788, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) > specific: [UntilTime], len: 4 >[2012/02/20 14:52:42.699878, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) > specific: [ChangeID], len: 4 >[2012/02/20 14:52:42.699979, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_QueryValue: struct winreg_QueryValue > out: struct winreg_QueryValue > type : * > type : REG_BINARY (3) > data : NULL > data_size : * > data_size : 0x000000f8 (248) > data_length : * > data_length : 0x00000000 (0) > result : WERR_OK >[2012/02/20 14:52:42.700474, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_QueryValue: struct winreg_QueryValue > in: struct winreg_QueryValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000020-0000-0000-424f-aac0596c0000 > value_name : * > value_name: struct winreg_String > name_len : 0x0012 (18) > name_size : 0x0012 (18) > name : * > name : 'Security' > type : * > type : REG_BINARY (3) > data : * > data: ARRAY(0) > data_size : * > data_size : 0x000000f8 (248) > data_length : * > data_length : 0x00000000 (0) >[2012/02/20 14:52:42.701394, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 20 00 00 00 00 00 00 00 42 4F AA C0 .... ... ....BO.. > [0010] 59 6C 00 00 Yl.. >[2012/02/20 14:52:42.701590, 7] rpc_server/winreg/srv_winreg_nt.c:262(_winreg_QueryValue) > _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\poe] >[2012/02/20 14:52:42.701680, 7] rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) > _winreg_QueryValue: policy key type = [00000000] >[2012/02/20 14:52:42.701773, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_QueryValue: struct winreg_QueryValue > out: struct winreg_QueryValue > type : * > type : REG_BINARY (3) > data : * > data: ARRAY(248) > [0] : 0x01 (1) > [1] : 0x00 (0) > [2] : 0x04 (4) > [3] : 0x80 (128) > [4] : 0x14 (20) > [5] : 0x00 (0) > [6] : 0x00 (0) > [7] : 0x00 (0) > [8] : 0x24 (36) > [9] : 0x00 (0) > [10] : 0x00 (0) > [11] : 0x00 (0) > [12] : 0x00 (0) > [13] : 0x00 (0) > [14] : 0x00 (0) > [15] : 0x00 (0) > [16] : 0x34 (52) > [17] : 0x00 (0) > [18] : 0x00 (0) > [19] : 0x00 (0) > [20] : 0x01 (1) > [21] : 0x02 (2) > [22] : 0x00 (0) > [23] : 0x00 (0) > [24] : 0x00 (0) > [25] : 0x00 (0) > [26] : 0x00 (0) > [27] : 0x05 (5) > [28] : 0x20 (32) > [29] : 0x00 (0) > [30] : 0x00 (0) > [31] : 0x00 (0) > [32] : 0x20 (32) > [33] : 0x02 (2) > [34] : 0x00 (0) > [35] : 0x00 (0) > [36] : 0x01 (1) > [37] : 0x02 (2) > [38] : 0x00 (0) > [39] : 0x00 (0) > [40] : 0x00 (0) > [41] : 0x00 (0) > [42] : 0x00 (0) > [43] : 0x05 (5) > [44] : 0x20 (32) > [45] : 0x00 (0) > [46] : 0x00 (0) > [47] : 0x00 (0) > [48] : 0x20 (32) > [49] : 0x02 (2) > [50] : 0x00 (0) > [51] : 0x00 (0) > [52] : 0x02 (2) > [53] : 0x00 (0) > [54] : 0xc4 (196) > [55] : 0x00 (0) > [56] : 0x07 (7) > [57] : 0x00 (0) > [58] : 0x00 (0) > [59] : 0x00 (0) > [60] : 0x00 (0) > [61] : 0x02 (2) > [62] : 0x14 (20) > [63] : 0x00 (0) > [64] : 0x08 (8) > [65] : 0x00 (0) > [66] : 0x02 (2) > [67] : 0x20 (32) > [68] : 0x01 (1) > [69] : 0x01 (1) > [70] : 0x00 (0) > [71] : 0x00 (0) > [72] : 0x00 (0) > [73] : 0x00 (0) > [74] : 0x00 (0) > [75] : 0x01 (1) > [76] : 0x00 (0) > [77] : 0x00 (0) > [78] : 0x00 (0) > [79] : 0x00 (0) > [80] : 0x00 (0) > [81] : 0x09 (9) > [82] : 0x24 (36) > [83] : 0x00 (0) > [84] : 0x0c (12) > [85] : 0x00 (0) > [86] : 0x0f (15) > [87] : 0x10 (16) > [88] : 0x01 (1) > [89] : 0x05 (5) > [90] : 0x00 (0) > [91] : 0x00 (0) > [92] : 0x00 (0) > [93] : 0x00 (0) > [94] : 0x00 (0) > [95] : 0x05 (5) > [96] : 0x15 (21) > [97] : 0x00 (0) > [98] : 0x00 (0) > [99] : 0x00 (0) > [100] : 0xd3 (211) > [101] : 0x42 (66) > [102] : 0x9f (159) > [103] : 0x90 (144) > [104] : 0x94 (148) > [105] : 0x5f (95) > [106] : 0x64 (100) > [107] : 0xfd (253) > [108] : 0xeb (235) > [109] : 0x17 (23) > [110] : 0x72 (114) > [111] : 0x3b (59) > [112] : 0x00 (0) > [113] : 0x02 (2) > [114] : 0x00 (0) > [115] : 0x00 (0) > [116] : 0x00 (0) > [117] : 0x02 (2) > [118] : 0x24 (36) > [119] : 0x00 (0) > [120] : 0x0c (12) > [121] : 0x00 (0) > [122] : 0x0f (15) > [123] : 0x10 (16) > [124] : 0x01 (1) > [125] : 0x05 (5) > [126] : 0x00 (0) > [127] : 0x00 (0) > [128] : 0x00 (0) > [129] : 0x00 (0) > [130] : 0x00 (0) > [131] : 0x05 (5) > [132] : 0x15 (21) > [133] : 0x00 (0) > [134] : 0x00 (0) > [135] : 0x00 (0) > [136] : 0xd3 (211) > [137] : 0x42 (66) > [138] : 0x9f (159) > [139] : 0x90 (144) > [140] : 0x94 (148) > [141] : 0x5f (95) > [142] : 0x64 (100) > [143] : 0xfd (253) > [144] : 0xeb (235) > [145] : 0x17 (23) > [146] : 0x72 (114) > [147] : 0x3b (59) > [148] : 0x00 (0) > [149] : 0x02 (2) > [150] : 0x00 (0) > [151] : 0x00 (0) > [152] : 0x00 (0) > [153] : 0x09 (9) > [154] : 0x18 (24) > [155] : 0x00 (0) > [156] : 0x0c (12) > [157] : 0x00 (0) > [158] : 0x0f (15) > [159] : 0x10 (16) > [160] : 0x01 (1) > [161] : 0x02 (2) > [162] : 0x00 (0) > [163] : 0x00 (0) > [164] : 0x00 (0) > [165] : 0x00 (0) > [166] : 0x00 (0) > [167] : 0x05 (5) > [168] : 0x20 (32) > [169] : 0x00 (0) > [170] : 0x00 (0) > [171] : 0x00 (0) > [172] : 0x20 (32) > [173] : 0x02 (2) > [174] : 0x00 (0) > [175] : 0x00 (0) > [176] : 0x00 (0) > [177] : 0x02 (2) > [178] : 0x18 (24) > [179] : 0x00 (0) > [180] : 0x0c (12) > [181] : 0x00 (0) > [182] : 0x0f (15) > [183] : 0x10 (16) > [184] : 0x01 (1) > [185] : 0x02 (2) > [186] : 0x00 (0) > [187] : 0x00 (0) > [188] : 0x00 (0) > [189] : 0x00 (0) > [190] : 0x00 (0) > [191] : 0x05 (5) > [192] : 0x20 (32) > [193] : 0x00 (0) > [194] : 0x00 (0) > [195] : 0x00 (0) > [196] : 0x20 (32) > [197] : 0x02 (2) > [198] : 0x00 (0) > [199] : 0x00 (0) > [200] : 0x00 (0) > [201] : 0x09 (9) > [202] : 0x18 (24) > [203] : 0x00 (0) > [204] : 0x0c (12) > [205] : 0x00 (0) > [206] : 0x0f (15) > [207] : 0x10 (16) > [208] : 0x01 (1) > [209] : 0x02 (2) > [210] : 0x00 (0) > [211] : 0x00 (0) > [212] : 0x00 (0) > [213] : 0x00 (0) > [214] : 0x00 (0) > [215] : 0x05 (5) > [216] : 0x20 (32) > [217] : 0x00 (0) > [218] : 0x00 (0) > [219] : 0x00 (0) > [220] : 0x26 (38) > [221] : 0x02 (2) > [222] : 0x00 (0) > [223] : 0x00 (0) > [224] : 0x00 (0) > [225] : 0x02 (2) > [226] : 0x18 (24) > [227] : 0x00 (0) > [228] : 0x0c (12) > [229] : 0x00 (0) > [230] : 0x0f (15) > [231] : 0x10 (16) > [232] : 0x01 (1) > [233] : 0x02 (2) > [234] : 0x00 (0) > [235] : 0x00 (0) > [236] : 0x00 (0) > [237] : 0x00 (0) > [238] : 0x00 (0) > [239] : 0x05 (5) > [240] : 0x20 (32) > [241] : 0x00 (0) > [242] : 0x00 (0) > [243] : 0x00 (0) > [244] : 0x26 (38) > [245] : 0x02 (2) > [246] : 0x00 (0) > [247] : 0x00 (0) > data_size : * > data_size : 0x000000f8 (248) > data_length : * > data_length : 0x000000f8 (248) > result : WERR_OK >[2012/02/20 14:52:42.712769, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > in: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000020-0000-0000-424f-aac0596c0000 >[2012/02/20 14:52:42.713113, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 20 00 00 00 00 00 00 00 42 4F AA C0 .... ... ....BO.. > [0010] 59 6C 00 00 Yl.. >[2012/02/20 14:52:42.713305, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 20 00 00 00 00 00 00 00 42 4F AA C0 .... ... ....BO.. > [0010] 59 6C 00 00 Yl.. >[2012/02/20 14:52:42.713490, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/02/20 14:52:42.713588, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (4->3) >[2012/02/20 14:52:42.713679, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > out: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000000-0000-0000-0000-000000000000 > result : WERR_OK >[2012/02/20 14:52:42.714197, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > in: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000001f-0000-0000-424f-aac0596c0000 >[2012/02/20 14:52:42.714600, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 1F 00 00 00 00 00 00 00 42 4F AA C0 ........ ....BO.. > [0010] 59 6C 00 00 Yl.. >[2012/02/20 14:52:42.714860, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 1F 00 00 00 00 00 00 00 42 4F AA C0 ........ ....BO.. > [0010] 59 6C 00 00 Yl.. >[2012/02/20 14:52:42.715145, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/02/20 14:52:42.715304, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (3->2) >[2012/02/20 14:52:42.715439, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > out: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000000-0000-0000-0000-000000000000 > result : WERR_OK >[2012/02/20 14:52:42.716134, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > in: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000001e-0000-0000-424f-aac0596c0000 >[2012/02/20 14:52:42.716751, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 1E 00 00 00 00 00 00 00 42 4F AA C0 ........ ....BO.. > [0010] 59 6C 00 00 Yl.. >[2012/02/20 14:52:42.717052, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 1E 00 00 00 00 00 00 00 42 4F AA C0 ........ ....BO.. > [0010] 59 6C 00 00 Yl.. >[2012/02/20 14:52:42.717352, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/02/20 14:52:42.717478, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (2->1) >[2012/02/20 14:52:42.717598, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > out: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000000-0000-0000-0000-000000000000 > result : WERR_OK >[2012/02/20 14:52:42.718249, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > in: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000001d-0000-0000-424f-aac0596c0000 >[2012/02/20 14:52:42.718732, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 1D 00 00 00 00 00 00 00 42 4F AA C0 ........ ....BO.. > [0010] 59 6C 00 00 Yl.. >[2012/02/20 14:52:42.719135, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 1D 00 00 00 00 00 00 00 42 4F AA C0 ........ ....BO.. > [0010] 59 6C 00 00 Yl.. >[2012/02/20 14:52:42.719357, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/02/20 14:52:42.719448, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (1->0) >[2012/02/20 14:52:42.719582, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > out: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000000-0000-0000-0000-000000000000 > result : WERR_OK >[2012/02/20 14:52:42.720146, 5] printing/printing.c:3056(get_stored_queue_info) > get_stored_queue_info: qcount = 0, extra_count = 0 > count:[0], status:[0], [] >[2012/02/20 14:52:42.720304, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > spoolss_EnumJobs: struct spoolss_EnumJobs > out: struct spoolss_EnumJobs > count : * > count : 0x00000000 (0) > info : * > info : NULL > needed : * > needed : 0x00000000 (0) > result : WERR_OK >[2012/02/20 14:52:42.720741, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP) > api_rpcTNP: called \spoolss successfully >[2012/02/20 14:52:42.720850, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 48 >[2012/02/20 14:52:42.720991, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) > name: \spoolss len: 4136 >[2012/02/20 14:52:42.721093, 10] rpc_server/srv_pipe_hnd.c:346(read_from_internal_pipe) > read_from_pipe: \spoolss: fault_state = 0 : data_sent_length = 0, p->out_data.rdata.length = 16. >[2012/02/20 14:52:42.721201, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) > &r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_RESPONSE (2) > pfc_flags : 0x03 (3) > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x0028 (40) > auth_length : 0x0000 (0) > call_id : 0x00000005 (5) > u : union dcerpc_payload(case 2) > response: struct dcerpc_response > alloc_hint : 0x00000010 (16) > context_id : 0x0000 (0) > cancel_count : 0x00 (0) > _pad : DATA_BLOB length=0 > stub_and_verifier : DATA_BLOB length=16 > [0000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ >[2012/02/20 14:52:42.722312, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) > free_pipe_context: destroying talloc pool of size 1341 >[2012/02/20 14:52:42.722416, 10] rpc_server/rpc_handles.c:307(close_policy_by_pipe) > close_policy_by_pipe: deleted handle list for pipe \winreg >[2012/02/20 14:52:42.722536, 10] rpc_server/srv_pipe_hnd.c:788(np_read_recv) > Received 40 bytes. There is no more data outstanding >[2012/02/20 14:52:42.722636, 5] smbd/ipc.c:62(copy_trans_params_and_data) > copy_trans_params_and_data: params[0..0] data[0..40] (align 0) >[2012/02/20 14:52:42.722727, 5] lib/util.c:332(show_msg) >[2012/02/20 14:52:42.722777, 5] lib/util.c:342(show_msg) > size=96 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51203 > smb_tid=2 > smb_pid=1620 > smb_uid=100 > smb_mid=23041 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 40 (0x28) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 40 (0x28) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=41 >[2012/02/20 14:52:42.723609, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 05 00 02 03 10 00 00 00 28 00 00 00 05 00 00 ........ .(...... > [0010] 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0020] 00 00 00 00 00 00 00 00 00 ........ . >[2012/02/20 14:52:42.724500, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 128 >[2012/02/20 14:52:42.724735, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x80 >[2012/02/20 14:52:42.724839, 3] smbd/process.c:1662(process_smb) > Transaction 41 of length 132 (0 toread) >[2012/02/20 14:52:42.724928, 5] lib/util.c:332(show_msg) >[2012/02/20 14:52:42.724992, 5] lib/util.c:342(show_msg) > size=128 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=2 > smb_pid=1620 > smb_uid=100 > smb_mid=23105 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 44 (0x2C) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 4136 (0x1028) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 44 (0x2C) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=15584 (0x3CE0) > smb_bcc=61 >[2012/02/20 14:52:42.726099, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... > [0010] 00 05 00 00 03 10 00 00 00 2C 00 00 00 06 00 00 ........ .,...... > [0020] 00 14 00 00 00 00 00 1D 00 00 00 00 00 0D 00 00 ........ ........ > [0030] 00 00 00 00 00 42 4F AA C0 59 6C 00 00 .....BO. .Yl.. >[2012/02/20 14:52:42.726462, 3] smbd/process.c:1467(switch_message) > switch message SMBtrans (pid 27737) conn 0x9697a50 >[2012/02/20 14:52:42.726555, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/02/20 14:52:42.726654, 3] smbd/ipc.c:560(handle_trans) > trans <\PIPE\> data=44 params=0 setup=2 >[2012/02/20 14:52:42.726747, 5] smbd/ipc.c:593(handle_trans) > calling named_pipe >[2012/02/20 14:52:42.726831, 3] smbd/ipc.c:511(named_pipe) > named pipe command on <> name >[2012/02/20 14:52:42.726918, 5] smbd/ipc.c:434(api_fd_reply) > api_fd_reply >[2012/02/20 14:52:42.727026, 3] smbd/ipc.c:475(api_fd_reply) > Got API command 0x26 on pipe "spoolss" (pnum 3ce0) >[2012/02/20 14:52:42.727157, 10] smbd/ipc.c:477(api_fd_reply) > api_fd_reply: p:0x9617028 max_trans_reply: 4136 >[2012/02/20 14:52:42.727246, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) > np_write_send: len: 44 >[2012/02/20 14:52:42.727337, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 44 >[2012/02/20 14:52:42.727425, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 44 >[2012/02/20 14:52:42.727514, 10] rpc_server/srv_pipe_hnd.c:50(fill_rpc_header) > fill_rpc_header: data_to_copy = 44, len_needed_to_complete_hdr = 16, receive_len = 0 >[2012/02/20 14:52:42.727604, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 16 >[2012/02/20 14:52:42.727690, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 28 >[2012/02/20 14:52:42.727783, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 28 >[2012/02/20 14:52:42.727891, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 0 >[2012/02/20 14:52:42.727990, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 28 >[2012/02/20 14:52:42.728077, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 28, incoming data = 28 >[2012/02/20 14:52:42.728167, 10] rpc_server/srv_pipe.c:1877(process_complete_pdu) > PDU is in Little Endian format! >[2012/02/20 14:52:42.728265, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) > r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_REQUEST (0) > pfc_flags : 0x03 (3) > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x002c (44) > auth_length : 0x0000 (0) > call_id : 0x00000006 (6) > u : union dcerpc_payload(case 0) > request: struct dcerpc_request > alloc_hint : 0x00000014 (20) > context_id : 0x0000 (0) > opnum : 0x001d (29) > object : union dcerpc_object(case 0) > empty: struct dcerpc_empty > _pad : DATA_BLOB length=0 > stub_and_verifier : DATA_BLOB length=20 > [0000] 00 00 00 00 0D 00 00 00 00 00 00 00 42 4F AA C0 ........ ....BO.. > [0010] 59 6C 00 00 Yl.. >[2012/02/20 14:52:42.729385, 10] rpc_server/srv_pipe.c:1890(process_complete_pdu) > Processing packet type 0 >[2012/02/20 14:52:42.729476, 10] rpc_server/srv_pipe.c:1734(dcesrv_auth_request) > Checking request auth. >[2012/02/20 14:52:42.729565, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) > Requested \PIPE\\spoolss >[2012/02/20 14:52:42.729660, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) > api_rpcTNP: \spoolss op 0x1d - api_rpcTNP: rpc command: SPOOLSS_CLOSEPRINTER >[2012/02/20 14:52:42.729752, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) > api_rpc_cmds[29].fn == 0x444cd0 >[2012/02/20 14:52:42.729858, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > spoolss_ClosePrinter: struct spoolss_ClosePrinter > in: struct spoolss_ClosePrinter > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000000d-0000-0000-424f-aac0596c0000 >[2012/02/20 14:52:42.730192, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 0D 00 00 00 00 00 00 00 42 4F AA C0 ........ ....BO.. > [0010] 59 6C 00 00 Yl.. >[2012/02/20 14:52:42.730414, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 0D 00 00 00 00 00 00 00 42 4F AA C0 ........ ....BO.. > [0010] 59 6C 00 00 Yl.. >[2012/02/20 14:52:42.730602, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 0D 00 00 00 00 00 00 00 42 4F AA C0 ........ ....BO.. > [0010] 59 6C 00 00 Yl.. >[2012/02/20 14:52:42.730788, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/02/20 14:52:42.730875, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > spoolss_ClosePrinter: struct spoolss_ClosePrinter > out: struct spoolss_ClosePrinter > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000000-0000-0000-0000-000000000000 > result : WERR_OK >[2012/02/20 14:52:42.731231, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP) > api_rpcTNP: called \spoolss successfully >[2012/02/20 14:52:42.731344, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 28 >[2012/02/20 14:52:42.731469, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) > name: \spoolss len: 4136 >[2012/02/20 14:52:42.731563, 10] rpc_server/srv_pipe_hnd.c:346(read_from_internal_pipe) > read_from_pipe: \spoolss: fault_state = 0 : data_sent_length = 0, p->out_data.rdata.length = 24. >[2012/02/20 14:52:42.731668, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) > &r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_RESPONSE (2) > pfc_flags : 0x03 (3) > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x0030 (48) > auth_length : 0x0000 (0) > call_id : 0x00000006 (6) > u : union dcerpc_payload(case 2) > response: struct dcerpc_response > alloc_hint : 0x00000018 (24) > context_id : 0x0000 (0) > cancel_count : 0x00 (0) > _pad : DATA_BLOB length=0 > stub_and_verifier : DATA_BLOB length=24 > [0000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0010] 00 00 00 00 00 00 00 00 ........ >[2012/02/20 14:52:42.732711, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) > free_pipe_context: destroying talloc pool of size 24 >[2012/02/20 14:52:42.732819, 10] rpc_server/srv_pipe_hnd.c:788(np_read_recv) > Received 48 bytes. There is no more data outstanding >[2012/02/20 14:52:42.732912, 5] smbd/ipc.c:62(copy_trans_params_and_data) > copy_trans_params_and_data: params[0..0] data[0..48] (align 0) >[2012/02/20 14:52:42.733021, 5] lib/util.c:332(show_msg) >[2012/02/20 14:52:42.733073, 5] lib/util.c:342(show_msg) > size=104 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51203 > smb_tid=2 > smb_pid=1620 > smb_uid=100 > smb_mid=23105 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 48 (0x30) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 48 (0x30) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=49 >[2012/02/20 14:52:42.733919, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 05 00 02 03 10 00 00 00 30 00 00 00 06 00 00 ........ .0...... > [0010] 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0030] 00 . >[2012/02/20 14:52:42.734405, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 102 >[2012/02/20 14:52:42.734530, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x66 >[2012/02/20 14:52:42.734620, 3] smbd/process.c:1662(process_smb) > Transaction 42 of length 106 (0 toread) >[2012/02/20 14:52:42.734706, 5] lib/util.c:332(show_msg) >[2012/02/20 14:52:42.734756, 5] lib/util.c:342(show_msg) > size=102 > smb_com=0xa2 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=2 > smb_pid=1620 > smb_uid=100 > smb_mid=23170 > smt_wct=24 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]= 4096 (0x1000) > smb_vwv[ 3]= 4096 (0x1000) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]=40704 (0x9F00) > smb_vwv[ 8]= 4609 (0x1201) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_vwv[14]= 0 (0x0) > smb_vwv[15]= 1792 (0x700) > smb_vwv[16]= 0 (0x0) > smb_vwv[17]= 256 (0x100) > smb_vwv[18]= 0 (0x0) > smb_vwv[19]=16384 (0x4000) > smb_vwv[20]=16384 (0x4000) > smb_vwv[21]= 512 (0x200) > smb_vwv[22]= 0 (0x0) > smb_vwv[23]= 768 (0x300) > smb_bcc=19 >[2012/02/20 14:52:42.736142, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 5C 00 73 00 70 00 6F 00 6F 00 6C 00 73 00 73 .\.s.p.o .o.l.s.s > [0010] 00 00 00 ... >[2012/02/20 14:52:42.736340, 3] smbd/process.c:1467(switch_message) > switch message SMBntcreateX (pid 27737) conn 0x9697a50 >[2012/02/20 14:52:42.736432, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/02/20 14:52:42.736527, 10] smbd/nttrans.c:505(reply_ntcreate_and_X) > reply_ntcreate_and_X: flags = 0x10, access_mask = 0x12019f file_attributes = 0x0, share_access = 0x7, create_disposition = 0x1 create_options = 0x400040 root_dir_fid = 0x0, fname = spoolss >[2012/02/20 14:52:42.736625, 4] smbd/nttrans.c:293(nt_open_pipe) > nt_open_pipe: Opening pipe \spoolss. >[2012/02/20 14:52:42.736721, 5] smbd/files.c:126(file_new) > allocated file structure 11490, fnum = 15586 (3 used) >[2012/02/20 14:52:42.736820, 10] smbd/files.c:618(file_name_hash) > file_name_hash: /tmp/spoolss hash 0x7d4e46e5 >[2012/02/20 14:52:42.736921, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) > Create pipe requested \spoolss >[2012/02/20 14:52:42.737036, 10] rpc_server/rpc_handles.c:133(init_pipe_handles) > init_pipe_handle_list: pipe_handles ref count = 3 for pipe \spoolss >[2012/02/20 14:52:42.737146, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) > Created internal pipe \spoolss (pipes_open=0) >[2012/02/20 14:52:42.737243, 5] smbd/nttrans.c:382(do_ntcreate_pipe_open) > do_ntcreate_pipe_open: open pipe = \spoolss >[2012/02/20 14:52:42.737526, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 41 >[2012/02/20 14:52:42.737640, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x29 >[2012/02/20 14:52:42.737729, 3] smbd/process.c:1662(process_smb) > Transaction 43 of length 45 (0 toread) >[2012/02/20 14:52:42.737816, 5] lib/util.c:332(show_msg) >[2012/02/20 14:52:42.737867, 5] lib/util.c:342(show_msg) > size=41 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=2 > smb_pid=65279 > smb_uid=100 > smb_mid=23234 > smt_wct=3 > smb_vwv[ 0]=15584 (0x3CE0) > smb_vwv[ 1]=65535 (0xFFFF) > smb_vwv[ 2]=65535 (0xFFFF) > smb_bcc=0 >[2012/02/20 14:52:42.738467, 10] ../lib/util/util.c:415(dump_data) >[2012/02/20 14:52:42.738526, 3] smbd/process.c:1467(switch_message) > switch message SMBclose (pid 27737) conn 0x9697a50 >[2012/02/20 14:52:42.738617, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/02/20 14:52:42.738705, 3] smbd/reply.c:4846(reply_close) > close fd=-1 fnum=15584 (numopen=2) >[2012/02/20 14:52:42.738837, 6] smbd/close.c:527(set_close_write_time) > close_write_time: Wed Dec 31 16:59:59 1969 >[2012/02/20 14:52:42.738947, 5] smbd/files.c:464(file_free) > freed files structure 15584 (2 used) >[2012/02/20 14:52:42.739125, 5] lib/util.c:332(show_msg) >[2012/02/20 14:52:42.739183, 5] lib/util.c:342(show_msg) > size=35 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51203 > smb_tid=2 > smb_pid=65279 > smb_uid=100 > smb_mid=23234 > smt_wct=0 > smb_bcc=0 >[2012/02/20 14:52:42.739648, 10] ../lib/util/util.c:415(dump_data) >[2012/02/20 14:52:42.739933, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 180 >[2012/02/20 14:52:42.740060, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0xb4 >[2012/02/20 14:52:42.740150, 3] smbd/process.c:1662(process_smb) > Transaction 44 of length 184 (0 toread) >[2012/02/20 14:52:42.740237, 5] lib/util.c:332(show_msg) >[2012/02/20 14:52:42.740287, 5] lib/util.c:342(show_msg) > size=180 > smb_com=0x2f > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=2 > smb_pid=65279 > smb_uid=100 > smb_mid=23298 > smt_wct=14 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]=15586 (0x3CE2) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]=65535 (0xFFFF) > smb_vwv[ 6]=65535 (0xFFFF) > smb_vwv[ 7]= 8 (0x8) > smb_vwv[ 8]= 116 (0x74) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 116 (0x74) > smb_vwv[11]= 64 (0x40) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_bcc=117 >[2012/02/20 14:52:42.741255, 10] ../lib/util/util.c:415(dump_data) > [0000] EE 05 00 0B 03 10 00 00 00 74 00 00 00 02 00 00 ........ .t...... > [0010] 00 B8 10 B8 10 00 00 00 00 02 00 00 00 00 00 01 ........ ........ > [0020] 00 78 56 34 12 34 12 CD AB EF 00 01 23 45 67 89 .xV4.4.. ....#Eg. > [0030] AB 01 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 ......]. ........ > [0040] 00 2B 10 48 60 02 00 00 00 01 00 01 00 78 56 34 .+.H`... .....xV4 > [0050] 12 34 12 CD AB EF 00 01 23 45 67 89 AB 01 00 00 .4...... #Eg..... > [0060] 00 2C 1C B7 6C 12 98 40 45 03 00 00 00 00 00 00 .,..l..@ E....... > [0070] 00 01 00 00 00 ..... >[2012/02/20 14:52:42.741885, 3] smbd/process.c:1467(switch_message) > switch message SMBwriteX (pid 27737) conn 0x9697a50 >[2012/02/20 14:52:42.741998, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/02/20 14:52:42.742091, 6] smbd/pipes.c:300(reply_pipe_write_and_X) > reply_pipe_write_and_X: 3ce2 name: spoolss len: 116 >[2012/02/20 14:52:42.742181, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) > np_write_send: len: 116 >[2012/02/20 14:52:42.742271, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 116 >[2012/02/20 14:52:42.742359, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 116 >[2012/02/20 14:52:42.742449, 10] rpc_server/srv_pipe_hnd.c:50(fill_rpc_header) > fill_rpc_header: data_to_copy = 116, len_needed_to_complete_hdr = 16, receive_len = 0 >[2012/02/20 14:52:42.742542, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 16 >[2012/02/20 14:52:42.742628, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 100 >[2012/02/20 14:52:42.742714, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 100 >[2012/02/20 14:52:42.742804, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 0 >[2012/02/20 14:52:42.742890, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 100 >[2012/02/20 14:52:42.742983, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 100, incoming data = 100 >[2012/02/20 14:52:42.743073, 10] rpc_server/srv_pipe.c:1877(process_complete_pdu) > PDU is in Little Endian format! >[2012/02/20 14:52:42.743210, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) > r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_BIND (11) > pfc_flags : 0x03 (3) > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x0074 (116) > auth_length : 0x0000 (0) > call_id : 0x00000002 (2) > u : union dcerpc_payload(case 11) > bind: struct dcerpc_bind > max_xmit_frag : 0x10b8 (4280) > max_recv_frag : 0x10b8 (4280) > assoc_group_id : 0x00000000 (0) > num_contexts : 0x02 (2) > ctx_list: ARRAY(2) > ctx_list: struct dcerpc_ctx_list > context_id : 0x0000 (0) > num_transfer_syntaxes : 0x01 (1) > abstract_syntax: struct ndr_syntax_id > uuid : 12345678-1234-abcd-ef00-0123456789ab > if_version : 0x00000001 (1) > transfer_syntaxes: ARRAY(1) > transfer_syntaxes: struct ndr_syntax_id > uuid : 8a885d04-1ceb-11c9-9fe8-08002b104860 > if_version : 0x00000002 (2) > ctx_list: struct dcerpc_ctx_list > context_id : 0x0001 (1) > num_transfer_syntaxes : 0x01 (1) > abstract_syntax: struct ndr_syntax_id > uuid : 12345678-1234-abcd-ef00-0123456789ab > if_version : 0x00000001 (1) > transfer_syntaxes: ARRAY(1) > transfer_syntaxes: struct ndr_syntax_id > uuid : 6cb71c2c-9812-4540-0300-000000000000 > if_version : 0x00000001 (1) > auth_info : DATA_BLOB length=0 >[2012/02/20 14:52:42.744974, 10] rpc_server/srv_pipe.c:1890(process_complete_pdu) > Processing packet type 11 >[2012/02/20 14:52:42.745073, 3] rpc_server/srv_pipe.c:889(api_pipe_bind_req) > api_pipe_bind_req: \PIPE\spoolss -> \PIPE\spoolss >[2012/02/20 14:52:42.745164, 5] rpc_server/srv_pipe.c:923(api_pipe_bind_req) > api_pipe_bind_req: make response. 923 >[2012/02/20 14:52:42.745254, 3] rpc_server/srv_pipe.c:339(check_bind_req) > check_bind_req for \spoolss >[2012/02/20 14:52:42.745360, 3] rpc_server/srv_pipe.c:346(check_bind_req) > check_bind_req: \PIPE\spoolss -> \PIPE\spoolss >[2012/02/20 14:52:42.745474, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) > &r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_BIND_ACK (12) > pfc_flags : 0x03 (3) > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x0044 (68) > auth_length : 0x0000 (0) > call_id : 0x00000002 (2) > u : union dcerpc_payload(case 12) > bind_ack: struct dcerpc_bind_ack > max_xmit_frag : 0x10b8 (4280) > max_recv_frag : 0x10b8 (4280) > assoc_group_id : 0x000053f0 (21488) > secondary_address_size : 0x000e (14) > secondary_address : '\PIPE\spoolss' > _pad1 : DATA_BLOB length=0 > num_results : 0x01 (1) > ctx_list: ARRAY(1) > ctx_list: struct dcerpc_ack_ctx > result : 0x0000 (0) > reason : 0x0000 (0) > syntax: struct ndr_syntax_id > uuid : 8a885d04-1ceb-11c9-9fe8-08002b104860 > if_version : 0x00000002 (2) > auth_info : DATA_BLOB length=0 >[2012/02/20 14:52:42.746753, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 100 >[2012/02/20 14:52:42.746870, 3] smbd/pipes.c:361(pipe_write_andx_done) > writeX-IPC nwritten=116 >[2012/02/20 14:52:42.747258, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 59 >[2012/02/20 14:52:42.747389, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x3b >[2012/02/20 14:52:42.747477, 3] smbd/process.c:1662(process_smb) > Transaction 45 of length 63 (0 toread) >[2012/02/20 14:52:42.747566, 5] lib/util.c:332(show_msg) >[2012/02/20 14:52:42.747616, 5] lib/util.c:342(show_msg) > size=59 > smb_com=0x2e > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=2 > smb_pid=65279 > smb_uid=100 > smb_mid=23362 > smt_wct=12 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]=15586 (0x3CE2) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 1024 (0x400) > smb_vwv[ 6]= 1024 (0x400) > smb_vwv[ 7]=65535 (0xFFFF) > smb_vwv[ 8]=65535 (0xFFFF) > smb_vwv[ 9]= 1024 (0x400) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_bcc=0 >[2012/02/20 14:52:42.748542, 10] ../lib/util/util.c:415(dump_data) >[2012/02/20 14:52:42.748604, 3] smbd/process.c:1467(switch_message) > switch message SMBreadX (pid 27737) conn 0x9697a50 >[2012/02/20 14:52:42.748694, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/02/20 14:52:42.748787, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) > name: \spoolss len: 1024 >[2012/02/20 14:52:42.748880, 10] rpc_server/srv_pipe_hnd.c:325(read_from_internal_pipe) > read_from_pipe: \spoolss: current_pdu_len = 68, current_pdu_sent = 0 returning 68 bytes. >[2012/02/20 14:52:42.748983, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) > free_pipe_context: destroying talloc pool of size 24 >[2012/02/20 14:52:42.749093, 10] rpc_server/srv_pipe_hnd.c:788(np_read_recv) > Received 68 bytes. There is no more data outstanding >[2012/02/20 14:52:42.749182, 3] smbd/pipes.c:485(pipe_read_andx_done) > readX-IPC min=1024 max=1024 nread=68 >[2012/02/20 14:52:42.749519, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 278 >[2012/02/20 14:52:42.749631, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x116 >[2012/02/20 14:52:42.749720, 3] smbd/process.c:1662(process_smb) > Transaction 46 of length 282 (0 toread) >[2012/02/20 14:52:42.749808, 5] lib/util.c:332(show_msg) >[2012/02/20 14:52:42.749858, 5] lib/util.c:342(show_msg) > size=278 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=2 > smb_pid=1620 > smb_uid=100 > smb_mid=23426 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 194 (0xC2) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 194 (0xC2) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=15586 (0x3CE2) > smb_bcc=211 >[2012/02/20 14:52:42.750903, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... > [0010] 00 05 00 00 03 10 00 00 00 C2 00 00 00 02 00 00 ........ ........ > [0020] 00 AA 00 00 00 00 00 45 00 00 00 02 00 0E 00 00 .......E ........ > [0030] 00 00 00 00 00 0E 00 00 00 5C 00 5C 00 45 00 41 ........ .\.\.E.A > [0040] 00 52 00 54 00 48 00 5C 00 66 00 72 00 6F 00 73 .R.T.H.\ .f.r.o.s > [0050] 00 74 00 00 00 00 00 00 00 00 00 00 00 00 00 00 .t...... ........ > [0060] 00 00 00 00 00 01 00 00 00 01 00 00 00 04 00 02 ........ ........ > [0070] 00 1C 00 00 00 08 00 02 00 0C 00 02 00 B1 1D 00 ........ ........ > [0080] 00 03 00 00 00 00 00 00 00 00 00 00 00 07 00 00 ........ ........ > [0090] 00 00 00 00 00 07 00 00 00 48 00 45 00 53 00 54 ........ .H.E.S.T > [00A0] 00 49 00 41 00 00 00 00 00 0F 00 00 00 00 00 00 .I.A.... ........ > [00B0] 00 0F 00 00 00 43 00 4F 00 2D 00 52 00 41 00 5C .....C.O .-.R.A.\ > [00C0] 00 77 00 69 00 6E 00 67 00 75 00 65 00 73 00 74 .w.i.n.g .u.e.s.t > [00D0] 00 00 00 ... >[2012/02/20 14:52:42.752045, 3] smbd/process.c:1467(switch_message) > switch message SMBtrans (pid 27737) conn 0x9697a50 >[2012/02/20 14:52:42.752143, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/02/20 14:52:42.752241, 3] smbd/ipc.c:560(handle_trans) > trans <\PIPE\> data=194 params=0 setup=2 >[2012/02/20 14:52:42.752333, 5] smbd/ipc.c:593(handle_trans) > calling named_pipe >[2012/02/20 14:52:42.752418, 3] smbd/ipc.c:511(named_pipe) > named pipe command on <> name >[2012/02/20 14:52:42.752504, 5] smbd/ipc.c:434(api_fd_reply) > api_fd_reply >[2012/02/20 14:52:42.752593, 3] smbd/ipc.c:475(api_fd_reply) > Got API command 0x26 on pipe "spoolss" (pnum 3ce2) >[2012/02/20 14:52:42.752681, 10] smbd/ipc.c:477(api_fd_reply) > api_fd_reply: p:0x96a87b8 max_trans_reply: 1024 >[2012/02/20 14:52:42.752770, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) > np_write_send: len: 194 >[2012/02/20 14:52:42.752860, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 194 >[2012/02/20 14:52:42.752948, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 194 >[2012/02/20 14:52:42.753064, 10] rpc_server/srv_pipe_hnd.c:50(fill_rpc_header) > fill_rpc_header: data_to_copy = 194, len_needed_to_complete_hdr = 16, receive_len = 0 >[2012/02/20 14:52:42.753155, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 16 >[2012/02/20 14:52:42.753240, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 178 >[2012/02/20 14:52:42.753326, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 178 >[2012/02/20 14:52:42.753416, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 0 >[2012/02/20 14:52:42.753502, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 178 >[2012/02/20 14:52:42.753589, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 178, incoming data = 178 >[2012/02/20 14:52:42.753679, 10] rpc_server/srv_pipe.c:1877(process_complete_pdu) > PDU is in Little Endian format! >[2012/02/20 14:52:42.753776, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) > r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_REQUEST (0) > pfc_flags : 0x03 (3) > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x00c2 (194) > auth_length : 0x0000 (0) > call_id : 0x00000002 (2) > u : union dcerpc_payload(case 0) > request: struct dcerpc_request > alloc_hint : 0x000000aa (170) > context_id : 0x0000 (0) > opnum : 0x0045 (69) > object : union dcerpc_object(case 0) > empty: struct dcerpc_empty > _pad : DATA_BLOB length=0 > stub_and_verifier : DATA_BLOB length=170 > [0000] 00 00 02 00 0E 00 00 00 00 00 00 00 0E 00 00 00 ........ ........ > [0010] 5C 00 5C 00 45 00 41 00 52 00 54 00 48 00 5C 00 \.\.E.A. R.T.H.\. > [0020] 66 00 72 00 6F 00 73 00 74 00 00 00 00 00 00 00 f.r.o.s. t....... > [0030] 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 ........ ........ > [0040] 01 00 00 00 04 00 02 00 1C 00 00 00 08 00 02 00 ........ ........ > [0050] 0C 00 02 00 B1 1D 00 00 03 00 00 00 00 00 00 00 ........ ........ > [0060] 00 00 00 00 07 00 00 00 00 00 00 00 07 00 00 00 ........ ........ > [0070] 48 00 45 00 53 00 54 00 49 00 41 00 00 00 00 00 H.E.S.T. I.A..... > [0080] 0F 00 00 00 00 00 00 00 0F 00 00 00 43 00 4F 00 ........ ....C.O. > [0090] 2D 00 52 00 41 00 5C 00 77 00 69 00 6E 00 67 00 -.R.A.\. w.i.n.g. > [00A0] 75 00 65 00 73 00 74 00 00 00 u.e.s.t. .. >[2012/02/20 14:52:42.755808, 10] rpc_server/srv_pipe.c:1890(process_complete_pdu) > Processing packet type 0 >[2012/02/20 14:52:42.755901, 10] rpc_server/srv_pipe.c:1734(dcesrv_auth_request) > Checking request auth. >[2012/02/20 14:52:42.756014, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) > Requested \PIPE\\spoolss >[2012/02/20 14:52:42.756113, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) > api_rpcTNP: \spoolss op 0x45 - api_rpcTNP: rpc command: SPOOLSS_OPENPRINTEREX >[2012/02/20 14:52:42.756207, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) > api_rpc_cmds[69].fn == 0x4473d0 >[2012/02/20 14:52:42.756309, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > spoolss_OpenPrinterEx: struct spoolss_OpenPrinterEx > in: struct spoolss_OpenPrinterEx > printername : * > printername : '\\EARTH\frost' > datatype : NULL > devmode_ctr: struct spoolss_DevmodeContainer > _ndr_size : 0x00000000 (0) > devmode : NULL > access_mask : 0x00000000 (0) > 0: SERVER_ACCESS_ADMINISTER > 0: SERVER_ACCESS_ENUMERATE > 0: PRINTER_ACCESS_ADMINISTER > 0: PRINTER_ACCESS_USE > 0: JOB_ACCESS_ADMINISTER > 0: JOB_ACCESS_READ > level : 0x00000001 (1) > userlevel : union spoolss_UserLevel(case 1) > level1 : * > level1: struct spoolss_UserLevel1 > size : 0x0000001c (28) > client : * > client : 'HESTIA' > user : * > user : 'CO-RA\winguest' > build : 0x00001db1 (7601) > major : UNKNOWN_ENUM_VALUE (3) > minor : SPOOLSS_MINOR_VERSION_0 (0) > processor : PROCESSOR_ARCHITECTURE_INTEL (0) > checking name: \\EARTH\frost >[2012/02/20 14:52:42.757540, 10] rpc_server/spoolss/srv_spoolss_nt.c:752(open_printer_hnd) > open_printer_hnd: name [\\EARTH\frost] >[2012/02/20 14:52:42.757641, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[1] [0000] 00 00 00 00 21 00 00 00 00 00 00 00 42 4F AA C0 ....!... ....BO.. > [0010] 59 6C 00 00 Yl.. >[2012/02/20 14:52:42.757839, 3] rpc_server/spoolss/srv_spoolss_nt.c:521(set_printer_hnd_printertype) > Setting printer type=\\EARTH\frost > Printer is a printer >[2012/02/20 14:52:42.757964, 4] rpc_server/spoolss/srv_spoolss_nt.c:581(set_printer_hnd_name) > Setting printer name=\\EARTH\frost (len=13) > searching for [frost] >[2012/02/20 14:52:42.758182, 10] lib/gencache.c:183(gencache_set_data_blob) > Adding cache entry with key = PRINTERNAME/frost and timeout = Mon Feb 20 14:57:42 2012 > (300 seconds ahead) > set_printer_hnd_name: Printer found: frost -> frost >[2012/02/20 14:52:42.758409, 5] rpc_server/spoolss/srv_spoolss_nt.c:788(open_printer_hnd) > 1 printer handles active >[2012/02/20 14:52:42.758497, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 21 00 00 00 00 00 00 00 42 4F AA C0 ....!... ....BO.. > [0010] 59 6C 00 00 Yl.. >[2012/02/20 14:52:42.758683, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 21 00 00 00 00 00 00 00 42 4F AA C0 ....!... ....BO.. > [0010] 59 6C 00 00 Yl.. >[2012/02/20 14:52:42.758865, 4] rpc_server/spoolss/srv_spoolss_nt.c:504(get_printer_snum) > short name:frost >[2012/02/20 14:52:42.759011, 3] lib/access.c:338(allow_access) > Allowed connection from 10.10.20.205 (10.10.20.205) >[2012/02/20 14:52:42.760851, 10] smbd/share_access.c:241(user_ok_token) > user_ok_token: share frost is ok for unix user winguest >[2012/02/20 14:52:42.761074, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) > Create pipe requested \winreg >[2012/02/20 14:52:42.761184, 10] rpc_server/rpc_handles.c:116(init_pipe_handles) > init_pipe_handle_list: created handle list for pipe \winreg >[2012/02/20 14:52:42.761275, 10] rpc_server/rpc_handles.c:133(init_pipe_handles) > init_pipe_handle_list: pipe_handles ref count = 1 for pipe \winreg >[2012/02/20 14:52:42.761387, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) > Created internal pipe \winreg (pipes_open=0) >[2012/02/20 14:52:42.761506, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_OpenHKLM: struct winreg_OpenHKLM > in: struct winreg_OpenHKLM > system_name : NULL > access_mask : 0x02000000 (33554432) > 0: KEY_QUERY_VALUE > 0: KEY_SET_VALUE > 0: KEY_CREATE_SUB_KEY > 0: KEY_ENUMERATE_SUB_KEYS > 0: KEY_NOTIFY > 0: KEY_CREATE_LINK > 0: KEY_WOW64_64KEY > 0: KEY_WOW64_32KEY >[2012/02/20 14:52:42.762084, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [HKLM] >[2012/02/20 14:52:42.762187, 4] smbd/sec_ctx.c:214(push_sec_ctx) > push_sec_ctx(7000, 1001) : sec_ctx_stack_ndx = 1 >[2012/02/20 14:52:42.762284, 4] smbd/uid.c:460(push_conn_ctx) > push_conn_ctx(100) : conn_ctx_stack_ndx = 0 >[2012/02/20 14:52:42.762370, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2012/02/20 14:52:42.762457, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2012/02/20 14:52:42.762546, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2012/02/20 14:52:42.762825, 4] smbd/sec_ctx.c:422(pop_sec_ctx) > pop_sec_ctx (7000, 1001) - sec_ctx_stack_ndx = 0 >[2012/02/20 14:52:42.762926, 10] registry/reg_backend_db.c:602(regdb_open) > regdb_open: registry db opened. refcount reset (1) >[2012/02/20 14:52:42.763047, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM] >[2012/02/20 14:52:42.763135, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM] >[2012/02/20 14:52:42.763223, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/02/20 14:52:42.763308, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0xb037c0 for key [\HKLM] >[2012/02/20 14:52:42.763466, 10] registry/reg_backend_db.c:1871(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM] >[2012/02/20 14:52:42.763607, 10] ../libcli/security/access_check.c:178(se_access_check) > se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f >[2012/02/20 14:52:42.763748, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[1] [0000] 00 00 00 00 22 00 00 00 00 00 00 00 42 4F AA C0 ...."... ....BO.. > [0010] 59 6C 00 00 Yl.. >[2012/02/20 14:52:42.763942, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_OpenHKLM: struct winreg_OpenHKLM > out: struct winreg_OpenHKLM > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000022-0000-0000-424f-aac0596c0000 > result : WERR_OK >[2012/02/20 14:52:42.764399, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_OpenKey: struct winreg_OpenKey > in: struct winreg_OpenKey > parent_handle : * > parent_handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000022-0000-0000-424f-aac0596c0000 > keyname: struct winreg_String > name_len : 0x0084 (132) > name_size : 0x0084 (132) > name : * > name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\frost' > options : 0x00000000 (0) > 0: REG_OPTION_VOLATILE > 0: REG_OPTION_CREATE_LINK > 0: REG_OPTION_BACKUP_RESTORE > 0: REG_OPTION_OPEN_LINK > access_mask : 0x02000000 (33554432) > 0: KEY_QUERY_VALUE > 0: KEY_SET_VALUE > 0: KEY_CREATE_SUB_KEY > 0: KEY_ENUMERATE_SUB_KEYS > 0: KEY_NOTIFY > 0: KEY_CREATE_LINK > 0: KEY_WOW64_64KEY > 0: KEY_WOW64_32KEY >[2012/02/20 14:52:42.765498, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 22 00 00 00 00 00 00 00 42 4F AA C0 ...."... ....BO.. > [0010] 59 6C 00 00 Yl.. >[2012/02/20 14:52:42.765690, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [SOFTWARE] >[2012/02/20 14:52:42.765785, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (1->2) >[2012/02/20 14:52:42.765880, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] >[2012/02/20 14:52:42.765978, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE] >[2012/02/20 14:52:42.766077, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/02/20 14:52:42.766163, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0xb037c0 for key [\HKLM\SOFTWARE] >[2012/02/20 14:52:42.766330, 10] registry/reg_backend_db.c:1871(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE] >[2012/02/20 14:52:42.766465, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Microsoft] >[2012/02/20 14:52:42.766560, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (2->3) >[2012/02/20 14:52:42.766660, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] >[2012/02/20 14:52:42.766766, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] >[2012/02/20 14:52:42.766856, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/02/20 14:52:42.766941, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0xb037c0 for key [\HKLM\SOFTWARE\Microsoft] >[2012/02/20 14:52:42.767141, 10] registry/reg_backend_db.c:1871(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft] >[2012/02/20 14:52:42.767276, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (3->2) >[2012/02/20 14:52:42.767369, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Windows NT] >[2012/02/20 14:52:42.767461, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (2->3) >[2012/02/20 14:52:42.767555, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] >[2012/02/20 14:52:42.767642, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] >[2012/02/20 14:52:42.767731, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/02/20 14:52:42.767816, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0xb037c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] >[2012/02/20 14:52:42.767953, 10] registry/reg_backend_db.c:1871(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT] >[2012/02/20 14:52:42.768130, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (3->2) >[2012/02/20 14:52:42.768224, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [CurrentVersion] >[2012/02/20 14:52:42.768315, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (2->3) >[2012/02/20 14:52:42.768410, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] >[2012/02/20 14:52:42.768497, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] >[2012/02/20 14:52:42.768588, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/02/20 14:52:42.768673, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0xb03a20 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] >[2012/02/20 14:52:42.768839, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (3->2) >[2012/02/20 14:52:42.768931, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Print] >[2012/02/20 14:52:42.769047, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (2->3) >[2012/02/20 14:52:42.769143, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] >[2012/02/20 14:52:42.769231, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] >[2012/02/20 14:52:42.769323, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/02/20 14:52:42.769408, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0xb03a20 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] >[2012/02/20 14:52:42.769561, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (3->2) >[2012/02/20 14:52:42.769653, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Printers] >[2012/02/20 14:52:42.769744, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (2->3) >[2012/02/20 14:52:42.769838, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] >[2012/02/20 14:52:42.769927, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] >[2012/02/20 14:52:42.770026, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/02/20 14:52:42.770112, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0xb037c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] >[2012/02/20 14:52:42.770292, 10] registry/reg_backend_db.c:1871(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] >[2012/02/20 14:52:42.770431, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (3->2) >[2012/02/20 14:52:42.770521, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [frost] >[2012/02/20 14:52:42.770613, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (2->3) >[2012/02/20 14:52:42.770708, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\frost] >[2012/02/20 14:52:42.770797, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\frost] >[2012/02/20 14:52:42.770888, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/02/20 14:52:42.770988, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0xb037c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\frost] >[2012/02/20 14:52:42.771148, 10] registry/reg_backend_db.c:1871(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\frost] >[2012/02/20 14:52:42.771288, 10] ../libcli/security/access_check.c:178(se_access_check) > se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f >[2012/02/20 14:52:42.771383, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (3->2) >[2012/02/20 14:52:42.771476, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[2] [0000] 00 00 00 00 23 00 00 00 00 00 00 00 42 4F AA C0 ....#... ....BO.. > [0010] 59 6C 00 00 Yl.. >[2012/02/20 14:52:42.771668, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_OpenKey: struct winreg_OpenKey > out: struct winreg_OpenKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000023-0000-0000-424f-aac0596c0000 > result : WERR_OK >[2012/02/20 14:52:42.772124, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_QueryValue: struct winreg_QueryValue > in: struct winreg_QueryValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000023-0000-0000-424f-aac0596c0000 > value_name : * > value_name: struct winreg_String > name_len : 0x0012 (18) > name_size : 0x0012 (18) > name : * > name : 'Security' > type : * > type : REG_NONE (0) > data : NULL > data_size : * > data_size : 0x00000000 (0) > data_length : * > data_length : 0x00000000 (0) >[2012/02/20 14:52:42.772964, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 23 00 00 00 00 00 00 00 42 4F AA C0 ....#... ....BO.. > [0010] 59 6C 00 00 Yl.. >[2012/02/20 14:52:42.773151, 7] rpc_server/winreg/srv_winreg_nt.c:262(_winreg_QueryValue) > _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\frost] >[2012/02/20 14:52:42.773297, 7] rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) > _winreg_QueryValue: policy key type = [00000000] >[2012/02/20 14:52:42.773394, 10] registry/reg_dispatcher.c:150(fetch_reg_values) > fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\frost' (ops 0xb037c0) >[2012/02/20 14:52:42.773486, 10] registry/reg_backend_db.c:1764(regdb_fetch_values_internal) > regdb_fetch_values: Looking for value of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\frost] >[2012/02/20 14:52:42.773641, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) > specific: [Attributes], len: 4 >[2012/02/20 14:52:42.773737, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) > specific: [Description], len: 2 >[2012/02/20 14:52:42.773826, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) > specific: [Datatype], len: 8 >[2012/02/20 14:52:42.773916, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) > specific: [Default Priority], len: 4 >[2012/02/20 14:52:42.774036, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) > specific: [Port], len: 38 >[2012/02/20 14:52:42.774129, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) > specific: [Name], len: 12 >[2012/02/20 14:52:42.774218, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) > specific: [Print Processor], len: 18 >[2012/02/20 14:52:42.774308, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) > specific: [Priority], len: 4 >[2012/02/20 14:52:42.774399, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) > specific: [Security], len: 248 >[2012/02/20 14:52:42.774489, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) > specific: [Share Name], len: 12 >[2012/02/20 14:52:42.774579, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) > specific: [StartTime], len: 4 >[2012/02/20 14:52:42.774669, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) > specific: [UntilTime], len: 4 >[2012/02/20 14:52:42.774758, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) > specific: [ChangeID], len: 4 >[2012/02/20 14:52:42.774853, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_QueryValue: struct winreg_QueryValue > out: struct winreg_QueryValue > type : * > type : REG_BINARY (3) > data : NULL > data_size : * > data_size : 0x000000f8 (248) > data_length : * > data_length : 0x00000000 (0) > result : WERR_OK >[2012/02/20 14:52:42.775368, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_QueryValue: struct winreg_QueryValue > in: struct winreg_QueryValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000023-0000-0000-424f-aac0596c0000 > value_name : * > value_name: struct winreg_String > name_len : 0x0012 (18) > name_size : 0x0012 (18) > name : * > name : 'Security' > type : * > type : REG_BINARY (3) > data : * > data: ARRAY(0) > data_size : * > data_size : 0x000000f8 (248) > data_length : * > data_length : 0x00000000 (0) >[2012/02/20 14:52:42.776255, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 23 00 00 00 00 00 00 00 42 4F AA C0 ....#... ....BO.. > [0010] 59 6C 00 00 Yl.. >[2012/02/20 14:52:42.776448, 7] rpc_server/winreg/srv_winreg_nt.c:262(_winreg_QueryValue) > _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\frost] >[2012/02/20 14:52:42.776570, 7] rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) > _winreg_QueryValue: policy key type = [00000000] >[2012/02/20 14:52:42.776666, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_QueryValue: struct winreg_QueryValue > out: struct winreg_QueryValue > type : * > type : REG_BINARY (3) > data : * > data: ARRAY(248) > [0] : 0x01 (1) > [1] : 0x00 (0) > [2] : 0x04 (4) > [3] : 0x80 (128) > [4] : 0x14 (20) > [5] : 0x00 (0) > [6] : 0x00 (0) > [7] : 0x00 (0) > [8] : 0x24 (36) > [9] : 0x00 (0) > [10] : 0x00 (0) > [11] : 0x00 (0) > [12] : 0x00 (0) > [13] : 0x00 (0) > [14] : 0x00 (0) > [15] : 0x00 (0) > [16] : 0x34 (52) > [17] : 0x00 (0) > [18] : 0x00 (0) > [19] : 0x00 (0) > [20] : 0x01 (1) > [21] : 0x02 (2) > [22] : 0x00 (0) > [23] : 0x00 (0) > [24] : 0x00 (0) > [25] : 0x00 (0) > [26] : 0x00 (0) > [27] : 0x05 (5) > [28] : 0x20 (32) > [29] : 0x00 (0) > [30] : 0x00 (0) > [31] : 0x00 (0) > [32] : 0x20 (32) > [33] : 0x02 (2) > [34] : 0x00 (0) > [35] : 0x00 (0) > [36] : 0x01 (1) > [37] : 0x02 (2) > [38] : 0x00 (0) > [39] : 0x00 (0) > [40] : 0x00 (0) > [41] : 0x00 (0) > [42] : 0x00 (0) > [43] : 0x05 (5) > [44] : 0x20 (32) > [45] : 0x00 (0) > [46] : 0x00 (0) > [47] : 0x00 (0) > [48] : 0x20 (32) > [49] : 0x02 (2) > [50] : 0x00 (0) > [51] : 0x00 (0) > [52] : 0x02 (2) > [53] : 0x00 (0) > [54] : 0xc4 (196) > [55] : 0x00 (0) > [56] : 0x07 (7) > [57] : 0x00 (0) > [58] : 0x00 (0) > [59] : 0x00 (0) > [60] : 0x00 (0) > [61] : 0x02 (2) > [62] : 0x14 (20) > [63] : 0x00 (0) > [64] : 0x08 (8) > [65] : 0x00 (0) > [66] : 0x02 (2) > [67] : 0x20 (32) > [68] : 0x01 (1) > [69] : 0x01 (1) > [70] : 0x00 (0) > [71] : 0x00 (0) > [72] : 0x00 (0) > [73] : 0x00 (0) > [74] : 0x00 (0) > [75] : 0x01 (1) > [76] : 0x00 (0) > [77] : 0x00 (0) > [78] : 0x00 (0) > [79] : 0x00 (0) > [80] : 0x00 (0) > [81] : 0x09 (9) > [82] : 0x24 (36) > [83] : 0x00 (0) > [84] : 0x0c (12) > [85] : 0x00 (0) > [86] : 0x0f (15) > [87] : 0x10 (16) > [88] : 0x01 (1) > [89] : 0x05 (5) > [90] : 0x00 (0) > [91] : 0x00 (0) > [92] : 0x00 (0) > [93] : 0x00 (0) > [94] : 0x00 (0) > [95] : 0x05 (5) > [96] : 0x15 (21) > [97] : 0x00 (0) > [98] : 0x00 (0) > [99] : 0x00 (0) > [100] : 0xd3 (211) > [101] : 0x42 (66) > [102] : 0x9f (159) > [103] : 0x90 (144) > [104] : 0x94 (148) > [105] : 0x5f (95) > [106] : 0x64 (100) > [107] : 0xfd (253) > [108] : 0xeb (235) > [109] : 0x17 (23) > [110] : 0x72 (114) > [111] : 0x3b (59) > [112] : 0x00 (0) > [113] : 0x02 (2) > [114] : 0x00 (0) > [115] : 0x00 (0) > [116] : 0x00 (0) > [117] : 0x02 (2) > [118] : 0x24 (36) > [119] : 0x00 (0) > [120] : 0x0c (12) > [121] : 0x00 (0) > [122] : 0x0f (15) > [123] : 0x10 (16) > [124] : 0x01 (1) > [125] : 0x05 (5) > [126] : 0x00 (0) > [127] : 0x00 (0) > [128] : 0x00 (0) > [129] : 0x00 (0) > [130] : 0x00 (0) > [131] : 0x05 (5) > [132] : 0x15 (21) > [133] : 0x00 (0) > [134] : 0x00 (0) > [135] : 0x00 (0) > [136] : 0xd3 (211) > [137] : 0x42 (66) > [138] : 0x9f (159) > [139] : 0x90 (144) > [140] : 0x94 (148) > [141] : 0x5f (95) > [142] : 0x64 (100) > [143] : 0xfd (253) > [144] : 0xeb (235) > [145] : 0x17 (23) > [146] : 0x72 (114) > [147] : 0x3b (59) > [148] : 0x00 (0) > [149] : 0x02 (2) > [150] : 0x00 (0) > [151] : 0x00 (0) > [152] : 0x00 (0) > [153] : 0x09 (9) > [154] : 0x18 (24) > [155] : 0x00 (0) > [156] : 0x0c (12) > [157] : 0x00 (0) > [158] : 0x0f (15) > [159] : 0x10 (16) > [160] : 0x01 (1) > [161] : 0x02 (2) > [162] : 0x00 (0) > [163] : 0x00 (0) > [164] : 0x00 (0) > [165] : 0x00 (0) > [166] : 0x00 (0) > [167] : 0x05 (5) > [168] : 0x20 (32) > [169] : 0x00 (0) > [170] : 0x00 (0) > [171] : 0x00 (0) > [172] : 0x20 (32) > [173] : 0x02 (2) > [174] : 0x00 (0) > [175] : 0x00 (0) > [176] : 0x00 (0) > [177] : 0x02 (2) > [178] : 0x18 (24) > [179] : 0x00 (0) > [180] : 0x0c (12) > [181] : 0x00 (0) > [182] : 0x0f (15) > [183] : 0x10 (16) > [184] : 0x01 (1) > [185] : 0x02 (2) > [186] : 0x00 (0) > [187] : 0x00 (0) > [188] : 0x00 (0) > [189] : 0x00 (0) > [190] : 0x00 (0) > [191] : 0x05 (5) > [192] : 0x20 (32) > [193] : 0x00 (0) > [194] : 0x00 (0) > [195] : 0x00 (0) > [196] : 0x20 (32) > [197] : 0x02 (2) > [198] : 0x00 (0) > [199] : 0x00 (0) > [200] : 0x00 (0) > [201] : 0x09 (9) > [202] : 0x18 (24) > [203] : 0x00 (0) > [204] : 0x0c (12) > [205] : 0x00 (0) > [206] : 0x0f (15) > [207] : 0x10 (16) > [208] : 0x01 (1) > [209] : 0x02 (2) > [210] : 0x00 (0) > [211] : 0x00 (0) > [212] : 0x00 (0) > [213] : 0x00 (0) > [214] : 0x00 (0) > [215] : 0x05 (5) > [216] : 0x20 (32) > [217] : 0x00 (0) > [218] : 0x00 (0) > [219] : 0x00 (0) > [220] : 0x26 (38) > [221] : 0x02 (2) > [222] : 0x00 (0) > [223] : 0x00 (0) > [224] : 0x00 (0) > [225] : 0x02 (2) > [226] : 0x18 (24) > [227] : 0x00 (0) > [228] : 0x0c (12) > [229] : 0x00 (0) > [230] : 0x0f (15) > [231] : 0x10 (16) > [232] : 0x01 (1) > [233] : 0x02 (2) > [234] : 0x00 (0) > [235] : 0x00 (0) > [236] : 0x00 (0) > [237] : 0x00 (0) > [238] : 0x00 (0) > [239] : 0x05 (5) > [240] : 0x20 (32) > [241] : 0x00 (0) > [242] : 0x00 (0) > [243] : 0x00 (0) > [244] : 0x26 (38) > [245] : 0x02 (2) > [246] : 0x00 (0) > [247] : 0x00 (0) > data_size : * > data_size : 0x000000f8 (248) > data_length : * > data_length : 0x000000f8 (248) > result : WERR_OK >[2012/02/20 14:52:42.787847, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > in: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000023-0000-0000-424f-aac0596c0000 >[2012/02/20 14:52:42.788188, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 23 00 00 00 00 00 00 00 42 4F AA C0 ....#... ....BO.. > [0010] 59 6C 00 00 Yl.. >[2012/02/20 14:52:42.788381, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 23 00 00 00 00 00 00 00 42 4F AA C0 ....#... ....BO.. > [0010] 59 6C 00 00 Yl.. >[2012/02/20 14:52:42.788569, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/02/20 14:52:42.788694, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (2->1) >[2012/02/20 14:52:42.788784, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > out: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000000-0000-0000-0000-000000000000 > result : WERR_OK >[2012/02/20 14:52:42.789271, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > in: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000022-0000-0000-424f-aac0596c0000 >[2012/02/20 14:52:42.789583, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 22 00 00 00 00 00 00 00 42 4F AA C0 ...."... ....BO.. > [0010] 59 6C 00 00 Yl.. >[2012/02/20 14:52:42.789773, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 22 00 00 00 00 00 00 00 42 4F AA C0 ...."... ....BO.. > [0010] 59 6C 00 00 Yl.. >[2012/02/20 14:52:42.789971, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/02/20 14:52:42.790073, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (1->0) >[2012/02/20 14:52:42.790195, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > out: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000000-0000-0000-0000-000000000000 > result : WERR_OK >[2012/02/20 14:52:42.790559, 10] ../libcli/security/access_check.c:58(se_map_generic) > se_map_generic(): mapped mask 0x20020008 to 0x00020008 >[2012/02/20 14:52:42.790650, 10] ../libcli/security/access_check.c:58(se_map_generic) > se_map_generic(): mapped mask 0x100f000c to 0x000f000c >[2012/02/20 14:52:42.790737, 10] ../libcli/security/access_check.c:58(se_map_generic) > se_map_generic(): mapped mask 0x100f000c to 0x000f000c >[2012/02/20 14:52:42.790823, 10] ../libcli/security/access_check.c:58(se_map_generic) > se_map_generic(): mapped mask 0x100f000c to 0x000f000c >[2012/02/20 14:52:42.790909, 10] ../libcli/security/access_check.c:58(se_map_generic) > se_map_generic(): mapped mask 0x100f000c to 0x000f000c >[2012/02/20 14:52:42.791007, 10] ../libcli/security/access_check.c:58(se_map_generic) > se_map_generic(): mapped mask 0x100f000c to 0x000f000c >[2012/02/20 14:52:42.791094, 10] ../libcli/security/access_check.c:58(se_map_generic) > se_map_generic(): mapped mask 0x100f000c to 0x000f000c >[2012/02/20 14:52:42.791183, 4] printing/nt_printing.c:1793(print_access_check) > access check was SUCCESS >[2012/02/20 14:52:42.791273, 10] rpc_server/rpc_handles.c:307(close_policy_by_pipe) > close_policy_by_pipe: deleted handle list for pipe \winreg >[2012/02/20 14:52:42.791374, 4] rpc_server/spoolss/srv_spoolss_nt.c:1923(_spoolss_OpenPrinterEx) > Setting printer access = PRINTER_ACCESS_USE >[2012/02/20 14:52:42.791467, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) > Create pipe requested \winreg >[2012/02/20 14:52:42.791568, 10] rpc_server/rpc_handles.c:116(init_pipe_handles) > init_pipe_handle_list: created handle list for pipe \winreg >[2012/02/20 14:52:42.791659, 10] rpc_server/rpc_handles.c:133(init_pipe_handles) > init_pipe_handle_list: pipe_handles ref count = 1 for pipe \winreg >[2012/02/20 14:52:42.791768, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) > Created internal pipe \winreg (pipes_open=0) >[2012/02/20 14:52:42.791917, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_OpenHKLM: struct winreg_OpenHKLM > in: struct winreg_OpenHKLM > system_name : NULL > access_mask : 0x02000000 (33554432) > 0: KEY_QUERY_VALUE > 0: KEY_SET_VALUE > 0: KEY_CREATE_SUB_KEY > 0: KEY_ENUMERATE_SUB_KEYS > 0: KEY_NOTIFY > 0: KEY_CREATE_LINK > 0: KEY_WOW64_64KEY > 0: KEY_WOW64_32KEY >[2012/02/20 14:52:42.792483, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [HKLM] >[2012/02/20 14:52:42.792585, 4] smbd/sec_ctx.c:214(push_sec_ctx) > push_sec_ctx(7000, 1001) : sec_ctx_stack_ndx = 1 >[2012/02/20 14:52:42.792839, 4] smbd/uid.c:460(push_conn_ctx) > push_conn_ctx(100) : conn_ctx_stack_ndx = 0 >[2012/02/20 14:52:42.793015, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2012/02/20 14:52:42.793151, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2012/02/20 14:52:42.793241, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2012/02/20 14:52:42.793526, 4] smbd/sec_ctx.c:422(pop_sec_ctx) > pop_sec_ctx (7000, 1001) - sec_ctx_stack_ndx = 0 >[2012/02/20 14:52:42.793630, 10] registry/reg_backend_db.c:602(regdb_open) > regdb_open: registry db opened. refcount reset (1) >[2012/02/20 14:52:42.793725, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM] >[2012/02/20 14:52:42.793812, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM] >[2012/02/20 14:52:42.793899, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/02/20 14:52:42.793998, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0xb037c0 for key [\HKLM] >[2012/02/20 14:52:42.794160, 10] registry/reg_backend_db.c:1871(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM] >[2012/02/20 14:52:42.794302, 10] ../libcli/security/access_check.c:178(se_access_check) > se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f >[2012/02/20 14:52:42.794404, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[1] [0000] 00 00 00 00 24 00 00 00 00 00 00 00 42 4F AA C0 ....$... ....BO.. > [0010] 59 6C 00 00 Yl.. >[2012/02/20 14:52:42.794601, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_OpenHKLM: struct winreg_OpenHKLM > out: struct winreg_OpenHKLM > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000024-0000-0000-424f-aac0596c0000 > result : WERR_OK >[2012/02/20 14:52:42.795039, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_OpenKey: struct winreg_OpenKey > in: struct winreg_OpenKey > parent_handle : * > parent_handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000024-0000-0000-424f-aac0596c0000 > keyname: struct winreg_String > name_len : 0x0084 (132) > name_size : 0x0084 (132) > name : * > name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\frost' > options : 0x00000000 (0) > 0: REG_OPTION_VOLATILE > 0: REG_OPTION_CREATE_LINK > 0: REG_OPTION_BACKUP_RESTORE > 0: REG_OPTION_OPEN_LINK > access_mask : 0x02000000 (33554432) > 0: KEY_QUERY_VALUE > 0: KEY_SET_VALUE > 0: KEY_CREATE_SUB_KEY > 0: KEY_ENUMERATE_SUB_KEYS > 0: KEY_NOTIFY > 0: KEY_CREATE_LINK > 0: KEY_WOW64_64KEY > 0: KEY_WOW64_32KEY >[2012/02/20 14:52:42.796209, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 24 00 00 00 00 00 00 00 42 4F AA C0 ....$... ....BO.. > [0010] 59 6C 00 00 Yl.. >[2012/02/20 14:52:42.796408, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [SOFTWARE] >[2012/02/20 14:52:42.796502, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (1->2) >[2012/02/20 14:52:42.796597, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] >[2012/02/20 14:52:42.796684, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE] >[2012/02/20 14:52:42.796773, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/02/20 14:52:42.796857, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0xb037c0 for key [\HKLM\SOFTWARE] >[2012/02/20 14:52:42.797029, 10] registry/reg_backend_db.c:1871(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE] >[2012/02/20 14:52:42.797164, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Microsoft] >[2012/02/20 14:52:42.797258, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (2->3) >[2012/02/20 14:52:42.797351, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] >[2012/02/20 14:52:42.797438, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] >[2012/02/20 14:52:42.797526, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/02/20 14:52:42.797611, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0xb037c0 for key [\HKLM\SOFTWARE\Microsoft] >[2012/02/20 14:52:42.797753, 10] registry/reg_backend_db.c:1871(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft] >[2012/02/20 14:52:42.797882, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (3->2) >[2012/02/20 14:52:42.797990, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Windows NT] >[2012/02/20 14:52:42.798093, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (2->3) >[2012/02/20 14:52:42.798187, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] >[2012/02/20 14:52:42.798274, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] >[2012/02/20 14:52:42.798362, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/02/20 14:52:42.798447, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0xb037c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] >[2012/02/20 14:52:42.798590, 10] registry/reg_backend_db.c:1871(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT] >[2012/02/20 14:52:42.798722, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (3->2) >[2012/02/20 14:52:42.798812, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [CurrentVersion] >[2012/02/20 14:52:42.798903, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (2->3) >[2012/02/20 14:52:42.799014, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] >[2012/02/20 14:52:42.799134, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] >[2012/02/20 14:52:42.799228, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/02/20 14:52:42.799313, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0xb03a20 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] >[2012/02/20 14:52:42.799481, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (3->2) >[2012/02/20 14:52:42.799577, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Print] >[2012/02/20 14:52:42.799668, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (2->3) >[2012/02/20 14:52:42.799762, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] >[2012/02/20 14:52:42.799852, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] >[2012/02/20 14:52:42.799942, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/02/20 14:52:42.800037, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0xb03a20 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] >[2012/02/20 14:52:42.800188, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (3->2) >[2012/02/20 14:52:42.800279, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Printers] >[2012/02/20 14:52:42.800369, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (2->3) >[2012/02/20 14:52:42.800462, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] >[2012/02/20 14:52:42.800552, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] >[2012/02/20 14:52:42.800643, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/02/20 14:52:42.800727, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0xb037c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] >[2012/02/20 14:52:42.800874, 10] registry/reg_backend_db.c:1871(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] >[2012/02/20 14:52:42.801032, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (3->2) >[2012/02/20 14:52:42.801128, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [frost] >[2012/02/20 14:52:42.801219, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (2->3) >[2012/02/20 14:52:42.801314, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\frost] >[2012/02/20 14:52:42.801402, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\frost] >[2012/02/20 14:52:42.801493, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/02/20 14:52:42.801579, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0xb037c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\frost] >[2012/02/20 14:52:42.801724, 10] registry/reg_backend_db.c:1871(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\frost] >[2012/02/20 14:52:42.801863, 10] ../libcli/security/access_check.c:178(se_access_check) > se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f >[2012/02/20 14:52:42.801966, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (3->2) >[2012/02/20 14:52:42.802174, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[2] [0000] 00 00 00 00 25 00 00 00 00 00 00 00 42 4F AA C0 ....%... ....BO.. > [0010] 59 6C 00 00 Yl.. >[2012/02/20 14:52:42.802370, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_OpenKey: struct winreg_OpenKey > out: struct winreg_OpenKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000025-0000-0000-424f-aac0596c0000 > result : WERR_OK >[2012/02/20 14:52:42.802750, 2] rpc_client/cli_winreg_spoolss.c:898(winreg_create_printer) > winreg_create_printer: Skipping, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\frost already exists >[2012/02/20 14:52:42.802867, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > in: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000025-0000-0000-424f-aac0596c0000 >[2012/02/20 14:52:42.803207, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 25 00 00 00 00 00 00 00 42 4F AA C0 ....%... ....BO.. > [0010] 59 6C 00 00 Yl.. >[2012/02/20 14:52:42.803391, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 25 00 00 00 00 00 00 00 42 4F AA C0 ....%... ....BO.. > [0010] 59 6C 00 00 Yl.. >[2012/02/20 14:52:42.803571, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/02/20 14:52:42.803657, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (2->1) >[2012/02/20 14:52:42.803746, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > out: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000000-0000-0000-0000-000000000000 > result : WERR_OK >[2012/02/20 14:52:42.804224, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > in: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000024-0000-0000-424f-aac0596c0000 >[2012/02/20 14:52:42.804547, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 24 00 00 00 00 00 00 00 42 4F AA C0 ....$... ....BO.. > [0010] 59 6C 00 00 Yl.. >[2012/02/20 14:52:42.804737, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 24 00 00 00 00 00 00 00 42 4F AA C0 ....$... ....BO.. > [0010] 59 6C 00 00 Yl.. >[2012/02/20 14:52:42.804923, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/02/20 14:52:42.805032, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (1->0) >[2012/02/20 14:52:42.805154, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > out: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000000-0000-0000-0000-000000000000 > result : WERR_OK >[2012/02/20 14:52:42.805551, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > spoolss_OpenPrinterEx: struct spoolss_OpenPrinterEx > out: struct spoolss_OpenPrinterEx > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000021-0000-0000-424f-aac0596c0000 > result : WERR_OK >[2012/02/20 14:52:42.805902, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP) > api_rpcTNP: called \spoolss successfully >[2012/02/20 14:52:42.806015, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 178 >[2012/02/20 14:52:42.806135, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) > name: \spoolss len: 1024 >[2012/02/20 14:52:42.806228, 10] rpc_server/srv_pipe_hnd.c:346(read_from_internal_pipe) > read_from_pipe: \spoolss: fault_state = 0 : data_sent_length = 0, p->out_data.rdata.length = 24. >[2012/02/20 14:52:42.806332, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) > &r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_RESPONSE (2) > pfc_flags : 0x03 (3) > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x0030 (48) > auth_length : 0x0000 (0) > call_id : 0x00000002 (2) > u : union dcerpc_payload(case 2) > response: struct dcerpc_response > alloc_hint : 0x00000018 (24) > context_id : 0x0000 (0) > cancel_count : 0x00 (0) > _pad : DATA_BLOB length=0 > stub_and_verifier : DATA_BLOB length=24 > [0000] 00 00 00 00 21 00 00 00 00 00 00 00 42 4F AA C0 ....!... ....BO.. > [0010] 59 6C 00 00 00 00 00 00 Yl...... >[2012/02/20 14:52:42.807399, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) > free_pipe_context: destroying talloc pool of size 1341 >[2012/02/20 14:52:42.807501, 10] rpc_server/rpc_handles.c:307(close_policy_by_pipe) > close_policy_by_pipe: deleted handle list for pipe \winreg >[2012/02/20 14:52:42.807617, 10] rpc_server/srv_pipe_hnd.c:788(np_read_recv) > Received 48 bytes. There is no more data outstanding >[2012/02/20 14:52:42.807711, 5] smbd/ipc.c:62(copy_trans_params_and_data) > copy_trans_params_and_data: params[0..0] data[0..48] (align 0) >[2012/02/20 14:52:42.807801, 5] lib/util.c:332(show_msg) >[2012/02/20 14:52:42.807851, 5] lib/util.c:342(show_msg) > size=104 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51203 > smb_tid=2 > smb_pid=1620 > smb_uid=100 > smb_mid=23426 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 48 (0x30) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 48 (0x30) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=49 >[2012/02/20 14:52:42.808685, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 05 00 02 03 10 00 00 00 30 00 00 00 02 00 00 ........ .0...... > [0010] 00 18 00 00 00 00 00 00 00 00 00 00 00 21 00 00 ........ .....!.. > [0020] 00 00 00 00 00 42 4F AA C0 59 6C 00 00 00 00 00 .....BO. .Yl..... > [0030] 00 . >[2012/02/20 14:52:42.809825, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 4240 >[2012/02/20 14:52:42.809968, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x1090 >[2012/02/20 14:52:42.810084, 3] smbd/process.c:1662(process_smb) > Transaction 47 of length 4244 (0 toread) >[2012/02/20 14:52:42.810207, 5] lib/util.c:332(show_msg) >[2012/02/20 14:52:42.810276, 5] lib/util.c:342(show_msg) > size=4240 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=2 > smb_pid=1620 > smb_uid=100 > smb_mid=23490 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 4156 (0x103C) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 4156 (0x103C) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=15586 (0x3CE2) > smb_bcc=4173 >[2012/02/20 14:52:42.811325, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... > [0010] 00 05 00 00 03 10 00 00 00 3C 10 00 00 03 00 00 ........ .<...... > [0020] 00 24 10 00 00 00 00 08 00 00 00 00 00 21 00 00 .$...... .....!.. > [0030] 00 00 00 00 00 42 4F AA C0 59 6C 00 00 02 00 00 .....BO. .Yl..... > [0040] 00 00 00 02 00 00 10 00 00 00 00 00 00 00 00 00 ........ ........ > [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ >[2012/02/20 14:52:42.813732, 3] smbd/process.c:1467(switch_message) > switch message SMBtrans (pid 27737) conn 0x9697a50 >[2012/02/20 14:52:42.813826, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/02/20 14:52:42.813930, 3] smbd/ipc.c:560(handle_trans) > trans <\PIPE\> data=4156 params=0 setup=2 >[2012/02/20 14:52:42.814076, 5] smbd/ipc.c:593(handle_trans) > calling named_pipe >[2012/02/20 14:52:42.814183, 3] smbd/ipc.c:511(named_pipe) > named pipe command on <> name >[2012/02/20 14:52:42.814270, 5] smbd/ipc.c:434(api_fd_reply) > api_fd_reply >[2012/02/20 14:52:42.814355, 3] smbd/ipc.c:475(api_fd_reply) > Got API command 0x26 on pipe "spoolss" (pnum 3ce2) >[2012/02/20 14:52:42.814444, 10] smbd/ipc.c:477(api_fd_reply) > api_fd_reply: p:0x96a87b8 max_trans_reply: 1024 >[2012/02/20 14:52:42.814571, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) > np_write_send: len: 4156 >[2012/02/20 14:52:42.814664, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 4156 >[2012/02/20 14:52:42.814751, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 4156 >[2012/02/20 14:52:42.814841, 10] rpc_server/srv_pipe_hnd.c:50(fill_rpc_header) > fill_rpc_header: data_to_copy = 4156, len_needed_to_complete_hdr = 16, receive_len = 0 >[2012/02/20 14:52:42.814932, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 16 >[2012/02/20 14:52:42.815028, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 4140 >[2012/02/20 14:52:42.815114, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 4140 >[2012/02/20 14:52:42.815207, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 0 >[2012/02/20 14:52:42.815293, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 4140 >[2012/02/20 14:52:42.815379, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 4140, incoming data = 4140 >[2012/02/20 14:52:42.815474, 10] rpc_server/srv_pipe.c:1877(process_complete_pdu) > PDU is in Little Endian format! >[2012/02/20 14:52:42.815578, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) > r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_REQUEST (0) > pfc_flags : 0x03 (3) > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x103c (4156) > auth_length : 0x0000 (0) > call_id : 0x00000003 (3) > u : union dcerpc_payload(case 0) > request: struct dcerpc_request > alloc_hint : 0x00001024 (4132) > context_id : 0x0000 (0) > opnum : 0x0008 (8) > object : union dcerpc_object(case 0) > empty: struct dcerpc_empty > _pad : DATA_BLOB length=0 > stub_and_verifier : DATA_BLOB length=4132 > [0000] 00 00 00 00 21 00 00 00 00 00 00 00 42 4F AA C0 ....!... ....BO.. > [0010] 59 6C 00 00 02 00 00 00 00 00 02 00 00 10 00 00 Yl...... ........ > [0020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0040] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0200] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0210] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0220] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0230] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0240] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0250] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0260] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0270] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0280] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0290] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [02A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [02B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [02C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [02D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [02E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [02F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0300] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0310] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0320] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0330] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0340] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0350] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0360] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0370] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0380] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0390] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [03A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [03B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [03C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [03D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [03E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [03F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0400] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0410] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0420] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0430] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0440] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0450] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0460] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0470] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0480] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0490] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [04A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [04B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [04C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [04D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [04E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [04F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0500] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0510] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0520] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0530] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0540] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0550] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0560] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0570] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0580] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0590] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [05A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [05B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [05C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [05D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [05E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [05F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0600] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0610] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0620] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0630] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0640] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0650] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0660] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0670] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0680] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0690] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [06A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [06B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [06C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [06D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [06E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [06F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0700] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0710] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0720] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0730] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0740] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0750] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0760] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0770] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0780] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0790] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [07A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [07B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [07C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [07D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [07E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [07F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0800] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0810] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0820] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0830] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0840] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0850] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0860] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0870] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0880] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0890] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [08A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [08B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [08C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [08D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [08E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [08F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0900] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0910] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0920] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0930] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0940] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0950] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0960] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0970] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0980] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0990] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [09A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [09B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [09C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [09D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [09E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [09F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0A00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0A10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0A20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0A30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0A40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0A50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0A60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0A70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0A80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0A90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0AA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0AB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0AC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0AD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0AE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0AF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0B00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0B10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0B20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0B30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0B40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0B50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0B60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0B70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0B80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0B90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0BA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0BB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0BC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0BD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0BE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0BF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0C00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0C10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0C20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0C30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0C40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0C50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0C60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0C70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0C80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0C90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0CA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0CB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0CC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0CD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0CE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0CF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0D00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0D10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0D20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0D30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0D40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0D50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0D60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0D70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0D80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0D90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0DA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0DB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0DC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0DD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0DE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0DF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0E00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0E10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0E20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0E30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0E40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0E50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0E60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0E70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0E80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0E90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0EA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0EB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0EC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0ED0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0EE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0EF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0F00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0F10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0F20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0F30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0F40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0F50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0F60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0F70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0F80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0F90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0FA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0FB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0FC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0FD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0FE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0FF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1010] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1020] 00 10 00 00 .... >[2012/02/20 14:52:42.841156, 10] rpc_server/srv_pipe.c:1890(process_complete_pdu) > Processing packet type 0 >[2012/02/20 14:52:42.841273, 10] rpc_server/srv_pipe.c:1734(dcesrv_auth_request) > Checking request auth. >[2012/02/20 14:52:42.841376, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) > Requested \PIPE\\spoolss >[2012/02/20 14:52:42.841477, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) > api_rpcTNP: \spoolss op 0x8 - api_rpcTNP: rpc command: SPOOLSS_GETPRINTER >[2012/02/20 14:52:42.841573, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) > api_rpc_cmds[8].fn == 0x442b10 >[2012/02/20 14:52:42.841673, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > spoolss_GetPrinter: struct spoolss_GetPrinter > in: struct spoolss_GetPrinter > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000021-0000-0000-424f-aac0596c0000 > level : 0x00000002 (2) > buffer : * > buffer : DATA_BLOB length=4096 > [0000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0010] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0040] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0200] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0210] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0220] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0230] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0240] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0250] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0260] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0270] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0280] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0290] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [02A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [02B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [02C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [02D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [02E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [02F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0300] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0310] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0320] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0330] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0340] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0350] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0360] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0370] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0380] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0390] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [03A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [03B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [03C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [03D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [03E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [03F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0400] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0410] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0420] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0430] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0440] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0450] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0460] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0470] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0480] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0490] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [04A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [04B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [04C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [04D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [04E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [04F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0500] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0510] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0520] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0530] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0540] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0550] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0560] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0570] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0580] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0590] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [05A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [05B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [05C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [05D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [05E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [05F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0600] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0610] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0620] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0630] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0640] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0650] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0660] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0670] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0680] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0690] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [06A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [06B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [06C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [06D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [06E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [06F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0700] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0710] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0720] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0730] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0740] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0750] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0760] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0770] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0780] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0790] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [07A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [07B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [07C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [07D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [07E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [07F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0800] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0810] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0820] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0830] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0840] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0850] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0860] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0870] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0880] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0890] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [08A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [08B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [08C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [08D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [08E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [08F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0900] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0910] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0920] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0930] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0940] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0950] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0960] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0970] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0980] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0990] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [09A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [09B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [09C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [09D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [09E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [09F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0A00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0A10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0A20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0A30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0A40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0A50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0A60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0A70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0A80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0A90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0AA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0AB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0AC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0AD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0AE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0AF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0B00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0B10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0B20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0B30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0B40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0B50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0B60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0B70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0B80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0B90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0BA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0BB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0BC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0BD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0BE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0BF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0C00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0C10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0C20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0C30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0C40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0C50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0C60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0C70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0C80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0C90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0CA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0CB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0CC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0CD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0CE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0CF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0D00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0D10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0D20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0D30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0D40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0D50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0D60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0D70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0D80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0D90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0DA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0DB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0DC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0DD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0DE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0DF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0E00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0E10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0E20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0E30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0E40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0E50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0E60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0E70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0E80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0E90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0EA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0EB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0EC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0ED0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0EE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0EF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0F00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0F10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0F20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0F30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0F40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0F50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0F60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0F70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0F80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0F90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0FA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0FB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0FC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0FD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0FE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0FF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > offered : 0x00001000 (4096) >[2012/02/20 14:52:42.958376, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 21 00 00 00 00 00 00 00 42 4F AA C0 ....!... ....BO.. > [0010] 59 6C 00 00 Yl.. >[2012/02/20 14:52:42.958612, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 21 00 00 00 00 00 00 00 42 4F AA C0 ....!... ....BO.. > [0010] 59 6C 00 00 Yl.. >[2012/02/20 14:52:42.958842, 4] rpc_server/spoolss/srv_spoolss_nt.c:504(get_printer_snum) > short name:frost >[2012/02/20 14:52:42.958953, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) > Create pipe requested \winreg >[2012/02/20 14:52:42.959071, 10] rpc_server/rpc_handles.c:116(init_pipe_handles) > init_pipe_handle_list: created handle list for pipe \winreg >[2012/02/20 14:52:42.959166, 10] rpc_server/rpc_handles.c:133(init_pipe_handles) > init_pipe_handle_list: pipe_handles ref count = 1 for pipe \winreg >[2012/02/20 14:52:42.959281, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) > Created internal pipe \winreg (pipes_open=0) >[2012/02/20 14:52:42.959421, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_OpenHKLM: struct winreg_OpenHKLM > in: struct winreg_OpenHKLM > system_name : NULL > access_mask : 0x02000000 (33554432) > 0: KEY_QUERY_VALUE > 0: KEY_SET_VALUE > 0: KEY_CREATE_SUB_KEY > 0: KEY_ENUMERATE_SUB_KEYS > 0: KEY_NOTIFY > 0: KEY_CREATE_LINK > 0: KEY_WOW64_64KEY > 0: KEY_WOW64_32KEY >[2012/02/20 14:52:42.960031, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [HKLM] >[2012/02/20 14:52:42.960142, 4] smbd/sec_ctx.c:214(push_sec_ctx) > push_sec_ctx(7000, 1001) : sec_ctx_stack_ndx = 1 >[2012/02/20 14:52:42.960239, 4] smbd/uid.c:460(push_conn_ctx) > push_conn_ctx(100) : conn_ctx_stack_ndx = 0 >[2012/02/20 14:52:42.960326, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2012/02/20 14:52:42.960413, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2012/02/20 14:52:42.960499, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2012/02/20 14:52:42.960788, 4] smbd/sec_ctx.c:422(pop_sec_ctx) > pop_sec_ctx (7000, 1001) - sec_ctx_stack_ndx = 0 >[2012/02/20 14:52:42.960891, 10] registry/reg_backend_db.c:602(regdb_open) > regdb_open: registry db opened. refcount reset (1) >[2012/02/20 14:52:42.960998, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM] >[2012/02/20 14:52:42.961088, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM] >[2012/02/20 14:52:42.961176, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/02/20 14:52:42.961262, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0xb037c0 for key [\HKLM] >[2012/02/20 14:52:42.961449, 10] registry/reg_backend_db.c:1871(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM] >[2012/02/20 14:52:42.961598, 10] ../libcli/security/access_check.c:178(se_access_check) > se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f >[2012/02/20 14:52:42.961701, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[1] [0000] 00 00 00 00 26 00 00 00 00 00 00 00 42 4F AA C0 ....&... ....BO.. > [0010] 59 6C 00 00 Yl.. >[2012/02/20 14:52:42.961895, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_OpenHKLM: struct winreg_OpenHKLM > out: struct winreg_OpenHKLM > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000026-0000-0000-424f-aac0596c0000 > result : WERR_OK >[2012/02/20 14:52:42.962315, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_OpenKey: struct winreg_OpenKey > in: struct winreg_OpenKey > parent_handle : * > parent_handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000026-0000-0000-424f-aac0596c0000 > keyname: struct winreg_String > name_len : 0x0084 (132) > name_size : 0x0084 (132) > name : * > name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\frost' > options : 0x00000000 (0) > 0: REG_OPTION_VOLATILE > 0: REG_OPTION_CREATE_LINK > 0: REG_OPTION_BACKUP_RESTORE > 0: REG_OPTION_OPEN_LINK > access_mask : 0x02000000 (33554432) > 0: KEY_QUERY_VALUE > 0: KEY_SET_VALUE > 0: KEY_CREATE_SUB_KEY > 0: KEY_ENUMERATE_SUB_KEYS > 0: KEY_NOTIFY > 0: KEY_CREATE_LINK > 0: KEY_WOW64_64KEY > 0: KEY_WOW64_32KEY >[2012/02/20 14:52:42.963418, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 26 00 00 00 00 00 00 00 42 4F AA C0 ....&... ....BO.. > [0010] 59 6C 00 00 Yl.. >[2012/02/20 14:52:42.963606, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [SOFTWARE] >[2012/02/20 14:52:42.963700, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (1->2) >[2012/02/20 14:52:42.963796, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] >[2012/02/20 14:52:42.963892, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE] >[2012/02/20 14:52:42.963999, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/02/20 14:52:42.964086, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0xb037c0 for key [\HKLM\SOFTWARE] >[2012/02/20 14:52:42.964248, 10] registry/reg_backend_db.c:1871(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE] >[2012/02/20 14:52:42.964381, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Microsoft] >[2012/02/20 14:52:42.964477, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (2->3) >[2012/02/20 14:52:42.964571, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] >[2012/02/20 14:52:42.964659, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] >[2012/02/20 14:52:42.964748, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/02/20 14:52:42.964833, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0xb037c0 for key [\HKLM\SOFTWARE\Microsoft] >[2012/02/20 14:52:42.964983, 10] registry/reg_backend_db.c:1871(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft] >[2012/02/20 14:52:42.965118, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (3->2) >[2012/02/20 14:52:42.965210, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Windows NT] >[2012/02/20 14:52:42.965302, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (2->3) >[2012/02/20 14:52:42.965396, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] >[2012/02/20 14:52:42.965484, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] >[2012/02/20 14:52:42.965575, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/02/20 14:52:42.965661, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0xb037c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] >[2012/02/20 14:52:42.965889, 10] registry/reg_backend_db.c:1871(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT] >[2012/02/20 14:52:42.966119, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (3->2) >[2012/02/20 14:52:42.966225, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [CurrentVersion] >[2012/02/20 14:52:42.966318, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (2->3) >[2012/02/20 14:52:42.966412, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] >[2012/02/20 14:52:42.966500, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] >[2012/02/20 14:52:42.966593, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/02/20 14:52:42.966679, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0xb03a20 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] >[2012/02/20 14:52:42.966849, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (3->2) >[2012/02/20 14:52:42.966943, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Print] >[2012/02/20 14:52:42.967045, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (2->3) >[2012/02/20 14:52:42.967139, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] >[2012/02/20 14:52:42.967229, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] >[2012/02/20 14:52:42.967320, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/02/20 14:52:42.967405, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0xb03a20 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] >[2012/02/20 14:52:42.967556, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (3->2) >[2012/02/20 14:52:42.967647, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Printers] >[2012/02/20 14:52:42.967738, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (2->3) >[2012/02/20 14:52:42.967832, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] >[2012/02/20 14:52:42.967921, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] >[2012/02/20 14:52:42.968020, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/02/20 14:52:42.968106, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0xb037c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] >[2012/02/20 14:52:42.968255, 10] registry/reg_backend_db.c:1871(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] >[2012/02/20 14:52:42.968391, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (3->2) >[2012/02/20 14:52:42.968481, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [frost] >[2012/02/20 14:52:42.968575, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (2->3) >[2012/02/20 14:52:42.968669, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\frost] >[2012/02/20 14:52:42.968760, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\frost] >[2012/02/20 14:52:42.968849, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/02/20 14:52:42.968974, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0xb037c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\frost] >[2012/02/20 14:52:42.969124, 10] registry/reg_backend_db.c:1871(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\frost] >[2012/02/20 14:52:42.969262, 10] ../libcli/security/access_check.c:178(se_access_check) > se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f >[2012/02/20 14:52:42.969357, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (3->2) >[2012/02/20 14:52:42.969450, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[2] [0000] 00 00 00 00 27 00 00 00 00 00 00 00 42 4F AA C0 ....'... ....BO.. > [0010] 59 6C 00 00 Yl.. >[2012/02/20 14:52:42.969641, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_OpenKey: struct winreg_OpenKey > out: struct winreg_OpenKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000027-0000-0000-424f-aac0596c0000 > result : WERR_OK >[2012/02/20 14:52:42.970114, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_QueryInfoKey: struct winreg_QueryInfoKey > in: struct winreg_QueryInfoKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000027-0000-0000-424f-aac0596c0000 > classname : * > classname: struct winreg_String > name_len : 0x0000 (0) > name_size : 0x0000 (0) > name : NULL >[2012/02/20 14:52:42.970817, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 27 00 00 00 00 00 00 00 42 4F AA C0 ....'... ....BO.. > [0010] 59 6C 00 00 Yl.. >[2012/02/20 14:52:42.971107, 10] registry/reg_dispatcher.c:150(fetch_reg_values) > fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\frost' (ops 0xb037c0) >[2012/02/20 14:52:42.971207, 10] registry/reg_backend_db.c:1764(regdb_fetch_values_internal) > regdb_fetch_values: Looking for value of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\frost] >[2012/02/20 14:52:42.971348, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) > specific: [Attributes], len: 4 >[2012/02/20 14:52:42.971442, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) > specific: [Description], len: 2 >[2012/02/20 14:52:42.971534, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) > specific: [Datatype], len: 8 >[2012/02/20 14:52:42.971624, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) > specific: [Default Priority], len: 4 >[2012/02/20 14:52:42.971714, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) > specific: [Port], len: 38 >[2012/02/20 14:52:42.971803, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) > specific: [Name], len: 12 >[2012/02/20 14:52:42.971892, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) > specific: [Print Processor], len: 18 >[2012/02/20 14:52:42.971991, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) > specific: [Priority], len: 4 >[2012/02/20 14:52:42.972082, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) > specific: [Security], len: 248 >[2012/02/20 14:52:42.972171, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) > specific: [Share Name], len: 12 >[2012/02/20 14:52:42.972281, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) > specific: [StartTime], len: 4 >[2012/02/20 14:52:42.972411, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) > specific: [UntilTime], len: 4 >[2012/02/20 14:52:42.972504, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) > specific: [ChangeID], len: 4 >[2012/02/20 14:52:42.972597, 10] registry/reg_backend_db.c:1871(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\frost] >[2012/02/20 14:52:42.972747, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_QueryInfoKey: struct winreg_QueryInfoKey > out: struct winreg_QueryInfoKey > classname : * > classname: struct winreg_String > name_len : 0x0000 (0) > name_size : 0x0000 (0) > name : NULL > num_subkeys : * > num_subkeys : 0x00000003 (3) > max_subkeylen : * > max_subkeylen : 0x00000022 (34) > max_classlen : * > max_classlen : 0x00000000 (0) > num_values : * > num_values : 0x0000000d (13) > max_valnamelen : * > max_valnamelen : 0x00000022 (34) > max_valbufsize : * > max_valbufsize : 0x000000f8 (248) > secdescsize : * > secdescsize : 0x00000078 (120) > last_changed_time : * > last_changed_time : NTTIME(0) > result : WERR_OK >[2012/02/20 14:52:42.973807, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000027-0000-0000-424f-aac0596c0000 > enum_index : 0x00000000 (0) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000f8 (248) > length : * > length : 0x00000000 (0) >[2012/02/20 14:52:42.974752, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 27 00 00 00 00 00 00 00 42 4F AA C0 ....'... ....BO.. > [0010] 59 6C 00 00 Yl.. >[2012/02/20 14:52:42.974945, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\frost] >[2012/02/20 14:52:42.975101, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x0016 (22) > size : 0x0024 (36) > name : * > name : 'Attributes' > type : * > type : REG_DWORD (4) > value : * > value: ARRAY(4) > [0] : 0x48 (72) > [1] : 0x10 (16) > [2] : 0x00 (0) > [3] : 0x00 (0) > size : * > size : 0x00000004 (4) > length : * > length : 0x00000004 (4) > result : WERR_OK >[2012/02/20 14:52:42.976143, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000027-0000-0000-424f-aac0596c0000 > enum_index : 0x00000001 (1) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000f8 (248) > length : * > length : 0x00000000 (0) >[2012/02/20 14:52:42.977223, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 27 00 00 00 00 00 00 00 42 4F AA C0 ....'... ....BO.. > [0010] 59 6C 00 00 Yl.. >[2012/02/20 14:52:42.977623, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\frost] >[2012/02/20 14:52:42.977737, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x0018 (24) > size : 0x0024 (36) > name : * > name : 'Description' > type : * > type : REG_SZ (1) > value : * > value: ARRAY(2) > [0] : 0x00 (0) > [1] : 0x00 (0) > size : * > size : 0x00000002 (2) > length : * > length : 0x00000002 (2) > result : WERR_OK >[2012/02/20 14:52:42.978702, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000027-0000-0000-424f-aac0596c0000 > enum_index : 0x00000002 (2) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000f8 (248) > length : * > length : 0x00000000 (0) >[2012/02/20 14:52:42.979704, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 27 00 00 00 00 00 00 00 42 4F AA C0 ....'... ....BO.. > [0010] 59 6C 00 00 Yl.. >[2012/02/20 14:52:42.979897, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\frost] >[2012/02/20 14:52:42.980025, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x0012 (18) > size : 0x0024 (36) > name : * > name : 'Datatype' > type : * > type : REG_SZ (1) > value : * > value: ARRAY(8) > [0] : 0x52 (82) > [1] : 0x00 (0) > [2] : 0x41 (65) > [3] : 0x00 (0) > [4] : 0x57 (87) > [5] : 0x00 (0) > [6] : 0x00 (0) > [7] : 0x00 (0) > size : * > size : 0x00000008 (8) > length : * > length : 0x00000008 (8) > result : WERR_OK >[2012/02/20 14:52:42.981467, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000027-0000-0000-424f-aac0596c0000 > enum_index : 0x00000003 (3) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000f8 (248) > length : * > length : 0x00000000 (0) >[2012/02/20 14:52:42.982504, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 27 00 00 00 00 00 00 00 42 4F AA C0 ....'... ....BO.. > [0010] 59 6C 00 00 Yl.. >[2012/02/20 14:52:42.982701, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\frost] >[2012/02/20 14:52:42.982813, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x0022 (34) > size : 0x0024 (36) > name : * > name : 'Default Priority' > type : * > type : REG_DWORD (4) > value : * > value: ARRAY(4) > [0] : 0x01 (1) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > size : * > size : 0x00000004 (4) > length : * > length : 0x00000004 (4) > result : WERR_OK >[2012/02/20 14:52:42.983843, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000027-0000-0000-424f-aac0596c0000 > enum_index : 0x00000004 (4) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000f8 (248) > length : * > length : 0x00000000 (0) >[2012/02/20 14:52:42.984828, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 27 00 00 00 00 00 00 00 42 4F AA C0 ....'... ....BO.. > [0010] 59 6C 00 00 Yl.. >[2012/02/20 14:52:42.985043, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\frost] >[2012/02/20 14:52:42.985144, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x000a (10) > size : 0x0024 (36) > name : * > name : 'Port' > type : * > type : REG_SZ (1) > value : * > value: ARRAY(38) > [0] : 0x53 (83) > [1] : 0x00 (0) > [2] : 0x61 (97) > [3] : 0x00 (0) > [4] : 0x6d (109) > [5] : 0x00 (0) > [6] : 0x62 (98) > [7] : 0x00 (0) > [8] : 0x61 (97) > [9] : 0x00 (0) > [10] : 0x20 (32) > [11] : 0x00 (0) > [12] : 0x50 (80) > [13] : 0x00 (0) > [14] : 0x72 (114) > [15] : 0x00 (0) > [16] : 0x69 (105) > [17] : 0x00 (0) > [18] : 0x6e (110) > [19] : 0x00 (0) > [20] : 0x74 (116) > [21] : 0x00 (0) > [22] : 0x65 (101) > [23] : 0x00 (0) > [24] : 0x72 (114) > [25] : 0x00 (0) > [26] : 0x20 (32) > [27] : 0x00 (0) > [28] : 0x50 (80) > [29] : 0x00 (0) > [30] : 0x6f (111) > [31] : 0x00 (0) > [32] : 0x72 (114) > [33] : 0x00 (0) > [34] : 0x74 (116) > [35] : 0x00 (0) > [36] : 0x00 (0) > [37] : 0x00 (0) > size : * > size : 0x00000026 (38) > length : * > length : 0x00000026 (38) > result : WERR_OK >[2012/02/20 14:52:42.987735, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000027-0000-0000-424f-aac0596c0000 > enum_index : 0x00000005 (5) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000f8 (248) > length : * > length : 0x00000000 (0) >[2012/02/20 14:52:42.988698, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 27 00 00 00 00 00 00 00 42 4F AA C0 ....'... ....BO.. > [0010] 59 6C 00 00 Yl.. >[2012/02/20 14:52:42.988889, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\frost] >[2012/02/20 14:52:42.988993, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x000a (10) > size : 0x0024 (36) > name : * > name : 'Name' > type : * > type : REG_SZ (1) > value : * > value: ARRAY(12) > [0] : 0x66 (102) > [1] : 0x00 (0) > [2] : 0x72 (114) > [3] : 0x00 (0) > [4] : 0x6f (111) > [5] : 0x00 (0) > [6] : 0x73 (115) > [7] : 0x00 (0) > [8] : 0x74 (116) > [9] : 0x00 (0) > [10] : 0x00 (0) > [11] : 0x00 (0) > size : * > size : 0x0000000c (12) > length : * > length : 0x0000000c (12) > result : WERR_OK >[2012/02/20 14:52:42.990386, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000027-0000-0000-424f-aac0596c0000 > enum_index : 0x00000006 (6) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000f8 (248) > length : * > length : 0x00000000 (0) >[2012/02/20 14:52:42.991653, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 27 00 00 00 00 00 00 00 42 4F AA C0 ....'... ....BO.. > [0010] 59 6C 00 00 Yl.. >[2012/02/20 14:52:42.991859, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\frost] >[2012/02/20 14:52:42.991960, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x0020 (32) > size : 0x0024 (36) > name : * > name : 'Print Processor' > type : * > type : REG_SZ (1) > value : * > value: ARRAY(18) > [0] : 0x77 (119) > [1] : 0x00 (0) > [2] : 0x69 (105) > [3] : 0x00 (0) > [4] : 0x6e (110) > [5] : 0x00 (0) > [6] : 0x70 (112) > [7] : 0x00 (0) > [8] : 0x72 (114) > [9] : 0x00 (0) > [10] : 0x69 (105) > [11] : 0x00 (0) > [12] : 0x6e (110) > [13] : 0x00 (0) > [14] : 0x74 (116) > [15] : 0x00 (0) > [16] : 0x00 (0) > [17] : 0x00 (0) > size : * > size : 0x00000012 (18) > length : * > length : 0x00000012 (18) > result : WERR_OK >[2012/02/20 14:52:42.994260, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000027-0000-0000-424f-aac0596c0000 > enum_index : 0x00000007 (7) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000f8 (248) > length : * > length : 0x00000000 (0) >[2012/02/20 14:52:42.995270, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 27 00 00 00 00 00 00 00 42 4F AA C0 ....'... ....BO.. > [0010] 59 6C 00 00 Yl.. >[2012/02/20 14:52:42.995493, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\frost] >[2012/02/20 14:52:42.995615, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x0012 (18) > size : 0x0024 (36) > name : * > name : 'Priority' > type : * > type : REG_DWORD (4) > value : * > value: ARRAY(4) > [0] : 0x01 (1) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > size : * > size : 0x00000004 (4) > length : * > length : 0x00000004 (4) > result : WERR_OK >[2012/02/20 14:52:42.996828, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000027-0000-0000-424f-aac0596c0000 > enum_index : 0x00000008 (8) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000f8 (248) > length : * > length : 0x00000000 (0) >[2012/02/20 14:52:42.998198, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 27 00 00 00 00 00 00 00 42 4F AA C0 ....'... ....BO.. > [0010] 59 6C 00 00 Yl.. >[2012/02/20 14:52:42.998511, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\frost] >[2012/02/20 14:52:42.998624, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x0012 (18) > size : 0x0024 (36) > name : * > name : 'Security' > type : * > type : REG_BINARY (3) > value : * > value: ARRAY(248) > [0] : 0x01 (1) > [1] : 0x00 (0) > [2] : 0x04 (4) > [3] : 0x80 (128) > [4] : 0x14 (20) > [5] : 0x00 (0) > [6] : 0x00 (0) > [7] : 0x00 (0) > [8] : 0x24 (36) > [9] : 0x00 (0) > [10] : 0x00 (0) > [11] : 0x00 (0) > [12] : 0x00 (0) > [13] : 0x00 (0) > [14] : 0x00 (0) > [15] : 0x00 (0) > [16] : 0x34 (52) > [17] : 0x00 (0) > [18] : 0x00 (0) > [19] : 0x00 (0) > [20] : 0x01 (1) > [21] : 0x02 (2) > [22] : 0x00 (0) > [23] : 0x00 (0) > [24] : 0x00 (0) > [25] : 0x00 (0) > [26] : 0x00 (0) > [27] : 0x05 (5) > [28] : 0x20 (32) > [29] : 0x00 (0) > [30] : 0x00 (0) > [31] : 0x00 (0) > [32] : 0x20 (32) > [33] : 0x02 (2) > [34] : 0x00 (0) > [35] : 0x00 (0) > [36] : 0x01 (1) > [37] : 0x02 (2) > [38] : 0x00 (0) > [39] : 0x00 (0) > [40] : 0x00 (0) > [41] : 0x00 (0) > [42] : 0x00 (0) > [43] : 0x05 (5) > [44] : 0x20 (32) > [45] : 0x00 (0) > [46] : 0x00 (0) > [47] : 0x00 (0) > [48] : 0x20 (32) > [49] : 0x02 (2) > [50] : 0x00 (0) > [51] : 0x00 (0) > [52] : 0x02 (2) > [53] : 0x00 (0) > [54] : 0xc4 (196) > [55] : 0x00 (0) > [56] : 0x07 (7) > [57] : 0x00 (0) > [58] : 0x00 (0) > [59] : 0x00 (0) > [60] : 0x00 (0) > [61] : 0x02 (2) > [62] : 0x14 (20) > [63] : 0x00 (0) > [64] : 0x08 (8) > [65] : 0x00 (0) > [66] : 0x02 (2) > [67] : 0x20 (32) > [68] : 0x01 (1) > [69] : 0x01 (1) > [70] : 0x00 (0) > [71] : 0x00 (0) > [72] : 0x00 (0) > [73] : 0x00 (0) > [74] : 0x00 (0) > [75] : 0x01 (1) > [76] : 0x00 (0) > [77] : 0x00 (0) > [78] : 0x00 (0) > [79] : 0x00 (0) > [80] : 0x00 (0) > [81] : 0x09 (9) > [82] : 0x24 (36) > [83] : 0x00 (0) > [84] : 0x0c (12) > [85] : 0x00 (0) > [86] : 0x0f (15) > [87] : 0x10 (16) > [88] : 0x01 (1) > [89] : 0x05 (5) > [90] : 0x00 (0) > [91] : 0x00 (0) > [92] : 0x00 (0) > [93] : 0x00 (0) > [94] : 0x00 (0) > [95] : 0x05 (5) > [96] : 0x15 (21) > [97] : 0x00 (0) > [98] : 0x00 (0) > [99] : 0x00 (0) > [100] : 0xd3 (211) > [101] : 0x42 (66) > [102] : 0x9f (159) > [103] : 0x90 (144) > [104] : 0x94 (148) > [105] : 0x5f (95) > [106] : 0x64 (100) > [107] : 0xfd (253) > [108] : 0xeb (235) > [109] : 0x17 (23) > [110] : 0x72 (114) > [111] : 0x3b (59) > [112] : 0x00 (0) > [113] : 0x02 (2) > [114] : 0x00 (0) > [115] : 0x00 (0) > [116] : 0x00 (0) > [117] : 0x02 (2) > [118] : 0x24 (36) > [119] : 0x00 (0) > [120] : 0x0c (12) > [121] : 0x00 (0) > [122] : 0x0f (15) > [123] : 0x10 (16) > [124] : 0x01 (1) > [125] : 0x05 (5) > [126] : 0x00 (0) > [127] : 0x00 (0) > [128] : 0x00 (0) > [129] : 0x00 (0) > [130] : 0x00 (0) > [131] : 0x05 (5) > [132] : 0x15 (21) > [133] : 0x00 (0) > [134] : 0x00 (0) > [135] : 0x00 (0) > [136] : 0xd3 (211) > [137] : 0x42 (66) > [138] : 0x9f (159) > [139] : 0x90 (144) > [140] : 0x94 (148) > [141] : 0x5f (95) > [142] : 0x64 (100) > [143] : 0xfd (253) > [144] : 0xeb (235) > [145] : 0x17 (23) > [146] : 0x72 (114) > [147] : 0x3b (59) > [148] : 0x00 (0) > [149] : 0x02 (2) > [150] : 0x00 (0) > [151] : 0x00 (0) > [152] : 0x00 (0) > [153] : 0x09 (9) > [154] : 0x18 (24) > [155] : 0x00 (0) > [156] : 0x0c (12) > [157] : 0x00 (0) > [158] : 0x0f (15) > [159] : 0x10 (16) > [160] : 0x01 (1) > [161] : 0x02 (2) > [162] : 0x00 (0) > [163] : 0x00 (0) > [164] : 0x00 (0) > [165] : 0x00 (0) > [166] : 0x00 (0) > [167] : 0x05 (5) > [168] : 0x20 (32) > [169] : 0x00 (0) > [170] : 0x00 (0) > [171] : 0x00 (0) > [172] : 0x20 (32) > [173] : 0x02 (2) > [174] : 0x00 (0) > [175] : 0x00 (0) > [176] : 0x00 (0) > [177] : 0x02 (2) > [178] : 0x18 (24) > [179] : 0x00 (0) > [180] : 0x0c (12) > [181] : 0x00 (0) > [182] : 0x0f (15) > [183] : 0x10 (16) > [184] : 0x01 (1) > [185] : 0x02 (2) > [186] : 0x00 (0) > [187] : 0x00 (0) > [188] : 0x00 (0) > [189] : 0x00 (0) > [190] : 0x00 (0) > [191] : 0x05 (5) > [192] : 0x20 (32) > [193] : 0x00 (0) > [194] : 0x00 (0) > [195] : 0x00 (0) > [196] : 0x20 (32) > [197] : 0x02 (2) > [198] : 0x00 (0) > [199] : 0x00 (0) > [200] : 0x00 (0) > [201] : 0x09 (9) > [202] : 0x18 (24) > [203] : 0x00 (0) > [204] : 0x0c (12) > [205] : 0x00 (0) > [206] : 0x0f (15) > [207] : 0x10 (16) > [208] : 0x01 (1) > [209] : 0x02 (2) > [210] : 0x00 (0) > [211] : 0x00 (0) > [212] : 0x00 (0) > [213] : 0x00 (0) > [214] : 0x00 (0) > [215] : 0x05 (5) > [216] : 0x20 (32) > [217] : 0x00 (0) > [218] : 0x00 (0) > [219] : 0x00 (0) > [220] : 0x26 (38) > [221] : 0x02 (2) > [222] : 0x00 (0) > [223] : 0x00 (0) > [224] : 0x00 (0) > [225] : 0x02 (2) > [226] : 0x18 (24) > [227] : 0x00 (0) > [228] : 0x0c (12) > [229] : 0x00 (0) > [230] : 0x0f (15) > [231] : 0x10 (16) > [232] : 0x01 (1) > [233] : 0x02 (2) > [234] : 0x00 (0) > [235] : 0x00 (0) > [236] : 0x00 (0) > [237] : 0x00 (0) > [238] : 0x00 (0) > [239] : 0x05 (5) > [240] : 0x20 (32) > [241] : 0x00 (0) > [242] : 0x00 (0) > [243] : 0x00 (0) > [244] : 0x26 (38) > [245] : 0x02 (2) > [246] : 0x00 (0) > [247] : 0x00 (0) > size : * > size : 0x000000f8 (248) > length : * > length : 0x000000f8 (248) > result : WERR_OK >[2012/02/20 14:52:43.011041, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000027-0000-0000-424f-aac0596c0000 > enum_index : 0x00000009 (9) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000f8 (248) > length : * > length : 0x00000000 (0) >[2012/02/20 14:52:43.012078, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 27 00 00 00 00 00 00 00 42 4F AA C0 ....'... ....BO.. > [0010] 59 6C 00 00 Yl.. >[2012/02/20 14:52:43.012275, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\frost] >[2012/02/20 14:52:43.012375, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x0016 (22) > size : 0x0024 (36) > name : * > name : 'Share Name' > type : * > type : REG_SZ (1) > value : * > value: ARRAY(12) > [0] : 0x66 (102) > [1] : 0x00 (0) > [2] : 0x72 (114) > [3] : 0x00 (0) > [4] : 0x6f (111) > [5] : 0x00 (0) > [6] : 0x73 (115) > [7] : 0x00 (0) > [8] : 0x74 (116) > [9] : 0x00 (0) > [10] : 0x00 (0) > [11] : 0x00 (0) > size : * > size : 0x0000000c (12) > length : * > length : 0x0000000c (12) > result : WERR_OK >[2012/02/20 14:52:43.013928, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000027-0000-0000-424f-aac0596c0000 > enum_index : 0x0000000a (10) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000f8 (248) > length : * > length : 0x00000000 (0) >[2012/02/20 14:52:43.015121, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 27 00 00 00 00 00 00 00 42 4F AA C0 ....'... ....BO.. > [0010] 59 6C 00 00 Yl.. >[2012/02/20 14:52:43.015325, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\frost] >[2012/02/20 14:52:43.015431, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x0014 (20) > size : 0x0024 (36) > name : * > name : 'StartTime' > type : * > type : REG_DWORD (4) > value : * > value: ARRAY(4) > [0] : 0x00 (0) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > size : * > size : 0x00000004 (4) > length : * > length : 0x00000004 (4) > result : WERR_OK >[2012/02/20 14:52:43.016463, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000027-0000-0000-424f-aac0596c0000 > enum_index : 0x0000000b (11) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000f8 (248) > length : * > length : 0x00000000 (0) >[2012/02/20 14:52:43.017423, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 27 00 00 00 00 00 00 00 42 4F AA C0 ....'... ....BO.. > [0010] 59 6C 00 00 Yl.. >[2012/02/20 14:52:43.017613, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\frost] >[2012/02/20 14:52:43.017710, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x0014 (20) > size : 0x0024 (36) > name : * > name : 'UntilTime' > type : * > type : REG_DWORD (4) > value : * > value: ARRAY(4) > [0] : 0x00 (0) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > size : * > size : 0x00000004 (4) > length : * > length : 0x00000004 (4) > result : WERR_OK >[2012/02/20 14:52:43.018753, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000027-0000-0000-424f-aac0596c0000 > enum_index : 0x0000000c (12) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000f8 (248) > length : * > length : 0x00000000 (0) >[2012/02/20 14:52:43.019734, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 27 00 00 00 00 00 00 00 42 4F AA C0 ....'... ....BO.. > [0010] 59 6C 00 00 Yl.. >[2012/02/20 14:52:43.020009, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\frost] >[2012/02/20 14:52:43.020179, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x0012 (18) > size : 0x0024 (36) > name : * > name : 'ChangeID' > type : * > type : REG_DWORD (4) > value : * > value: ARRAY(4) > [0] : 0x3b (59) > [1] : 0x86 (134) > [2] : 0xbe (190) > [3] : 0x00 (0) > size : * > size : 0x00000004 (4) > length : * > length : 0x00000004 (4) > result : WERR_OK >[2012/02/20 14:52:43.021433, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_QueryValue: struct winreg_QueryValue > in: struct winreg_QueryValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000027-0000-0000-424f-aac0596c0000 > value_name : * > value_name: struct winreg_String > name_len : 0x0020 (32) > name_size : 0x0020 (32) > name : * > name : 'Default DevMode' > type : * > type : REG_NONE (0) > data : NULL > data_size : * > data_size : 0x00000000 (0) > data_length : * > data_length : 0x00000000 (0) >[2012/02/20 14:52:43.022340, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 27 00 00 00 00 00 00 00 42 4F AA C0 ....'... ....BO.. > [0010] 59 6C 00 00 Yl.. >[2012/02/20 14:52:43.022531, 7] rpc_server/winreg/srv_winreg_nt.c:262(_winreg_QueryValue) > _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\frost] >[2012/02/20 14:52:43.022623, 7] rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) > _winreg_QueryValue: policy key type = [00000000] >[2012/02/20 14:52:43.022719, 10] rpc_server/winreg/srv_winreg_nt.c:315(_winreg_QueryValue) > _winreg_QueryValue: reg_queryvalue failed with: WERR_BADFILE >[2012/02/20 14:52:43.022806, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_QueryValue: struct winreg_QueryValue > out: struct winreg_QueryValue > type : * > type : REG_NONE (0) > data : NULL > data_size : * > data_size : 0x00000000 (0) > data_length : * > data_length : 0x00000000 (0) > result : WERR_BADFILE >[2012/02/20 14:52:43.023313, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_OpenHKLM: struct winreg_OpenHKLM > in: struct winreg_OpenHKLM > system_name : NULL > access_mask : 0x02000000 (33554432) > 0: KEY_QUERY_VALUE > 0: KEY_SET_VALUE > 0: KEY_CREATE_SUB_KEY > 0: KEY_ENUMERATE_SUB_KEYS > 0: KEY_NOTIFY > 0: KEY_CREATE_LINK > 0: KEY_WOW64_64KEY > 0: KEY_WOW64_32KEY >[2012/02/20 14:52:43.023840, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [HKLM] >[2012/02/20 14:52:43.023933, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (2->3) >[2012/02/20 14:52:43.024036, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM] >[2012/02/20 14:52:43.024123, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM] >[2012/02/20 14:52:43.024211, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/02/20 14:52:43.024296, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0xb037c0 for key [\HKLM] >[2012/02/20 14:52:43.024450, 10] registry/reg_backend_db.c:1871(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM] >[2012/02/20 14:52:43.024581, 10] ../libcli/security/access_check.c:178(se_access_check) > se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f >[2012/02/20 14:52:43.024682, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[3] [0000] 00 00 00 00 28 00 00 00 00 00 00 00 42 4F AB C0 ....(... ....BO.. > [0010] 59 6C 00 00 Yl.. >[2012/02/20 14:52:43.024873, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_OpenHKLM: struct winreg_OpenHKLM > out: struct winreg_OpenHKLM > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000028-0000-0000-424f-abc0596c0000 > result : WERR_OK >[2012/02/20 14:52:43.025270, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_OpenKey: struct winreg_OpenKey > in: struct winreg_OpenKey > parent_handle : * > parent_handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000028-0000-0000-424f-abc0596c0000 > keyname: struct winreg_String > name_len : 0x0084 (132) > name_size : 0x0084 (132) > name : * > name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\frost' > options : 0x00000000 (0) > 0: REG_OPTION_VOLATILE > 0: REG_OPTION_CREATE_LINK > 0: REG_OPTION_BACKUP_RESTORE > 0: REG_OPTION_OPEN_LINK > access_mask : 0x02000000 (33554432) > 0: KEY_QUERY_VALUE > 0: KEY_SET_VALUE > 0: KEY_CREATE_SUB_KEY > 0: KEY_ENUMERATE_SUB_KEYS > 0: KEY_NOTIFY > 0: KEY_CREATE_LINK > 0: KEY_WOW64_64KEY > 0: KEY_WOW64_32KEY >[2012/02/20 14:52:43.026363, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 28 00 00 00 00 00 00 00 42 4F AB C0 ....(... ....BO.. > [0010] 59 6C 00 00 Yl.. >[2012/02/20 14:52:43.026559, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [SOFTWARE] >[2012/02/20 14:52:43.026651, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (3->4) >[2012/02/20 14:52:43.026744, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] >[2012/02/20 14:52:43.026830, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE] >[2012/02/20 14:52:43.026917, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/02/20 14:52:43.027011, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0xb037c0 for key [\HKLM\SOFTWARE] >[2012/02/20 14:52:43.027160, 10] registry/reg_backend_db.c:1871(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE] >[2012/02/20 14:52:43.027292, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Microsoft] >[2012/02/20 14:52:43.027387, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (4->5) >[2012/02/20 14:52:43.027480, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] >[2012/02/20 14:52:43.027566, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] >[2012/02/20 14:52:43.027654, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/02/20 14:52:43.027738, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0xb037c0 for key [\HKLM\SOFTWARE\Microsoft] >[2012/02/20 14:52:43.027870, 10] registry/reg_backend_db.c:1871(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft] >[2012/02/20 14:52:43.028035, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (5->4) >[2012/02/20 14:52:43.028140, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Windows NT] >[2012/02/20 14:52:43.028233, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (4->5) >[2012/02/20 14:52:43.028326, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] >[2012/02/20 14:52:43.028413, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] >[2012/02/20 14:52:43.028501, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/02/20 14:52:43.028586, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0xb037c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] >[2012/02/20 14:52:43.028751, 10] registry/reg_backend_db.c:1871(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT] >[2012/02/20 14:52:43.028883, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (5->4) >[2012/02/20 14:52:43.028982, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [CurrentVersion] >[2012/02/20 14:52:43.029076, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (4->5) >[2012/02/20 14:52:43.029169, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] >[2012/02/20 14:52:43.029257, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] >[2012/02/20 14:52:43.029346, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/02/20 14:52:43.029432, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0xb03a20 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] >[2012/02/20 14:52:43.029592, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (5->4) >[2012/02/20 14:52:43.029683, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Print] >[2012/02/20 14:52:43.029773, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (4->5) >[2012/02/20 14:52:43.029867, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] >[2012/02/20 14:52:43.029956, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] >[2012/02/20 14:52:43.030084, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/02/20 14:52:43.030172, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0xb03a20 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] >[2012/02/20 14:52:43.030320, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (5->4) >[2012/02/20 14:52:43.030413, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Printers] >[2012/02/20 14:52:43.030507, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (4->5) >[2012/02/20 14:52:43.030603, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] >[2012/02/20 14:52:43.030691, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] >[2012/02/20 14:52:43.030782, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/02/20 14:52:43.030867, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0xb037c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] >[2012/02/20 14:52:43.031024, 10] registry/reg_backend_db.c:1871(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] >[2012/02/20 14:52:43.031163, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (5->4) >[2012/02/20 14:52:43.031252, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [frost] >[2012/02/20 14:52:43.031343, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (4->5) >[2012/02/20 14:52:43.031437, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\frost] >[2012/02/20 14:52:43.031529, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\frost] >[2012/02/20 14:52:43.031619, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/02/20 14:52:43.031732, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0xb037c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\frost] >[2012/02/20 14:52:43.031876, 10] registry/reg_backend_db.c:1871(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\frost] >[2012/02/20 14:52:43.032053, 10] ../libcli/security/access_check.c:178(se_access_check) > se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f >[2012/02/20 14:52:43.032158, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (5->4) >[2012/02/20 14:52:43.032252, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[4] [0000] 00 00 00 00 29 00 00 00 00 00 00 00 42 4F AB C0 ....)... ....BO.. > [0010] 59 6C 00 00 Yl.. >[2012/02/20 14:52:43.032441, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_OpenKey: struct winreg_OpenKey > out: struct winreg_OpenKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000029-0000-0000-424f-abc0596c0000 > result : WERR_OK >[2012/02/20 14:52:43.032847, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_QueryValue: struct winreg_QueryValue > in: struct winreg_QueryValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000029-0000-0000-424f-abc0596c0000 > value_name : * > value_name: struct winreg_String > name_len : 0x0012 (18) > name_size : 0x0012 (18) > name : * > name : 'Security' > type : * > type : REG_NONE (0) > data : NULL > data_size : * > data_size : 0x00000000 (0) > data_length : * > data_length : 0x00000000 (0) >[2012/02/20 14:52:43.033908, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 29 00 00 00 00 00 00 00 42 4F AB C0 ....)... ....BO.. > [0010] 59 6C 00 00 Yl.. >[2012/02/20 14:52:43.034188, 7] rpc_server/winreg/srv_winreg_nt.c:262(_winreg_QueryValue) > _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\frost] >[2012/02/20 14:52:43.034284, 7] rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) > _winreg_QueryValue: policy key type = [00000000] >[2012/02/20 14:52:43.034374, 10] registry/reg_dispatcher.c:150(fetch_reg_values) > fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\frost' (ops 0xb037c0) >[2012/02/20 14:52:43.034469, 10] registry/reg_backend_db.c:1764(regdb_fetch_values_internal) > regdb_fetch_values: Looking for value of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\frost] >[2012/02/20 14:52:43.034633, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) > specific: [Attributes], len: 4 >[2012/02/20 14:52:43.034729, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) > specific: [Description], len: 2 >[2012/02/20 14:52:43.034818, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) > specific: [Datatype], len: 8 >[2012/02/20 14:52:43.034908, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) > specific: [Default Priority], len: 4 >[2012/02/20 14:52:43.035010, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) > specific: [Port], len: 38 >[2012/02/20 14:52:43.035139, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) > specific: [Name], len: 12 >[2012/02/20 14:52:43.035230, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) > specific: [Print Processor], len: 18 >[2012/02/20 14:52:43.035320, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) > specific: [Priority], len: 4 >[2012/02/20 14:52:43.035411, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) > specific: [Security], len: 248 >[2012/02/20 14:52:43.035501, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) > specific: [Share Name], len: 12 >[2012/02/20 14:52:43.035591, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) > specific: [StartTime], len: 4 >[2012/02/20 14:52:43.035681, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) > specific: [UntilTime], len: 4 >[2012/02/20 14:52:43.035770, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) > specific: [ChangeID], len: 4 >[2012/02/20 14:52:43.035865, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_QueryValue: struct winreg_QueryValue > out: struct winreg_QueryValue > type : * > type : REG_BINARY (3) > data : NULL > data_size : * > data_size : 0x000000f8 (248) > data_length : * > data_length : 0x00000000 (0) > result : WERR_OK >[2012/02/20 14:52:43.036408, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_QueryValue: struct winreg_QueryValue > in: struct winreg_QueryValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000029-0000-0000-424f-abc0596c0000 > value_name : * > value_name: struct winreg_String > name_len : 0x0012 (18) > name_size : 0x0012 (18) > name : * > name : 'Security' > type : * > type : REG_BINARY (3) > data : * > data: ARRAY(0) > data_size : * > data_size : 0x000000f8 (248) > data_length : * > data_length : 0x00000000 (0) >[2012/02/20 14:52:43.037278, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 29 00 00 00 00 00 00 00 42 4F AB C0 ....)... ....BO.. > [0010] 59 6C 00 00 Yl.. >[2012/02/20 14:52:43.037469, 7] rpc_server/winreg/srv_winreg_nt.c:262(_winreg_QueryValue) > _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\frost] >[2012/02/20 14:52:43.037562, 7] rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) > _winreg_QueryValue: policy key type = [00000000] >[2012/02/20 14:52:43.037655, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_QueryValue: struct winreg_QueryValue > out: struct winreg_QueryValue > type : * > type : REG_BINARY (3) > data : * > data: ARRAY(248) > [0] : 0x01 (1) > [1] : 0x00 (0) > [2] : 0x04 (4) > [3] : 0x80 (128) > [4] : 0x14 (20) > [5] : 0x00 (0) > [6] : 0x00 (0) > [7] : 0x00 (0) > [8] : 0x24 (36) > [9] : 0x00 (0) > [10] : 0x00 (0) > [11] : 0x00 (0) > [12] : 0x00 (0) > [13] : 0x00 (0) > [14] : 0x00 (0) > [15] : 0x00 (0) > [16] : 0x34 (52) > [17] : 0x00 (0) > [18] : 0x00 (0) > [19] : 0x00 (0) > [20] : 0x01 (1) > [21] : 0x02 (2) > [22] : 0x00 (0) > [23] : 0x00 (0) > [24] : 0x00 (0) > [25] : 0x00 (0) > [26] : 0x00 (0) > [27] : 0x05 (5) > [28] : 0x20 (32) > [29] : 0x00 (0) > [30] : 0x00 (0) > [31] : 0x00 (0) > [32] : 0x20 (32) > [33] : 0x02 (2) > [34] : 0x00 (0) > [35] : 0x00 (0) > [36] : 0x01 (1) > [37] : 0x02 (2) > [38] : 0x00 (0) > [39] : 0x00 (0) > [40] : 0x00 (0) > [41] : 0x00 (0) > [42] : 0x00 (0) > [43] : 0x05 (5) > [44] : 0x20 (32) > [45] : 0x00 (0) > [46] : 0x00 (0) > [47] : 0x00 (0) > [48] : 0x20 (32) > [49] : 0x02 (2) > [50] : 0x00 (0) > [51] : 0x00 (0) > [52] : 0x02 (2) > [53] : 0x00 (0) > [54] : 0xc4 (196) > [55] : 0x00 (0) > [56] : 0x07 (7) > [57] : 0x00 (0) > [58] : 0x00 (0) > [59] : 0x00 (0) > [60] : 0x00 (0) > [61] : 0x02 (2) > [62] : 0x14 (20) > [63] : 0x00 (0) > [64] : 0x08 (8) > [65] : 0x00 (0) > [66] : 0x02 (2) > [67] : 0x20 (32) > [68] : 0x01 (1) > [69] : 0x01 (1) > [70] : 0x00 (0) > [71] : 0x00 (0) > [72] : 0x00 (0) > [73] : 0x00 (0) > [74] : 0x00 (0) > [75] : 0x01 (1) > [76] : 0x00 (0) > [77] : 0x00 (0) > [78] : 0x00 (0) > [79] : 0x00 (0) > [80] : 0x00 (0) > [81] : 0x09 (9) > [82] : 0x24 (36) > [83] : 0x00 (0) > [84] : 0x0c (12) > [85] : 0x00 (0) > [86] : 0x0f (15) > [87] : 0x10 (16) > [88] : 0x01 (1) > [89] : 0x05 (5) > [90] : 0x00 (0) > [91] : 0x00 (0) > [92] : 0x00 (0) > [93] : 0x00 (0) > [94] : 0x00 (0) > [95] : 0x05 (5) > [96] : 0x15 (21) > [97] : 0x00 (0) > [98] : 0x00 (0) > [99] : 0x00 (0) > [100] : 0xd3 (211) > [101] : 0x42 (66) > [102] : 0x9f (159) > [103] : 0x90 (144) > [104] : 0x94 (148) > [105] : 0x5f (95) > [106] : 0x64 (100) > [107] : 0xfd (253) > [108] : 0xeb (235) > [109] : 0x17 (23) > [110] : 0x72 (114) > [111] : 0x3b (59) > [112] : 0x00 (0) > [113] : 0x02 (2) > [114] : 0x00 (0) > [115] : 0x00 (0) > [116] : 0x00 (0) > [117] : 0x02 (2) > [118] : 0x24 (36) > [119] : 0x00 (0) > [120] : 0x0c (12) > [121] : 0x00 (0) > [122] : 0x0f (15) > [123] : 0x10 (16) > [124] : 0x01 (1) > [125] : 0x05 (5) > [126] : 0x00 (0) > [127] : 0x00 (0) > [128] : 0x00 (0) > [129] : 0x00 (0) > [130] : 0x00 (0) > [131] : 0x05 (5) > [132] : 0x15 (21) > [133] : 0x00 (0) > [134] : 0x00 (0) > [135] : 0x00 (0) > [136] : 0xd3 (211) > [137] : 0x42 (66) > [138] : 0x9f (159) > [139] : 0x90 (144) > [140] : 0x94 (148) > [141] : 0x5f (95) > [142] : 0x64 (100) > [143] : 0xfd (253) > [144] : 0xeb (235) > [145] : 0x17 (23) > [146] : 0x72 (114) > [147] : 0x3b (59) > [148] : 0x00 (0) > [149] : 0x02 (2) > [150] : 0x00 (0) > [151] : 0x00 (0) > [152] : 0x00 (0) > [153] : 0x09 (9) > [154] : 0x18 (24) > [155] : 0x00 (0) > [156] : 0x0c (12) > [157] : 0x00 (0) > [158] : 0x0f (15) > [159] : 0x10 (16) > [160] : 0x01 (1) > [161] : 0x02 (2) > [162] : 0x00 (0) > [163] : 0x00 (0) > [164] : 0x00 (0) > [165] : 0x00 (0) > [166] : 0x00 (0) > [167] : 0x05 (5) > [168] : 0x20 (32) > [169] : 0x00 (0) > [170] : 0x00 (0) > [171] : 0x00 (0) > [172] : 0x20 (32) > [173] : 0x02 (2) > [174] : 0x00 (0) > [175] : 0x00 (0) > [176] : 0x00 (0) > [177] : 0x02 (2) > [178] : 0x18 (24) > [179] : 0x00 (0) > [180] : 0x0c (12) > [181] : 0x00 (0) > [182] : 0x0f (15) > [183] : 0x10 (16) > [184] : 0x01 (1) > [185] : 0x02 (2) > [186] : 0x00 (0) > [187] : 0x00 (0) > [188] : 0x00 (0) > [189] : 0x00 (0) > [190] : 0x00 (0) > [191] : 0x05 (5) > [192] : 0x20 (32) > [193] : 0x00 (0) > [194] : 0x00 (0) > [195] : 0x00 (0) > [196] : 0x20 (32) > [197] : 0x02 (2) > [198] : 0x00 (0) > [199] : 0x00 (0) > [200] : 0x00 (0) > [201] : 0x09 (9) > [202] : 0x18 (24) > [203] : 0x00 (0) > [204] : 0x0c (12) > [205] : 0x00 (0) > [206] : 0x0f (15) > [207] : 0x10 (16) > [208] : 0x01 (1) > [209] : 0x02 (2) > [210] : 0x00 (0) > [211] : 0x00 (0) > [212] : 0x00 (0) > [213] : 0x00 (0) > [214] : 0x00 (0) > [215] : 0x05 (5) > [216] : 0x20 (32) > [217] : 0x00 (0) > [218] : 0x00 (0) > [219] : 0x00 (0) > [220] : 0x26 (38) > [221] : 0x02 (2) > [222] : 0x00 (0) > [223] : 0x00 (0) > [224] : 0x00 (0) > [225] : 0x02 (2) > [226] : 0x18 (24) > [227] : 0x00 (0) > [228] : 0x0c (12) > [229] : 0x00 (0) > [230] : 0x0f (15) > [231] : 0x10 (16) > [232] : 0x01 (1) > [233] : 0x02 (2) > [234] : 0x00 (0) > [235] : 0x00 (0) > [236] : 0x00 (0) > [237] : 0x00 (0) > [238] : 0x00 (0) > [239] : 0x05 (5) > [240] : 0x20 (32) > [241] : 0x00 (0) > [242] : 0x00 (0) > [243] : 0x00 (0) > [244] : 0x26 (38) > [245] : 0x02 (2) > [246] : 0x00 (0) > [247] : 0x00 (0) > data_size : * > data_size : 0x000000f8 (248) > data_length : * > data_length : 0x000000f8 (248) > result : WERR_OK >[2012/02/20 14:52:43.049459, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > in: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000029-0000-0000-424f-abc0596c0000 >[2012/02/20 14:52:43.049801, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 29 00 00 00 00 00 00 00 42 4F AB C0 ....)... ....BO.. > [0010] 59 6C 00 00 Yl.. >[2012/02/20 14:52:43.050001, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 29 00 00 00 00 00 00 00 42 4F AB C0 ....)... ....BO.. > [0010] 59 6C 00 00 Yl.. >[2012/02/20 14:52:43.050186, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/02/20 14:52:43.050281, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (4->3) >[2012/02/20 14:52:43.050371, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > out: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000000-0000-0000-0000-000000000000 > result : WERR_OK >[2012/02/20 14:52:43.050741, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > in: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000028-0000-0000-424f-abc0596c0000 >[2012/02/20 14:52:43.051052, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 28 00 00 00 00 00 00 00 42 4F AB C0 ....(... ....BO.. > [0010] 59 6C 00 00 Yl.. >[2012/02/20 14:52:43.051274, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 28 00 00 00 00 00 00 00 42 4F AB C0 ....(... ....BO.. > [0010] 59 6C 00 00 Yl.. >[2012/02/20 14:52:43.051460, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/02/20 14:52:43.051547, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (3->2) >[2012/02/20 14:52:43.051636, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > out: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000000-0000-0000-0000-000000000000 > result : WERR_OK >[2012/02/20 14:52:43.052017, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > in: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000027-0000-0000-424f-aac0596c0000 >[2012/02/20 14:52:43.052320, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 27 00 00 00 00 00 00 00 42 4F AA C0 ....'... ....BO.. > [0010] 59 6C 00 00 Yl.. >[2012/02/20 14:52:43.052501, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 27 00 00 00 00 00 00 00 42 4F AA C0 ....'... ....BO.. > [0010] 59 6C 00 00 Yl.. >[2012/02/20 14:52:43.052679, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/02/20 14:52:43.052773, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (2->1) >[2012/02/20 14:52:43.052861, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > out: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000000-0000-0000-0000-000000000000 > result : WERR_OK >[2012/02/20 14:52:43.053235, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > in: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000026-0000-0000-424f-aac0596c0000 >[2012/02/20 14:52:43.053538, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 26 00 00 00 00 00 00 00 42 4F AA C0 ....&... ....BO.. > [0010] 59 6C 00 00 Yl.. >[2012/02/20 14:52:43.053726, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 26 00 00 00 00 00 00 00 42 4F AA C0 ....&... ....BO.. > [0010] 59 6C 00 00 Yl.. >[2012/02/20 14:52:43.053914, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/02/20 14:52:43.054008, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (1->0) >[2012/02/20 14:52:43.054130, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > out: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000000-0000-0000-0000-000000000000 > result : WERR_OK >[2012/02/20 14:52:43.054584, 4] smbd/sec_ctx.c:214(push_sec_ctx) > push_sec_ctx(7000, 1001) : sec_ctx_stack_ndx = 1 >[2012/02/20 14:52:43.054695, 4] smbd/uid.c:460(push_conn_ctx) > push_conn_ctx(100) : conn_ctx_stack_ndx = 0 >[2012/02/20 14:52:43.054783, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2012/02/20 14:52:43.054869, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2012/02/20 14:52:43.054954, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2012/02/20 14:52:43.055284, 4] smbd/sec_ctx.c:422(pop_sec_ctx) > pop_sec_ctx (7000, 1001) - sec_ctx_stack_ndx = 0 >[2012/02/20 14:52:43.055415, 4] printing/printing.c:1288(print_cache_expired) > print_cache_expired: cache expired for queue frost (last_qscan_time = 1329774490, time now = 1329774763, qcachetime = 30) >[2012/02/20 14:52:43.055552, 10] printing/printing.c:1815(print_queue_update) > print_queue_update: Sending message -> printer = frost, type = 8, lpq command = [frost] lprm command = [] >[2012/02/20 14:52:43.055709, 10] lib/messages_local.c:255(messaging_tdb_store) > messaging_tdb_store: >[2012/02/20 14:52:43.055801, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) > array: struct messaging_array > num_messages : 0x00000001 (1) > messages: ARRAY(1) > messages: struct messaging_rec > msg_version : 0x00000002 (2) > msg_type : MSG_PRINTER_UPDATE (517) > dest: struct server_id > pid : 0x00000611 (1553) > vnn : 0xffffffff (4294967295) > unique_id : 0x0d94bc75dd341bb3 (978614233454615475) > src: struct server_id > pid : 0x00006c59 (27737) > vnn : 0xffffffff (4294967295) > unique_id : 0x0d94bc75dd341bb3 (978614233454615475) > buf : DATA_BLOB length=17 > [0000] 66 72 6F 73 74 00 08 00 00 00 66 72 6F 73 74 00 frost... ..frost. > [0010] 00 . >[2012/02/20 14:52:43.056898, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > spoolss_GetPrinter: struct spoolss_GetPrinter > out: struct spoolss_GetPrinter > info : * > info : union spoolss_PrinterInfo(case 2) > info2: struct spoolss_PrinterInfo2 > servername : * > servername : '\\EARTH' > printername : * > printername : '\\EARTH\frost' > sharename : * > sharename : 'frost' > portname : * > portname : 'Samba Printer Port' > drivername : * > drivername : '' > comment : * > comment : 'HP LaserJet 5m in Computer Room' > location : * > location : 'Computer Room' > devmode : * > devmode: struct spoolss_DeviceMode > devicename : '\\EARTH\frost' > specversion : DMSPEC_NT4_AND_ABOVE (1025) > driverversion : 0x0400 (1024) > size : 0x00dc (220) > __driverextra_length : 0x0000 (0) > fields : 0x00014713 (83731) > 1: DEVMODE_ORIENTATION > 1: DEVMODE_PAPERSIZE > 0: DEVMODE_PAPERLENGTH > 0: DEVMODE_PAPERWIDTH > 1: DEVMODE_SCALE > 0: DEVMODE_POSITION > 0: DEVMODE_NUP > 1: DEVMODE_COPIES > 1: DEVMODE_DEFAULTSOURCE > 1: DEVMODE_PRINTQUALITY > 0: DEVMODE_COLOR > 0: DEVMODE_DUPLEX > 0: DEVMODE_YRESOLUTION > 1: DEVMODE_TTOPTION > 0: DEVMODE_COLLATE > 1: DEVMODE_FORMNAME > 0: DEVMODE_LOGPIXELS > 0: DEVMODE_BITSPERPEL > 0: DEVMODE_PELSWIDTH > 0: DEVMODE_PELSHEIGHT > 0: DEVMODE_DISPLAYFLAGS > 0: DEVMODE_DISPLAYFREQUENCY > 0: DEVMODE_ICMMETHOD > 0: DEVMODE_ICMINTENT > 0: DEVMODE_MEDIATYPE > 0: DEVMODE_DITHERTYPE > 0: DEVMODE_PANNINGWIDTH > 0: DEVMODE_PANNINGHEIGHT > orientation : DMORIENT_PORTRAIT (1) > papersize : DMPAPER_LETTER (1) > paperlength : 0x0000 (0) > paperwidth : 0x0000 (0) > scale : 0x0064 (100) > copies : 0x0001 (1) > defaultsource : DMBIN_FORMSOURCE (15) > printquality : DMRES_HIGH (65532) > color : DMRES_MONOCHROME (1) > duplex : DMDUP_SIMPLEX (1) > yresolution : 0x0000 (0) > ttoption : DMTT_SUBDEV (3) > collate : DMCOLLATE_FALSE (0) > formname : 'Letter' > logpixels : 0x0000 (0) > bitsperpel : 0x00000000 (0) > pelswidth : 0x00000000 (0) > pelsheight : 0x00000000 (0) > displayflags : UNKNOWN_ENUM_VALUE (0) > displayfrequency : 0x00000000 (0) > icmmethod : UNKNOWN_ENUM_VALUE (0) > icmintent : UNKNOWN_ENUM_VALUE (0) > mediatype : UNKNOWN_ENUM_VALUE (0) > dithertype : UNKNOWN_ENUM_VALUE (0) > reserved1 : 0x00000000 (0) > reserved2 : 0x00000000 (0) > panningwidth : 0x00000000 (0) > panningheight : 0x00000000 (0) > driverextra_data : DATA_BLOB length=0 > sepfile : * > sepfile : '' > printprocessor : * > printprocessor : 'winprint' > datatype : * > datatype : 'RAW' > parameters : * > parameters : '' > secdesc : * > secdesc: struct security_descriptor > revision : SECURITY_DESCRIPTOR_REVISION_1 (1) > type : 0x8004 (32772) > 0: SEC_DESC_OWNER_DEFAULTED > 0: SEC_DESC_GROUP_DEFAULTED > 1: SEC_DESC_DACL_PRESENT > 0: SEC_DESC_DACL_DEFAULTED > 0: SEC_DESC_SACL_PRESENT > 0: SEC_DESC_SACL_DEFAULTED > 0: SEC_DESC_DACL_TRUSTED > 0: SEC_DESC_SERVER_SECURITY > 0: SEC_DESC_DACL_AUTO_INHERIT_REQ > 0: SEC_DESC_SACL_AUTO_INHERIT_REQ > 0: SEC_DESC_DACL_AUTO_INHERITED > 0: SEC_DESC_SACL_AUTO_INHERITED > 0: SEC_DESC_DACL_PROTECTED > 0: SEC_DESC_SACL_PROTECTED > 0: SEC_DESC_RM_CONTROL_VALID > 1: SEC_DESC_SELF_RELATIVE > owner_sid : * > owner_sid : S-1-5-32-544 > group_sid : * > group_sid : S-1-5-32-544 > sacl : NULL > dacl : * > dacl: struct security_acl > revision : SECURITY_ACL_REVISION_NT4 (2) > size : 0x00c4 (196) > num_aces : 0x00000007 (7) > aces: ARRAY(7) > aces: struct security_ace > type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) > flags : 0x02 (2) > 0: SEC_ACE_FLAG_OBJECT_INHERIT > 1: SEC_ACE_FLAG_CONTAINER_INHERIT > 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT > 0: SEC_ACE_FLAG_INHERIT_ONLY > 0: SEC_ACE_FLAG_INHERITED_ACE > 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) > 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS > 0: SEC_ACE_FLAG_FAILED_ACCESS > size : 0x0014 (20) >