The Samba-Bugzilla – Attachment 7637 Details for
Bug 8992
smbd crashes repeatedly at most of incoming requests
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
gdb backtrace, log with log level 10 and config
123.txt (text/plain), 350.94 KB, created by
amigo.elite
on 2012-06-12 00:07:27 UTC
(
hide
)
Description:
gdb backtrace, log with log level 10 and config
Filename:
MIME Type:
Creator:
amigo.elite
Created:
2012-06-12 00:07:27 UTC
Size:
350.94 KB
patch
obsolete
>(gdb) bt >#0 0x00007f6b199663be in __libc_waitpid (pid=<optimized out>, stat_loc=0x7fff862943b0, options=0) at ../sysdeps/unix/sysv/linux/waitpid.c:32 >#1 0x00007f6b198eb10e in do_system (line=0x7f6b1f6a50c0 "/bin/sleep 999999") at ../sysdeps/posix/system.c:149 >#2 0x00007f6b1d19f62c in smb_panic (why=<optimized out>) at lib/util.c:1123 >#3 0x00007f6b1d190898 in fault_report (sig=11) at lib/fault.c:53 >#4 sig_fault (sig=11) at lib/fault.c:76 >#5 <signal handler called> >#6 copy_serverinfo (mem_ctx=<optimized out>, src=0x0) at auth/auth_util.c:856 >#7 0x00007f6b1d1f44d0 in make_server_info_guest (mem_ctx=<optimized out>, server_info=0x7fff86294938) at auth/auth_util.c:934 >#8 0x00007f6b1cebc29d in do_map_to_guest (status=..., server_info=0x7fff86294938, user=0x7f6b1f68ee60 "AmiGO", domain=0x7f6b1f67a6f0 "PANDORABOX") at smbd/sesssetup.c:64 >#9 0x00007f6b1cebc584 in reply_spnego_ntlmssp (req=0x7f6b1f6a4260, vuid=100, auth_ntlmssp_state=0x7f6b1f67f0f0, ntlmssp_blob=0x7fff86294a70, nt_status=..., OID=0x0, wrap=true) > at smbd/sesssetup.c:493 >#10 0x00007f6b1cebe197 in reply_spnego_auth (auth_ntlmssp_state=<optimized out>, blob1=..., vuid=<optimized out>, req=0x7f6b1f6a4260) at smbd/sesssetup.c:806 >#11 reply_sesssetup_and_X_spnego (req=0x7f6b1f6a4260) at smbd/sesssetup.c:1192 >#12 reply_sesssetup_and_X (req=0x7f6b1f6a4260) at smbd/sesssetup.c:1354 >#13 0x00007f6b1cef7374 in switch_message (type=115 's', req=0x7f6b1f6a4260, size=492) at smbd/process.c:1574 >#14 0x00007f6b1cef778b in construct_reply (deferred_pcd=0x0, encrypted=false, seqnum=<optimized out>, unread_bytes=0, size=492, inbuf=0x0, sconn=0x7f6b1f6725c0) at smbd/process.c:1610 >#15 process_smb (sconn=0x7f6b1f6725c0, inbuf=<optimized out>, nread=492, unread_bytes=0, seqnum=<optimized out>, encrypted=false, deferred_pcd=0x0) at smbd/process.c:1688 >#16 0x00007f6b1cef7ba3 in smbd_server_connection_read_handler (conn=0x7f6b1f6725c0, fd=26) at smbd/process.c:2317 >#17 0x00007f6b1d1af32e in run_events_poll (num_pfds=2, pfds=0x7f6b1f67ef30, pollrtn=<optimized out>, ev=0x7f6b1f672500) at lib/events.c:286 >#18 run_events_poll (ev=0x7f6b1f672500, pollrtn=<optimized out>, pfds=0x7f6b1f67ef30, num_pfds=2) at lib/events.c:184 >#19 0x00007f6b1cef933a in smbd_server_connection_loop_once (conn=0x7f6b1f6725c0) at smbd/process.c:1017 >#20 smbd_process (sconn=0x7f6b1f6725c0) at smbd/process.c:3158 >#21 0x00007f6b1d40d2cf in smbd_accept_connection (ev=<optimized out>, fde=<optimized out>, flags=<optimized out>, private_data=<optimized out>) at smbd/server.c:511 >#22 0x00007f6b1d1af32e in run_events_poll (num_pfds=5, pfds=0x7f6b1f690db0, pollrtn=<optimized out>, ev=0x7f6b1f672500) at lib/events.c:286 >#23 run_events_poll (ev=0x7f6b1f672500, pollrtn=<optimized out>, pfds=0x7f6b1f690db0, num_pfds=5) at lib/events.c:184 >#24 0x00007f6b1d1af4ca in s3_event_loop_once (ev=0x7f6b1f672500, location=<optimized out>) at lib/events.c:349 >#25 0x00007f6b1d1b0050 in _tevent_loop_once (ev=0x7f6b1f672500, location=0x7f6b1d614c57 "smbd/server.c:844") at ../lib/tevent/tevent.c:494 >#26 0x00007f6b1ce775d6 in smbd_parent_loop (parent=<optimized out>) at smbd/server.c:844 >#27 main (argc=<optimized out>, argv=<optimized out>) at smbd/server.c:1326 > > ># cat /etc/samba/smb.conf | sed ':a;N;$!ba;s/[#;]\+[^\n]*\n//g' > >[global] > > > workgroup = LNETW > server string = Samba Server Version %v > > netbios name = LSS > > interfaces = p16p1 > bind interfaces only = yes > hosts allow = 192.168.54.1 192.168.54.2 127. > > > > > security = user > passdb backend = tdbsam > > > > > > > > > > > > > > > > > load printers = no > >guest ok = yes >guest account = AmiGO >username map = /etc/samba/smbusers >Map to guest = Bad User > >socket options = IPTOS_LOWDELAY TCP_NODELAY SO_KEEPALIVE SO_SNDBUF=1048576 SO_RCVBUF=1048576 >getwd cache = yes >oplocks = yes >max xmit = 65535 >getwd cache = yes > > > > > > > > > > > >create mask = 0644 > >[home] > path = /home > browseable = yes > writeable = yes > >[ter1] > path = /mnt/ter1 > browseable = yes > writeable = yes > >[ter2] > path = /mnt/ter2 > browseable = yes > writeable = yes > map hidden = yes > >[111] > path = /mnt/111 > browseable = yes > writeable = yes > >[222] > path = /mnt/222 > browseable = yes > writeable = yes > >[l] > path = /mnt/ter2/music > browseable = no > writeable = yes > >[int] > path = /mnt/int > browseable = yes > writeable = yes > >[var] > path = /var/ > browseable = no > writeable = yes > > >[2012/06/12 03:29:53, 0] smbd/server.c:1051(main) > smbd version 3.6.5-85.fc16 started. > Copyright Andrew Tridgell and the Samba Team 1992-2011 >[2012/06/12 03:29:53, 5] ../lib/util/debug.c:330(debug_dump_status) > INFO: Current debug levels: > all: 10 > tdb: 10 > printdrivers: 10 > lanman: 10 > smb: 10 > rpc_parse: 10 > rpc_srv: 10 > rpc_cli: 10 > passdb: 10 > sam: 10 > auth: 10 > winbind: 10 > vfs: 10 > idmap: 10 > quota: 10 > acls: 10 > locking: 10 > msdfs: 10 > dmapi: 10 > registry: 10 > doing parameter panic action = /bin/sleep 999999 > doing parameter create mask = 0644 >[2012/06/12 03:29:53, 4] param/loadparm.c:9608(lp_load_ex) > pm_process() returned Yes >[2012/06/12 03:29:53, 7] param/loadparm.c:9830(lp_servicenumber) > lp_servicenumber: couldn't find homes >[2012/06/12 03:29:53, 10] param/loadparm_server_role.c:101(set_server_role) > set_server_role: role = ROLE_STANDALONE >[2012/06/12 03:29:53, 5] ../lib/util/charset/codepoints.c:235(map_locale) > Substituting charset 'UTF-8' for LOCALE >[2012/06/12 03:29:53, 2] lib/tallocmsg.c:124(register_msg_pool_usage) > Registered MSG_REQ_POOL_USAGE >[2012/06/12 03:29:53, 2] lib/dmallocmsg.c:78(register_dmalloc_msgs) > Registered MSG_REQ_DMALLOC_MARK and LOG_CHANGED >[2012/06/12 03:29:53.004680, 3] param/loadparm.c:9572(lp_load_ex) > lp_load_ex: refreshing parameters >[2012/06/12 03:29:53.004801, 3] param/loadparm.c:5192(init_globals) > Initialising global parameters >[2012/06/12 03:29:53.004956, 3] ../lib/util/params.c:550(pm_process) > params.c:pm_process() - Processing configuration file "/etc/samba/smb.conf" >[2012/06/12 03:29:53.005064, 3] param/loadparm.c:8310(do_section) > Processing section "[global]" > doing parameter workgroup = LNETW > doing parameter server string = Samba Server Version %v > doing parameter netbios name = LSS >[2012/06/12 03:29:53.005349, 4] param/loadparm.c:7561(handle_netbios_name) > handle_netbios_name: set global_myname to: LSS > doing parameter interfaces = p16p1 > doing parameter bind interfaces only = yes > doing parameter hosts allow = 192.168.54.1 192.168.54.2 127. > doing parameter security = user > doing parameter passdb backend = tdbsam > doing parameter load printers = no > doing parameter guest ok = yes > doing parameter guest account = AmiGO > doing parameter username map = /etc/samba/smbusers > doing parameter Map to guest = Bad User > doing parameter socket options = IPTOS_LOWDELAY TCP_NODELAY SO_KEEPALIVE SO_SNDBUF=1048576 SO_RCVBUF=1048576 > doing parameter getwd cache = yes > doing parameter oplocks = yes > doing parameter max xmit = 65535 > doing parameter getwd cache = yes > doing parameter log level = 10 >[2012/06/12 03:29:53.006253, 5] ../lib/util/debug.c:330(debug_dump_status) > INFO: Current debug levels: > all: 10 > tdb: 10 > printdrivers: 10 > lanman: 10 > smb: 10 > rpc_parse: 10 > rpc_srv: 10 > rpc_cli: 10 > passdb: 10 > sam: 10 > auth: 10 > winbind: 10 > vfs: 10 > idmap: 10 > quota: 10 > acls: 10 > locking: 10 > msdfs: 10 > dmapi: 10 > registry: 10 > doing parameter panic action = /bin/sleep 999999 > doing parameter create mask = 0644 >[2012/06/12 03:29:53.007819, 2] param/loadparm.c:8327(do_section) > Processing section "[home]" >[2012/06/12 03:29:53.007985, 8] param/loadparm.c:6480(add_a_service) > add_a_service: Creating snum = 0 for home >[2012/06/12 03:29:53.008098, 10] param/loadparm.c:6518(hash_a_service) > hash_a_service: creating servicehash >[2012/06/12 03:29:53.008210, 10] param/loadparm.c:6527(hash_a_service) > hash_a_service: hashing index 0 for service name home > doing parameter path = /home > doing parameter browseable = yes > doing parameter writeable = yes >[2012/06/12 03:29:53.008261, 2] param/loadparm.c:8327(do_section) > Processing section "[ter1]" >[2012/06/12 03:29:53.008432, 8] param/loadparm.c:6480(add_a_service) > add_a_service: Creating snum = 1 for ter1 >[2012/06/12 03:29:53.008529, 10] param/loadparm.c:6527(hash_a_service) > hash_a_service: hashing index 1 for service name ter1 > doing parameter path = /mnt/ter1 > doing parameter browseable = yes > doing parameter writeable = yes >[2012/06/12 03:29:53.008807, 2] param/loadparm.c:8327(do_section) > Processing section "[ter2]" >[2012/06/12 03:29:53.009067, 8] param/loadparm.c:6480(add_a_service) > add_a_service: Creating snum = 2 for ter2 >[2012/06/12 03:29:53.009250, 10] param/loadparm.c:6527(hash_a_service) > hash_a_service: hashing index 2 for service name ter2 > doing parameter path = /mnt/ter2 > doing parameter browseable = yes > doing parameter writeable = yes > doing parameter map hidden = yes >[2012/06/12 03:29:53.009571, 2] param/loadparm.c:8327(do_section) > Processing section "[111]" >[2012/06/12 03:29:53.009684, 8] param/loadparm.c:6480(add_a_service) > add_a_service: Creating snum = 3 for 111 >[2012/06/12 03:29:53.009780, 10] param/loadparm.c:6527(hash_a_service) > hash_a_service: hashing index 3 for service name 111 > doing parameter path = /mnt/111 > doing parameter browseable = yes > doing parameter writeable = yes >[2012/06/12 03:29:53.010027, 2] param/loadparm.c:8327(do_section) > Processing section "[222]" >[2012/06/12 03:29:53.010138, 8] param/loadparm.c:6480(add_a_service) > add_a_service: Creating snum = 4 for 222 >[2012/06/12 03:29:53.010247, 10] param/loadparm.c:6527(hash_a_service) > hash_a_service: hashing index 4 for service name 222 > doing parameter path = /mnt/222 > doing parameter browseable = yes > doing parameter writeable = yes >[2012/06/12 03:29:53.010508, 2] param/loadparm.c:8327(do_section) > Processing section "[l]" >[2012/06/12 03:29:53.010638, 8] param/loadparm.c:6480(add_a_service) > add_a_service: Creating snum = 5 for l >[2012/06/12 03:29:53.010736, 10] param/loadparm.c:6527(hash_a_service) > hash_a_service: hashing index 5 for service name l > doing parameter path = /mnt/ter2/music > doing parameter browseable = no > doing parameter writeable = yes >[2012/06/12 03:29:53.010978, 2] param/loadparm.c:8327(do_section) > Processing section "[int]" >[2012/06/12 03:29:53.011090, 8] param/loadparm.c:6480(add_a_service) > add_a_service: Creating snum = 6 for int >[2012/06/12 03:29:53.011187, 10] param/loadparm.c:6527(hash_a_service) > hash_a_service: hashing index 6 for service name int > doing parameter path = /mnt/int > doing parameter browseable = yes > doing parameter writeable = yes >[2012/06/12 03:29:53.011454, 2] param/loadparm.c:8327(do_section) > Processing section "[var]" >[2012/06/12 03:29:53.011566, 8] param/loadparm.c:6480(add_a_service) > add_a_service: Creating snum = 7 for var >[2012/06/12 03:29:53.011682, 10] param/loadparm.c:6527(hash_a_service) > hash_a_service: hashing index 7 for service name var > doing parameter path = /var/ > doing parameter browseable = no > doing parameter writeable = yes >[2012/06/12 03:29:53.011929, 4] param/loadparm.c:9608(lp_load_ex) > pm_process() returned Yes >[2012/06/12 03:29:53.012059, 7] param/loadparm.c:9830(lp_servicenumber) > lp_servicenumber: couldn't find homes >[2012/06/12 03:29:53.012171, 8] param/loadparm.c:6480(add_a_service) > add_a_service: Creating snum = 8 for IPC$ >[2012/06/12 03:29:53.012307, 10] param/loadparm.c:6527(hash_a_service) > hash_a_service: hashing index 8 for service name IPC$ >[2012/06/12 03:29:53.012428, 3] param/loadparm.c:6630(lp_add_ipc) > adding IPC service >[2012/06/12 03:29:53.012526, 10] param/loadparm_server_role.c:101(set_server_role) > set_server_role: role = ROLE_STANDALONE >[2012/06/12 03:29:53.012632, 5] ../lib/util/charset/codepoints.c:235(map_locale) > Substituting charset 'UTF-8' for LOCALE >[2012/06/12 03:29:53.012750, 6] param/loadparm.c:7490(lp_file_list_changed) > lp_file_list_changed() > file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Tue Jun 12 03:25:04 2012 > >[2012/06/12 03:29:53.013327, 2] lib/interface.c:341(add_interface) > added interface p16p1 ip=fe80::a00:27ff:fedc:673b%p16p1 bcast=fe80::ffff:ffff:ffff:ffff%p16p1 netmask=ffff:ffff:ffff:ffff:: >[2012/06/12 03:29:53.013577, 2] lib/interface.c:341(add_interface) > added interface p16p1 ip=192.168.54.2 bcast=192.168.54.255 netmask=255.255.255.0 >[2012/06/12 03:29:53.013786, 3] smbd/server.c:1086(main) > loaded services >[2012/06/12 03:29:53.013893, 5] lib/util.c:242(init_names) > Netbios name list:- > my_netbios_names[0]="LSS" >[2012/06/12 03:29:53.014183, 0] smbd/server.c:1107(main) > standard input is not a socket, assuming -D option >[2012/06/12 03:29:53.014920, 3] smbd/server.c:1118(main) > Becoming a daemon. >[2012/06/12 03:29:53.021574, 8] ../lib/util/util.c:263(fcntl_lock) > fcntl_lock 10 6 0 1 1 >[2012/06/12 03:29:53.023871, 8] ../lib/util/util.c:298(fcntl_lock) > fcntl_lock: Lock call successful >[2012/06/12 03:29:53.025256, 5] passdb/pdb_interface.c:71(smb_register_passdb) > Attempting to register passdb backend ldapsam >[2012/06/12 03:29:53.025390, 5] passdb/pdb_interface.c:84(smb_register_passdb) > Successfully added passdb backend 'ldapsam' >[2012/06/12 03:29:53.025486, 5] passdb/pdb_interface.c:71(smb_register_passdb) > Attempting to register passdb backend ldapsam_compat >[2012/06/12 03:29:53.025584, 5] passdb/pdb_interface.c:84(smb_register_passdb) > Successfully added passdb backend 'ldapsam_compat' >[2012/06/12 03:29:53.025697, 5] passdb/pdb_interface.c:71(smb_register_passdb) > Attempting to register passdb backend NDS_ldapsam >[2012/06/12 03:29:53.025794, 5] passdb/pdb_interface.c:84(smb_register_passdb) > Successfully added passdb backend 'NDS_ldapsam' >[2012/06/12 03:29:53.025924, 5] passdb/pdb_interface.c:71(smb_register_passdb) > Attempting to register passdb backend NDS_ldapsam_compat >[2012/06/12 03:29:53.026021, 5] passdb/pdb_interface.c:84(smb_register_passdb) > Successfully added passdb backend 'NDS_ldapsam_compat' >[2012/06/12 03:29:53.026149, 5] passdb/pdb_interface.c:71(smb_register_passdb) > Attempting to register passdb backend IPA_ldapsam >[2012/06/12 03:29:53.026245, 5] passdb/pdb_interface.c:84(smb_register_passdb) > Successfully added passdb backend 'IPA_ldapsam' >[2012/06/12 03:29:53.026364, 5] passdb/pdb_interface.c:71(smb_register_passdb) > Attempting to register passdb backend smbpasswd >[2012/06/12 03:29:53.026490, 5] passdb/pdb_interface.c:84(smb_register_passdb) > Successfully added passdb backend 'smbpasswd' >[2012/06/12 03:29:53.026603, 5] passdb/pdb_interface.c:71(smb_register_passdb) > Attempting to register passdb backend tdbsam >[2012/06/12 03:29:53.026701, 5] passdb/pdb_interface.c:84(smb_register_passdb) > Successfully added passdb backend 'tdbsam' >[2012/06/12 03:29:53.026812, 5] passdb/pdb_interface.c:71(smb_register_passdb) > Attempting to register passdb backend wbc_sam >[2012/06/12 03:29:53.026926, 5] passdb/pdb_interface.c:84(smb_register_passdb) > Successfully added passdb backend 'wbc_sam' >[2012/06/12 03:29:53.027022, 5] passdb/pdb_interface.c:141(make_pdb_method_name) > Attempting to find a passdb backend to match tdbsam (tdbsam) >[2012/06/12 03:29:53.027118, 5] passdb/pdb_interface.c:162(make_pdb_method_name) > Found pdb backend tdbsam >[2012/06/12 03:29:53.027301, 5] passdb/pdb_interface.c:173(make_pdb_method_name) > pdb backend tdbsam has a valid init >[2012/06/12 03:29:53.028887, 10] registry/reg_backend_db.c:526(regdb_init) > regdb_init: registry db openend. refcount reset (1) >[2012/06/12 03:29:53.029057, 10] registry/reg_cachehook.c:70(reghook_cache_init) > reghook_cache_init: new tree with default ops 0x7ffa8896c300 for key [] >[2012/06/12 03:29:53.029949, 10] registry/reg_backend_db.c:1764(regdb_fetch_values_internal) > regdb_fetch_values: Looking for value of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Ports] >[2012/06/12 03:29:53.030199, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) > specific: [Samba Printer Port], len: 2 >[2012/06/12 03:29:53.030218, 10] registry/reg_backend_db.c:1764(regdb_fetch_values_internal) > regdb_fetch_values: Looking for value of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] >[2012/06/12 03:29:53.030416, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) > specific: [DefaultSpoolDirectory], len: 70 >[2012/06/12 03:29:53.030517, 10] registry/reg_backend_db.c:1764(regdb_fetch_values_internal) > regdb_fetch_values: Looking for value of key [HKLM\SYSTEM\CurrentControlSet\Services\Eventlog] >[2012/06/12 03:29:53.030627, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) > specific: [DisplayName], len: 20 >[2012/06/12 03:29:53.030724, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) > specific: [ErrorControl], len: 4 >[2012/06/12 03:29:53.030839, 10] registry/reg_backend_db.c:1764(regdb_fetch_values_internal) > regdb_fetch_values: Looking for value of key [HKLM\SYSTEM\CurrentControlSet\Services\Eventlog] >[2012/06/12 03:29:53.031001, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) > specific: [DisplayName], len: 20 >[2012/06/12 03:29:53.031190, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) > specific: [ErrorControl], len: 4 >[2012/06/12 03:29:53.031358, 10] registry/reg_cachehook.c:94(reghook_cache_add) > reghook_cache_add: Adding ops 0x7ffa8896c460 for key [\HKLM\SYSTEM\CurrentControlSet\Control\Print\Printers] >[2012/06/12 03:29:53.031457, 8] lib/adt_tree.c:215(pathtree_add) > pathtree_add: Enter >[2012/06/12 03:29:53.031658, 10] lib/adt_tree.c:282(pathtree_add) > pathtree_add: Successfully added node [HKLM\SYSTEM\CurrentControlSet\Control\Print\Printers] to tree >[2012/06/12 03:29:53.031759, 8] lib/adt_tree.c:284(pathtree_add) > pathtree_add: Exit >[2012/06/12 03:29:53.031911, 10] registry/reg_cachehook.c:94(reghook_cache_add) > reghook_cache_add: Adding ops 0x7ffa8896c300 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] >[2012/06/12 03:29:53.032010, 8] lib/adt_tree.c:215(pathtree_add) > pathtree_add: Enter >[2012/06/12 03:29:53.032121, 10] lib/adt_tree.c:282(pathtree_add) > pathtree_add: Successfully added node [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] to tree >[2012/06/12 03:29:53.032205, 8] lib/adt_tree.c:284(pathtree_add) > pathtree_add: Exit >[2012/06/12 03:29:53.032620, 10] registry/reg_cachehook.c:94(reghook_cache_add) > reghook_cache_add: Adding ops 0x7ffa8896c300 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Ports] >[2012/06/12 03:29:53.032914, 8] lib/adt_tree.c:215(pathtree_add) > pathtree_add: Enter >[2012/06/12 03:29:53.033013, 10] lib/adt_tree.c:282(pathtree_add) > pathtree_add: Successfully added node [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Ports] to tree >[2012/06/12 03:29:53.033111, 8] lib/adt_tree.c:284(pathtree_add) > pathtree_add: Exit >[2012/06/12 03:29:53.033289, 10] registry/reg_cachehook.c:94(reghook_cache_add) > reghook_cache_add: Adding ops 0x7ffa8896c4c0 for key [\HKLM\SYSTEM\CurrentControlSet\Services\LanmanServer\Shares] >[2012/06/12 03:29:53.033565, 8] lib/adt_tree.c:215(pathtree_add) > pathtree_add: Enter >[2012/06/12 03:29:53.033665, 10] lib/adt_tree.c:282(pathtree_add) > pathtree_add: Successfully added node [HKLM\SYSTEM\CurrentControlSet\Services\LanmanServer\Shares] to tree >[2012/06/12 03:29:53.033763, 8] lib/adt_tree.c:284(pathtree_add) > pathtree_add: Exit >[2012/06/12 03:29:53.033860, 10] registry/reg_cachehook.c:94(reghook_cache_add) > reghook_cache_add: Adding ops 0x7ffa8896c400 for key [\HKLM\SOFTWARE\Samba\smbconf] >[2012/06/12 03:29:53.033957, 8] lib/adt_tree.c:215(pathtree_add) > pathtree_add: Enter >[2012/06/12 03:29:53.034058, 10] lib/adt_tree.c:282(pathtree_add) > pathtree_add: Successfully added node [HKLM\SOFTWARE\Samba\smbconf] to tree >[2012/06/12 03:29:53.034154, 8] lib/adt_tree.c:284(pathtree_add) > pathtree_add: Exit >[2012/06/12 03:29:53.034269, 10] registry/reg_cachehook.c:94(reghook_cache_add) > reghook_cache_add: Adding ops 0x7ffa8896c520 for key [\HKLM\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters] >[2012/06/12 03:29:53.034374, 8] lib/adt_tree.c:215(pathtree_add) > pathtree_add: Enter >[2012/06/12 03:29:53.034472, 10] lib/adt_tree.c:282(pathtree_add) > pathtree_add: Successfully added node [HKLM\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters] to tree >[2012/06/12 03:29:53.034570, 8] lib/adt_tree.c:284(pathtree_add) > pathtree_add: Exit >[2012/06/12 03:29:53.034667, 10] registry/reg_cachehook.c:94(reghook_cache_add) > reghook_cache_add: Adding ops 0x7ffa8896c580 for key [\HKLM\SYSTEM\CurrentControlSet\Control\ProductOptions] >[2012/06/12 03:29:53.034765, 8] lib/adt_tree.c:215(pathtree_add) > pathtree_add: Enter >[2012/06/12 03:29:53.034862, 10] lib/adt_tree.c:282(pathtree_add) > pathtree_add: Successfully added node [HKLM\SYSTEM\CurrentControlSet\Control\ProductOptions] to tree >[2012/06/12 03:29:53.034959, 8] lib/adt_tree.c:284(pathtree_add) > pathtree_add: Exit >[2012/06/12 03:29:53.035070, 10] registry/reg_cachehook.c:94(reghook_cache_add) > reghook_cache_add: Adding ops 0x7ffa8896c5e0 for key [\HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters] >[2012/06/12 03:29:53.035168, 8] lib/adt_tree.c:215(pathtree_add) > pathtree_add: Enter >[2012/06/12 03:29:53.035302, 10] lib/adt_tree.c:282(pathtree_add) > pathtree_add: Successfully added node [HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters] to tree >[2012/06/12 03:29:53.035399, 8] lib/adt_tree.c:284(pathtree_add) > pathtree_add: Exit >[2012/06/12 03:29:53.035509, 10] registry/reg_cachehook.c:94(reghook_cache_add) > reghook_cache_add: Adding ops 0x7ffa8896c640 for key [\HKPT] >[2012/06/12 03:29:53.035606, 8] lib/adt_tree.c:215(pathtree_add) > pathtree_add: Enter >[2012/06/12 03:29:53.035703, 10] lib/adt_tree.c:282(pathtree_add) > pathtree_add: Successfully added node [HKPT] to tree >[2012/06/12 03:29:53.035804, 8] lib/adt_tree.c:284(pathtree_add) > pathtree_add: Exit >[2012/06/12 03:29:53.035902, 10] registry/reg_cachehook.c:94(reghook_cache_add) > reghook_cache_add: Adding ops 0x7ffa8896c6a0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] >[2012/06/12 03:29:53.036012, 8] lib/adt_tree.c:215(pathtree_add) > pathtree_add: Enter >[2012/06/12 03:29:53.036108, 10] lib/adt_tree.c:282(pathtree_add) > pathtree_add: Successfully added node [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] to tree >[2012/06/12 03:29:53.036203, 8] lib/adt_tree.c:284(pathtree_add) > pathtree_add: Exit >[2012/06/12 03:29:53.036305, 10] registry/reg_cachehook.c:94(reghook_cache_add) > reghook_cache_add: Adding ops 0x7ffa8896c700 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib] >[2012/06/12 03:29:53.036404, 8] lib/adt_tree.c:215(pathtree_add) > pathtree_add: Enter >[2012/06/12 03:29:53.036500, 10] lib/adt_tree.c:282(pathtree_add) > pathtree_add: Successfully added node [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib] to tree >[2012/06/12 03:29:53.036596, 8] lib/adt_tree.c:284(pathtree_add) > pathtree_add: Exit >[2012/06/12 03:29:53.036691, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (1->0) >[2012/06/12 03:29:53.039768, 5] lib/username.c:171(Get_Pwnam_alloc) > Finding user root >[2012/06/12 03:29:53.039869, 5] lib/username.c:116(Get_Pwnam_internals) > Trying _Get_Pwnam(), username as lowercase is root >[2012/06/12 03:29:53.040120, 5] lib/username.c:149(Get_Pwnam_internals) > Get_Pwnam_internals did find user [root]! >[2012/06/12 03:29:53.041076, 10] passdb/lookup_sid.c:76(lookup_name) > lookup_name: Unix User\root => domain=[Unix User], name=[root] >[2012/06/12 03:29:53.041216, 10] passdb/lookup_sid.c:77(lookup_name) > lookup_name: flags = 0x073 >[2012/06/12 03:29:53.041709, 5] lib/username.c:171(Get_Pwnam_alloc) > Finding user root >[2012/06/12 03:29:53.041850, 5] lib/username.c:116(Get_Pwnam_internals) > Trying _Get_Pwnam(), username as lowercase is root >[2012/06/12 03:29:53.042005, 5] lib/username.c:149(Get_Pwnam_internals) > Get_Pwnam_internals did find user [root]! >[2012/06/12 03:29:53.042181, 10] passdb/pdb_get_set.c:575(pdb_set_username) > pdb_set_username: setting username root, was >[2012/06/12 03:29:53.042357, 10] passdb/pdb_get_set.c:644(pdb_set_fullname) > pdb_set_full_name: setting full name root, was >[2012/06/12 03:29:53.042454, 10] passdb/pdb_get_set.c:598(pdb_set_domain) > pdb_set_domain: setting domain LSS, was >[2012/06/12 03:29:53.042574, 4] lib/substitute.c:527(automount_server) > Home server: lss >[2012/06/12 03:29:53.042692, 10] passdb/pdb_get_set.c:690(pdb_set_profile_path) > pdb_set_profile_path: setting profile path \\lss\root\profile, was >[2012/06/12 03:29:53.042790, 4] lib/substitute.c:527(automount_server) > Home server: lss >[2012/06/12 03:29:53.042889, 10] passdb/pdb_get_set.c:737(pdb_set_homedir) > pdb_set_homedir: setting home dir \\lss\root, was >[2012/06/12 03:29:53.042986, 10] passdb/pdb_get_set.c:713(pdb_set_dir_drive) > pdb_set_dir_drive: setting dir drive , was NULL >[2012/06/12 03:29:53.043101, 10] passdb/pdb_get_set.c:667(pdb_set_logon_script) > pdb_set_logon_script: setting logon script , was >[2012/06/12 03:29:53.043206, 10] passdb/pdb_get_set.c:500(pdb_set_user_sid) > pdb_set_user_sid: setting user sid S-1-5-21-3946504339-3717241383-247693249-1000 >[2012/06/12 03:29:53.043376, 10] passdb/pdb_compat.c:73(pdb_set_user_sid_from_rid) > pdb_set_user_sid_from_rid: > setting user sid S-1-5-21-3946504339-3717241383-247693249-1000 from rid 1000 >[2012/06/12 03:29:53.043516, 10] passdb/pdb_get_set.c:575(pdb_set_username) > pdb_set_username: setting username root, was root >[2012/06/12 03:29:53.043612, 10] passdb/pdb_get_set.c:500(pdb_set_user_sid) > pdb_set_user_sid: setting user sid S-1-22-1-0 >[2012/06/12 03:29:53.043794, 5] lib/gencache.c:68(gencache_init) > Opening cache file at /var/lib/samba/gencache.tdb >[2012/06/12 03:29:53.044009, 5] lib/gencache.c:111(gencache_init) > Opening cache file at /var/lib/samba/gencache_notrans.tdb >[2012/06/12 03:29:53.044200, 5] passdb/lookup_sid.c:1384(gid_to_sid) > gid_to_sid: winbind failed to find a sid for gid 0 >[2012/06/12 03:29:53.044361, 4] smbd/sec_ctx.c:214(push_sec_ctx) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >[2012/06/12 03:29:53.044476, 4] smbd/uid.c:460(push_conn_ctx) > push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >[2012/06/12 03:29:53.044589, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2012/06/12 03:29:53.044685, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2012/06/12 03:29:53.044797, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2012/06/12 03:29:53.045203, 4] smbd/sec_ctx.c:422(pop_sec_ctx) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2012/06/12 03:29:53.045301, 10] passdb/lookup_sid.c:1181(legacy_gid_to_sid) > LEGACY: gid 0 -> sid S-1-22-2-0 >[2012/06/12 03:29:53.045423, 3] passdb/lookup_sid.c:1737(get_primary_group_sid) > Forcing Primary Group to 'Domain Users' for root >[2012/06/12 03:29:53.045527, 10] auth/server_info.c:354(samu_to_SamInfo3) > Unix User found in struct samu. Rid marked as special and sid (S-1-22-1-0) saved as extra sid >[2012/06/12 03:29:53.045644, 5] lib/username.c:171(Get_Pwnam_alloc) > Finding user root >[2012/06/12 03:29:53.045740, 5] lib/username.c:116(Get_Pwnam_internals) > Trying _Get_Pwnam(), username as lowercase is root >[2012/06/12 03:29:53.045837, 5] lib/username.c:149(Get_Pwnam_internals) > Get_Pwnam_internals did find user [root]! >[2012/06/12 03:29:53.046078, 10] lib/system_smbd.c:175(sys_getgrouplist) > sys_getgrouplist: user [root] >[2012/06/12 03:29:53.046256, 5] passdb/lookup_sid.c:1384(gid_to_sid) > gid_to_sid: winbind failed to find a sid for gid 1 >[2012/06/12 03:29:53.046361, 4] smbd/sec_ctx.c:214(push_sec_ctx) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >[2012/06/12 03:29:53.046474, 4] smbd/uid.c:460(push_conn_ctx) > push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >[2012/06/12 03:29:53.046571, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2012/06/12 03:29:53.046667, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2012/06/12 03:29:53.046762, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2012/06/12 03:29:53.046916, 4] smbd/sec_ctx.c:422(pop_sec_ctx) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2012/06/12 03:29:53.047014, 10] passdb/lookup_sid.c:1181(legacy_gid_to_sid) > LEGACY: gid 1 -> sid S-1-22-2-1 >[2012/06/12 03:29:53.047124, 5] passdb/lookup_sid.c:1384(gid_to_sid) > gid_to_sid: winbind failed to find a sid for gid 2 >[2012/06/12 03:29:53.047253, 4] smbd/sec_ctx.c:214(push_sec_ctx) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >[2012/06/12 03:29:53.047356, 4] smbd/uid.c:460(push_conn_ctx) > push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >[2012/06/12 03:29:53.047453, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2012/06/12 03:29:53.047548, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2012/06/12 03:29:53.047644, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2012/06/12 03:29:53.047791, 4] smbd/sec_ctx.c:422(pop_sec_ctx) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2012/06/12 03:29:53.047901, 10] passdb/lookup_sid.c:1181(legacy_gid_to_sid) > LEGACY: gid 2 -> sid S-1-22-2-2 >[2012/06/12 03:29:53.048016, 5] passdb/lookup_sid.c:1384(gid_to_sid) > gid_to_sid: winbind failed to find a sid for gid 3 >[2012/06/12 03:29:53.048113, 4] smbd/sec_ctx.c:214(push_sec_ctx) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >[2012/06/12 03:29:53.048253, 4] smbd/uid.c:460(push_conn_ctx) > push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >[2012/06/12 03:29:53.048355, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2012/06/12 03:29:53.048456, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2012/06/12 03:29:53.048551, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2012/06/12 03:29:53.048705, 4] smbd/sec_ctx.c:422(pop_sec_ctx) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2012/06/12 03:29:53.048801, 10] passdb/lookup_sid.c:1181(legacy_gid_to_sid) > LEGACY: gid 3 -> sid S-1-22-2-3 >[2012/06/12 03:29:53.048911, 5] passdb/lookup_sid.c:1384(gid_to_sid) > gid_to_sid: winbind failed to find a sid for gid 4 >[2012/06/12 03:29:53.049008, 4] smbd/sec_ctx.c:214(push_sec_ctx) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >[2012/06/12 03:29:53.049104, 4] smbd/uid.c:460(push_conn_ctx) > push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >[2012/06/12 03:29:53.049200, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2012/06/12 03:29:53.049302, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2012/06/12 03:29:53.049397, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2012/06/12 03:29:53.049543, 4] smbd/sec_ctx.c:422(pop_sec_ctx) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2012/06/12 03:29:53.049639, 10] passdb/lookup_sid.c:1181(legacy_gid_to_sid) > LEGACY: gid 4 -> sid S-1-22-2-4 >[2012/06/12 03:29:53.049748, 5] passdb/lookup_sid.c:1384(gid_to_sid) > gid_to_sid: winbind failed to find a sid for gid 6 >[2012/06/12 03:29:53.049857, 4] smbd/sec_ctx.c:214(push_sec_ctx) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >[2012/06/12 03:29:53.049953, 4] smbd/uid.c:460(push_conn_ctx) > push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >[2012/06/12 03:29:53.050050, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2012/06/12 03:29:53.050145, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2012/06/12 03:29:53.050245, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2012/06/12 03:29:53.050416, 4] smbd/sec_ctx.c:422(pop_sec_ctx) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2012/06/12 03:29:53.050513, 10] passdb/lookup_sid.c:1181(legacy_gid_to_sid) > LEGACY: gid 6 -> sid S-1-22-2-6 >[2012/06/12 03:29:53.050631, 5] passdb/lookup_sid.c:1384(gid_to_sid) > gid_to_sid: winbind failed to find a sid for gid 10 >[2012/06/12 03:29:53.050728, 4] smbd/sec_ctx.c:214(push_sec_ctx) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >[2012/06/12 03:29:53.050825, 4] smbd/uid.c:460(push_conn_ctx) > push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >[2012/06/12 03:29:53.050921, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2012/06/12 03:29:53.051016, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2012/06/12 03:29:53.051112, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2012/06/12 03:29:53.051255, 4] smbd/sec_ctx.c:422(pop_sec_ctx) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2012/06/12 03:29:53.051358, 10] passdb/lookup_sid.c:1181(legacy_gid_to_sid) > LEGACY: gid 10 -> sid S-1-22-2-10 >[2012/06/12 03:29:53.051465, 10] passdb/lookup_sid.c:76(lookup_name) > lookup_name: LSS\root => domain=[LSS], name=[root] >[2012/06/12 03:29:53.051562, 10] passdb/lookup_sid.c:77(lookup_name) > lookup_name: flags = 0x073 >[2012/06/12 03:29:53.051694, 4] smbd/sec_ctx.c:214(push_sec_ctx) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >[2012/06/12 03:29:53.051791, 4] smbd/uid.c:460(push_conn_ctx) > push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >[2012/06/12 03:29:53.051887, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2012/06/12 03:29:53.051983, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2012/06/12 03:29:53.052078, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2012/06/12 03:29:53.052410, 4] passdb/pdb_tdb.c:523(tdbsam_open) > tdbsam_open: successfully opened /var/lib/samba/private/passdb.tdb >[2012/06/12 03:29:53.052515, 5] passdb/pdb_tdb.c:562(tdbsam_getsampwnam) > pdb_getsampwnam (TDB): error fetching database. > Key: USER_root >[2012/06/12 03:29:53.052666, 4] smbd/sec_ctx.c:422(pop_sec_ctx) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2012/06/12 03:29:53.052767, 4] smbd/sec_ctx.c:214(push_sec_ctx) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >[2012/06/12 03:29:53.052864, 4] smbd/uid.c:460(push_conn_ctx) > push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >[2012/06/12 03:29:53.052960, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2012/06/12 03:29:53.053056, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2012/06/12 03:29:53.053151, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2012/06/12 03:29:53.053306, 4] smbd/sec_ctx.c:422(pop_sec_ctx) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2012/06/12 03:29:53.053407, 10] passdb/lookup_sid.c:76(lookup_name) > lookup_name: Unix User\root => domain=[Unix User], name=[root] >[2012/06/12 03:29:53.053503, 10] passdb/lookup_sid.c:77(lookup_name) > lookup_name: flags = 0x073 >[2012/06/12 03:29:53.053618, 5] lib/username.c:171(Get_Pwnam_alloc) > Finding user root >[2012/06/12 03:29:53.053715, 5] lib/username.c:116(Get_Pwnam_internals) > Trying _Get_Pwnam(), username as lowercase is root >[2012/06/12 03:29:53.053812, 5] lib/username.c:149(Get_Pwnam_internals) > Get_Pwnam_internals did find user [root]! >[2012/06/12 03:29:53.053928, 10] passdb/lookup_sid.c:1527(sid_to_uid) > sid S-1-22-1-0 -> uid 0 >[2012/06/12 03:29:53.054077, 10] lib/system_smbd.c:175(sys_getgrouplist) > sys_getgrouplist: user [root] >[2012/06/12 03:29:53.055079, 10] auth/token_util.c:339(create_local_nt_token) > Create local NT token for S-1-22-1-0 >[2012/06/12 03:29:53.055266, 10] passdb/lookup_sid.c:1611(sid_to_gid) > winbind failed to find a gid for sid S-1-5-32-544 >[2012/06/12 03:29:53.055373, 4] smbd/sec_ctx.c:214(push_sec_ctx) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >[2012/06/12 03:29:53.055470, 4] smbd/uid.c:460(push_conn_ctx) > push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >[2012/06/12 03:29:53.055566, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2012/06/12 03:29:53.055662, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2012/06/12 03:29:53.055757, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2012/06/12 03:29:53.055923, 4] smbd/sec_ctx.c:422(pop_sec_ctx) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2012/06/12 03:29:53.056019, 10] passdb/lookup_sid.c:1253(legacy_sid_to_gid) > LEGACY: mapping failed for sid S-1-5-32-544 >[2012/06/12 03:29:53.056115, 4] smbd/sec_ctx.c:214(push_sec_ctx) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >[2012/06/12 03:29:53.056264, 4] smbd/uid.c:460(push_conn_ctx) > push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >[2012/06/12 03:29:53.056365, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2012/06/12 03:29:53.056460, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2012/06/12 03:29:53.056555, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2012/06/12 03:29:53.056700, 3] auth/token_util.c:438(finalize_local_nt_token) > Failed to fetch domain sid for LNETW >[2012/06/12 03:29:53.056890, 4] smbd/sec_ctx.c:422(pop_sec_ctx) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2012/06/12 03:29:53.057038, 10] passdb/lookup_sid.c:1611(sid_to_gid) > winbind failed to find a gid for sid S-1-5-32-545 >[2012/06/12 03:29:53.057139, 4] smbd/sec_ctx.c:214(push_sec_ctx) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >[2012/06/12 03:29:53.057307, 4] smbd/uid.c:460(push_conn_ctx) > push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >[2012/06/12 03:29:53.057411, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2012/06/12 03:29:53.057508, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2012/06/12 03:29:53.057604, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2012/06/12 03:29:53.057773, 4] smbd/sec_ctx.c:422(pop_sec_ctx) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2012/06/12 03:29:53.057869, 10] passdb/lookup_sid.c:1253(legacy_sid_to_gid) > LEGACY: mapping failed for sid S-1-5-32-545 >[2012/06/12 03:29:53.057966, 4] smbd/sec_ctx.c:214(push_sec_ctx) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >[2012/06/12 03:29:53.058061, 4] smbd/uid.c:460(push_conn_ctx) > push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >[2012/06/12 03:29:53.058156, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2012/06/12 03:29:53.058327, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2012/06/12 03:29:53.058422, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2012/06/12 03:29:53.058571, 3] auth/token_util.c:469(finalize_local_nt_token) > Failed to fetch domain sid for LNETW >[2012/06/12 03:29:53.058669, 4] smbd/sec_ctx.c:422(pop_sec_ctx) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2012/06/12 03:29:53.058787, 4] smbd/sec_ctx.c:214(push_sec_ctx) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >[2012/06/12 03:29:53.058882, 4] smbd/uid.c:460(push_conn_ctx) > push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >[2012/06/12 03:29:53.058977, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2012/06/12 03:29:53.059136, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2012/06/12 03:29:53.059258, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2012/06/12 03:29:53.059465, 4] smbd/sec_ctx.c:422(pop_sec_ctx) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2012/06/12 03:29:53.059734, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-22-1-0] >[2012/06/12 03:29:53.059845, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-22-2-0] >[2012/06/12 03:29:53.059946, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-22-2-1] >[2012/06/12 03:29:53.060047, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-22-2-2] >[2012/06/12 03:29:53.060161, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-22-2-3] >[2012/06/12 03:29:53.060319, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-22-2-4] >[2012/06/12 03:29:53.060443, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-22-2-6] >[2012/06/12 03:29:53.060545, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-22-2-10] >[2012/06/12 03:29:53.060662, 5] lib/privileges.c:175(get_privileges_for_sids) > get_privileges_for_sids: sid = S-1-1-0 > Privilege set: 0x0 >[2012/06/12 03:29:53.060805, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-2] >[2012/06/12 03:29:53.060907, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-11] >[2012/06/12 03:29:53.061087, 10] passdb/lookup_sid.c:1468(sids_to_unix_ids) > wbcSidsToUnixIds returned WBC_ERR_WINBIND_NOT_AVAILABLE >[2012/06/12 03:29:53.061342, 4] smbd/sec_ctx.c:214(push_sec_ctx) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >[2012/06/12 03:29:53.061441, 4] smbd/uid.c:460(push_conn_ctx) > push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >[2012/06/12 03:29:53.061542, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2012/06/12 03:29:53.061639, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2012/06/12 03:29:53.061735, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2012/06/12 03:29:53.061884, 4] smbd/sec_ctx.c:422(pop_sec_ctx) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2012/06/12 03:29:53.061981, 10] passdb/lookup_sid.c:1253(legacy_sid_to_gid) > LEGACY: mapping failed for sid S-1-1-0 >[2012/06/12 03:29:53.062078, 10] passdb/lookup_sid.c:1218(legacy_sid_to_uid) > LEGACY: mapping failed for sid S-1-1-0 >[2012/06/12 03:29:53.062177, 4] smbd/sec_ctx.c:214(push_sec_ctx) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >[2012/06/12 03:29:53.062319, 4] smbd/uid.c:460(push_conn_ctx) > push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >[2012/06/12 03:29:53.062414, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2012/06/12 03:29:53.062509, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2012/06/12 03:29:53.062603, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2012/06/12 03:29:53.062769, 4] smbd/sec_ctx.c:422(pop_sec_ctx) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2012/06/12 03:29:53.062865, 10] passdb/lookup_sid.c:1253(legacy_sid_to_gid) > LEGACY: mapping failed for sid S-1-5-2 >[2012/06/12 03:29:53.062961, 10] passdb/lookup_sid.c:1218(legacy_sid_to_uid) > LEGACY: mapping failed for sid S-1-5-2 >[2012/06/12 03:29:53.063057, 4] smbd/sec_ctx.c:214(push_sec_ctx) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >[2012/06/12 03:29:53.063162, 4] smbd/uid.c:460(push_conn_ctx) > push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >[2012/06/12 03:29:53.063312, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2012/06/12 03:29:53.063408, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2012/06/12 03:29:53.063502, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2012/06/12 03:29:53.063650, 4] smbd/sec_ctx.c:422(pop_sec_ctx) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2012/06/12 03:29:53.063746, 10] passdb/lookup_sid.c:1253(legacy_sid_to_gid) > LEGACY: mapping failed for sid S-1-5-11 >[2012/06/12 03:29:53.063842, 10] passdb/lookup_sid.c:1218(legacy_sid_to_uid) > LEGACY: mapping failed for sid S-1-5-11 >[2012/06/12 03:29:53.063940, 10] auth/auth_util.c:505(create_local_token) > Could not convert SID S-1-1-0 to gid, ignoring it >[2012/06/12 03:29:53.064036, 10] auth/auth_util.c:505(create_local_token) > Could not convert SID S-1-5-2 to gid, ignoring it >[2012/06/12 03:29:53.064132, 10] auth/auth_util.c:505(create_local_token) > Could not convert SID S-1-5-11 to gid, ignoring it >[2012/06/12 03:29:53.064260, 10] ../libcli/security/security_token.c:63(security_token_debug) > Security token SIDs (11): > SID[ 0]: S-1-22-1-0 > SID[ 1]: S-1-22-2-0 > SID[ 2]: S-1-22-2-1 > SID[ 3]: S-1-22-2-2 > SID[ 4]: S-1-22-2-3 > SID[ 5]: S-1-22-2-4 > SID[ 6]: S-1-22-2-6 > SID[ 7]: S-1-22-2-10 > SID[ 8]: S-1-1-0 > SID[ 9]: S-1-5-2 > SID[ 10]: S-1-5-11 > Privileges (0x 0): > Rights (0x 0): >[2012/06/12 03:29:53.064964, 10] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 7 supplementary groups > Group[ 0]: 0 > Group[ 1]: 1 > Group[ 2]: 2 > Group[ 3]: 3 > Group[ 4]: 4 > Group[ 5]: 6 > Group[ 6]: 10 >[2012/06/12 03:29:53.065455, 5] lib/username.c:171(Get_Pwnam_alloc) > Finding user AmiGO >[2012/06/12 03:29:53.065553, 5] lib/username.c:116(Get_Pwnam_internals) > Trying _Get_Pwnam(), username as lowercase is amigo >[2012/06/12 03:29:53.065710, 5] lib/username.c:124(Get_Pwnam_internals) > Trying _Get_Pwnam(), username as given is AmiGO >[2012/06/12 03:29:53.065867, 5] lib/username.c:149(Get_Pwnam_internals) > Get_Pwnam_internals did find user [AmiGO]! >[2012/06/12 03:29:53.066061, 4] auth/user_util.c:361(map_username) > Scanning username map /etc/samba/smbusers >[2012/06/12 03:29:53.066273, 10] auth/user_util.c:195(user_in_list) > user_in_list: checking user LSS\amigo in list >[2012/06/12 03:29:53.066382, 10] auth/user_util.c:200(user_in_list) > user_in_list: checking user |LSS\amigo| against |administrator| >[2012/06/12 03:29:53.066479, 10] auth/user_util.c:200(user_in_list) > user_in_list: checking user |LSS\amigo| against |admin| >[2012/06/12 03:29:53.066597, 10] auth/user_util.c:195(user_in_list) > user_in_list: checking user LSS\amigo in list >[2012/06/12 03:29:53.066693, 10] auth/user_util.c:200(user_in_list) > user_in_list: checking user |LSS\amigo| against |guest| >[2012/06/12 03:29:53.066788, 10] auth/user_util.c:200(user_in_list) > user_in_list: checking user |LSS\amigo| against |pcguest| >[2012/06/12 03:29:53.066883, 10] auth/user_util.c:200(user_in_list) > user_in_list: checking user |LSS\amigo| against |smbguest| >[2012/06/12 03:29:53.067014, 5] lib/username.c:171(Get_Pwnam_alloc) > Finding user LSS\amigo >[2012/06/12 03:29:53.067110, 5] lib/username.c:116(Get_Pwnam_internals) > Trying _Get_Pwnam(), username as lowercase is lss\amigo >[2012/06/12 03:29:53.067271, 5] lib/username.c:124(Get_Pwnam_internals) > Trying _Get_Pwnam(), username as given is LSS\amigo >[2012/06/12 03:29:53.067436, 5] lib/username.c:134(Get_Pwnam_internals) > Trying _Get_Pwnam(), username as uppercase is LSS\AMIGO >[2012/06/12 03:29:53.067585, 5] lib/username.c:143(Get_Pwnam_internals) > Checking combinations of 0 uppercase letters in lss\amigo >[2012/06/12 03:29:53.067681, 5] lib/username.c:149(Get_Pwnam_internals) > Get_Pwnam_internals didn't find user [LSS\amigo]! >[2012/06/12 03:29:53.067777, 5] lib/username.c:171(Get_Pwnam_alloc) > Finding user amigo >[2012/06/12 03:29:53.067871, 5] lib/username.c:116(Get_Pwnam_internals) > Trying _Get_Pwnam(), username as lowercase is amigo >[2012/06/12 03:29:53.068021, 5] lib/username.c:134(Get_Pwnam_internals) > Trying _Get_Pwnam(), username as uppercase is AMIGO >[2012/06/12 03:29:53.068171, 5] lib/username.c:143(Get_Pwnam_internals) > Checking combinations of 0 uppercase letters in amigo >[2012/06/12 03:29:53.068311, 5] lib/username.c:149(Get_Pwnam_internals) > Get_Pwnam_internals didn't find user [amigo]! >[2012/06/12 03:29:53.068434, 5] lib/username.c:171(Get_Pwnam_alloc) > Finding user amigo >[2012/06/12 03:29:53.068529, 5] lib/username.c:116(Get_Pwnam_internals) > Trying _Get_Pwnam(), username as lowercase is amigo >[2012/06/12 03:29:53.068679, 5] lib/username.c:134(Get_Pwnam_internals) > Trying _Get_Pwnam(), username as uppercase is AMIGO >[2012/06/12 03:29:53.068829, 5] lib/username.c:143(Get_Pwnam_internals) > Checking combinations of 0 uppercase letters in amigo >[2012/06/12 03:29:53.068925, 5] lib/username.c:149(Get_Pwnam_internals) > Get_Pwnam_internals didn't find user [amigo]! >[2012/06/12 03:29:53.069020, 3] auth/auth_util.c:1028(check_account) > Failed to find authenticated user LSS\amigo via getpwnam(), denying access. >[2012/06/12 03:29:53.069273, 3] rpc_server/svcctl/srv_svcctl_reg.c:569(svcctl_init_winreg) > Initialise the svcctl registry keys if needed. >[2012/06/12 03:29:53.069401, 4] smbd/sec_ctx.c:214(push_sec_ctx) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >[2012/06/12 03:29:53.069497, 4] smbd/uid.c:460(push_conn_ctx) > push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >[2012/06/12 03:29:53.069592, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2012/06/12 03:29:53.069687, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2012/06/12 03:29:53.069782, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2012/06/12 03:29:53.069973, 4] smbd/sec_ctx.c:422(pop_sec_ctx) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2012/06/12 03:29:53.070073, 10] registry/reg_backend_db.c:602(regdb_open) > regdb_open: registry db opened. refcount reset (1) >[2012/06/12 03:29:53.071063, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) > Create pipe requested \winreg >[2012/06/12 03:29:53.071286, 10] rpc_server/rpc_handles.c:116(init_pipe_handles) > init_pipe_handle_list: created handle list for pipe \winreg >[2012/06/12 03:29:53.071392, 10] rpc_server/rpc_handles.c:133(init_pipe_handles) > init_pipe_handle_list: pipe_handles ref count = 1 for pipe \winreg >[2012/06/12 03:29:53.071525, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) > Created internal pipe \winreg (pipes_open=0) >[2012/06/12 03:29:53.071823, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_OpenHKLM: struct winreg_OpenHKLM > in: struct winreg_OpenHKLM > system_name : NULL > access_mask : 0x02000000 (33554432) > 0: KEY_QUERY_VALUE > 0: KEY_SET_VALUE > 0: KEY_CREATE_SUB_KEY > 0: KEY_ENUMERATE_SUB_KEYS > 0: KEY_NOTIFY > 0: KEY_CREATE_LINK > 0: KEY_WOW64_64KEY > 0: KEY_WOW64_32KEY >[2012/06/12 03:29:53.072741, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [HKLM] >[2012/06/12 03:29:53.072889, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (1->2) >[2012/06/12 03:29:53.073060, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM] >[2012/06/12 03:29:53.073275, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM] >[2012/06/12 03:29:53.073431, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/06/12 03:29:53.073590, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7ffa8896c300 for key [\HKLM] >[2012/06/12 03:29:53.073916, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[1] [0000] 00 00 00 00 01 00 00 00 00 00 00 00 D6 4F 71 7F ........ .....Oq. > [0010] CD 25 00 00 .%.. >[2012/06/12 03:29:53.074391, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_OpenHKLM: struct winreg_OpenHKLM > out: struct winreg_OpenHKLM > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000001-0000-0000-d64f-717fcd250000 > result : WERR_OK >[2012/06/12 03:29:53.075581, 5] ../lib/util/charset/codepoints.c:235(map_locale) > Substituting charset 'UTF-8' for LOCALE >[2012/06/12 03:29:53.075745, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_OpenKey: struct winreg_OpenKey > in: struct winreg_OpenKey > parent_handle : * > parent_handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000001-0000-0000-d64f-717fcd250000 > keyname: struct winreg_String > name_len : 0x0044 (68) > name_size : 0x0044 (68) > name : * > name : 'SYSTEM\CurrentControlSet\Services' > options : 0x00000000 (0) > 0: REG_OPTION_VOLATILE > 0: REG_OPTION_CREATE_LINK > 0: REG_OPTION_BACKUP_RESTORE > 0: REG_OPTION_OPEN_LINK > access_mask : 0x02000000 (33554432) > 0: KEY_QUERY_VALUE > 0: KEY_SET_VALUE > 0: KEY_CREATE_SUB_KEY > 0: KEY_ENUMERATE_SUB_KEYS > 0: KEY_NOTIFY > 0: KEY_CREATE_LINK > 0: KEY_WOW64_64KEY > 0: KEY_WOW64_32KEY >[2012/06/12 03:29:53.077924, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 01 00 00 00 00 00 00 00 D6 4F 71 7F ........ .....Oq. > [0010] CD 25 00 00 .%.. >[2012/06/12 03:29:53.078164, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [SYSTEM] >[2012/06/12 03:29:53.078357, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (2->3) >[2012/06/12 03:29:53.078483, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SYSTEM] >[2012/06/12 03:29:53.078605, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SYSTEM] >[2012/06/12 03:29:53.078728, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/06/12 03:29:53.078846, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7ffa8896c300 for key [\HKLM\SYSTEM] >[2012/06/12 03:29:53.079043, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [CurrentControlSet] >[2012/06/12 03:29:53.079174, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (3->4) >[2012/06/12 03:29:53.079354, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet] >[2012/06/12 03:29:53.079477, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet] >[2012/06/12 03:29:53.079594, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/06/12 03:29:53.079717, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7ffa8896c300 for key [\HKLM\SYSTEM\CurrentControlSet] >[2012/06/12 03:29:53.079843, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (4->3) >[2012/06/12 03:29:53.079969, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Services] >[2012/06/12 03:29:53.080091, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (3->4) >[2012/06/12 03:29:53.080250, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services] >[2012/06/12 03:29:53.080378, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services] >[2012/06/12 03:29:53.080510, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/06/12 03:29:53.080636, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7ffa8896c300 for key [\HKLM\SYSTEM\CurrentControlSet\Services] >[2012/06/12 03:29:53.080792, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (4->3) >[2012/06/12 03:29:53.080911, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[2] [0000] 00 00 00 00 02 00 00 00 00 00 00 00 D6 4F 71 7F ........ .....Oq. > [0010] CD 25 00 00 .%.. >[2012/06/12 03:29:53.081120, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_OpenKey: struct winreg_OpenKey > out: struct winreg_OpenKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000002-0000-0000-d64f-717fcd250000 > result : WERR_OK >[2012/06/12 03:29:53.081662, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_QueryInfoKey: struct winreg_QueryInfoKey > in: struct winreg_QueryInfoKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000002-0000-0000-d64f-717fcd250000 > classname : * > classname: struct winreg_String > name_len : 0x0000 (0) > name_size : 0x0000 (0) > name : NULL >[2012/06/12 03:29:53.082436, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 02 00 00 00 00 00 00 00 D6 4F 71 7F ........ .....Oq. > [0010] CD 25 00 00 .%.. >[2012/06/12 03:29:53.082656, 10] registry/reg_dispatcher.c:150(fetch_reg_values) > fetch_reg_values called for key 'HKLM\SYSTEM\CurrentControlSet\Services' (ops 0x7ffa8896c300) >[2012/06/12 03:29:53.082764, 10] registry/reg_backend_db.c:1764(regdb_fetch_values_internal) > regdb_fetch_values: Looking for value of key [HKLM\SYSTEM\CurrentControlSet\Services] >[2012/06/12 03:29:53.082910, 10] registry/reg_backend_db.c:1871(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM\CurrentControlSet\Services] >[2012/06/12 03:29:53.083099, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_QueryInfoKey: struct winreg_QueryInfoKey > out: struct winreg_QueryInfoKey > classname : * > classname: struct winreg_String > name_len : 0x0000 (0) > name_size : 0x0000 (0) > name : NULL > num_subkeys : * > num_subkeys : 0x00000007 (7) > max_subkeylen : * > max_subkeylen : 0x0000001c (28) > max_classlen : * > max_classlen : 0x00000000 (0) > num_values : * > num_values : 0x00000000 (0) > max_valnamelen : * > max_valnamelen : 0x00000002 (2) > max_valbufsize : * > max_valbufsize : 0x00000000 (0) > secdescsize : * > secdescsize : 0x00000078 (120) > last_changed_time : * > last_changed_time : NTTIME(0) > result : WERR_OK >[2012/06/12 03:29:53.085638, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumKey: struct winreg_EnumKey > in: struct winreg_EnumKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000002-0000-0000-d64f-717fcd250000 > enum_index : 0x00000000 (0) > name : * > name: struct winreg_StringBuf > length : 0x0000 (0) > size : 0x001e (30) > name : * > name : '' > keyclass : * > keyclass: struct winreg_StringBuf > length : 0x0000 (0) > size : 0x0002 (2) > name : * > name : '' > last_changed_time : * > last_changed_time : NTTIME(0) >[2012/06/12 03:29:53.087634, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 02 00 00 00 00 00 00 00 D6 4F 71 7F ........ .....Oq. > [0010] CD 25 00 00 .%.. >[2012/06/12 03:29:53.087932, 8] rpc_server/winreg/srv_winreg_nt.c:420(_winreg_EnumKey) > _winreg_EnumKey: enumerating key [HKLM\SYSTEM\CurrentControlSet\Services] >[2012/06/12 03:29:53.088096, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumKey: struct winreg_EnumKey > out: struct winreg_EnumKey > name : * > name: struct winreg_StringBuf > length : 0x001a (26) > size : 0x001e (30) > name : * > name : 'LanmanServer' > keyclass : * > keyclass: struct winreg_StringBuf > length : 0x0000 (0) > size : 0x0002 (2) > name : * > name : '' > last_changed_time : * > last_changed_time : NTTIME(0) > result : WERR_OK >[2012/06/12 03:29:53.089561, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumKey: struct winreg_EnumKey > in: struct winreg_EnumKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000002-0000-0000-d64f-717fcd250000 > enum_index : 0x00000001 (1) > name : * > name: struct winreg_StringBuf > length : 0x0000 (0) > size : 0x001e (30) > name : * > name : '' > keyclass : * > keyclass: struct winreg_StringBuf > length : 0x0000 (0) > size : 0x0002 (2) > name : * > name : '' > last_changed_time : * > last_changed_time : NTTIME(0) >[2012/06/12 03:29:53.091423, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 02 00 00 00 00 00 00 00 D6 4F 71 7F ........ .....Oq. > [0010] CD 25 00 00 .%.. >[2012/06/12 03:29:53.091693, 8] rpc_server/winreg/srv_winreg_nt.c:420(_winreg_EnumKey) > _winreg_EnumKey: enumerating key [HKLM\SYSTEM\CurrentControlSet\Services] >[2012/06/12 03:29:53.091962, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumKey: struct winreg_EnumKey > out: struct winreg_EnumKey > name : * > name: struct winreg_StringBuf > length : 0x0012 (18) > size : 0x001e (30) > name : * > name : 'Eventlog' > keyclass : * > keyclass: struct winreg_StringBuf > length : 0x0000 (0) > size : 0x0002 (2) > name : * > name : '' > last_changed_time : * > last_changed_time : NTTIME(0) > result : WERR_OK >[2012/06/12 03:29:53.093496, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumKey: struct winreg_EnumKey > in: struct winreg_EnumKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000002-0000-0000-d64f-717fcd250000 > enum_index : 0x00000002 (2) > name : * > name: struct winreg_StringBuf > length : 0x0000 (0) > size : 0x001e (30) > name : * > name : '' > keyclass : * > keyclass: struct winreg_StringBuf > length : 0x0000 (0) > size : 0x0002 (2) > name : * > name : '' > last_changed_time : * > last_changed_time : NTTIME(0) >[2012/06/12 03:29:53.096106, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 02 00 00 00 00 00 00 00 D6 4F 71 7F ........ .....Oq. > [0010] CD 25 00 00 .%.. >[2012/06/12 03:29:53.096363, 8] rpc_server/winreg/srv_winreg_nt.c:420(_winreg_EnumKey) > _winreg_EnumKey: enumerating key [HKLM\SYSTEM\CurrentControlSet\Services] >[2012/06/12 03:29:53.096593, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumKey: struct winreg_EnumKey > out: struct winreg_EnumKey > name : * > name: struct winreg_StringBuf > length : 0x000c (12) > size : 0x001e (30) > name : * > name : 'Tcpip' > keyclass : * > keyclass: struct winreg_StringBuf > length : 0x0000 (0) > size : 0x0002 (2) > name : * > name : '' > last_changed_time : * > last_changed_time : NTTIME(0) > result : WERR_OK >[2012/06/12 03:29:53.098164, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumKey: struct winreg_EnumKey > in: struct winreg_EnumKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000002-0000-0000-d64f-717fcd250000 > enum_index : 0x00000003 (3) > name : * > name: struct winreg_StringBuf > length : 0x0000 (0) > size : 0x001e (30) > name : * > name : '' > keyclass : * > keyclass: struct winreg_StringBuf > length : 0x0000 (0) > size : 0x0002 (2) > name : * > name : '' > last_changed_time : * > last_changed_time : NTTIME(0) >[2012/06/12 03:29:53.099489, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 02 00 00 00 00 00 00 00 D6 4F 71 7F ........ .....Oq. > [0010] CD 25 00 00 .%.. >[2012/06/12 03:29:53.099646, 8] rpc_server/winreg/srv_winreg_nt.c:420(_winreg_EnumKey) > _winreg_EnumKey: enumerating key [HKLM\SYSTEM\CurrentControlSet\Services] >[2012/06/12 03:29:53.099789, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumKey: struct winreg_EnumKey > out: struct winreg_EnumKey > name : * > name: struct winreg_StringBuf > length : 0x0012 (18) > size : 0x001e (30) > name : * > name : 'Netlogon' > keyclass : * > keyclass: struct winreg_StringBuf > length : 0x0000 (0) > size : 0x0002 (2) > name : * > name : '' > last_changed_time : * > last_changed_time : NTTIME(0) > result : WERR_OK >[2012/06/12 03:29:53.101539, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumKey: struct winreg_EnumKey > in: struct winreg_EnumKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000002-0000-0000-d64f-717fcd250000 > enum_index : 0x00000004 (4) > name : * > name: struct winreg_StringBuf > length : 0x0000 (0) > size : 0x001e (30) > name : * > name : '' > keyclass : * > keyclass: struct winreg_StringBuf > length : 0x0000 (0) > size : 0x0002 (2) > name : * > name : '' > last_changed_time : * > last_changed_time : NTTIME(0) >[2012/06/12 03:29:53.102584, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 02 00 00 00 00 00 00 00 D6 4F 71 7F ........ .....Oq. > [0010] CD 25 00 00 .%.. >[2012/06/12 03:29:53.102758, 8] rpc_server/winreg/srv_winreg_nt.c:420(_winreg_EnumKey) > _winreg_EnumKey: enumerating key [HKLM\SYSTEM\CurrentControlSet\Services] >[2012/06/12 03:29:53.102870, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumKey: struct winreg_EnumKey > out: struct winreg_EnumKey > name : * > name: struct winreg_StringBuf > length : 0x0010 (16) > size : 0x001e (30) > name : * > name : 'Spooler' > keyclass : * > keyclass: struct winreg_StringBuf > length : 0x0000 (0) > size : 0x0002 (2) > name : * > name : '' > last_changed_time : * > last_changed_time : NTTIME(0) > result : WERR_OK >[2012/06/12 03:29:53.103789, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumKey: struct winreg_EnumKey > in: struct winreg_EnumKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000002-0000-0000-d64f-717fcd250000 > enum_index : 0x00000005 (5) > name : * > name: struct winreg_StringBuf > length : 0x0000 (0) > size : 0x001e (30) > name : * > name : '' > keyclass : * > keyclass: struct winreg_StringBuf > length : 0x0000 (0) > size : 0x0002 (2) > name : * > name : '' > last_changed_time : * > last_changed_time : NTTIME(0) >[2012/06/12 03:29:53.104851, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 02 00 00 00 00 00 00 00 D6 4F 71 7F ........ .....Oq. > [0010] CD 25 00 00 .%.. >[2012/06/12 03:29:53.105008, 8] rpc_server/winreg/srv_winreg_nt.c:420(_winreg_EnumKey) > _winreg_EnumKey: enumerating key [HKLM\SYSTEM\CurrentControlSet\Services] >[2012/06/12 03:29:53.105121, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumKey: struct winreg_EnumKey > out: struct winreg_EnumKey > name : * > name: struct winreg_StringBuf > length : 0x001e (30) > size : 0x001e (30) > name : * > name : 'RemoteRegistry' > keyclass : * > keyclass: struct winreg_StringBuf > length : 0x0000 (0) > size : 0x0002 (2) > name : * > name : '' > last_changed_time : * > last_changed_time : NTTIME(0) > result : WERR_OK >[2012/06/12 03:29:53.105985, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumKey: struct winreg_EnumKey > in: struct winreg_EnumKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000002-0000-0000-d64f-717fcd250000 > enum_index : 0x00000006 (6) > name : * > name: struct winreg_StringBuf > length : 0x0000 (0) > size : 0x001e (30) > name : * > name : '' > keyclass : * > keyclass: struct winreg_StringBuf > length : 0x0000 (0) > size : 0x0002 (2) > name : * > name : '' > last_changed_time : * > last_changed_time : NTTIME(0) >[2012/06/12 03:29:53.107115, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 02 00 00 00 00 00 00 00 D6 4F 71 7F ........ .....Oq. > [0010] CD 25 00 00 .%.. >[2012/06/12 03:29:53.107316, 8] rpc_server/winreg/srv_winreg_nt.c:420(_winreg_EnumKey) > _winreg_EnumKey: enumerating key [HKLM\SYSTEM\CurrentControlSet\Services] >[2012/06/12 03:29:53.107448, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumKey: struct winreg_EnumKey > out: struct winreg_EnumKey > name : * > name: struct winreg_StringBuf > length : 0x000a (10) > size : 0x001e (30) > name : * > name : 'WINS' > keyclass : * > keyclass: struct winreg_StringBuf > length : 0x0000 (0) > size : 0x0002 (2) > name : * > name : '' > last_changed_time : * > last_changed_time : NTTIME(0) > result : WERR_OK >[2012/06/12 03:29:53.108370, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CreateKey: struct winreg_CreateKey > in: struct winreg_CreateKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000001-0000-0000-d64f-717fcd250000 > name: struct winreg_String > name_len : 0x0054 (84) > name_size : 0x0054 (84) > name : * > name : 'SYSTEM\CurrentControlSet\Services\Spooler' > keyclass: struct winreg_String > name_len : 0x0002 (2) > name_size : 0x0002 (2) > name : * > name : '' > options : 0x00000000 (0) > 0: REG_OPTION_VOLATILE > 0: REG_OPTION_CREATE_LINK > 0: REG_OPTION_BACKUP_RESTORE > 0: REG_OPTION_OPEN_LINK > access_mask : 0x02000000 (33554432) > 0: KEY_QUERY_VALUE > 0: KEY_SET_VALUE > 0: KEY_CREATE_SUB_KEY > 0: KEY_ENUMERATE_SUB_KEYS > 0: KEY_NOTIFY > 0: KEY_CREATE_LINK > 0: KEY_WOW64_64KEY > 0: KEY_WOW64_32KEY > secdesc : NULL > action_taken : * > action_taken : REG_ACTION_NONE (0) >[2012/06/12 03:29:53.109930, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[1] [0000] 00 00 00 00 01 00 00 00 00 00 00 00 D6 4F 71 7F ........ .....Oq. > [0010] CD 25 00 00 .%.. >[2012/06/12 03:29:53.110099, 10] rpc_server/winreg/srv_winreg_nt.c:782(_winreg_CreateKey) > _winreg_CreateKey called with parent key 'HKLM' and subkey name 'SYSTEM\CurrentControlSet\Services\Spooler' >[2012/06/12 03:29:53.110198, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [SYSTEM] >[2012/06/12 03:29:53.110317, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (3->4) >[2012/06/12 03:29:53.110430, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SYSTEM] >[2012/06/12 03:29:53.110526, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SYSTEM] >[2012/06/12 03:29:53.110622, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/06/12 03:29:53.110717, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7ffa8896c300 for key [\HKLM\SYSTEM] >[2012/06/12 03:29:53.110821, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [CurrentControlSet] >[2012/06/12 03:29:53.110931, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (4->5) >[2012/06/12 03:29:53.111030, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet] >[2012/06/12 03:29:53.111127, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet] >[2012/06/12 03:29:53.111266, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/06/12 03:29:53.111376, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7ffa8896c300 for key [\HKLM\SYSTEM\CurrentControlSet] >[2012/06/12 03:29:53.111482, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (5->4) >[2012/06/12 03:29:53.111579, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Services] >[2012/06/12 03:29:53.111676, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (4->5) >[2012/06/12 03:29:53.111778, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services] >[2012/06/12 03:29:53.111875, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services] >[2012/06/12 03:29:53.111972, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/06/12 03:29:53.112068, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7ffa8896c300 for key [\HKLM\SYSTEM\CurrentControlSet\Services] >[2012/06/12 03:29:53.112181, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (5->4) >[2012/06/12 03:29:53.112300, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Spooler] >[2012/06/12 03:29:53.112399, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (4->5) >[2012/06/12 03:29:53.112499, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services\Spooler] >[2012/06/12 03:29:53.112595, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services\Spooler] >[2012/06/12 03:29:53.112693, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/06/12 03:29:53.112788, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7ffa8896c300 for key [\HKLM\SYSTEM\CurrentControlSet\Services\Spooler] >[2012/06/12 03:29:53.112913, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (5->4) >[2012/06/12 03:29:53.113010, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[3] [0000] 00 00 00 00 03 00 00 00 00 00 00 00 D6 4F 71 7F ........ .....Oq. > [0010] CD 25 00 00 .%.. >[2012/06/12 03:29:53.113165, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CreateKey: struct winreg_CreateKey > out: struct winreg_CreateKey > new_handle : * > new_handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000003-0000-0000-d64f-717fcd250000 > action_taken : * > action_taken : REG_OPENED_EXISTING_KEY (2) > result : WERR_OK >[2012/06/12 03:29:53.113795, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_SetValue: struct winreg_SetValue > in: struct winreg_SetValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000003-0000-0000-d64f-717fcd250000 > name: struct winreg_String > name_len : 0x000c (12) > name_size : 0x000c (12) > name : * > name : 'Start' > type : REG_DWORD (4) > data : * > data: ARRAY(4) > [0] : 0x02 (2) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > size : 0x00000004 (4) >[2012/06/12 03:29:53.114734, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 03 00 00 00 00 00 00 00 D6 4F 71 7F ........ .....Oq. > [0010] CD 25 00 00 .%.. >[2012/06/12 03:29:53.114889, 8] rpc_server/winreg/srv_winreg_nt.c:812(_winreg_SetValue) > _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\Spooler:Start] >[2012/06/12 03:29:53.114986, 10] registry/reg_dispatcher.c:150(fetch_reg_values) > fetch_reg_values called for key 'HKLM\SYSTEM\CurrentControlSet\Services\Spooler' (ops 0x7ffa8896c300) >[2012/06/12 03:29:53.115089, 10] registry/reg_backend_db.c:1764(regdb_fetch_values_internal) > regdb_fetch_values: Looking for value of key [HKLM\SYSTEM\CurrentControlSet\Services\Spooler] >[2012/06/12 03:29:53.115194, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) > specific: [Start], len: 4 >[2012/06/12 03:29:53.115338, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) > specific: [Type], len: 4 >[2012/06/12 03:29:53.115436, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) > specific: [ErrorControl], len: 4 >[2012/06/12 03:29:53.115533, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) > specific: [ObjectName], len: 24 >[2012/06/12 03:29:53.115630, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) > specific: [DisplayName], len: 28 >[2012/06/12 03:29:53.115728, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) > specific: [ImagePath], len: 58 >[2012/06/12 03:29:53.115825, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) > specific: [Description], len: 106 >[2012/06/12 03:29:53.115921, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_SetValue: struct winreg_SetValue > out: struct winreg_SetValue > result : WERR_OK >[2012/06/12 03:29:53.116133, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_SetValue: struct winreg_SetValue > in: struct winreg_SetValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000003-0000-0000-d64f-717fcd250000 > name: struct winreg_String > name_len : 0x000a (10) > name_size : 0x000a (10) > name : * > name : 'Type' > type : REG_DWORD (4) > data : * > data: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > size : 0x00000004 (4) >[2012/06/12 03:29:53.117046, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 03 00 00 00 00 00 00 00 D6 4F 71 7F ........ .....Oq. > [0010] CD 25 00 00 .%.. >[2012/06/12 03:29:53.117252, 8] rpc_server/winreg/srv_winreg_nt.c:812(_winreg_SetValue) > _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\Spooler:Type] >[2012/06/12 03:29:53.117355, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_SetValue: struct winreg_SetValue > out: struct winreg_SetValue > result : WERR_OK >[2012/06/12 03:29:53.117549, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_SetValue: struct winreg_SetValue > in: struct winreg_SetValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000003-0000-0000-d64f-717fcd250000 > name: struct winreg_String > name_len : 0x001a (26) > name_size : 0x001a (26) > name : * > name : 'ErrorControl' > type : REG_DWORD (4) > data : * > data: ARRAY(4) > [0] : 0x01 (1) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > size : 0x00000004 (4) >[2012/06/12 03:29:53.119087, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 03 00 00 00 00 00 00 00 D6 4F 71 7F ........ .....Oq. > [0010] CD 25 00 00 .%.. >[2012/06/12 03:29:53.119819, 8] rpc_server/winreg/srv_winreg_nt.c:812(_winreg_SetValue) > _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\Spooler:ErrorControl] >[2012/06/12 03:29:53.119967, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_SetValue: struct winreg_SetValue > out: struct winreg_SetValue > result : WERR_OK >[2012/06/12 03:29:53.120371, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_SetValue: struct winreg_SetValue > in: struct winreg_SetValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000003-0000-0000-d64f-717fcd250000 > name: struct winreg_String > name_len : 0x0016 (22) > name_size : 0x0016 (22) > name : * > name : 'ObjectName' > type : REG_SZ (1) > data : * > data: ARRAY(24) > [0] : 0x4c (76) > [1] : 0x00 (0) > [2] : 0x6f (111) > [3] : 0x00 (0) > [4] : 0x63 (99) > [5] : 0x00 (0) > [6] : 0x61 (97) > [7] : 0x00 (0) > [8] : 0x6c (108) > [9] : 0x00 (0) > [10] : 0x53 (83) > [11] : 0x00 (0) > [12] : 0x79 (121) > [13] : 0x00 (0) > [14] : 0x73 (115) > [15] : 0x00 (0) > [16] : 0x74 (116) > [17] : 0x00 (0) > [18] : 0x65 (101) > [19] : 0x00 (0) > [20] : 0x6d (109) > [21] : 0x00 (0) > [22] : 0x00 (0) > [23] : 0x00 (0) > size : 0x00000018 (24) >[2012/06/12 03:29:53.122517, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 03 00 00 00 00 00 00 00 D6 4F 71 7F ........ .....Oq. > [0010] CD 25 00 00 .%.. >[2012/06/12 03:29:53.122701, 8] rpc_server/winreg/srv_winreg_nt.c:812(_winreg_SetValue) > _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\Spooler:ObjectName] >[2012/06/12 03:29:53.122822, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_SetValue: struct winreg_SetValue > out: struct winreg_SetValue > result : WERR_OK >[2012/06/12 03:29:53.123081, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_SetValue: struct winreg_SetValue > in: struct winreg_SetValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000003-0000-0000-d64f-717fcd250000 > name: struct winreg_String > name_len : 0x0018 (24) > name_size : 0x0018 (24) > name : * > name : 'DisplayName' > type : REG_SZ (1) > data : * > data: ARRAY(28) > [0] : 0x50 (80) > [1] : 0x00 (0) > [2] : 0x72 (114) > [3] : 0x00 (0) > [4] : 0x69 (105) > [5] : 0x00 (0) > [6] : 0x6e (110) > [7] : 0x00 (0) > [8] : 0x74 (116) > [9] : 0x00 (0) > [10] : 0x20 (32) > [11] : 0x00 (0) > [12] : 0x53 (83) > [13] : 0x00 (0) > [14] : 0x70 (112) > [15] : 0x00 (0) > [16] : 0x6f (111) > [17] : 0x00 (0) > [18] : 0x6f (111) > [19] : 0x00 (0) > [20] : 0x6c (108) > [21] : 0x00 (0) > [22] : 0x65 (101) > [23] : 0x00 (0) > [24] : 0x72 (114) > [25] : 0x00 (0) > [26] : 0x00 (0) > [27] : 0x00 (0) > size : 0x0000001c (28) >[2012/06/12 03:29:53.125477, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 03 00 00 00 00 00 00 00 D6 4F 71 7F ........ .....Oq. > [0010] CD 25 00 00 .%.. >[2012/06/12 03:29:53.125646, 8] rpc_server/winreg/srv_winreg_nt.c:812(_winreg_SetValue) > _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\Spooler:DisplayName] >[2012/06/12 03:29:53.125751, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_SetValue: struct winreg_SetValue > out: struct winreg_SetValue > result : WERR_OK >[2012/06/12 03:29:53.126004, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_SetValue: struct winreg_SetValue > in: struct winreg_SetValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000003-0000-0000-d64f-717fcd250000 > name: struct winreg_String > name_len : 0x0014 (20) > name_size : 0x0014 (20) > name : * > name : 'ImagePath' > type : REG_SZ (1) > data : * > data: ARRAY(58) > [0] : 0x2f (47) > [1] : 0x00 (0) > [2] : 0x75 (117) > [3] : 0x00 (0) > [4] : 0x73 (115) > [5] : 0x00 (0) > [6] : 0x72 (114) > [7] : 0x00 (0) > [8] : 0x2f (47) > [9] : 0x00 (0) > [10] : 0x6c (108) > [11] : 0x00 (0) > [12] : 0x69 (105) > [13] : 0x00 (0) > [14] : 0x62 (98) > [15] : 0x00 (0) > [16] : 0x36 (54) > [17] : 0x00 (0) > [18] : 0x34 (52) > [19] : 0x00 (0) > [20] : 0x2f (47) > [21] : 0x00 (0) > [22] : 0x73 (115) > [23] : 0x00 (0) > [24] : 0x61 (97) > [25] : 0x00 (0) > [26] : 0x6d (109) > [27] : 0x00 (0) > [28] : 0x62 (98) > [29] : 0x00 (0) > [30] : 0x61 (97) > [31] : 0x00 (0) > [32] : 0x2f (47) > [33] : 0x00 (0) > [34] : 0x73 (115) > [35] : 0x00 (0) > [36] : 0x76 (118) > [37] : 0x00 (0) > [38] : 0x63 (99) > [39] : 0x00 (0) > [40] : 0x63 (99) > [41] : 0x00 (0) > [42] : 0x74 (116) > [43] : 0x00 (0) > [44] : 0x6c (108) > [45] : 0x00 (0) > [46] : 0x2f (47) > [47] : 0x00 (0) > [48] : 0x73 (115) > [49] : 0x00 (0) > [50] : 0x6d (109) > [51] : 0x00 (0) > [52] : 0x62 (98) > [53] : 0x00 (0) > [54] : 0x64 (100) > [55] : 0x00 (0) > [56] : 0x00 (0) > [57] : 0x00 (0) > size : 0x0000003a (58) >[2012/06/12 03:29:53.129877, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 03 00 00 00 00 00 00 00 D6 4F 71 7F ........ .....Oq. > [0010] CD 25 00 00 .%.. >[2012/06/12 03:29:53.130038, 8] rpc_server/winreg/srv_winreg_nt.c:812(_winreg_SetValue) > _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\Spooler:ImagePath] >[2012/06/12 03:29:53.130136, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_SetValue: struct winreg_SetValue > out: struct winreg_SetValue > result : WERR_OK >[2012/06/12 03:29:53.130400, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_SetValue: struct winreg_SetValue > in: struct winreg_SetValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000003-0000-0000-d64f-717fcd250000 > name: struct winreg_String > name_len : 0x0018 (24) > name_size : 0x0018 (24) > name : * > name : 'Description' > type : REG_SZ (1) > data : * > data: ARRAY(106) > [0] : 0x49 (73) > [1] : 0x00 (0) > [2] : 0x6e (110) > [3] : 0x00 (0) > [4] : 0x74 (116) > [5] : 0x00 (0) > [6] : 0x65 (101) > [7] : 0x00 (0) > [8] : 0x72 (114) > [9] : 0x00 (0) > [10] : 0x6e (110) > [11] : 0x00 (0) > [12] : 0x61 (97) > [13] : 0x00 (0) > [14] : 0x6c (108) > [15] : 0x00 (0) > [16] : 0x20 (32) > [17] : 0x00 (0) > [18] : 0x73 (115) > [19] : 0x00 (0) > [20] : 0x65 (101) > [21] : 0x00 (0) > [22] : 0x72 (114) > [23] : 0x00 (0) > [24] : 0x76 (118) > [25] : 0x00 (0) > [26] : 0x69 (105) > [27] : 0x00 (0) > [28] : 0x63 (99) > [29] : 0x00 (0) > [30] : 0x65 (101) > [31] : 0x00 (0) > [32] : 0x20 (32) > [33] : 0x00 (0) > [34] : 0x66 (102) > [35] : 0x00 (0) > [36] : 0x6f (111) > [37] : 0x00 (0) > [38] : 0x72 (114) > [39] : 0x00 (0) > [40] : 0x20 (32) > [41] : 0x00 (0) > [42] : 0x73 (115) > [43] : 0x00 (0) > [44] : 0x70 (112) > [45] : 0x00 (0) > [46] : 0x6f (111) > [47] : 0x00 (0) > [48] : 0x6f (111) > [49] : 0x00 (0) > [50] : 0x6c (108) > [51] : 0x00 (0) > [52] : 0x69 (105) > [53] : 0x00 (0) > [54] : 0x6e (110) > [55] : 0x00 (0) > [56] : 0x67 (103) > [57] : 0x00 (0) > [58] : 0x20 (32) > [59] : 0x00 (0) > [60] : 0x66 (102) > [61] : 0x00 (0) > [62] : 0x69 (105) > [63] : 0x00 (0) > [64] : 0x6c (108) > [65] : 0x00 (0) > [66] : 0x65 (101) > [67] : 0x00 (0) > [68] : 0x73 (115) > [69] : 0x00 (0) > [70] : 0x20 (32) > [71] : 0x00 (0) > [72] : 0x74 (116) > [73] : 0x00 (0) > [74] : 0x6f (111) > [75] : 0x00 (0) > [76] : 0x20 (32) > [77] : 0x00 (0) > [78] : 0x70 (112) > [79] : 0x00 (0) > [80] : 0x72 (114) > [81] : 0x00 (0) > [82] : 0x69 (105) > [83] : 0x00 (0) > [84] : 0x6e (110) > [85] : 0x00 (0) > [86] : 0x74 (116) > [87] : 0x00 (0) > [88] : 0x20 (32) > [89] : 0x00 (0) > [90] : 0x64 (100) > [91] : 0x00 (0) > [92] : 0x65 (101) > [93] : 0x00 (0) > [94] : 0x76 (118) > [95] : 0x00 (0) > [96] : 0x69 (105) > [97] : 0x00 (0) > [98] : 0x63 (99) > [99] : 0x00 (0) > [100] : 0x65 (101) > [101] : 0x00 (0) > [102] : 0x73 (115) > [103] : 0x00 (0) > [104] : 0x00 (0) > [105] : 0x00 (0) > size : 0x0000006a (106) >[2012/06/12 03:29:53.137028, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 03 00 00 00 00 00 00 00 D6 4F 71 7F ........ .....Oq. > [0010] CD 25 00 00 .%.. >[2012/06/12 03:29:53.137198, 8] rpc_server/winreg/srv_winreg_nt.c:812(_winreg_SetValue) > _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\Spooler:Description] >[2012/06/12 03:29:53.137299, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_SetValue: struct winreg_SetValue > out: struct winreg_SetValue > result : WERR_OK >[2012/06/12 03:29:53.137517, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > in: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000003-0000-0000-d64f-717fcd250000 >[2012/06/12 03:29:53.137841, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 03 00 00 00 00 00 00 00 D6 4F 71 7F ........ .....Oq. > [0010] CD 25 00 00 .%.. >[2012/06/12 03:29:53.137997, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 03 00 00 00 00 00 00 00 D6 4F 71 7F ........ .....Oq. > [0010] CD 25 00 00 .%.. >[2012/06/12 03:29:53.138153, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/06/12 03:29:53.138291, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (4->3) >[2012/06/12 03:29:53.138389, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > out: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000000-0000-0000-0000-000000000000 > result : WERR_OK >[2012/06/12 03:29:53.138778, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CreateKey: struct winreg_CreateKey > in: struct winreg_CreateKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000001-0000-0000-d64f-717fcd250000 > name: struct winreg_String > name_len : 0x0066 (102) > name_size : 0x0066 (102) > name : * > name : 'SYSTEM\CurrentControlSet\Services\Spooler\Security' > keyclass: struct winreg_String > name_len : 0x0002 (2) > name_size : 0x0002 (2) > name : * > name : '' > options : 0x00000000 (0) > 0: REG_OPTION_VOLATILE > 0: REG_OPTION_CREATE_LINK > 0: REG_OPTION_BACKUP_RESTORE > 0: REG_OPTION_OPEN_LINK > access_mask : 0x02000000 (33554432) > 0: KEY_QUERY_VALUE > 0: KEY_SET_VALUE > 0: KEY_CREATE_SUB_KEY > 0: KEY_ENUMERATE_SUB_KEYS > 0: KEY_NOTIFY > 0: KEY_CREATE_LINK > 0: KEY_WOW64_64KEY > 0: KEY_WOW64_32KEY > secdesc : NULL > action_taken : * > action_taken : REG_OPENED_EXISTING_KEY (2) >[2012/06/12 03:29:53.140360, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[1] [0000] 00 00 00 00 01 00 00 00 00 00 00 00 D6 4F 71 7F ........ .....Oq. > [0010] CD 25 00 00 .%.. >[2012/06/12 03:29:53.140518, 10] rpc_server/winreg/srv_winreg_nt.c:782(_winreg_CreateKey) > _winreg_CreateKey called with parent key 'HKLM' and subkey name 'SYSTEM\CurrentControlSet\Services\Spooler\Security' >[2012/06/12 03:29:53.140618, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [SYSTEM] >[2012/06/12 03:29:53.140716, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (3->4) >[2012/06/12 03:29:53.140815, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SYSTEM] >[2012/06/12 03:29:53.140911, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SYSTEM] >[2012/06/12 03:29:53.141010, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/06/12 03:29:53.141105, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7ffa8896c300 for key [\HKLM\SYSTEM] >[2012/06/12 03:29:53.141253, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [CurrentControlSet] >[2012/06/12 03:29:53.141357, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (4->5) >[2012/06/12 03:29:53.141456, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet] >[2012/06/12 03:29:53.141565, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet] >[2012/06/12 03:29:53.141699, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/06/12 03:29:53.141795, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7ffa8896c300 for key [\HKLM\SYSTEM\CurrentControlSet] >[2012/06/12 03:29:53.141903, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (5->4) >[2012/06/12 03:29:53.142003, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Services] >[2012/06/12 03:29:53.142099, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (4->5) >[2012/06/12 03:29:53.142254, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services] >[2012/06/12 03:29:53.142357, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services] >[2012/06/12 03:29:53.142455, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/06/12 03:29:53.142550, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7ffa8896c300 for key [\HKLM\SYSTEM\CurrentControlSet\Services] >[2012/06/12 03:29:53.142664, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (5->4) >[2012/06/12 03:29:53.142764, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Spooler] >[2012/06/12 03:29:53.142861, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (4->5) >[2012/06/12 03:29:53.142972, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services\Spooler] >[2012/06/12 03:29:53.143068, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services\Spooler] >[2012/06/12 03:29:53.143165, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/06/12 03:29:53.143297, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7ffa8896c300 for key [\HKLM\SYSTEM\CurrentControlSet\Services\Spooler] >[2012/06/12 03:29:53.143417, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (5->4) >[2012/06/12 03:29:53.143515, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Security] >[2012/06/12 03:29:53.143611, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (4->5) >[2012/06/12 03:29:53.143710, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services\Spooler\Security] >[2012/06/12 03:29:53.143807, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services\Spooler\Security] >[2012/06/12 03:29:53.143904, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/06/12 03:29:53.144000, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7ffa8896c300 for key [\HKLM\SYSTEM\CurrentControlSet\Services\Spooler\Security] >[2012/06/12 03:29:53.144104, 10] registry/reg_backend_db.c:1630(regdb_fetch_keys_internal) > regdb_fetch_keys: no subkeys found for key [HKLM\SYSTEM\CurrentControlSet\Services\Spooler\Security] >[2012/06/12 03:29:53.144202, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (5->4) >[2012/06/12 03:29:53.144328, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[3] [0000] 00 00 00 00 04 00 00 00 00 00 00 00 D6 4F 71 7F ........ .....Oq. > [0010] CD 25 00 00 .%.. >[2012/06/12 03:29:53.144488, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CreateKey: struct winreg_CreateKey > out: struct winreg_CreateKey > new_handle : * > new_handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000004-0000-0000-d64f-717fcd250000 > action_taken : * > action_taken : REG_OPENED_EXISTING_KEY (2) > result : WERR_OK >[2012/06/12 03:29:53.145029, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_SetValue: struct winreg_SetValue > in: struct winreg_SetValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000004-0000-0000-d64f-717fcd250000 > name: struct winreg_String > name_len : 0x0012 (18) > name_size : 0x0012 (18) > name : * > name : 'Security' > type : REG_BINARY (3) > data : * > data: ARRAY(120) > [0] : 0x01 (1) > [1] : 0x00 (0) > [2] : 0x04 (4) > [3] : 0x80 (128) > [4] : 0x00 (0) > [5] : 0x00 (0) > [6] : 0x00 (0) > [7] : 0x00 (0) > [8] : 0x00 (0) > [9] : 0x00 (0) > [10] : 0x00 (0) > [11] : 0x00 (0) > [12] : 0x00 (0) > [13] : 0x00 (0) > [14] : 0x00 (0) > [15] : 0x00 (0) > [16] : 0x14 (20) > [17] : 0x00 (0) > [18] : 0x00 (0) > [19] : 0x00 (0) > [20] : 0x02 (2) > [21] : 0x00 (0) > [22] : 0x64 (100) > [23] : 0x00 (0) > [24] : 0x04 (4) > [25] : 0x00 (0) > [26] : 0x00 (0) > [27] : 0x00 (0) > [28] : 0x00 (0) > [29] : 0x00 (0) > [30] : 0x14 (20) > [31] : 0x00 (0) > [32] : 0x8d (141) > [33] : 0x01 (1) > [34] : 0x02 (2) > [35] : 0x00 (0) > [36] : 0x01 (1) > [37] : 0x01 (1) > [38] : 0x00 (0) > [39] : 0x00 (0) > [40] : 0x00 (0) > [41] : 0x00 (0) > [42] : 0x00 (0) > [43] : 0x01 (1) > [44] : 0x00 (0) > [45] : 0x00 (0) > [46] : 0x00 (0) > [47] : 0x00 (0) > [48] : 0x00 (0) > [49] : 0x00 (0) > [50] : 0x18 (24) > [51] : 0x00 (0) > [52] : 0xfd (253) > [53] : 0x01 (1) > [54] : 0x02 (2) > [55] : 0x00 (0) > [56] : 0x01 (1) > [57] : 0x02 (2) > [58] : 0x00 (0) > [59] : 0x00 (0) > [60] : 0x00 (0) > [61] : 0x00 (0) > [62] : 0x00 (0) > [63] : 0x05 (5) > [64] : 0x20 (32) > [65] : 0x00 (0) > [66] : 0x00 (0) > [67] : 0x00 (0) > [68] : 0x23 (35) > [69] : 0x02 (2) > [70] : 0x00 (0) > [71] : 0x00 (0) > [72] : 0x00 (0) > [73] : 0x00 (0) > [74] : 0x18 (24) > [75] : 0x00 (0) > [76] : 0xff (255) > [77] : 0x01 (1) > [78] : 0x0f (15) > [79] : 0x00 (0) > [80] : 0x01 (1) > [81] : 0x02 (2) > [82] : 0x00 (0) > [83] : 0x00 (0) > [84] : 0x00 (0) > [85] : 0x00 (0) > [86] : 0x00 (0) > [87] : 0x05 (5) > [88] : 0x20 (32) > [89] : 0x00 (0) > [90] : 0x00 (0) > [91] : 0x00 (0) > [92] : 0x25 (37) > [93] : 0x02 (2) > [94] : 0x00 (0) > [95] : 0x00 (0) > [96] : 0x00 (0) > [97] : 0x00 (0) > [98] : 0x18 (24) > [99] : 0x00 (0) > [100] : 0xff (255) > [101] : 0x01 (1) > [102] : 0x0f (15) > [103] : 0x00 (0) > [104] : 0x01 (1) > [105] : 0x02 (2) > [106] : 0x00 (0) > [107] : 0x00 (0) > [108] : 0x00 (0) > [109] : 0x00 (0) > [110] : 0x00 (0) > [111] : 0x05 (5) > [112] : 0x20 (32) > [113] : 0x00 (0) > [114] : 0x00 (0) > [115] : 0x00 (0) > [116] : 0x20 (32) > [117] : 0x02 (2) > [118] : 0x00 (0) > [119] : 0x00 (0) > size : 0x00000078 (120) >[2012/06/12 03:29:53.152215, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 04 00 00 00 00 00 00 00 D6 4F 71 7F ........ .....Oq. > [0010] CD 25 00 00 .%.. >[2012/06/12 03:29:53.152419, 8] rpc_server/winreg/srv_winreg_nt.c:812(_winreg_SetValue) > _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\Spooler\Security:Security] >[2012/06/12 03:29:53.152518, 10] registry/reg_dispatcher.c:150(fetch_reg_values) > fetch_reg_values called for key 'HKLM\SYSTEM\CurrentControlSet\Services\Spooler\Security' (ops 0x7ffa8896c300) >[2012/06/12 03:29:53.152616, 10] registry/reg_backend_db.c:1764(regdb_fetch_values_internal) > regdb_fetch_values: Looking for value of key [HKLM\SYSTEM\CurrentControlSet\Services\Spooler\Security] >[2012/06/12 03:29:53.152722, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) > specific: [Security], len: 120 >[2012/06/12 03:29:53.152833, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_SetValue: struct winreg_SetValue > out: struct winreg_SetValue > result : WERR_OK >[2012/06/12 03:29:53.153028, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > in: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000004-0000-0000-d64f-717fcd250000 >[2012/06/12 03:29:53.153383, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 04 00 00 00 00 00 00 00 D6 4F 71 7F ........ .....Oq. > [0010] CD 25 00 00 .%.. >[2012/06/12 03:29:53.153540, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 04 00 00 00 00 00 00 00 D6 4F 71 7F ........ .....Oq. > [0010] CD 25 00 00 .%.. >[2012/06/12 03:29:53.153695, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/06/12 03:29:53.153791, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (4->3) >[2012/06/12 03:29:53.153888, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > out: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000000-0000-0000-0000-000000000000 > result : WERR_OK >[2012/06/12 03:29:53.154254, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CreateKey: struct winreg_CreateKey > in: struct winreg_CreateKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000001-0000-0000-d64f-717fcd250000 > name: struct winreg_String > name_len : 0x0056 (86) > name_size : 0x0056 (86) > name : * > name : 'SYSTEM\CurrentControlSet\Services\NETLOGON' > keyclass: struct winreg_String > name_len : 0x0002 (2) > name_size : 0x0002 (2) > name : * > name : '' > options : 0x00000000 (0) > 0: REG_OPTION_VOLATILE > 0: REG_OPTION_CREATE_LINK > 0: REG_OPTION_BACKUP_RESTORE > 0: REG_OPTION_OPEN_LINK > access_mask : 0x02000000 (33554432) > 0: KEY_QUERY_VALUE > 0: KEY_SET_VALUE > 0: KEY_CREATE_SUB_KEY > 0: KEY_ENUMERATE_SUB_KEYS > 0: KEY_NOTIFY > 0: KEY_CREATE_LINK > 0: KEY_WOW64_64KEY > 0: KEY_WOW64_32KEY > secdesc : NULL > action_taken : * > action_taken : REG_ACTION_NONE (0) >[2012/06/12 03:29:53.155834, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[1] [0000] 00 00 00 00 01 00 00 00 00 00 00 00 D6 4F 71 7F ........ .....Oq. > [0010] CD 25 00 00 .%.. >[2012/06/12 03:29:53.155990, 10] rpc_server/winreg/srv_winreg_nt.c:782(_winreg_CreateKey) > _winreg_CreateKey called with parent key 'HKLM' and subkey name 'SYSTEM\CurrentControlSet\Services\NETLOGON' >[2012/06/12 03:29:53.156089, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [SYSTEM] >[2012/06/12 03:29:53.156198, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (3->4) >[2012/06/12 03:29:53.156316, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SYSTEM] >[2012/06/12 03:29:53.156413, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SYSTEM] >[2012/06/12 03:29:53.156510, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/06/12 03:29:53.156613, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7ffa8896c300 for key [\HKLM\SYSTEM] >[2012/06/12 03:29:53.156724, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [CurrentControlSet] >[2012/06/12 03:29:53.156822, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (4->5) >[2012/06/12 03:29:53.156921, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet] >[2012/06/12 03:29:53.157017, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet] >[2012/06/12 03:29:53.157127, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/06/12 03:29:53.157244, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7ffa8896c300 for key [\HKLM\SYSTEM\CurrentControlSet] >[2012/06/12 03:29:53.157357, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (5->4) >[2012/06/12 03:29:53.157456, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Services] >[2012/06/12 03:29:53.157553, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (4->5) >[2012/06/12 03:29:53.157652, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services] >[2012/06/12 03:29:53.157747, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services] >[2012/06/12 03:29:53.157843, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/06/12 03:29:53.157939, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7ffa8896c300 for key [\HKLM\SYSTEM\CurrentControlSet\Services] >[2012/06/12 03:29:53.158051, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (5->4) >[2012/06/12 03:29:53.158152, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [NETLOGON] >[2012/06/12 03:29:53.158253, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (4->5) >[2012/06/12 03:29:53.158358, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON] >[2012/06/12 03:29:53.158454, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON] >[2012/06/12 03:29:53.158564, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/06/12 03:29:53.158660, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7ffa8896c300 for key [\HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON] >[2012/06/12 03:29:53.158799, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (5->4) >[2012/06/12 03:29:53.158897, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[3] [0000] 00 00 00 00 05 00 00 00 00 00 00 00 D6 4F 71 7F ........ .....Oq. > [0010] CD 25 00 00 .%.. >[2012/06/12 03:29:53.159083, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CreateKey: struct winreg_CreateKey > out: struct winreg_CreateKey > new_handle : * > new_handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000005-0000-0000-d64f-717fcd250000 > action_taken : * > action_taken : REG_OPENED_EXISTING_KEY (2) > result : WERR_OK >[2012/06/12 03:29:53.159599, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_SetValue: struct winreg_SetValue > in: struct winreg_SetValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000005-0000-0000-d64f-717fcd250000 > name: struct winreg_String > name_len : 0x000c (12) > name_size : 0x000c (12) > name : * > name : 'Start' > type : REG_DWORD (4) > data : * > data: ARRAY(4) > [0] : 0x02 (2) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > size : 0x00000004 (4) >[2012/06/12 03:29:53.160560, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 05 00 00 00 00 00 00 00 D6 4F 71 7F ........ .....Oq. > [0010] CD 25 00 00 .%.. >[2012/06/12 03:29:53.160717, 8] rpc_server/winreg/srv_winreg_nt.c:812(_winreg_SetValue) > _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON:Start] >[2012/06/12 03:29:53.160824, 10] registry/reg_dispatcher.c:150(fetch_reg_values) > fetch_reg_values called for key 'HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON' (ops 0x7ffa8896c300) >[2012/06/12 03:29:53.160926, 10] registry/reg_backend_db.c:1764(regdb_fetch_values_internal) > regdb_fetch_values: Looking for value of key [HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON] >[2012/06/12 03:29:53.161032, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) > specific: [Start], len: 4 >[2012/06/12 03:29:53.161131, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) > specific: [Type], len: 4 >[2012/06/12 03:29:53.161253, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) > specific: [ErrorControl], len: 4 >[2012/06/12 03:29:53.161369, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) > specific: [ObjectName], len: 24 >[2012/06/12 03:29:53.161467, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) > specific: [DisplayName], len: 20 >[2012/06/12 03:29:53.161565, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) > specific: [ImagePath], len: 58 >[2012/06/12 03:29:53.161664, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) > specific: [Description], len: 164 >[2012/06/12 03:29:53.161762, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_SetValue: struct winreg_SetValue > out: struct winreg_SetValue > result : WERR_OK >[2012/06/12 03:29:53.161990, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_SetValue: struct winreg_SetValue > in: struct winreg_SetValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000005-0000-0000-d64f-717fcd250000 > name: struct winreg_String > name_len : 0x000a (10) > name_size : 0x000a (10) > name : * > name : 'Type' > type : REG_DWORD (4) > data : * > data: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > size : 0x00000004 (4) >[2012/06/12 03:29:53.162920, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 05 00 00 00 00 00 00 00 D6 4F 71 7F ........ .....Oq. > [0010] CD 25 00 00 .%.. >[2012/06/12 03:29:53.163076, 8] rpc_server/winreg/srv_winreg_nt.c:812(_winreg_SetValue) > _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON:Type] >[2012/06/12 03:29:53.163174, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_SetValue: struct winreg_SetValue > out: struct winreg_SetValue > result : WERR_OK >[2012/06/12 03:29:53.163395, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_SetValue: struct winreg_SetValue > in: struct winreg_SetValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000005-0000-0000-d64f-717fcd250000 > name: struct winreg_String > name_len : 0x001a (26) > name_size : 0x001a (26) > name : * > name : 'ErrorControl' > type : REG_DWORD (4) > data : * > data: ARRAY(4) > [0] : 0x01 (1) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > size : 0x00000004 (4) >[2012/06/12 03:29:53.164365, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 05 00 00 00 00 00 00 00 D6 4F 71 7F ........ .....Oq. > [0010] CD 25 00 00 .%.. >[2012/06/12 03:29:53.164522, 8] rpc_server/winreg/srv_winreg_nt.c:812(_winreg_SetValue) > _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON:ErrorControl] >[2012/06/12 03:29:53.164620, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_SetValue: struct winreg_SetValue > out: struct winreg_SetValue > result : WERR_OK >[2012/06/12 03:29:53.164834, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_SetValue: struct winreg_SetValue > in: struct winreg_SetValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000005-0000-0000-d64f-717fcd250000 > name: struct winreg_String > name_len : 0x0016 (22) > name_size : 0x0016 (22) > name : * > name : 'ObjectName' > type : REG_SZ (1) > data : * > data: ARRAY(24) > [0] : 0x4c (76) > [1] : 0x00 (0) > [2] : 0x6f (111) > [3] : 0x00 (0) > [4] : 0x63 (99) > [5] : 0x00 (0) > [6] : 0x61 (97) > [7] : 0x00 (0) > [8] : 0x6c (108) > [9] : 0x00 (0) > [10] : 0x53 (83) > [11] : 0x00 (0) > [12] : 0x79 (121) > [13] : 0x00 (0) > [14] : 0x73 (115) > [15] : 0x00 (0) > [16] : 0x74 (116) > [17] : 0x00 (0) > [18] : 0x65 (101) > [19] : 0x00 (0) > [20] : 0x6d (109) > [21] : 0x00 (0) > [22] : 0x00 (0) > [23] : 0x00 (0) > size : 0x00000018 (24) >[2012/06/12 03:29:53.166797, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 05 00 00 00 00 00 00 00 D6 4F 71 7F ........ .....Oq. > [0010] CD 25 00 00 .%.. >[2012/06/12 03:29:53.166953, 8] rpc_server/winreg/srv_winreg_nt.c:812(_winreg_SetValue) > _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON:ObjectName] >[2012/06/12 03:29:53.167051, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_SetValue: struct winreg_SetValue > out: struct winreg_SetValue > result : WERR_OK >[2012/06/12 03:29:53.168058, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_SetValue: struct winreg_SetValue > in: struct winreg_SetValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000005-0000-0000-d64f-717fcd250000 > name: struct winreg_String > name_len : 0x0018 (24) > name_size : 0x0018 (24) > name : * > name : 'DisplayName' > type : REG_SZ (1) > data : * > data: ARRAY(20) > [0] : 0x4e (78) > [1] : 0x00 (0) > [2] : 0x65 (101) > [3] : 0x00 (0) > [4] : 0x74 (116) > [5] : 0x00 (0) > [6] : 0x20 (32) > [7] : 0x00 (0) > [8] : 0x4c (76) > [9] : 0x00 (0) > [10] : 0x6f (111) > [11] : 0x00 (0) > [12] : 0x67 (103) > [13] : 0x00 (0) > [14] : 0x6f (111) > [15] : 0x00 (0) > [16] : 0x6e (110) > [17] : 0x00 (0) > [18] : 0x00 (0) > [19] : 0x00 (0) > size : 0x00000014 (20) >[2012/06/12 03:29:53.169702, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 05 00 00 00 00 00 00 00 D6 4F 71 7F ........ .....Oq. > [0010] CD 25 00 00 .%.. >[2012/06/12 03:29:53.169871, 8] rpc_server/winreg/srv_winreg_nt.c:812(_winreg_SetValue) > _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON:DisplayName] >[2012/06/12 03:29:53.169969, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_SetValue: struct winreg_SetValue > out: struct winreg_SetValue > result : WERR_OK >[2012/06/12 03:29:53.170165, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_SetValue: struct winreg_SetValue > in: struct winreg_SetValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000005-0000-0000-d64f-717fcd250000 > name: struct winreg_String > name_len : 0x0014 (20) > name_size : 0x0014 (20) > name : * > name : 'ImagePath' > type : REG_SZ (1) > data : * > data: ARRAY(58) > [0] : 0x2f (47) > [1] : 0x00 (0) > [2] : 0x75 (117) > [3] : 0x00 (0) > [4] : 0x73 (115) > [5] : 0x00 (0) > [6] : 0x72 (114) > [7] : 0x00 (0) > [8] : 0x2f (47) > [9] : 0x00 (0) > [10] : 0x6c (108) > [11] : 0x00 (0) > [12] : 0x69 (105) > [13] : 0x00 (0) > [14] : 0x62 (98) > [15] : 0x00 (0) > [16] : 0x36 (54) > [17] : 0x00 (0) > [18] : 0x34 (52) > [19] : 0x00 (0) > [20] : 0x2f (47) > [21] : 0x00 (0) > [22] : 0x73 (115) > [23] : 0x00 (0) > [24] : 0x61 (97) > [25] : 0x00 (0) > [26] : 0x6d (109) > [27] : 0x00 (0) > [28] : 0x62 (98) > [29] : 0x00 (0) > [30] : 0x61 (97) > [31] : 0x00 (0) > [32] : 0x2f (47) > [33] : 0x00 (0) > [34] : 0x73 (115) > [35] : 0x00 (0) > [36] : 0x76 (118) > [37] : 0x00 (0) > [38] : 0x63 (99) > [39] : 0x00 (0) > [40] : 0x63 (99) > [41] : 0x00 (0) > [42] : 0x74 (116) > [43] : 0x00 (0) > [44] : 0x6c (108) > [45] : 0x00 (0) > [46] : 0x2f (47) > [47] : 0x00 (0) > [48] : 0x73 (115) > [49] : 0x00 (0) > [50] : 0x6d (109) > [51] : 0x00 (0) > [52] : 0x62 (98) > [53] : 0x00 (0) > [54] : 0x64 (100) > [55] : 0x00 (0) > [56] : 0x00 (0) > [57] : 0x00 (0) > size : 0x0000003a (58) >[2012/06/12 03:29:53.173648, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 05 00 00 00 00 00 00 00 D6 4F 71 7F ........ .....Oq. > [0010] CD 25 00 00 .%.. >[2012/06/12 03:29:53.173821, 8] rpc_server/winreg/srv_winreg_nt.c:812(_winreg_SetValue) > _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON:ImagePath] >[2012/06/12 03:29:53.173920, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_SetValue: struct winreg_SetValue > out: struct winreg_SetValue > result : WERR_OK >[2012/06/12 03:29:53.174116, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_SetValue: struct winreg_SetValue > in: struct winreg_SetValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000005-0000-0000-d64f-717fcd250000 > name: struct winreg_String > name_len : 0x0018 (24) > name_size : 0x0018 (24) > name : * > name : 'Description' > type : REG_SZ (1) > data : * > data: ARRAY(164) > [0] : 0x46 (70) > [1] : 0x00 (0) > [2] : 0x69 (105) > [3] : 0x00 (0) > [4] : 0x6c (108) > [5] : 0x00 (0) > [6] : 0x65 (101) > [7] : 0x00 (0) > [8] : 0x20 (32) > [9] : 0x00 (0) > [10] : 0x73 (115) > [11] : 0x00 (0) > [12] : 0x65 (101) > [13] : 0x00 (0) > [14] : 0x72 (114) > [15] : 0x00 (0) > [16] : 0x76 (118) > [17] : 0x00 (0) > [18] : 0x69 (105) > [19] : 0x00 (0) > [20] : 0x63 (99) > [21] : 0x00 (0) > [22] : 0x65 (101) > [23] : 0x00 (0) > [24] : 0x20 (32) > [25] : 0x00 (0) > [26] : 0x70 (112) > [27] : 0x00 (0) > [28] : 0x72 (114) > [29] : 0x00 (0) > [30] : 0x6f (111) > [31] : 0x00 (0) > [32] : 0x76 (118) > [33] : 0x00 (0) > [34] : 0x69 (105) > [35] : 0x00 (0) > [36] : 0x64 (100) > [37] : 0x00 (0) > [38] : 0x69 (105) > [39] : 0x00 (0) > [40] : 0x6e (110) > [41] : 0x00 (0) > [42] : 0x67 (103) > [43] : 0x00 (0) > [44] : 0x20 (32) > [45] : 0x00 (0) > [46] : 0x61 (97) > [47] : 0x00 (0) > [48] : 0x63 (99) > [49] : 0x00 (0) > [50] : 0x63 (99) > [51] : 0x00 (0) > [52] : 0x65 (101) > [53] : 0x00 (0) > [54] : 0x73 (115) > [55] : 0x00 (0) > [56] : 0x73 (115) > [57] : 0x00 (0) > [58] : 0x20 (32) > [59] : 0x00 (0) > [60] : 0x74 (116) > [61] : 0x00 (0) > [62] : 0x6f (111) > [63] : 0x00 (0) > [64] : 0x20 (32) > [65] : 0x00 (0) > [66] : 0x70 (112) > [67] : 0x00 (0) > [68] : 0x6f (111) > [69] : 0x00 (0) > [70] : 0x6c (108) > [71] : 0x00 (0) > [72] : 0x69 (105) > [73] : 0x00 (0) > [74] : 0x63 (99) > [75] : 0x00 (0) > [76] : 0x79 (121) > [77] : 0x00 (0) > [78] : 0x20 (32) > [79] : 0x00 (0) > [80] : 0x61 (97) > [81] : 0x00 (0) > [82] : 0x6e (110) > [83] : 0x00 (0) > [84] : 0x64 (100) > [85] : 0x00 (0) > [86] : 0x20 (32) > [87] : 0x00 (0) > [88] : 0x70 (112) > [89] : 0x00 (0) > [90] : 0x72 (114) > [91] : 0x00 (0) > [92] : 0x6f (111) > [93] : 0x00 (0) > [94] : 0x66 (102) > [95] : 0x00 (0) > [96] : 0x69 (105) > [97] : 0x00 (0) > [98] : 0x6c (108) > [99] : 0x00 (0) > [100] : 0x65 (101) > [101] : 0x00 (0) > [102] : 0x20 (32) > [103] : 0x00 (0) > [104] : 0x64 (100) > [105] : 0x00 (0) > [106] : 0x61 (97) > [107] : 0x00 (0) > [108] : 0x74 (116) > [109] : 0x00 (0) > [110] : 0x61 (97) > [111] : 0x00 (0) > [112] : 0x20 (32) > [113] : 0x00 (0) > [114] : 0x28 (40) > [115] : 0x00 (0) > [116] : 0x6e (110) > [117] : 0x00 (0) > [118] : 0x6f (111) > [119] : 0x00 (0) > [120] : 0x74 (116) > [121] : 0x00 (0) > [122] : 0x72 (114) > [123] : 0x00 (0) > [124] : 0x65 (101) > [125] : 0x00 (0) > [126] : 0x6d (109) > [127] : 0x00 (0) > [128] : 0x6f (111) > [129] : 0x00 (0) > [130] : 0x74 (116) > [131] : 0x00 (0) > [132] : 0x65 (101) > [133] : 0x00 (0) > [134] : 0x6c (108) > [135] : 0x00 (0) > [136] : 0x79 (121) > [137] : 0x00 (0) > [138] : 0x20 (32) > [139] : 0x00 (0) > [140] : 0x6d (109) > [141] : 0x00 (0) > [142] : 0x61 (97) > [143] : 0x00 (0) > [144] : 0x6e (110) > [145] : 0x00 (0) > [146] : 0x61 (97) > [147] : 0x00 (0) > [148] : 0x67 (103) > [149] : 0x00 (0) > [150] : 0x65 (101) > [151] : 0x00 (0) > [152] : 0x61 (97) > [153] : 0x00 (0) > [154] : 0x62 (98) > [155] : 0x00 (0) > [156] : 0x6c (108) > [157] : 0x00 (0) > [158] : 0x65 (101) > [159] : 0x00 (0) > [160] : 0x29 (41) > [161] : 0x00 (0) > [162] : 0x00 (0) > [163] : 0x00 (0) > size : 0x000000a4 (164) >[2012/06/12 03:29:53.182709, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 05 00 00 00 00 00 00 00 D6 4F 71 7F ........ .....Oq. > [0010] CD 25 00 00 .%.. >[2012/06/12 03:29:53.182894, 8] rpc_server/winreg/srv_winreg_nt.c:812(_winreg_SetValue) > _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON:Description] >[2012/06/12 03:29:53.182992, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_SetValue: struct winreg_SetValue > out: struct winreg_SetValue > result : WERR_OK >[2012/06/12 03:29:53.183244, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > in: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000005-0000-0000-d64f-717fcd250000 >[2012/06/12 03:29:53.183588, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 05 00 00 00 00 00 00 00 D6 4F 71 7F ........ .....Oq. > [0010] CD 25 00 00 .%.. >[2012/06/12 03:29:53.183744, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 05 00 00 00 00 00 00 00 D6 4F 71 7F ........ .....Oq. > [0010] CD 25 00 00 .%.. >[2012/06/12 03:29:53.183900, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/06/12 03:29:53.183996, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (4->3) >[2012/06/12 03:29:53.184093, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > out: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000000-0000-0000-0000-000000000000 > result : WERR_OK >[2012/06/12 03:29:53.184505, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CreateKey: struct winreg_CreateKey > in: struct winreg_CreateKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000001-0000-0000-d64f-717fcd250000 > name: struct winreg_String > name_len : 0x0068 (104) > name_size : 0x0068 (104) > name : * > name : 'SYSTEM\CurrentControlSet\Services\NETLOGON\Security' > keyclass: struct winreg_String > name_len : 0x0002 (2) > name_size : 0x0002 (2) > name : * > name : '' > options : 0x00000000 (0) > 0: REG_OPTION_VOLATILE > 0: REG_OPTION_CREATE_LINK > 0: REG_OPTION_BACKUP_RESTORE > 0: REG_OPTION_OPEN_LINK > access_mask : 0x02000000 (33554432) > 0: KEY_QUERY_VALUE > 0: KEY_SET_VALUE > 0: KEY_CREATE_SUB_KEY > 0: KEY_ENUMERATE_SUB_KEYS > 0: KEY_NOTIFY > 0: KEY_CREATE_LINK > 0: KEY_WOW64_64KEY > 0: KEY_WOW64_32KEY > secdesc : NULL > action_taken : * > action_taken : REG_OPENED_EXISTING_KEY (2) >[2012/06/12 03:29:53.186073, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[1] [0000] 00 00 00 00 01 00 00 00 00 00 00 00 D6 4F 71 7F ........ .....Oq. > [0010] CD 25 00 00 .%.. >[2012/06/12 03:29:53.186244, 10] rpc_server/winreg/srv_winreg_nt.c:782(_winreg_CreateKey) > _winreg_CreateKey called with parent key 'HKLM' and subkey name 'SYSTEM\CurrentControlSet\Services\NETLOGON\Security' >[2012/06/12 03:29:53.186349, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [SYSTEM] >[2012/06/12 03:29:53.186446, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (3->4) >[2012/06/12 03:29:53.186544, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SYSTEM] >[2012/06/12 03:29:53.186640, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SYSTEM] >[2012/06/12 03:29:53.186749, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/06/12 03:29:53.186845, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7ffa8896c300 for key [\HKLM\SYSTEM] >[2012/06/12 03:29:53.186951, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [CurrentControlSet] >[2012/06/12 03:29:53.187049, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (4->5) >[2012/06/12 03:29:53.187148, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet] >[2012/06/12 03:29:53.187245, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet] >[2012/06/12 03:29:53.187347, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/06/12 03:29:53.187442, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7ffa8896c300 for key [\HKLM\SYSTEM\CurrentControlSet] >[2012/06/12 03:29:53.187549, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (5->4) >[2012/06/12 03:29:53.187647, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Services] >[2012/06/12 03:29:53.187756, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (4->5) >[2012/06/12 03:29:53.187854, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services] >[2012/06/12 03:29:53.187949, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services] >[2012/06/12 03:29:53.188044, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/06/12 03:29:53.188138, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7ffa8896c300 for key [\HKLM\SYSTEM\CurrentControlSet\Services] >[2012/06/12 03:29:53.188269, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (5->4) >[2012/06/12 03:29:53.188374, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [NETLOGON] >[2012/06/12 03:29:53.188471, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (4->5) >[2012/06/12 03:29:53.188570, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON] >[2012/06/12 03:29:53.188666, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON] >[2012/06/12 03:29:53.188763, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/06/12 03:29:53.188858, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7ffa8896c300 for key [\HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON] >[2012/06/12 03:29:53.188967, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (5->4) >[2012/06/12 03:29:53.189066, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Security] >[2012/06/12 03:29:53.189178, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (4->5) >[2012/06/12 03:29:53.190085, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON\Security] >[2012/06/12 03:29:53.190182, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON\Security] >[2012/06/12 03:29:53.190299, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/06/12 03:29:53.190395, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7ffa8896c300 for key [\HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON\Security] >[2012/06/12 03:29:53.190500, 10] registry/reg_backend_db.c:1630(regdb_fetch_keys_internal) > regdb_fetch_keys: no subkeys found for key [HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON\Security] >[2012/06/12 03:29:53.190598, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (5->4) >[2012/06/12 03:29:53.190696, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[3] [0000] 00 00 00 00 06 00 00 00 00 00 00 00 D6 4F 71 7F ........ .....Oq. > [0010] CD 25 00 00 .%.. >[2012/06/12 03:29:53.190866, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CreateKey: struct winreg_CreateKey > out: struct winreg_CreateKey > new_handle : * > new_handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000006-0000-0000-d64f-717fcd250000 > action_taken : * > action_taken : REG_OPENED_EXISTING_KEY (2) > result : WERR_OK >[2012/06/12 03:29:53.191365, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_SetValue: struct winreg_SetValue > in: struct winreg_SetValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000006-0000-0000-d64f-717fcd250000 > name: struct winreg_String > name_len : 0x0012 (18) > name_size : 0x0012 (18) > name : * > name : 'Security' > type : REG_BINARY (3) > data : * > data: ARRAY(120) > [0] : 0x01 (1) > [1] : 0x00 (0) > [2] : 0x04 (4) > [3] : 0x80 (128) > [4] : 0x00 (0) > [5] : 0x00 (0) > [6] : 0x00 (0) > [7] : 0x00 (0) > [8] : 0x00 (0) > [9] : 0x00 (0) > [10] : 0x00 (0) > [11] : 0x00 (0) > [12] : 0x00 (0) > [13] : 0x00 (0) > [14] : 0x00 (0) > [15] : 0x00 (0) > [16] : 0x14 (20) > [17] : 0x00 (0) > [18] : 0x00 (0) > [19] : 0x00 (0) > [20] : 0x02 (2) > [21] : 0x00 (0) > [22] : 0x64 (100) > [23] : 0x00 (0) > [24] : 0x04 (4) > [25] : 0x00 (0) > [26] : 0x00 (0) > [27] : 0x00 (0) > [28] : 0x00 (0) > [29] : 0x00 (0) > [30] : 0x14 (20) > [31] : 0x00 (0) > [32] : 0x8d (141) > [33] : 0x01 (1) > [34] : 0x02 (2) > [35] : 0x00 (0) > [36] : 0x01 (1) > [37] : 0x01 (1) > [38] : 0x00 (0) > [39] : 0x00 (0) > [40] : 0x00 (0) > [41] : 0x00 (0) > [42] : 0x00 (0) > [43] : 0x01 (1) > [44] : 0x00 (0) > [45] : 0x00 (0) > [46] : 0x00 (0) > [47] : 0x00 (0) > [48] : 0x00 (0) > [49] : 0x00 (0) > [50] : 0x18 (24) > [51] : 0x00 (0) > [52] : 0xfd (253) > [53] : 0x01 (1) > [54] : 0x02 (2) > [55] : 0x00 (0) > [56] : 0x01 (1) > [57] : 0x02 (2) > [58] : 0x00 (0) > [59] : 0x00 (0) > [60] : 0x00 (0) > [61] : 0x00 (0) > [62] : 0x00 (0) > [63] : 0x05 (5) > [64] : 0x20 (32) > [65] : 0x00 (0) > [66] : 0x00 (0) > [67] : 0x00 (0) > [68] : 0x23 (35) > [69] : 0x02 (2) > [70] : 0x00 (0) > [71] : 0x00 (0) > [72] : 0x00 (0) > [73] : 0x00 (0) > [74] : 0x18 (24) > [75] : 0x00 (0) > [76] : 0xff (255) > [77] : 0x01 (1) > [78] : 0x0f (15) > [79] : 0x00 (0) > [80] : 0x01 (1) > [81] : 0x02 (2) > [82] : 0x00 (0) > [83] : 0x00 (0) > [84] : 0x00 (0) > [85] : 0x00 (0) > [86] : 0x00 (0) > [87] : 0x05 (5) > [88] : 0x20 (32) > [89] : 0x00 (0) > [90] : 0x00 (0) > [91] : 0x00 (0) > [92] : 0x25 (37) > [93] : 0x02 (2) > [94] : 0x00 (0) > [95] : 0x00 (0) > [96] : 0x00 (0) > [97] : 0x00 (0) > [98] : 0x18 (24) > [99] : 0x00 (0) > [100] : 0xff (255) > [101] : 0x01 (1) > [102] : 0x0f (15) > [103] : 0x00 (0) > [104] : 0x01 (1) > [105] : 0x02 (2) > [106] : 0x00 (0) > [107] : 0x00 (0) > [108] : 0x00 (0) > [109] : 0x00 (0) > [110] : 0x00 (0) > [111] : 0x05 (5) > [112] : 0x20 (32) > [113] : 0x00 (0) > [114] : 0x00 (0) > [115] : 0x00 (0) > [116] : 0x20 (32) > [117] : 0x02 (2) > [118] : 0x00 (0) > [119] : 0x00 (0) > size : 0x00000078 (120) >[2012/06/12 03:29:53.197832, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 06 00 00 00 00 00 00 00 D6 4F 71 7F ........ .....Oq. > [0010] CD 25 00 00 .%.. >[2012/06/12 03:29:53.197991, 8] rpc_server/winreg/srv_winreg_nt.c:812(_winreg_SetValue) > _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON\Security:Security] >[2012/06/12 03:29:53.198103, 10] registry/reg_dispatcher.c:150(fetch_reg_values) > fetch_reg_values called for key 'HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON\Security' (ops 0x7ffa8896c300) >[2012/06/12 03:29:53.198201, 10] registry/reg_backend_db.c:1764(regdb_fetch_values_internal) > regdb_fetch_values: Looking for value of key [HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON\Security] >[2012/06/12 03:29:53.198309, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) > specific: [Security], len: 120 >[2012/06/12 03:29:53.198406, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_SetValue: struct winreg_SetValue > out: struct winreg_SetValue > result : WERR_OK >[2012/06/12 03:29:53.198601, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > in: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000006-0000-0000-d64f-717fcd250000 >[2012/06/12 03:29:53.198920, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 06 00 00 00 00 00 00 00 D6 4F 71 7F ........ .....Oq. > [0010] CD 25 00 00 .%.. >[2012/06/12 03:29:53.199089, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 06 00 00 00 00 00 00 00 D6 4F 71 7F ........ .....Oq. > [0010] CD 25 00 00 .%.. >[2012/06/12 03:29:53.199252, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/06/12 03:29:53.199354, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (4->3) >[2012/06/12 03:29:53.199449, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > out: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000000-0000-0000-0000-000000000000 > result : WERR_OK >[2012/06/12 03:29:53.199838, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CreateKey: struct winreg_CreateKey > in: struct winreg_CreateKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000001-0000-0000-d64f-717fcd250000 > name: struct winreg_String > name_len : 0x0062 (98) > name_size : 0x0062 (98) > name : * > name : 'SYSTEM\CurrentControlSet\Services\RemoteRegistry' > keyclass: struct winreg_String > name_len : 0x0002 (2) > name_size : 0x0002 (2) > name : * > name : '' > options : 0x00000000 (0) > 0: REG_OPTION_VOLATILE > 0: REG_OPTION_CREATE_LINK > 0: REG_OPTION_BACKUP_RESTORE > 0: REG_OPTION_OPEN_LINK > access_mask : 0x02000000 (33554432) > 0: KEY_QUERY_VALUE > 0: KEY_SET_VALUE > 0: KEY_CREATE_SUB_KEY > 0: KEY_ENUMERATE_SUB_KEYS > 0: KEY_NOTIFY > 0: KEY_CREATE_LINK > 0: KEY_WOW64_64KEY > 0: KEY_WOW64_32KEY > secdesc : NULL > action_taken : * > action_taken : REG_ACTION_NONE (0) >[2012/06/12 03:29:53.201434, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[1] [0000] 00 00 00 00 01 00 00 00 00 00 00 00 D6 4F 71 7F ........ .....Oq. > [0010] CD 25 00 00 .%.. >[2012/06/12 03:29:53.201591, 10] rpc_server/winreg/srv_winreg_nt.c:782(_winreg_CreateKey) > _winreg_CreateKey called with parent key 'HKLM' and subkey name 'SYSTEM\CurrentControlSet\Services\RemoteRegistry' >[2012/06/12 03:29:53.201690, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [SYSTEM] >[2012/06/12 03:29:53.201787, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (3->4) >[2012/06/12 03:29:53.201886, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SYSTEM] >[2012/06/12 03:29:53.201995, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SYSTEM] >[2012/06/12 03:29:53.202092, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/06/12 03:29:53.202187, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7ffa8896c300 for key [\HKLM\SYSTEM] >[2012/06/12 03:29:53.202307, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [CurrentControlSet] >[2012/06/12 03:29:53.202418, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (4->5) >[2012/06/12 03:29:53.202517, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet] >[2012/06/12 03:29:53.202613, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet] >[2012/06/12 03:29:53.202711, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/06/12 03:29:53.202806, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7ffa8896c300 for key [\HKLM\SYSTEM\CurrentControlSet] >[2012/06/12 03:29:53.202926, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (5->4) >[2012/06/12 03:29:53.203030, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Services] >[2012/06/12 03:29:53.203127, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (4->5) >[2012/06/12 03:29:53.203253, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services] >[2012/06/12 03:29:53.203355, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services] >[2012/06/12 03:29:53.203453, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/06/12 03:29:53.203548, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7ffa8896c300 for key [\HKLM\SYSTEM\CurrentControlSet\Services] >[2012/06/12 03:29:53.203681, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (5->4) >[2012/06/12 03:29:53.203781, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [RemoteRegistry] >[2012/06/12 03:29:53.203879, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (4->5) >[2012/06/12 03:29:53.203978, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry] >[2012/06/12 03:29:53.204074, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry] >[2012/06/12 03:29:53.204171, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/06/12 03:29:53.204326, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7ffa8896c300 for key [\HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry] >[2012/06/12 03:29:53.204434, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (5->4) >[2012/06/12 03:29:53.204533, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[3] [0000] 00 00 00 00 07 00 00 00 00 00 00 00 D6 4F 71 7F ........ .....Oq. > [0010] CD 25 00 00 .%.. >[2012/06/12 03:29:53.204688, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CreateKey: struct winreg_CreateKey > out: struct winreg_CreateKey > new_handle : * > new_handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000007-0000-0000-d64f-717fcd250000 > action_taken : * > action_taken : REG_OPENED_EXISTING_KEY (2) > result : WERR_OK >[2012/06/12 03:29:53.205165, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_SetValue: struct winreg_SetValue > in: struct winreg_SetValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000007-0000-0000-d64f-717fcd250000 > name: struct winreg_String > name_len : 0x000c (12) > name_size : 0x000c (12) > name : * > name : 'Start' > type : REG_DWORD (4) > data : * > data: ARRAY(4) > [0] : 0x02 (2) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > size : 0x00000004 (4) >[2012/06/12 03:29:53.206098, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 07 00 00 00 00 00 00 00 D6 4F 71 7F ........ .....Oq. > [0010] CD 25 00 00 .%.. >[2012/06/12 03:29:53.206245, 8] rpc_server/winreg/srv_winreg_nt.c:812(_winreg_SetValue) > _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry:Start] >[2012/06/12 03:29:53.206354, 10] registry/reg_dispatcher.c:150(fetch_reg_values) > fetch_reg_values called for key 'HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry' (ops 0x7ffa8896c300) >[2012/06/12 03:29:53.206451, 10] registry/reg_backend_db.c:1764(regdb_fetch_values_internal) > regdb_fetch_values: Looking for value of key [HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry] >[2012/06/12 03:29:53.206557, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) > specific: [Start], len: 4 >[2012/06/12 03:29:53.206655, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) > specific: [Type], len: 4 >[2012/06/12 03:29:53.206773, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) > specific: [ErrorControl], len: 4 >[2012/06/12 03:29:53.206871, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) > specific: [ObjectName], len: 24 >[2012/06/12 03:29:53.206969, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) > specific: [DisplayName], len: 48 >[2012/06/12 03:29:53.207067, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) > specific: [ImagePath], len: 58 >[2012/06/12 03:29:53.207166, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) > specific: [Description], len: 126 >[2012/06/12 03:29:53.207314, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_SetValue: struct winreg_SetValue > out: struct winreg_SetValue > result : WERR_OK >[2012/06/12 03:29:53.207511, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_SetValue: struct winreg_SetValue > in: struct winreg_SetValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000007-0000-0000-d64f-717fcd250000 > name: struct winreg_String > name_len : 0x000a (10) > name_size : 0x000a (10) > name : * > name : 'Type' > type : REG_DWORD (4) > data : * > data: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > size : 0x00000004 (4) >[2012/06/12 03:29:53.208448, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 07 00 00 00 00 00 00 00 D6 4F 71 7F ........ .....Oq. > [0010] CD 25 00 00 .%.. >[2012/06/12 03:29:53.208639, 8] rpc_server/winreg/srv_winreg_nt.c:812(_winreg_SetValue) > _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry:Type] >[2012/06/12 03:29:53.208779, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_SetValue: struct winreg_SetValue > out: struct winreg_SetValue > result : WERR_OK >[2012/06/12 03:29:53.208976, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_SetValue: struct winreg_SetValue > in: struct winreg_SetValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000007-0000-0000-d64f-717fcd250000 > name: struct winreg_String > name_len : 0x001a (26) > name_size : 0x001a (26) > name : * > name : 'ErrorControl' > type : REG_DWORD (4) > data : * > data: ARRAY(4) > [0] : 0x01 (1) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > size : 0x00000004 (4) >[2012/06/12 03:29:53.209918, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 07 00 00 00 00 00 00 00 D6 4F 71 7F ........ .....Oq. > [0010] CD 25 00 00 .%.. >[2012/06/12 03:29:53.210074, 8] rpc_server/winreg/srv_winreg_nt.c:812(_winreg_SetValue) > _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry:ErrorControl] >[2012/06/12 03:29:53.210193, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_SetValue: struct winreg_SetValue > out: struct winreg_SetValue > result : WERR_OK >[2012/06/12 03:29:53.211190, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_SetValue: struct winreg_SetValue > in: struct winreg_SetValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000007-0000-0000-d64f-717fcd250000 > name: struct winreg_String > name_len : 0x0016 (22) > name_size : 0x0016 (22) > name : * > name : 'ObjectName' > type : REG_SZ (1) > data : * > data: ARRAY(24) > [0] : 0x4c (76) > [1] : 0x00 (0) > [2] : 0x6f (111) > [3] : 0x00 (0) > [4] : 0x63 (99) > [5] : 0x00 (0) > [6] : 0x61 (97) > [7] : 0x00 (0) > [8] : 0x6c (108) > [9] : 0x00 (0) > [10] : 0x53 (83) > [11] : 0x00 (0) > [12] : 0x79 (121) > [13] : 0x00 (0) > [14] : 0x73 (115) > [15] : 0x00 (0) > [16] : 0x74 (116) > [17] : 0x00 (0) > [18] : 0x65 (101) > [19] : 0x00 (0) > [20] : 0x6d (109) > [21] : 0x00 (0) > [22] : 0x00 (0) > [23] : 0x00 (0) > size : 0x00000018 (24) >[2012/06/12 03:29:53.213121, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 07 00 00 00 00 00 00 00 D6 4F 71 7F ........ .....Oq. > [0010] CD 25 00 00 .%.. >[2012/06/12 03:29:53.213304, 8] rpc_server/winreg/srv_winreg_nt.c:812(_winreg_SetValue) > _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry:ObjectName] >[2012/06/12 03:29:53.213404, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_SetValue: struct winreg_SetValue > out: struct winreg_SetValue > result : WERR_OK >[2012/06/12 03:29:53.213602, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_SetValue: struct winreg_SetValue > in: struct winreg_SetValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000007-0000-0000-d64f-717fcd250000 > name: struct winreg_String > name_len : 0x0018 (24) > name_size : 0x0018 (24) > name : * > name : 'DisplayName' > type : REG_SZ (1) > data : * > data: ARRAY(48) > [0] : 0x52 (82) > [1] : 0x00 (0) > [2] : 0x65 (101) > [3] : 0x00 (0) > [4] : 0x6d (109) > [5] : 0x00 (0) > [6] : 0x6f (111) > [7] : 0x00 (0) > [8] : 0x74 (116) > [9] : 0x00 (0) > [10] : 0x65 (101) > [11] : 0x00 (0) > [12] : 0x20 (32) > [13] : 0x00 (0) > [14] : 0x52 (82) > [15] : 0x00 (0) > [16] : 0x65 (101) > [17] : 0x00 (0) > [18] : 0x67 (103) > [19] : 0x00 (0) > [20] : 0x69 (105) > [21] : 0x00 (0) > [22] : 0x73 (115) > [23] : 0x00 (0) > [24] : 0x74 (116) > [25] : 0x00 (0) > [26] : 0x72 (114) > [27] : 0x00 (0) > [28] : 0x79 (121) > [29] : 0x00 (0) > [30] : 0x20 (32) > [31] : 0x00 (0) > [32] : 0x53 (83) > [33] : 0x00 (0) > [34] : 0x65 (101) > [35] : 0x00 (0) > [36] : 0x72 (114) > [37] : 0x00 (0) > [38] : 0x76 (118) > [39] : 0x00 (0) > [40] : 0x69 (105) > [41] : 0x00 (0) > [42] : 0x63 (99) > [43] : 0x00 (0) > [44] : 0x65 (101) > [45] : 0x00 (0) > [46] : 0x00 (0) > [47] : 0x00 (0) > size : 0x00000030 (48) >[2012/06/12 03:29:53.216669, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 07 00 00 00 00 00 00 00 D6 4F 71 7F ........ .....Oq. > [0010] CD 25 00 00 .%.. >[2012/06/12 03:29:53.216827, 8] rpc_server/winreg/srv_winreg_nt.c:812(_winreg_SetValue) > _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry:DisplayName] >[2012/06/12 03:29:53.216926, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_SetValue: struct winreg_SetValue > out: struct winreg_SetValue > result : WERR_OK >[2012/06/12 03:29:53.217155, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_SetValue: struct winreg_SetValue > in: struct winreg_SetValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000007-0000-0000-d64f-717fcd250000 > name: struct winreg_String > name_len : 0x0014 (20) > name_size : 0x0014 (20) > name : * > name : 'ImagePath' > type : REG_SZ (1) > data : * > data: ARRAY(58) > [0] : 0x2f (47) > [1] : 0x00 (0) > [2] : 0x75 (117) > [3] : 0x00 (0) > [4] : 0x73 (115) > [5] : 0x00 (0) > [6] : 0x72 (114) > [7] : 0x00 (0) > [8] : 0x2f (47) > [9] : 0x00 (0) > [10] : 0x6c (108) > [11] : 0x00 (0) > [12] : 0x69 (105) > [13] : 0x00 (0) > [14] : 0x62 (98) > [15] : 0x00 (0) > [16] : 0x36 (54) > [17] : 0x00 (0) > [18] : 0x34 (52) > [19] : 0x00 (0) > [20] : 0x2f (47) > [21] : 0x00 (0) > [22] : 0x73 (115) > [23] : 0x00 (0) > [24] : 0x61 (97) > [25] : 0x00 (0) > [26] : 0x6d (109) > [27] : 0x00 (0) > [28] : 0x62 (98) > [29] : 0x00 (0) > [30] : 0x61 (97) > [31] : 0x00 (0) > [32] : 0x2f (47) > [33] : 0x00 (0) > [34] : 0x73 (115) > [35] : 0x00 (0) > [36] : 0x76 (118) > [37] : 0x00 (0) > [38] : 0x63 (99) > [39] : 0x00 (0) > [40] : 0x63 (99) > [41] : 0x00 (0) > [42] : 0x74 (116) > [43] : 0x00 (0) > [44] : 0x6c (108) > [45] : 0x00 (0) > [46] : 0x2f (47) > [47] : 0x00 (0) > [48] : 0x73 (115) > [49] : 0x00 (0) > [50] : 0x6d (109) > [51] : 0x00 (0) > [52] : 0x62 (98) > [53] : 0x00 (0) > [54] : 0x64 (100) > [55] : 0x00 (0) > [56] : 0x00 (0) > [57] : 0x00 (0) > size : 0x0000003a (58) >[2012/06/12 03:29:53.220586, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 07 00 00 00 00 00 00 00 D6 4F 71 7F ........ .....Oq. > [0010] CD 25 00 00 .%.. >[2012/06/12 03:29:53.220744, 8] rpc_server/winreg/srv_winreg_nt.c:812(_winreg_SetValue) > _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry:ImagePath] >[2012/06/12 03:29:53.220842, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_SetValue: struct winreg_SetValue > out: struct winreg_SetValue > result : WERR_OK >[2012/06/12 03:29:53.221057, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_SetValue: struct winreg_SetValue > in: struct winreg_SetValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000007-0000-0000-d64f-717fcd250000 > name: struct winreg_String > name_len : 0x0018 (24) > name_size : 0x0018 (24) > name : * > name : 'Description' > type : REG_SZ (1) > data : * > data: ARRAY(126) > [0] : 0x49 (73) > [1] : 0x00 (0) > [2] : 0x6e (110) > [3] : 0x00 (0) > [4] : 0x74 (116) > [5] : 0x00 (0) > [6] : 0x65 (101) > [7] : 0x00 (0) > [8] : 0x72 (114) > [9] : 0x00 (0) > [10] : 0x6e (110) > [11] : 0x00 (0) > [12] : 0x61 (97) > [13] : 0x00 (0) > [14] : 0x6c (108) > [15] : 0x00 (0) > [16] : 0x20 (32) > [17] : 0x00 (0) > [18] : 0x73 (115) > [19] : 0x00 (0) > [20] : 0x65 (101) > [21] : 0x00 (0) > [22] : 0x72 (114) > [23] : 0x00 (0) > [24] : 0x76 (118) > [25] : 0x00 (0) > [26] : 0x69 (105) > [27] : 0x00 (0) > [28] : 0x63 (99) > [29] : 0x00 (0) > [30] : 0x65 (101) > [31] : 0x00 (0) > [32] : 0x20 (32) > [33] : 0x00 (0) > [34] : 0x70 (112) > [35] : 0x00 (0) > [36] : 0x72 (114) > [37] : 0x00 (0) > [38] : 0x6f (111) > [39] : 0x00 (0) > [40] : 0x76 (118) > [41] : 0x00 (0) > [42] : 0x69 (105) > [43] : 0x00 (0) > [44] : 0x64 (100) > [45] : 0x00 (0) > [46] : 0x69 (105) > [47] : 0x00 (0) > [48] : 0x6e (110) > [49] : 0x00 (0) > [50] : 0x67 (103) > [51] : 0x00 (0) > [52] : 0x20 (32) > [53] : 0x00 (0) > [54] : 0x72 (114) > [55] : 0x00 (0) > [56] : 0x65 (101) > [57] : 0x00 (0) > [58] : 0x6d (109) > [59] : 0x00 (0) > [60] : 0x6f (111) > [61] : 0x00 (0) > [62] : 0x74 (116) > [63] : 0x00 (0) > [64] : 0x65 (101) > [65] : 0x00 (0) > [66] : 0x20 (32) > [67] : 0x00 (0) > [68] : 0x61 (97) > [69] : 0x00 (0) > [70] : 0x63 (99) > [71] : 0x00 (0) > [72] : 0x63 (99) > [73] : 0x00 (0) > [74] : 0x65 (101) > [75] : 0x00 (0) > [76] : 0x73 (115) > [77] : 0x00 (0) > [78] : 0x73 (115) > [79] : 0x00 (0) > [80] : 0x20 (32) > [81] : 0x00 (0) > [82] : 0x74 (116) > [83] : 0x00 (0) > [84] : 0x6f (111) > [85] : 0x00 (0) > [86] : 0x20 (32) > [87] : 0x00 (0) > [88] : 0x74 (116) > [89] : 0x00 (0) > [90] : 0x68 (104) > [91] : 0x00 (0) > [92] : 0x65 (101) > [93] : 0x00 (0) > [94] : 0x20 (32) > [95] : 0x00 (0) > [96] : 0x53 (83) > [97] : 0x00 (0) > [98] : 0x61 (97) > [99] : 0x00 (0) > [100] : 0x6d (109) > [101] : 0x00 (0) > [102] : 0x62 (98) > [103] : 0x00 (0) > [104] : 0x61 (97) > [105] : 0x00 (0) > [106] : 0x20 (32) > [107] : 0x00 (0) > [108] : 0x72 (114) > [109] : 0x00 (0) > [110] : 0x65 (101) > [111] : 0x00 (0) > [112] : 0x67 (103) > [113] : 0x00 (0) > [114] : 0x69 (105) > [115] : 0x00 (0) > [116] : 0x73 (115) > [117] : 0x00 (0) > [118] : 0x74 (116) > [119] : 0x00 (0) > [120] : 0x72 (114) > [121] : 0x00 (0) > [122] : 0x79 (121) > [123] : 0x00 (0) > [124] : 0x00 (0) > [125] : 0x00 (0) > size : 0x0000007e (126) >[2012/06/12 03:29:53.227749, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 07 00 00 00 00 00 00 00 D6 4F 71 7F ........ .....Oq. > [0010] CD 25 00 00 .%.. >[2012/06/12 03:29:53.227911, 8] rpc_server/winreg/srv_winreg_nt.c:812(_winreg_SetValue) > _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry:Description] >[2012/06/12 03:29:53.228012, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_SetValue: struct winreg_SetValue > out: struct winreg_SetValue > result : WERR_OK >[2012/06/12 03:29:53.228281, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > in: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000007-0000-0000-d64f-717fcd250000 >[2012/06/12 03:29:53.228714, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 07 00 00 00 00 00 00 00 D6 4F 71 7F ........ .....Oq. > [0010] CD 25 00 00 .%.. >[2012/06/12 03:29:53.228870, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 07 00 00 00 00 00 00 00 D6 4F 71 7F ........ .....Oq. > [0010] CD 25 00 00 .%.. >[2012/06/12 03:29:53.229025, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/06/12 03:29:53.229122, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (4->3) >[2012/06/12 03:29:53.230055, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > out: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000000-0000-0000-0000-000000000000 > result : WERR_OK >[2012/06/12 03:29:53.230471, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CreateKey: struct winreg_CreateKey > in: struct winreg_CreateKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000001-0000-0000-d64f-717fcd250000 > name: struct winreg_String > name_len : 0x0074 (116) > name_size : 0x0074 (116) > name : * > name : 'SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security' > keyclass: struct winreg_String > name_len : 0x0002 (2) > name_size : 0x0002 (2) > name : * > name : '' > options : 0x00000000 (0) > 0: REG_OPTION_VOLATILE > 0: REG_OPTION_CREATE_LINK > 0: REG_OPTION_BACKUP_RESTORE > 0: REG_OPTION_OPEN_LINK > access_mask : 0x02000000 (33554432) > 0: KEY_QUERY_VALUE > 0: KEY_SET_VALUE > 0: KEY_CREATE_SUB_KEY > 0: KEY_ENUMERATE_SUB_KEYS > 0: KEY_NOTIFY > 0: KEY_CREATE_LINK > 0: KEY_WOW64_64KEY > 0: KEY_WOW64_32KEY > secdesc : NULL > action_taken : * > action_taken : REG_OPENED_EXISTING_KEY (2) >[2012/06/12 03:29:53.232069, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[1] [0000] 00 00 00 00 01 00 00 00 00 00 00 00 D6 4F 71 7F ........ .....Oq. > [0010] CD 25 00 00 .%.. >[2012/06/12 03:29:53.232269, 10] rpc_server/winreg/srv_winreg_nt.c:782(_winreg_CreateKey) > _winreg_CreateKey called with parent key 'HKLM' and subkey name 'SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security' >[2012/06/12 03:29:53.232374, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [SYSTEM] >[2012/06/12 03:29:53.232470, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (3->4) >[2012/06/12 03:29:53.232568, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SYSTEM] >[2012/06/12 03:29:53.232662, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SYSTEM] >[2012/06/12 03:29:53.232758, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/06/12 03:29:53.232868, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7ffa8896c300 for key [\HKLM\SYSTEM] >[2012/06/12 03:29:53.232976, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [CurrentControlSet] >[2012/06/12 03:29:53.233074, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (4->5) >[2012/06/12 03:29:53.233172, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet] >[2012/06/12 03:29:53.233297, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet] >[2012/06/12 03:29:53.233397, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/06/12 03:29:53.233492, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7ffa8896c300 for key [\HKLM\SYSTEM\CurrentControlSet] >[2012/06/12 03:29:53.233600, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (5->4) >[2012/06/12 03:29:53.233698, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Services] >[2012/06/12 03:29:53.233811, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (4->5) >[2012/06/12 03:29:53.233909, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services] >[2012/06/12 03:29:53.234006, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services] >[2012/06/12 03:29:53.234102, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/06/12 03:29:53.234198, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7ffa8896c300 for key [\HKLM\SYSTEM\CurrentControlSet\Services] >[2012/06/12 03:29:53.234315, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (5->4) >[2012/06/12 03:29:53.234415, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [RemoteRegistry] >[2012/06/12 03:29:53.234517, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (4->5) >[2012/06/12 03:29:53.234617, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry] >[2012/06/12 03:29:53.234726, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry] >[2012/06/12 03:29:53.234823, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/06/12 03:29:53.234918, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7ffa8896c300 for key [\HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry] >[2012/06/12 03:29:53.235025, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (5->4) >[2012/06/12 03:29:53.235122, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Security] >[2012/06/12 03:29:53.235253, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (4->5) >[2012/06/12 03:29:53.235358, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security] >[2012/06/12 03:29:53.235455, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security] >[2012/06/12 03:29:53.235552, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/06/12 03:29:53.235659, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7ffa8896c300 for key [\HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security] >[2012/06/12 03:29:53.235768, 10] registry/reg_backend_db.c:1630(regdb_fetch_keys_internal) > regdb_fetch_keys: no subkeys found for key [HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security] >[2012/06/12 03:29:53.235867, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (5->4) >[2012/06/12 03:29:53.235964, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[3] [0000] 00 00 00 00 08 00 00 00 00 00 00 00 D6 4F 71 7F ........ .....Oq. > [0010] CD 25 00 00 .%.. >[2012/06/12 03:29:53.236120, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CreateKey: struct winreg_CreateKey > out: struct winreg_CreateKey > new_handle : * > new_handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000008-0000-0000-d64f-717fcd250000 > action_taken : * > action_taken : REG_OPENED_EXISTING_KEY (2) > result : WERR_OK >[2012/06/12 03:29:53.236657, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_SetValue: struct winreg_SetValue > in: struct winreg_SetValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000008-0000-0000-d64f-717fcd250000 > name: struct winreg_String > name_len : 0x0012 (18) > name_size : 0x0012 (18) > name : * > name : 'Security' > type : REG_BINARY (3) > data : * > data: ARRAY(120) > [0] : 0x01 (1) > [1] : 0x00 (0) > [2] : 0x04 (4) > [3] : 0x80 (128) > [4] : 0x00 (0) > [5] : 0x00 (0) > [6] : 0x00 (0) > [7] : 0x00 (0) > [8] : 0x00 (0) > [9] : 0x00 (0) > [10] : 0x00 (0) > [11] : 0x00 (0) > [12] : 0x00 (0) > [13] : 0x00 (0) > [14] : 0x00 (0) > [15] : 0x00 (0) > [16] : 0x14 (20) > [17] : 0x00 (0) > [18] : 0x00 (0) > [19] : 0x00 (0) > [20] : 0x02 (2) > [21] : 0x00 (0) > [22] : 0x64 (100) > [23] : 0x00 (0) > [24] : 0x04 (4) > [25] : 0x00 (0) > [26] : 0x00 (0) > [27] : 0x00 (0) > [28] : 0x00 (0) > [29] : 0x00 (0) > [30] : 0x14 (20) > [31] : 0x00 (0) > [32] : 0x8d (141) > [33] : 0x01 (1) > [34] : 0x02 (2) > [35] : 0x00 (0) > [36] : 0x01 (1) > [37] : 0x01 (1) > [38] : 0x00 (0) > [39] : 0x00 (0) > [40] : 0x00 (0) > [41] : 0x00 (0) > [42] : 0x00 (0) > [43] : 0x01 (1) > [44] : 0x00 (0) > [45] : 0x00 (0) > [46] : 0x00 (0) > [47] : 0x00 (0) > [48] : 0x00 (0) > [49] : 0x00 (0) > [50] : 0x18 (24) > [51] : 0x00 (0) > [52] : 0xfd (253) > [53] : 0x01 (1) > [54] : 0x02 (2) > [55] : 0x00 (0) > [56] : 0x01 (1) > [57] : 0x02 (2) > [58] : 0x00 (0) > [59] : 0x00 (0) > [60] : 0x00 (0) > [61] : 0x00 (0) > [62] : 0x00 (0) > [63] : 0x05 (5) > [64] : 0x20 (32) > [65] : 0x00 (0) > [66] : 0x00 (0) > [67] : 0x00 (0) > [68] : 0x23 (35) > [69] : 0x02 (2) > [70] : 0x00 (0) > [71] : 0x00 (0) > [72] : 0x00 (0) > [73] : 0x00 (0) > [74] : 0x18 (24) > [75] : 0x00 (0) > [76] : 0xff (255) > [77] : 0x01 (1) > [78] : 0x0f (15) > [79] : 0x00 (0) > [80] : 0x01 (1) > [81] : 0x02 (2) > [82] : 0x00 (0) > [83] : 0x00 (0) > [84] : 0x00 (0) > [85] : 0x00 (0) > [86] : 0x00 (0) > [87] : 0x05 (5) > [88] : 0x20 (32) > [89] : 0x00 (0) > [90] : 0x00 (0) > [91] : 0x00 (0) > [92] : 0x25 (37) > [93] : 0x02 (2) > [94] : 0x00 (0) > [95] : 0x00 (0) > [96] : 0x00 (0) > [97] : 0x00 (0) > [98] : 0x18 (24) > [99] : 0x00 (0) > [100] : 0xff (255) > [101] : 0x01 (1) > [102] : 0x0f (15) > [103] : 0x00 (0) > [104] : 0x01 (1) > [105] : 0x02 (2) > [106] : 0x00 (0) > [107] : 0x00 (0) > [108] : 0x00 (0) > [109] : 0x00 (0) > [110] : 0x00 (0) > [111] : 0x05 (5) > [112] : 0x20 (32) > [113] : 0x00 (0) > [114] : 0x00 (0) > [115] : 0x00 (0) > [116] : 0x20 (32) > [117] : 0x02 (2) > [118] : 0x00 (0) > [119] : 0x00 (0) > size : 0x00000078 (120) >[2012/06/12 03:29:53.243063, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 08 00 00 00 00 00 00 00 D6 4F 71 7F ........ .....Oq. > [0010] CD 25 00 00 .%.. >[2012/06/12 03:29:53.243244, 8] rpc_server/winreg/srv_winreg_nt.c:812(_winreg_SetValue) > _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security:Security] >[2012/06/12 03:29:53.243348, 10] registry/reg_dispatcher.c:150(fetch_reg_values) > fetch_reg_values called for key 'HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security' (ops 0x7ffa8896c300) >[2012/06/12 03:29:53.243445, 10] registry/reg_backend_db.c:1764(regdb_fetch_values_internal) > regdb_fetch_values: Looking for value of key [HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security] >[2012/06/12 03:29:53.243552, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) > specific: [Security], len: 120 >[2012/06/12 03:29:53.243650, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_SetValue: struct winreg_SetValue > out: struct winreg_SetValue > result : WERR_OK >[2012/06/12 03:29:53.243842, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > in: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000008-0000-0000-d64f-717fcd250000 >[2012/06/12 03:29:53.244173, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 08 00 00 00 00 00 00 00 D6 4F 71 7F ........ .....Oq. > [0010] CD 25 00 00 .%.. >[2012/06/12 03:29:53.244363, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 08 00 00 00 00 00 00 00 D6 4F 71 7F ........ .....Oq. > [0010] CD 25 00 00 .%.. >[2012/06/12 03:29:53.244519, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/06/12 03:29:53.244615, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (4->3) >[2012/06/12 03:29:53.244712, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > out: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000000-0000-0000-0000-000000000000 > result : WERR_OK >[2012/06/12 03:29:53.245124, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CreateKey: struct winreg_CreateKey > in: struct winreg_CreateKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000001-0000-0000-d64f-717fcd250000 > name: struct winreg_String > name_len : 0x004e (78) > name_size : 0x004e (78) > name : * > name : 'SYSTEM\CurrentControlSet\Services\WINS' > keyclass: struct winreg_String > name_len : 0x0002 (2) > name_size : 0x0002 (2) > name : * > name : '' > options : 0x00000000 (0) > 0: REG_OPTION_VOLATILE > 0: REG_OPTION_CREATE_LINK > 0: REG_OPTION_BACKUP_RESTORE > 0: REG_OPTION_OPEN_LINK > access_mask : 0x02000000 (33554432) > 0: KEY_QUERY_VALUE > 0: KEY_SET_VALUE > 0: KEY_CREATE_SUB_KEY > 0: KEY_ENUMERATE_SUB_KEYS > 0: KEY_NOTIFY > 0: KEY_CREATE_LINK > 0: KEY_WOW64_64KEY > 0: KEY_WOW64_32KEY > secdesc : NULL > action_taken : * > action_taken : REG_ACTION_NONE (0) >[2012/06/12 03:29:53.246704, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[1] [0000] 00 00 00 00 01 00 00 00 00 00 00 00 D6 4F 71 7F ........ .....Oq. > [0010] CD 25 00 00 .%.. >[2012/06/12 03:29:53.246863, 10] rpc_server/winreg/srv_winreg_nt.c:782(_winreg_CreateKey) > _winreg_CreateKey called with parent key 'HKLM' and subkey name 'SYSTEM\CurrentControlSet\Services\WINS' >[2012/06/12 03:29:53.246961, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [SYSTEM] >[2012/06/12 03:29:53.247058, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (3->4) >[2012/06/12 03:29:53.247156, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SYSTEM] >[2012/06/12 03:29:53.247246, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SYSTEM] >[2012/06/12 03:29:53.247349, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/06/12 03:29:53.247472, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7ffa8896c300 for key [\HKLM\SYSTEM] >[2012/06/12 03:29:53.247578, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [CurrentControlSet] >[2012/06/12 03:29:53.247676, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (4->5) >[2012/06/12 03:29:53.247795, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet] >[2012/06/12 03:29:53.247891, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet] >[2012/06/12 03:29:53.247988, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/06/12 03:29:53.248084, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7ffa8896c300 for key [\HKLM\SYSTEM\CurrentControlSet] >[2012/06/12 03:29:53.248191, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (5->4) >[2012/06/12 03:29:53.248339, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Services] >[2012/06/12 03:29:53.248436, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (4->5) >[2012/06/12 03:29:53.248534, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services] >[2012/06/12 03:29:53.248630, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services] >[2012/06/12 03:29:53.248728, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/06/12 03:29:53.248823, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7ffa8896c300 for key [\HKLM\SYSTEM\CurrentControlSet\Services] >[2012/06/12 03:29:53.248957, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (5->4) >[2012/06/12 03:29:53.249076, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [WINS] >[2012/06/12 03:29:53.249173, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (4->5) >[2012/06/12 03:29:53.249301, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services\WINS] >[2012/06/12 03:29:53.249397, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services\WINS] >[2012/06/12 03:29:53.249494, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/06/12 03:29:53.249589, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7ffa8896c300 for key [\HKLM\SYSTEM\CurrentControlSet\Services\WINS] >[2012/06/12 03:29:53.249701, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (5->4) >[2012/06/12 03:29:53.249800, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[3] [0000] 00 00 00 00 09 00 00 00 00 00 00 00 D6 4F 71 7F ........ .....Oq. > [0010] CD 25 00 00 .%.. >[2012/06/12 03:29:53.249955, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CreateKey: struct winreg_CreateKey > out: struct winreg_CreateKey > new_handle : * > new_handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000009-0000-0000-d64f-717fcd250000 > action_taken : * > action_taken : REG_OPENED_EXISTING_KEY (2) > result : WERR_OK >[2012/06/12 03:29:53.250442, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_SetValue: struct winreg_SetValue > in: struct winreg_SetValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000009-0000-0000-d64f-717fcd250000 > name: struct winreg_String > name_len : 0x000c (12) > name_size : 0x000c (12) > name : * > name : 'Start' > type : REG_DWORD (4) > data : * > data: ARRAY(4) > [0] : 0x02 (2) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > size : 0x00000004 (4) >[2012/06/12 03:29:53.252138, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 09 00 00 00 00 00 00 00 D6 4F 71 7F ........ .....Oq. > [0010] CD 25 00 00 .%.. >[2012/06/12 03:29:53.252323, 8] rpc_server/winreg/srv_winreg_nt.c:812(_winreg_SetValue) > _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\WINS:Start] >[2012/06/12 03:29:53.252421, 10] registry/reg_dispatcher.c:150(fetch_reg_values) > fetch_reg_values called for key 'HKLM\SYSTEM\CurrentControlSet\Services\WINS' (ops 0x7ffa8896c300) >[2012/06/12 03:29:53.252518, 10] registry/reg_backend_db.c:1764(regdb_fetch_values_internal) > regdb_fetch_values: Looking for value of key [HKLM\SYSTEM\CurrentControlSet\Services\WINS] >[2012/06/12 03:29:53.252623, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) > specific: [Start], len: 4 >[2012/06/12 03:29:53.252721, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) > specific: [Type], len: 4 >[2012/06/12 03:29:53.252819, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) > specific: [ErrorControl], len: 4 >[2012/06/12 03:29:53.252916, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) > specific: [ObjectName], len: 24 >[2012/06/12 03:29:53.253013, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) > specific: [DisplayName], len: 74 >[2012/06/12 03:29:53.253112, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) > specific: [ImagePath], len: 58 >[2012/06/12 03:29:53.253244, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) > specific: [Description], len: 178 >[2012/06/12 03:29:53.253360, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_SetValue: struct winreg_SetValue > out: struct winreg_SetValue > result : WERR_OK >[2012/06/12 03:29:53.253556, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_SetValue: struct winreg_SetValue > in: struct winreg_SetValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000009-0000-0000-d64f-717fcd250000 > name: struct winreg_String > name_len : 0x000a (10) > name_size : 0x000a (10) > name : * > name : 'Type' > type : REG_DWORD (4) > data : * > data: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > size : 0x00000004 (4) >[2012/06/12 03:29:53.254475, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 09 00 00 00 00 00 00 00 D6 4F 71 7F ........ .....Oq. > [0010] CD 25 00 00 .%.. >[2012/06/12 03:29:53.254631, 8] rpc_server/winreg/srv_winreg_nt.c:812(_winreg_SetValue) > _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\WINS:Type] >[2012/06/12 03:29:53.254856, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_SetValue: struct winreg_SetValue > out: struct winreg_SetValue > result : WERR_OK >[2012/06/12 03:29:53.255060, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_SetValue: struct winreg_SetValue > in: struct winreg_SetValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000009-0000-0000-d64f-717fcd250000 > name: struct winreg_String > name_len : 0x001a (26) > name_size : 0x001a (26) > name : * > name : 'ErrorControl' > type : REG_DWORD (4) > data : * > data: ARRAY(4) > [0] : 0x01 (1) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > size : 0x00000004 (4) >[2012/06/12 03:29:53.255980, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 09 00 00 00 00 00 00 00 D6 4F 71 7F ........ .....Oq. > [0010] CD 25 00 00 .%.. >[2012/06/12 03:29:53.256278, 8] rpc_server/winreg/srv_winreg_nt.c:812(_winreg_SetValue) > _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\WINS:ErrorControl] >[2012/06/12 03:29:53.256381, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_SetValue: struct winreg_SetValue > out: struct winreg_SetValue > result : WERR_OK >[2012/06/12 03:29:53.256576, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_SetValue: struct winreg_SetValue > in: struct winreg_SetValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000009-0000-0000-d64f-717fcd250000 > name: struct winreg_String > name_len : 0x0016 (22) > name_size : 0x0016 (22) > name : * > name : 'ObjectName' > type : REG_SZ (1) > data : * > data: ARRAY(24) > [0] : 0x4c (76) > [1] : 0x00 (0) > [2] : 0x6f (111) > [3] : 0x00 (0) > [4] : 0x63 (99) > [5] : 0x00 (0) > [6] : 0x61 (97) > [7] : 0x00 (0) > [8] : 0x6c (108) > [9] : 0x00 (0) > [10] : 0x53 (83) > [11] : 0x00 (0) > [12] : 0x79 (121) > [13] : 0x00 (0) > [14] : 0x73 (115) > [15] : 0x00 (0) > [16] : 0x74 (116) > [17] : 0x00 (0) > [18] : 0x65 (101) > [19] : 0x00 (0) > [20] : 0x6d (109) > [21] : 0x00 (0) > [22] : 0x00 (0) > [23] : 0x00 (0) > size : 0x00000018 (24) >[2012/06/12 03:29:53.258435, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 09 00 00 00 00 00 00 00 D6 4F 71 7F ........ .....Oq. > [0010] CD 25 00 00 .%.. >[2012/06/12 03:29:53.258590, 8] rpc_server/winreg/srv_winreg_nt.c:812(_winreg_SetValue) > _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\WINS:ObjectName] >[2012/06/12 03:29:53.258699, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_SetValue: struct winreg_SetValue > out: struct winreg_SetValue > result : WERR_OK >[2012/06/12 03:29:53.258899, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_SetValue: struct winreg_SetValue > in: struct winreg_SetValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000009-0000-0000-d64f-717fcd250000 > name: struct winreg_String > name_len : 0x0018 (24) > name_size : 0x0018 (24) > name : * > name : 'DisplayName' > type : REG_SZ (1) > data : * > data: ARRAY(74) > [0] : 0x57 (87) > [1] : 0x00 (0) > [2] : 0x69 (105) > [3] : 0x00 (0) > [4] : 0x6e (110) > [5] : 0x00 (0) > [6] : 0x64 (100) > [7] : 0x00 (0) > [8] : 0x6f (111) > [9] : 0x00 (0) > [10] : 0x77 (119) > [11] : 0x00 (0) > [12] : 0x73 (115) > [13] : 0x00 (0) > [14] : 0x20 (32) > [15] : 0x00 (0) > [16] : 0x49 (73) > [17] : 0x00 (0) > [18] : 0x6e (110) > [19] : 0x00 (0) > [20] : 0x74 (116) > [21] : 0x00 (0) > [22] : 0x65 (101) > [23] : 0x00 (0) > [24] : 0x72 (114) > [25] : 0x00 (0) > [26] : 0x6e (110) > [27] : 0x00 (0) > [28] : 0x65 (101) > [29] : 0x00 (0) > [30] : 0x74 (116) > [31] : 0x00 (0) > [32] : 0x20 (32) > [33] : 0x00 (0) > [34] : 0x4e (78) > [35] : 0x00 (0) > [36] : 0x61 (97) > [37] : 0x00 (0) > [38] : 0x6d (109) > [39] : 0x00 (0) > [40] : 0x65 (101) > [41] : 0x00 (0) > [42] : 0x20 (32) > [43] : 0x00 (0) > [44] : 0x53 (83) > [45] : 0x00 (0) > [46] : 0x65 (101) > [47] : 0x00 (0) > [48] : 0x72 (114) > [49] : 0x00 (0) > [50] : 0x76 (118) > [51] : 0x00 (0) > [52] : 0x69 (105) > [53] : 0x00 (0) > [54] : 0x63 (99) > [55] : 0x00 (0) > [56] : 0x65 (101) > [57] : 0x00 (0) > [58] : 0x20 (32) > [59] : 0x00 (0) > [60] : 0x28 (40) > [61] : 0x00 (0) > [62] : 0x57 (87) > [63] : 0x00 (0) > [64] : 0x49 (73) > [65] : 0x00 (0) > [66] : 0x4e (78) > [67] : 0x00 (0) > [68] : 0x53 (83) > [69] : 0x00 (0) > [70] : 0x29 (41) > [71] : 0x00 (0) > [72] : 0x00 (0) > [73] : 0x00 (0) > size : 0x0000004a (74) >[2012/06/12 03:29:53.263163, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 09 00 00 00 00 00 00 00 D6 4F 71 7F ........ .....Oq. > [0010] CD 25 00 00 .%.. >[2012/06/12 03:29:53.263345, 8] rpc_server/winreg/srv_winreg_nt.c:812(_winreg_SetValue) > _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\WINS:DisplayName] >[2012/06/12 03:29:53.263456, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_SetValue: struct winreg_SetValue > out: struct winreg_SetValue > result : WERR_OK >[2012/06/12 03:29:53.263654, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_SetValue: struct winreg_SetValue > in: struct winreg_SetValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000009-0000-0000-d64f-717fcd250000 > name: struct winreg_String > name_len : 0x0014 (20) > name_size : 0x0014 (20) > name : * > name : 'ImagePath' > type : REG_SZ (1) > data : * > data: ARRAY(58) > [0] : 0x2f (47) > [1] : 0x00 (0) > [2] : 0x75 (117) > [3] : 0x00 (0) > [4] : 0x73 (115) > [5] : 0x00 (0) > [6] : 0x72 (114) > [7] : 0x00 (0) > [8] : 0x2f (47) > [9] : 0x00 (0) > [10] : 0x6c (108) > [11] : 0x00 (0) > [12] : 0x69 (105) > [13] : 0x00 (0) > [14] : 0x62 (98) > [15] : 0x00 (0) > [16] : 0x36 (54) > [17] : 0x00 (0) > [18] : 0x34 (52) > [19] : 0x00 (0) > [20] : 0x2f (47) > [21] : 0x00 (0) > [22] : 0x73 (115) > [23] : 0x00 (0) > [24] : 0x61 (97) > [25] : 0x00 (0) > [26] : 0x6d (109) > [27] : 0x00 (0) > [28] : 0x62 (98) > [29] : 0x00 (0) > [30] : 0x61 (97) > [31] : 0x00 (0) > [32] : 0x2f (47) > [33] : 0x00 (0) > [34] : 0x73 (115) > [35] : 0x00 (0) > [36] : 0x76 (118) > [37] : 0x00 (0) > [38] : 0x63 (99) > [39] : 0x00 (0) > [40] : 0x63 (99) > [41] : 0x00 (0) > [42] : 0x74 (116) > [43] : 0x00 (0) > [44] : 0x6c (108) > [45] : 0x00 (0) > [46] : 0x2f (47) > [47] : 0x00 (0) > [48] : 0x6e (110) > [49] : 0x00 (0) > [50] : 0x6d (109) > [51] : 0x00 (0) > [52] : 0x62 (98) > [53] : 0x00 (0) > [54] : 0x64 (100) > [55] : 0x00 (0) > [56] : 0x00 (0) > [57] : 0x00 (0) > size : 0x0000003a (58) >[2012/06/12 03:29:53.267065, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 09 00 00 00 00 00 00 00 D6 4F 71 7F ........ .....Oq. > [0010] CD 25 00 00 .%.. >[2012/06/12 03:29:53.267354, 8] rpc_server/winreg/srv_winreg_nt.c:812(_winreg_SetValue) > _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\WINS:ImagePath] >[2012/06/12 03:29:53.267453, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_SetValue: struct winreg_SetValue > out: struct winreg_SetValue > result : WERR_OK >[2012/06/12 03:29:53.267651, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_SetValue: struct winreg_SetValue > in: struct winreg_SetValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000009-0000-0000-d64f-717fcd250000 > name: struct winreg_String > name_len : 0x0018 (24) > name_size : 0x0018 (24) > name : * > name : 'Description' > type : REG_SZ (1) > data : * > data: ARRAY(178) > [0] : 0x49 (73) > [1] : 0x00 (0) > [2] : 0x6e (110) > [3] : 0x00 (0) > [4] : 0x74 (116) > [5] : 0x00 (0) > [6] : 0x65 (101) > [7] : 0x00 (0) > [8] : 0x72 (114) > [9] : 0x00 (0) > [10] : 0x6e (110) > [11] : 0x00 (0) > [12] : 0x61 (97) > [13] : 0x00 (0) > [14] : 0x6c (108) > [15] : 0x00 (0) > [16] : 0x20 (32) > [17] : 0x00 (0) > [18] : 0x73 (115) > [19] : 0x00 (0) > [20] : 0x65 (101) > [21] : 0x00 (0) > [22] : 0x72 (114) > [23] : 0x00 (0) > [24] : 0x76 (118) > [25] : 0x00 (0) > [26] : 0x69 (105) > [27] : 0x00 (0) > [28] : 0x63 (99) > [29] : 0x00 (0) > [30] : 0x65 (101) > [31] : 0x00 (0) > [32] : 0x20 (32) > [33] : 0x00 (0) > [34] : 0x70 (112) > [35] : 0x00 (0) > [36] : 0x72 (114) > [37] : 0x00 (0) > [38] : 0x6f (111) > [39] : 0x00 (0) > [40] : 0x76 (118) > [41] : 0x00 (0) > [42] : 0x69 (105) > [43] : 0x00 (0) > [44] : 0x64 (100) > [45] : 0x00 (0) > [46] : 0x69 (105) > [47] : 0x00 (0) > [48] : 0x6e (110) > [49] : 0x00 (0) > [50] : 0x67 (103) > [51] : 0x00 (0) > [52] : 0x20 (32) > [53] : 0x00 (0) > [54] : 0x61 (97) > [55] : 0x00 (0) > [56] : 0x20 (32) > [57] : 0x00 (0) > [58] : 0x4e (78) > [59] : 0x00 (0) > [60] : 0x65 (101) > [61] : 0x00 (0) > [62] : 0x74 (116) > [63] : 0x00 (0) > [64] : 0x42 (66) > [65] : 0x00 (0) > [66] : 0x49 (73) > [67] : 0x00 (0) > [68] : 0x4f (79) > [69] : 0x00 (0) > [70] : 0x53 (83) > [71] : 0x00 (0) > [72] : 0x20 (32) > [73] : 0x00 (0) > [74] : 0x70 (112) > [75] : 0x00 (0) > [76] : 0x6f (111) > [77] : 0x00 (0) > [78] : 0x69 (105) > [79] : 0x00 (0) > [80] : 0x6e (110) > [81] : 0x00 (0) > [82] : 0x74 (116) > [83] : 0x00 (0) > [84] : 0x2d (45) > [85] : 0x00 (0) > [86] : 0x74 (116) > [87] : 0x00 (0) > [88] : 0x6f (111) > [89] : 0x00 (0) > [90] : 0x2d (45) > [91] : 0x00 (0) > [92] : 0x70 (112) > [93] : 0x00 (0) > [94] : 0x6f (111) > [95] : 0x00 (0) > [96] : 0x69 (105) > [97] : 0x00 (0) > [98] : 0x6e (110) > [99] : 0x00 (0) > [100] : 0x74 (116) > [101] : 0x00 (0) > [102] : 0x20 (32) > [103] : 0x00 (0) > [104] : 0x6e (110) > [105] : 0x00 (0) > [106] : 0x61 (97) > [107] : 0x00 (0) > [108] : 0x6d (109) > [109] : 0x00 (0) > [110] : 0x65 (101) > [111] : 0x00 (0) > [112] : 0x20 (32) > [113] : 0x00 (0) > [114] : 0x73 (115) > [115] : 0x00 (0) > [116] : 0x65 (101) > [117] : 0x00 (0) > [118] : 0x72 (114) > [119] : 0x00 (0) > [120] : 0x76 (118) > [121] : 0x00 (0) > [122] : 0x65 (101) > [123] : 0x00 (0) > [124] : 0x72 (114) > [125] : 0x00 (0) > [126] : 0x28 (40) > [127] : 0x00 (0) > [128] : 0x6e (110) > [129] : 0x00 (0) > [130] : 0x6f (111) > [131] : 0x00 (0) > [132] : 0x74 (116) > [133] : 0x00 (0) > [134] : 0x20 (32) > [135] : 0x00 (0) > [136] : 0x72 (114) > [137] : 0x00 (0) > [138] : 0x65 (101) > [139] : 0x00 (0) > [140] : 0x6d (109) > [141] : 0x00 (0) > [142] : 0x6f (111) > [143] : 0x00 (0) > [144] : 0x74 (116) > [145] : 0x00 (0) > [146] : 0x65 (101) > [147] : 0x00 (0) > [148] : 0x6c (108) > [149] : 0x00 (0) > [150] : 0x79 (121) > [151] : 0x00 (0) > [152] : 0x20 (32) > [153] : 0x00 (0) > [154] : 0x6d (109) > [155] : 0x00 (0) > [156] : 0x61 (97) > [157] : 0x00 (0) > [158] : 0x6e (110) > [159] : 0x00 (0) > [160] : 0x61 (97) > [161] : 0x00 (0) > [162] : 0x67 (103) > [163] : 0x00 (0) > [164] : 0x65 (101) > [165] : 0x00 (0) > [166] : 0x61 (97) > [167] : 0x00 (0) > [168] : 0x62 (98) > [169] : 0x00 (0) > [170] : 0x6c (108) > [171] : 0x00 (0) > [172] : 0x65 (101) > [173] : 0x00 (0) > [174] : 0x29 (41) > [175] : 0x00 (0) > [176] : 0x00 (0) > [177] : 0x00 (0) > size : 0x000000b2 (178) >[2012/06/12 03:29:53.277660, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 09 00 00 00 00 00 00 00 D6 4F 71 7F ........ .....Oq. > [0010] CD 25 00 00 .%.. >[2012/06/12 03:29:53.277817, 8] rpc_server/winreg/srv_winreg_nt.c:812(_winreg_SetValue) > _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\WINS:Description] >[2012/06/12 03:29:53.277914, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_SetValue: struct winreg_SetValue > out: struct winreg_SetValue > result : WERR_OK >[2012/06/12 03:29:53.278120, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > in: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000009-0000-0000-d64f-717fcd250000 >[2012/06/12 03:29:53.278474, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 09 00 00 00 00 00 00 00 D6 4F 71 7F ........ .....Oq. > [0010] CD 25 00 00 .%.. >[2012/06/12 03:29:53.278635, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 09 00 00 00 00 00 00 00 D6 4F 71 7F ........ .....Oq. > [0010] CD 25 00 00 .%.. >[2012/06/12 03:29:53.278795, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/06/12 03:29:53.278892, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (4->3) >[2012/06/12 03:29:53.278988, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > out: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000000-0000-0000-0000-000000000000 > result : WERR_OK >[2012/06/12 03:29:53.279400, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CreateKey: struct winreg_CreateKey > in: struct winreg_CreateKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000001-0000-0000-d64f-717fcd250000 > name: struct winreg_String > name_len : 0x0060 (96) > name_size : 0x0060 (96) > name : * > name : 'SYSTEM\CurrentControlSet\Services\WINS\Security' > keyclass: struct winreg_String > name_len : 0x0002 (2) > name_size : 0x0002 (2) > name : * > name : '' > options : 0x00000000 (0) > 0: REG_OPTION_VOLATILE > 0: REG_OPTION_CREATE_LINK > 0: REG_OPTION_BACKUP_RESTORE > 0: REG_OPTION_OPEN_LINK > access_mask : 0x02000000 (33554432) > 0: KEY_QUERY_VALUE > 0: KEY_SET_VALUE > 0: KEY_CREATE_SUB_KEY > 0: KEY_ENUMERATE_SUB_KEYS > 0: KEY_NOTIFY > 0: KEY_CREATE_LINK > 0: KEY_WOW64_64KEY > 0: KEY_WOW64_32KEY > secdesc : NULL > action_taken : * > action_taken : REG_OPENED_EXISTING_KEY (2) >[2012/06/12 03:29:53.280948, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[1] [0000] 00 00 00 00 01 00 00 00 00 00 00 00 D6 4F 71 7F ........ .....Oq. > [0010] CD 25 00 00 .%.. >[2012/06/12 03:29:53.281106, 10] rpc_server/winreg/srv_winreg_nt.c:782(_winreg_CreateKey) > _winreg_CreateKey called with parent key 'HKLM' and subkey name 'SYSTEM\CurrentControlSet\Services\WINS\Security' >[2012/06/12 03:29:53.281204, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [SYSTEM] >[2012/06/12 03:29:53.281297, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (3->4) >[2012/06/12 03:29:53.281412, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SYSTEM] >[2012/06/12 03:29:53.281506, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SYSTEM] >[2012/06/12 03:29:53.281602, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/06/12 03:29:53.281695, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7ffa8896c300 for key [\HKLM\SYSTEM] >[2012/06/12 03:29:53.281801, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [CurrentControlSet] >[2012/06/12 03:29:53.281910, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (4->5) >[2012/06/12 03:29:53.282008, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet] >[2012/06/12 03:29:53.282128, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet] >[2012/06/12 03:29:53.282244, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/06/12 03:29:53.282357, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7ffa8896c300 for key [\HKLM\SYSTEM\CurrentControlSet] >[2012/06/12 03:29:53.282468, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (5->4) >[2012/06/12 03:29:53.282566, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Services] >[2012/06/12 03:29:53.282663, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (4->5) >[2012/06/12 03:29:53.282761, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services] >[2012/06/12 03:29:53.282870, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services] >[2012/06/12 03:29:53.282966, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/06/12 03:29:53.283061, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7ffa8896c300 for key [\HKLM\SYSTEM\CurrentControlSet\Services] >[2012/06/12 03:29:53.283173, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (5->4) >[2012/06/12 03:29:53.283299, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [WINS] >[2012/06/12 03:29:53.283397, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (4->5) >[2012/06/12 03:29:53.283495, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services\WINS] >[2012/06/12 03:29:53.283591, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services\WINS] >[2012/06/12 03:29:53.283687, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/06/12 03:29:53.283791, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7ffa8896c300 for key [\HKLM\SYSTEM\CurrentControlSet\Services\WINS] >[2012/06/12 03:29:53.283900, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (5->4) >[2012/06/12 03:29:53.283998, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Security] >[2012/06/12 03:29:53.284094, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (4->5) >[2012/06/12 03:29:53.284193, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services\WINS\Security] >[2012/06/12 03:29:53.284320, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services\WINS\Security] >[2012/06/12 03:29:53.284417, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/06/12 03:29:53.284512, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7ffa8896c300 for key [\HKLM\SYSTEM\CurrentControlSet\Services\WINS\Security] >[2012/06/12 03:29:53.284615, 10] registry/reg_backend_db.c:1630(regdb_fetch_keys_internal) > regdb_fetch_keys: no subkeys found for key [HKLM\SYSTEM\CurrentControlSet\Services\WINS\Security] >[2012/06/12 03:29:53.284713, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (5->4) >[2012/06/12 03:29:53.284810, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[3] [0000] 00 00 00 00 0A 00 00 00 00 00 00 00 D6 4F 71 7F ........ .....Oq. > [0010] CD 25 00 00 .%.. >[2012/06/12 03:29:53.284966, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CreateKey: struct winreg_CreateKey > out: struct winreg_CreateKey > new_handle : * > new_handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000000a-0000-0000-d64f-717fcd250000 > action_taken : * > action_taken : REG_OPENED_EXISTING_KEY (2) > result : WERR_OK >[2012/06/12 03:29:53.285476, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_SetValue: struct winreg_SetValue > in: struct winreg_SetValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000000a-0000-0000-d64f-717fcd250000 > name: struct winreg_String > name_len : 0x0012 (18) > name_size : 0x0012 (18) > name : * > name : 'Security' > type : REG_BINARY (3) > data : * > data: ARRAY(120) > [0] : 0x01 (1) > [1] : 0x00 (0) > [2] : 0x04 (4) > [3] : 0x80 (128) > [4] : 0x00 (0) > [5] : 0x00 (0) > [6] : 0x00 (0) > [7] : 0x00 (0) > [8] : 0x00 (0) > [9] : 0x00 (0) > [10] : 0x00 (0) > [11] : 0x00 (0) > [12] : 0x00 (0) > [13] : 0x00 (0) > [14] : 0x00 (0) > [15] : 0x00 (0) > [16] : 0x14 (20) > [17] : 0x00 (0) > [18] : 0x00 (0) > [19] : 0x00 (0) > [20] : 0x02 (2) > [21] : 0x00 (0) > [22] : 0x64 (100) > [23] : 0x00 (0) > [24] : 0x04 (4) > [25] : 0x00 (0) > [26] : 0x00 (0) > [27] : 0x00 (0) > [28] : 0x00 (0) > [29] : 0x00 (0) > [30] : 0x14 (20) > [31] : 0x00 (0) > [32] : 0x8d (141) > [33] : 0x01 (1) > [34] : 0x02 (2) > [35] : 0x00 (0) > [36] : 0x01 (1) > [37] : 0x01 (1) > [38] : 0x00 (0) > [39] : 0x00 (0) > [40] : 0x00 (0) > [41] : 0x00 (0) > [42] : 0x00 (0) > [43] : 0x01 (1) > [44] : 0x00 (0) > [45] : 0x00 (0) > [46] : 0x00 (0) > [47] : 0x00 (0) > [48] : 0x00 (0) > [49] : 0x00 (0) > [50] : 0x18 (24) > [51] : 0x00 (0) > [52] : 0xfd (253) > [53] : 0x01 (1) > [54] : 0x02 (2) > [55] : 0x00 (0) > [56] : 0x01 (1) > [57] : 0x02 (2) > [58] : 0x00 (0) > [59] : 0x00 (0) > [60] : 0x00 (0) > [61] : 0x00 (0) > [62] : 0x00 (0) > [63] : 0x05 (5) > [64] : 0x20 (32) > [65] : 0x00 (0) > [66] : 0x00 (0) > [67] : 0x00 (0) > [68] : 0x23 (35) > [69] : 0x02 (2) > [70] : 0x00 (0) > [71] : 0x00 (0) > [72] : 0x00 (0) > [73] : 0x00 (0) > [74] : 0x18 (24) > [75] : 0x00 (0) > [76] : 0xff (255) > [77] : 0x01 (1) > [78] : 0x0f (15) > [79] : 0x00 (0) > [80] : 0x01 (1) > [81] : 0x02 (2) > [82] : 0x00 (0) > [83] : 0x00 (0) > [84] : 0x00 (0) > [85] : 0x00 (0) > [86] : 0x00 (0) > [87] : 0x05 (5) > [88] : 0x20 (32) > [89] : 0x00 (0) > [90] : 0x00 (0) > [91] : 0x00 (0) > [92] : 0x25 (37) > [93] : 0x02 (2) > [94] : 0x00 (0) > [95] : 0x00 (0) > [96] : 0x00 (0) > [97] : 0x00 (0) > [98] : 0x18 (24) > [99] : 0x00 (0) > [100] : 0xff (255) > [101] : 0x01 (1) > [102] : 0x0f (15) > [103] : 0x00 (0) > [104] : 0x01 (1) > [105] : 0x02 (2) > [106] : 0x00 (0) > [107] : 0x00 (0) > [108] : 0x00 (0) > [109] : 0x00 (0) > [110] : 0x00 (0) > [111] : 0x05 (5) > [112] : 0x20 (32) > [113] : 0x00 (0) > [114] : 0x00 (0) > [115] : 0x00 (0) > [116] : 0x20 (32) > [117] : 0x02 (2) > [118] : 0x00 (0) > [119] : 0x00 (0) > size : 0x00000078 (120) >[2012/06/12 03:29:53.292879, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 0A 00 00 00 00 00 00 00 D6 4F 71 7F ........ .....Oq. > [0010] CD 25 00 00 .%.. >[2012/06/12 03:29:53.293042, 8] rpc_server/winreg/srv_winreg_nt.c:812(_winreg_SetValue) > _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\WINS\Security:Security] >[2012/06/12 03:29:53.293139, 10] registry/reg_dispatcher.c:150(fetch_reg_values) > fetch_reg_values called for key 'HKLM\SYSTEM\CurrentControlSet\Services\WINS\Security' (ops 0x7ffa8896c300) >[2012/06/12 03:29:53.293301, 10] registry/reg_backend_db.c:1764(regdb_fetch_values_internal) > regdb_fetch_values: Looking for value of key [HKLM\SYSTEM\CurrentControlSet\Services\WINS\Security] >[2012/06/12 03:29:53.293408, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) > specific: [Security], len: 120 >[2012/06/12 03:29:53.293506, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_SetValue: struct winreg_SetValue > out: struct winreg_SetValue > result : WERR_OK >[2012/06/12 03:29:53.293713, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > in: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000000a-0000-0000-d64f-717fcd250000 >[2012/06/12 03:29:53.294034, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 0A 00 00 00 00 00 00 00 D6 4F 71 7F ........ .....Oq. > [0010] CD 25 00 00 .%.. >[2012/06/12 03:29:53.294196, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 0A 00 00 00 00 00 00 00 D6 4F 71 7F ........ .....Oq. > [0010] CD 25 00 00 .%.. >[2012/06/12 03:29:53.294345, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/06/12 03:29:53.294440, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (4->3) >[2012/06/12 03:29:53.294535, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > out: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000000-0000-0000-0000-000000000000 > result : WERR_OK >[2012/06/12 03:29:53.294907, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > in: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000002-0000-0000-d64f-717fcd250000 >[2012/06/12 03:29:53.295259, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 02 00 00 00 00 00 00 00 D6 4F 71 7F ........ .....Oq. > [0010] CD 25 00 00 .%.. >[2012/06/12 03:29:53.295421, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 02 00 00 00 00 00 00 00 D6 4F 71 7F ........ .....Oq. > [0010] CD 25 00 00 .%.. >[2012/06/12 03:29:53.295576, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/06/12 03:29:53.295681, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (3->2) >[2012/06/12 03:29:53.295778, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > out: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000000-0000-0000-0000-000000000000 > result : WERR_OK >[2012/06/12 03:29:53.296191, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (2->1) >[2012/06/12 03:29:53.296439, 3] rpc_server/eventlog/srv_eventlog_reg.c:59(eventlog_init_winreg) > Initialise the eventlog registry keys if needed. >[2012/06/12 03:29:53.296545, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) > Create pipe requested \winreg >[2012/06/12 03:29:53.296646, 10] rpc_server/rpc_handles.c:133(init_pipe_handles) > init_pipe_handle_list: pipe_handles ref count = 2 for pipe \winreg >[2012/06/12 03:29:53.296749, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) > Created internal pipe \winreg (pipes_open=0) >[2012/06/12 03:29:53.296852, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_OpenHKLM: struct winreg_OpenHKLM > in: struct winreg_OpenHKLM > system_name : NULL > access_mask : 0x02000000 (33554432) > 0: KEY_QUERY_VALUE > 0: KEY_SET_VALUE > 0: KEY_CREATE_SUB_KEY > 0: KEY_ENUMERATE_SUB_KEYS > 0: KEY_NOTIFY > 0: KEY_CREATE_LINK > 0: KEY_WOW64_64KEY > 0: KEY_WOW64_32KEY >[2012/06/12 03:29:53.297473, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [HKLM] >[2012/06/12 03:29:53.297584, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (1->2) >[2012/06/12 03:29:53.297682, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM] >[2012/06/12 03:29:53.297778, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM] >[2012/06/12 03:29:53.297874, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/06/12 03:29:53.297968, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7ffa8896c300 for key [\HKLM] >[2012/06/12 03:29:53.298090, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[2] [0000] 00 00 00 00 0B 00 00 00 00 00 00 00 D6 4F 71 7F ........ .....Oq. > [0010] CD 25 00 00 .%.. >[2012/06/12 03:29:53.298253, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_OpenHKLM: struct winreg_OpenHKLM > out: struct winreg_OpenHKLM > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000000b-0000-0000-d64f-717fcd250000 > result : WERR_OK >[2012/06/12 03:29:53.298644, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_OpenKey: struct winreg_OpenKey > in: struct winreg_OpenKey > parent_handle : * > parent_handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000000b-0000-0000-d64f-717fcd250000 > keyname: struct winreg_String > name_len : 0x0056 (86) > name_size : 0x0056 (86) > name : * > name : 'SYSTEM\CurrentControlSet\Services\Eventlog' > options : 0x00000000 (0) > 0: REG_OPTION_VOLATILE > 0: REG_OPTION_CREATE_LINK > 0: REG_OPTION_BACKUP_RESTORE > 0: REG_OPTION_OPEN_LINK > access_mask : 0x02000000 (33554432) > 0: KEY_QUERY_VALUE > 0: KEY_SET_VALUE > 0: KEY_CREATE_SUB_KEY > 0: KEY_ENUMERATE_SUB_KEYS > 0: KEY_NOTIFY > 0: KEY_CREATE_LINK > 0: KEY_WOW64_64KEY > 0: KEY_WOW64_32KEY >[2012/06/12 03:29:53.299830, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 0B 00 00 00 00 00 00 00 D6 4F 71 7F ........ .....Oq. > [0010] CD 25 00 00 .%.. >[2012/06/12 03:29:53.299987, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [SYSTEM] >[2012/06/12 03:29:53.300084, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (2->3) >[2012/06/12 03:29:53.300182, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SYSTEM] >[2012/06/12 03:29:53.300314, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SYSTEM] >[2012/06/12 03:29:53.300412, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/06/12 03:29:53.300603, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7ffa8896c300 for key [\HKLM\SYSTEM] >[2012/06/12 03:29:53.300711, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [CurrentControlSet] >[2012/06/12 03:29:53.300809, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (3->4) >[2012/06/12 03:29:53.300975, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet] >[2012/06/12 03:29:53.301069, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet] >[2012/06/12 03:29:53.301164, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/06/12 03:29:53.301297, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7ffa8896c300 for key [\HKLM\SYSTEM\CurrentControlSet] >[2012/06/12 03:29:53.301407, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (4->3) >[2012/06/12 03:29:53.301504, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Services] >[2012/06/12 03:29:53.301600, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (3->4) >[2012/06/12 03:29:53.301698, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services] >[2012/06/12 03:29:53.301794, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services] >[2012/06/12 03:29:53.301902, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/06/12 03:29:53.301998, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7ffa8896c300 for key [\HKLM\SYSTEM\CurrentControlSet\Services] >[2012/06/12 03:29:53.302112, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (4->3) >[2012/06/12 03:29:53.302244, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Eventlog] >[2012/06/12 03:29:53.302346, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (3->4) >[2012/06/12 03:29:53.302450, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services\Eventlog] >[2012/06/12 03:29:53.302546, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services\Eventlog] >[2012/06/12 03:29:53.302642, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/06/12 03:29:53.302737, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7ffa8896c300 for key [\HKLM\SYSTEM\CurrentControlSet\Services\Eventlog] >[2012/06/12 03:29:53.302844, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (4->3) >[2012/06/12 03:29:53.302958, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[3] [0000] 00 00 00 00 0C 00 00 00 00 00 00 00 D6 4F 71 7F ........ .....Oq. > [0010] CD 25 00 00 .%.. >[2012/06/12 03:29:53.303119, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_OpenKey: struct winreg_OpenKey > out: struct winreg_OpenKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000000c-0000-0000-d64f-717fcd250000 > result : WERR_OK >[2012/06/12 03:29:53.303531, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_QueryInfoKey: struct winreg_QueryInfoKey > in: struct winreg_QueryInfoKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000000c-0000-0000-d64f-717fcd250000 > classname : * > classname: struct winreg_String > name_len : 0x0000 (0) > name_size : 0x0000 (0) > name : NULL >[2012/06/12 03:29:53.304086, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 0C 00 00 00 00 00 00 00 D6 4F 71 7F ........ .....Oq. > [0010] CD 25 00 00 .%.. >[2012/06/12 03:29:53.304269, 10] registry/reg_dispatcher.c:150(fetch_reg_values) > fetch_reg_values called for key 'HKLM\SYSTEM\CurrentControlSet\Services\Eventlog' (ops 0x7ffa8896c300) >[2012/06/12 03:29:53.304384, 10] registry/reg_backend_db.c:1764(regdb_fetch_values_internal) > regdb_fetch_values: Looking for value of key [HKLM\SYSTEM\CurrentControlSet\Services\Eventlog] >[2012/06/12 03:29:53.304490, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) > specific: [DisplayName], len: 20 >[2012/06/12 03:29:53.304587, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) > specific: [ErrorControl], len: 4 >[2012/06/12 03:29:53.304684, 10] registry/reg_backend_db.c:1871(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM\CurrentControlSet\Services\Eventlog] >[2012/06/12 03:29:53.304804, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_QueryInfoKey: struct winreg_QueryInfoKey > out: struct winreg_QueryInfoKey > classname : * > classname: struct winreg_String > name_len : 0x0000 (0) > name_size : 0x0000 (0) > name : NULL > num_subkeys : * > num_subkeys : 0x00000000 (0) > max_subkeylen : * > max_subkeylen : 0x00000000 (0) > max_classlen : * > max_classlen : 0x00000000 (0) > num_values : * > num_values : 0x00000002 (2) > max_valnamelen : * > max_valnamelen : 0x0000001a (26) > max_valbufsize : * > max_valbufsize : 0x00000014 (20) > secdescsize : * > secdescsize : 0x00000078 (120) > last_changed_time : * > last_changed_time : NTTIME(0) > result : WERR_OK >[2012/06/12 03:29:53.305921, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > in: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000000c-0000-0000-d64f-717fcd250000 >[2012/06/12 03:29:53.306310, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 0C 00 00 00 00 00 00 00 D6 4F 71 7F ........ .....Oq. > [0010] CD 25 00 00 .%.. >[2012/06/12 03:29:53.306468, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 0C 00 00 00 00 00 00 00 D6 4F 71 7F ........ .....Oq. > [0010] CD 25 00 00 .%.. >[2012/06/12 03:29:53.306623, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/06/12 03:29:53.306743, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (3->2) >[2012/06/12 03:29:53.306840, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > out: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000000-0000-0000-0000-000000000000 > result : WERR_OK >[2012/06/12 03:29:53.308157, 3] printing/pcap.c:138(pcap_cache_reload) > reloading printcap cache >[2012/06/12 03:29:53.308381, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) > Locking key 5052494E5445524C4953 >[2012/06/12 03:29:53.308503, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) > Allocated locked data 0x0x7ffa896c3d70 >[2012/06/12 03:29:53.308823, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) > Unlocking key 5052494E5445524C4953 >[2012/06/12 03:29:53.308956, 5] printing/print_cups.c:408(cups_pcap_load_async) > cups_pcap_load_async: asynchronously loading cups printers >[2012/06/12 03:29:53.310951, 10] printing/print_cups.c:425(cups_pcap_load_async) > cups_pcap_load_async: child pid = 9678 >[2012/06/12 03:29:53.312070, 10] printing/print_cups.c:545(cups_cache_reload) > cups_cache_reload: async read on fd 26 >[2012/06/12 03:29:53.312937, 3] printing/pcap.c:189(pcap_cache_reload) > reload status: ok >[2012/06/12 03:29:53.313278, 3] printing/printing.c:1644(start_background_queue) > start_background_queue: Starting background LPQ thread >[2012/06/12 03:29:53.316323, 5] printing/print_cups.c:277(cups_cache_reload_async) > reloading cups printcap cache >[2012/06/12 03:29:53.317402, 10] lib/util_sock.c:680(open_socket_in) > bind succeeded on port 445 >[2012/06/12 03:29:53.317831, 5] lib/util_sock.c:165(print_socket_options) > Socket options: > SO_KEEPALIVE = 1 > SO_REUSEADDR = 1 > SO_BROADCAST = 0 > TCP_NODELAY = 0 > TCP_KEEPCNT = 9 > TCP_KEEPIDLE = 7200 > TCP_KEEPINTVL = 75 > IPTOS_LOWDELAY = 0 > IPTOS_THROUGHPUT = 0 > SO_SNDBUF = 65536 > SO_RCVBUF = 87380 > SO_SNDLOWAT = 1 > SO_RCVLOWAT = 1 > SO_SNDTIMEO = 0 > SO_RCVTIMEO = 0 > TCP_QUICKACK = 1 >[2012/06/12 03:29:53.319580, 5] lib/util_sock.c:165(print_socket_options) > Socket options: > SO_KEEPALIVE = 1 > SO_REUSEADDR = 1 > SO_BROADCAST = 0 > TCP_NODELAY = 1 > TCP_KEEPCNT = 9 > TCP_KEEPIDLE = 7200 > TCP_KEEPINTVL = 75 > IPTOS_LOWDELAY = 16 > IPTOS_THROUGHPUT = 16 > SO_SNDBUF = 2097152 > SO_RCVBUF = 2097152 > SO_SNDLOWAT = 1 > SO_RCVLOWAT = 1 > SO_SNDTIMEO = 0 > SO_RCVTIMEO = 0 > TCP_QUICKACK = 1 >[2012/06/12 03:29:53.320585, 10] printing/print_cups.c:89(cups_connect) > connecting to cups server localhost:631 >[2012/06/12 03:29:53.320669, 10] lib/util_sock.c:680(open_socket_in) > bind succeeded on port 139 >[2012/06/12 03:29:53.320802, 5] lib/util_sock.c:165(print_socket_options) > Socket options: > SO_KEEPALIVE = 1 > SO_REUSEADDR = 1 > SO_BROADCAST = 0 > TCP_NODELAY = 0 > TCP_KEEPCNT = 9 > TCP_KEEPIDLE = 7200 > TCP_KEEPINTVL = 75 > IPTOS_LOWDELAY = 0 > IPTOS_THROUGHPUT = 0 > SO_SNDBUF = 65536 > SO_RCVBUF = 87380 > SO_SNDLOWAT = 1 > SO_RCVLOWAT = 1 > SO_SNDTIMEO = 0 > SO_RCVTIMEO = 0 > TCP_QUICKACK = 1 >[2012/06/12 03:29:53.321803, 5] lib/util_sock.c:165(print_socket_options) > Socket options: > SO_KEEPALIVE = 1 > SO_REUSEADDR = 1 > SO_BROADCAST = 0 > TCP_NODELAY = 1 > TCP_KEEPCNT = 9 > TCP_KEEPIDLE = 7200 > TCP_KEEPINTVL = 75 > IPTOS_LOWDELAY = 16 > IPTOS_THROUGHPUT = 16 > SO_SNDBUF = 2097152 > SO_RCVBUF = 2097152 > SO_SNDLOWAT = 1 > SO_RCVLOWAT = 1 > SO_SNDTIMEO = 0 > SO_RCVTIMEO = 0 > TCP_QUICKACK = 1 >[2012/06/12 03:29:53.324127, 10] lib/util_sock.c:680(open_socket_in) > bind succeeded on port 445 >[2012/06/12 03:29:53.324370, 5] lib/util_sock.c:165(print_socket_options) > Socket options: > SO_KEEPALIVE = 1 > SO_REUSEADDR = 1 > SO_BROADCAST = 0 > TCP_NODELAY = 0 > TCP_KEEPCNT = 9 > TCP_KEEPIDLE = 7200 > TCP_KEEPINTVL = 75 > IPTOS_LOWDELAY = 0 > IPTOS_THROUGHPUT = 0 > SO_SNDBUF = 65536 > SO_RCVBUF = 87380 > SO_SNDLOWAT = 1 > SO_RCVLOWAT = 1 > SO_SNDTIMEO = 0 > SO_RCVTIMEO = 0 > TCP_QUICKACK = 1 >[2012/06/12 03:29:53.325433, 5] lib/util_sock.c:165(print_socket_options) > Socket options: > SO_KEEPALIVE = 1 > SO_REUSEADDR = 1 > SO_BROADCAST = 0 >[2012/06/12 03:29:53.324049, 5] printing/printing.c:1667(start_background_queue) > TCP_NODELAY = 1 > TCP_KEEPCNT = 9 > TCP_KEEPIDLE = 7200 > start_background_queue: background LPQ thread started > TCP_KEEPINTVL = 75 > IPTOS_LOWDELAY = 16 > IPTOS_THROUGHPUT = 16 > SO_SNDBUF = 2097152 > SO_RCVBUF = 2097152 > SO_SNDLOWAT = 1 > SO_RCVLOWAT = 1 > SO_SNDTIMEO = 0 > SO_RCVTIMEO = 0 > TCP_QUICKACK = 1 >[2012/06/12 03:29:53.326690, 10] lib/util_sock.c:680(open_socket_in) > bind succeeded on port 139 >[2012/06/12 03:29:53.326854, 5] lib/util_sock.c:165(print_socket_options) > Socket options: > SO_KEEPALIVE = 1 > SO_REUSEADDR = 1 > SO_BROADCAST = 0 > TCP_NODELAY = 0 > TCP_KEEPCNT = 9 > TCP_KEEPIDLE = 7200 > TCP_KEEPINTVL = 75 > IPTOS_LOWDELAY = 0 > IPTOS_THROUGHPUT = 0 > SO_SNDBUF = 65536 > SO_RCVBUF = 87380 > SO_SNDLOWAT = 1 > SO_RCVLOWAT = 1 > SO_SNDTIMEO = 0 > SO_RCVTIMEO = 0 > TCP_QUICKACK = 1 >[2012/06/12 03:29:53.328352, 5] lib/util_sock.c:165(print_socket_options) > Socket options: > SO_KEEPALIVE = 1 > SO_REUSEADDR = 1 > SO_BROADCAST = 0 > TCP_NODELAY = 1 > TCP_KEEPCNT = 9 > TCP_KEEPIDLE = 7200 > TCP_KEEPINTVL = 75 >[2012/06/12 03:29:53.328804, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) > IPTOS_LOWDELAY = 16 > Locking key CF250000FFFFFFFF > IPTOS_THROUGHPUT = 16 > SO_SNDBUF = 2097152 > SO_RCVBUF = 2097152 > SO_SNDLOWAT = 1 > SO_RCVLOWAT = 1 > SO_SNDTIMEO = 0 > SO_RCVTIMEO = 0 > TCP_QUICKACK = 1 >[2012/06/12 03:29:53.329719, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) > Locking key CD250000FFFFFFFF >[2012/06/12 03:29:53.330085, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) > Allocated locked data 0x0x7ffa896bc6b0 >[2012/06/12 03:29:53.330333, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) > Unlocking key CD250000FFFFFFFF >[2012/06/12 03:29:53.330530, 10] smbd/process.c:920(event_add_idle) > event_add_idle: idle_evt(parent_housekeeping) 0x7ffa896bc830 >[2012/06/12 03:29:53.330756, 5] lib/messages.c:300(messaging_register) > Overriding messaging pointer for type 1 - private_data=(nil) >[2012/06/12 03:29:53.331536, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (2->1) >[2012/06/12 03:29:53.331665, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (1->0) >[2012/06/12 03:29:53.331976, 10] rpc_server/rpc_handles.c:307(close_policy_by_pipe) > close_policy_by_pipe: deleted handle list for pipe \winreg >[2012/06/12 03:29:53.332204, 2] smbd/server.c:839(smbd_parent_loop) > waiting for connections >[2012/06/12 03:29:53.332585, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) > Allocated locked data 0x0x7ffa896beb10 >[2012/06/12 03:29:53.332775, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) > Unlocking key CF250000FFFFFFFF >[2012/06/12 03:29:53.332955, 5] printing/printing.c:1703(start_background_queue) > start_background_queue: background LPQ thread waiting for messages >[2012/06/12 03:29:53.336108, 0] printing/print_cups.c:110(cups_connect) > Unable to connect to CUPS server localhost:631 - Ð Ñоединении оÑказано >[2012/06/12 03:29:53.337097, 5] printing/print_cups.c:471(cups_async_callback) > cups_async_callback: callback received for printer data. fd = 26 >[2012/06/12 03:29:53.337390, 10] printing/print_cups.c:130(send_pcap_blob) > successfully sent blob of len 12 >[2012/06/12 03:29:53.337444, 10] printing/print_cups.c:155(recv_pcap_blob) > successfully recvd blob of len 12 >[2012/06/12 03:29:53.337568, 0] printing/print_cups.c:487(cups_async_callback) > failed to retrieve printer list: NT_STATUS_UNSUCCESSFUL >[2012/06/12 03:29:53.341308, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) > Locking key CE250000FFFFFFFF >[2012/06/12 03:29:53.341439, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) > Allocated locked data 0x0x7ffa896bd260 >[2012/06/12 03:29:53.341542, 1] lib/serverid.c:197(serverid_deregister) > Deleting serverid.tdb record failed: NT_STATUS_NOT_FOUND >[2012/06/12 03:29:53.341667, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) > Unlocking key CE250000FFFFFFFF >[2012/06/12 03:29:53.341768, 1] smbd/server.c:309(remove_child_pid) > Could not remove pid 9678 from serverid.tdb >[2012/06/12 03:29:53.341874, 1] smbd/server.c:323(remove_child_pid) > Could not find child 9678 -- ignoring >[2012/06/12 03:29:56.059081, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) > Locking key D2250000FFFFFFFF >[2012/06/12 03:29:56.060263, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) > Allocated locked data 0x0x7ffa896a9250 >[2012/06/12 03:29:56.060563, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) > Unlocking key D2250000FFFFFFFF >[2012/06/12 03:29:56.060947, 5] lib/util_sock.c:165(print_socket_options) > Socket options: > SO_KEEPALIVE = 1 > SO_REUSEADDR = 1 > SO_BROADCAST = 0 > TCP_NODELAY = 1 > TCP_KEEPCNT = 9 > TCP_KEEPIDLE = 7200 > TCP_KEEPINTVL = 75 > IPTOS_LOWDELAY = 16 > IPTOS_THROUGHPUT = 16 > SO_SNDBUF = 2097152 > SO_RCVBUF = 2097152 > SO_SNDLOWAT = 1 > SO_RCVLOWAT = 1 > SO_SNDTIMEO = 0 > SO_RCVTIMEO = 0 > TCP_QUICKACK = 1 >[2012/06/12 03:29:56.062026, 5] lib/util_sock.c:165(print_socket_options) > Socket options: > SO_KEEPALIVE = 1 > SO_REUSEADDR = 1 > SO_BROADCAST = 0 > TCP_NODELAY = 1 > TCP_KEEPCNT = 9 > TCP_KEEPIDLE = 7200 > TCP_KEEPINTVL = 75 > IPTOS_LOWDELAY = 16 > IPTOS_THROUGHPUT = 16 > SO_SNDBUF = 2097152 > SO_RCVBUF = 2097152 > SO_SNDLOWAT = 1 > SO_RCVLOWAT = 1 > SO_SNDTIMEO = 0 > SO_RCVTIMEO = 0 > TCP_QUICKACK = 1 >[2012/06/12 03:29:56.063244, 6] param/loadparm.c:7490(lp_file_list_changed) > lp_file_list_changed() > file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Tue Jun 12 03:25:04 2012 > >[2012/06/12 03:29:56.063635, 3] lib/access.c:338(allow_access) > Allowed connection from 192.168.54.2 (192.168.54.2) >[2012/06/12 03:29:56.063753, 10] smbd/process.c:3019(smbd_process) > Connection allowed from ipv4:192.168.54.2:50353 to ipv4:192.168.54.2:445 >[2012/06/12 03:29:56.064063, 3] smbd/oplock.c:922(init_oplocks) > init_oplocks: initializing messages. >[2012/06/12 03:29:56.064322, 3] smbd/oplock_linux.c:226(linux_init_kernel_oplocks) > Linux kernel oplocks enabled >[2012/06/12 03:29:56.064425, 5] lib/messages.c:332(messaging_deregister) > Deregistering messaging pointer for type 1 - private_data=(nil) >[2012/06/12 03:29:56.064581, 10] smbd/process.c:920(event_add_idle) > event_add_idle: idle_evt(keepalive) 0x7ffa896b83a0 >[2012/06/12 03:29:56.064685, 10] smbd/process.c:920(event_add_idle) > event_add_idle: idle_evt(deadtime) 0x7ffa896b7d70 >[2012/06/12 03:29:56.064821, 10] smbd/process.c:920(event_add_idle) > event_add_idle: idle_evt(housekeeping) 0x7ffa896b77a0 >[2012/06/12 03:29:56.065179, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 190 >[2012/06/12 03:29:56.065418, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0xbe >[2012/06/12 03:29:56.065518, 3] smbd/process.c:1662(process_smb) > Transaction 0 of length 194 (0 toread) >[2012/06/12 03:29:56.065617, 5] lib/util.c:332(show_msg) >[2012/06/12 03:29:56.065671, 5] lib/util.c:342(show_msg) > size=190 > smb_com=0x72 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=8 > smb_flg2=51201 > smb_tid=0 > smb_pid=9681 > smb_uid=0 > smb_mid=1 > smt_wct=0 > smb_bcc=155 >[2012/06/12 03:29:56.066341, 10] ../lib/util/util.c:415(dump_data) > [0000] 02 50 43 20 4E 45 54 57 4F 52 4B 20 50 52 4F 47 .PC NETW ORK PROG > [0010] 52 41 4D 20 31 2E 30 00 02 4D 49 43 52 4F 53 4F RAM 1.0. .MICROSO > [0020] 46 54 20 4E 45 54 57 4F 52 4B 53 20 31 2E 30 33 FT NETWO RKS 1.03 > [0030] 00 02 4D 49 43 52 4F 53 4F 46 54 20 4E 45 54 57 ..MICROS OFT NETW > [0040] 4F 52 4B 53 20 33 2E 30 00 02 4C 41 4E 4D 41 4E ORKS 3.0 ..LANMAN > [0050] 31 2E 30 00 02 4C 4D 31 2E 32 58 30 30 32 00 02 1.0..LM1 .2X002.. > [0060] 44 4F 53 20 4C 41 4E 4D 41 4E 32 2E 31 00 02 4C DOS LANM AN2.1..L > [0070] 41 4E 4D 41 4E 32 2E 31 00 02 53 61 6D 62 61 00 ANMAN2.1 ..Samba. > [0080] 02 4E 54 20 4C 41 4E 4D 41 4E 20 31 2E 30 00 02 .NT LANM AN 1.0.. > [0090] 4E 54 20 4C 4D 20 30 2E 31 32 00 NT LM 0. 12. >[2012/06/12 03:29:56.067040, 3] smbd/process.c:1467(switch_message) > switch message SMBnegprot (pid 9682) conn 0x0 >[2012/06/12 03:29:56.067173, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2012/06/12 03:29:56.067889, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2012/06/12 03:29:56.068034, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2012/06/12 03:29:56.068259, 5] smbd/uid.c:400(change_to_root_user) > change_to_root_user: now uid=(0,0) gid=(0,0) >[2012/06/12 03:29:56.071222, 3] smbd/negprot.c:598(reply_negprot) > Requested protocol [PC NETWORK PROGRAM 1.0] >[2012/06/12 03:29:56.071769, 3] smbd/negprot.c:598(reply_negprot) > Requested protocol [MICROSOFT NETWORKS 1.03] >[2012/06/12 03:29:56.071943, 3] smbd/negprot.c:598(reply_negprot) > Requested protocol [MICROSOFT NETWORKS 3.0] >[2012/06/12 03:29:56.072073, 3] smbd/negprot.c:598(reply_negprot) > Requested protocol [LANMAN1.0] >[2012/06/12 03:29:56.072199, 3] smbd/negprot.c:598(reply_negprot) > Requested protocol [LM1.2X002] >[2012/06/12 03:29:56.072289, 3] smbd/negprot.c:598(reply_negprot) > Requested protocol [DOS LANMAN2.1] >[2012/06/12 03:29:56.072394, 3] smbd/negprot.c:598(reply_negprot) > Requested protocol [LANMAN2.1] >[2012/06/12 03:29:56.072492, 3] smbd/negprot.c:598(reply_negprot) > Requested protocol [Samba] >[2012/06/12 03:29:56.072603, 3] smbd/negprot.c:598(reply_negprot) > Requested protocol [NT LANMAN 1.0] >[2012/06/12 03:29:56.072702, 3] smbd/negprot.c:598(reply_negprot) > Requested protocol [NT LM 0.12] >[2012/06/12 03:29:56.072818, 10] lib/util.c:1624(set_remote_arch) > set_remote_arch: Client arch is 'Samba' >[2012/06/12 03:29:56.072922, 6] param/loadparm.c:7490(lp_file_list_changed) > lp_file_list_changed() > file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Tue Jun 12 03:25:04 2012 > >[2012/06/12 03:29:56.073139, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) > Locking key D2250000FFFFFFFF >[2012/06/12 03:29:56.073255, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) > Allocated locked data 0x0x7ffa896c5460 >[2012/06/12 03:29:56.073361, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) > Unlocking key D2250000FFFFFFFF >[2012/06/12 03:29:56.073475, 6] param/loadparm.c:7490(lp_file_list_changed) > lp_file_list_changed() > file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Tue Jun 12 03:25:04 2012 > >[2012/06/12 03:29:56.073876, 3] smbd/negprot.c:419(reply_nt1) > using SPNEGO >[2012/06/12 03:29:56.073977, 3] smbd/negprot.c:704(reply_negprot) > Selected protocol NT LANMAN 1.0 >[2012/06/12 03:29:56.074090, 5] smbd/negprot.c:711(reply_negprot) > negprot index=8 >[2012/06/12 03:29:56.074187, 5] lib/util.c:332(show_msg) >[2012/06/12 03:29:56.074252, 5] lib/util.c:342(show_msg) > size=127 > smb_com=0x72 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=0 > smb_pid=9681 > smb_uid=0 > smb_mid=1 > smt_wct=17 > smb_vwv[ 0]= 8 (0x8) > smb_vwv[ 1]=12803 (0x3203) > smb_vwv[ 2]= 256 (0x100) > smb_vwv[ 3]=65280 (0xFF00) > smb_vwv[ 4]= 255 (0xFF) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 256 (0x100) > smb_vwv[ 7]=53760 (0xD200) > smb_vwv[ 8]= 37 (0x25) > smb_vwv[ 9]=64768 (0xFD00) > smb_vwv[10]=33011 (0x80F3) > smb_vwv[11]=27776 (0x6C80) > smb_vwv[12]= 6000 (0x1770) > smb_vwv[13]=10780 (0x2A1C) > smb_vwv[14]=52552 (0xCD48) > smb_vwv[15]= 4097 (0x1001) > smb_vwv[16]= 255 (0xFF) > smb_bcc=58 >[2012/06/12 03:29:56.075687, 10] ../lib/util/util.c:415(dump_data) > [0000] 6C 73 73 00 00 00 00 00 00 00 00 00 00 00 00 00 lss..... ........ > [0010] 60 28 06 06 2B 06 01 05 05 02 A0 1E 30 1C A0 0E `(..+... ....0... > [0020] 30 0C 06 0A 2B 06 01 04 01 82 37 02 02 0A A3 0A 0...+... ..7..... > [0030] 30 08 A0 06 1B 04 4E 4F 4E 45 0.....NO NE >[2012/06/12 03:29:56.076359, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 156 >[2012/06/12 03:29:56.076480, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x9c >[2012/06/12 03:29:56.076577, 3] smbd/process.c:1662(process_smb) > Transaction 1 of length 160 (0 toread) >[2012/06/12 03:29:56.076673, 5] lib/util.c:332(show_msg) >[2012/06/12 03:29:56.076725, 5] lib/util.c:342(show_msg) > size=156 > smb_com=0x73 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=8 > smb_flg2=51201 > smb_tid=65535 > smb_pid=9681 > smb_uid=0 > smb_mid=2 > smt_wct=12 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]=65535 (0xFFFF) > smb_vwv[ 3]= 2 (0x2) > smb_vwv[ 4]= 1 (0x1) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 74 (0x4A) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]=53340 (0xD05C) > smb_vwv[11]=32768 (0x8000) > smb_bcc=97 >[2012/06/12 03:29:56.077981, 10] ../lib/util/util.c:415(dump_data) > [0000] 60 48 06 06 2B 06 01 05 05 02 A0 3E 30 3C A0 0E `H..+... ...>0<.. > [0010] 30 0C 06 0A 2B 06 01 04 01 82 37 02 02 0A A2 2A 0...+... ..7....* > [0020] 04 28 4E 54 4C 4D 53 53 50 00 01 00 00 00 15 82 .(NTLMSS P....... > [0030] 08 60 05 00 05 00 20 00 00 00 03 00 03 00 25 00 .`.... . ......%. > [0040] 00 00 4C 4E 45 54 57 4C 53 53 00 55 00 6E 00 69 ..LNETWL SS.U.n.i > [0050] 00 78 00 00 00 53 00 61 00 6D 00 62 00 61 00 00 .x...S.a .m.b.a.. > [0060] 00 . >[2012/06/12 03:29:56.078926, 3] smbd/process.c:1467(switch_message) > switch message SMBsesssetupX (pid 9682) conn 0x0 >[2012/06/12 03:29:56.079041, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2012/06/12 03:29:56.079153, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2012/06/12 03:29:56.079260, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2012/06/12 03:29:56.079419, 5] smbd/uid.c:400(change_to_root_user) > change_to_root_user: now uid=(0,0) gid=(0,0) >[2012/06/12 03:29:56.079546, 3] smbd/sesssetup.c:1333(reply_sesssetup_and_X) > wct=12 flg2=0xc801 >[2012/06/12 03:29:56.079658, 3] smbd/sesssetup.c:1065(reply_sesssetup_and_X_spnego) > Doing spnego session setup >[2012/06/12 03:29:56.079786, 3] smbd/sesssetup.c:1107(reply_sesssetup_and_X_spnego) > NativeOS=[Unix] NativeLanMan=[Samba] PrimaryDomain=[] >[2012/06/12 03:29:56.079900, 10] smbd/password.c:199(register_initial_vuid) > register_initial_vuid: allocated vuid = 100 >[2012/06/12 03:29:56.080106, 5] smbd/sesssetup.c:607(parse_spnego_mechanisms) > parse_spnego_mechanisms: Got OID 1.3.6.1.4.1.311.2.2.10 >[2012/06/12 03:29:56.080203, 3] smbd/sesssetup.c:660(reply_spnego_negotiate) > reply_spnego_negotiate: Got secblob of size 40 >[2012/06/12 03:29:56.089411, 5] auth/auth.c:495(make_auth_context_subsystem) > Making default auth method list for standalone security=user, encrypt passwords = yes >[2012/06/12 03:29:56.089638, 5] auth/auth.c:48(smb_register_auth) > Attempting to register auth backend sam >[2012/06/12 03:29:56.089756, 5] auth/auth.c:60(smb_register_auth) > Successfully added auth method 'sam' >[2012/06/12 03:29:56.089852, 5] auth/auth.c:48(smb_register_auth) > Attempting to register auth backend sam_ignoredomain >[2012/06/12 03:29:56.089949, 5] auth/auth.c:60(smb_register_auth) > Successfully added auth method 'sam_ignoredomain' >[2012/06/12 03:29:56.090070, 5] auth/auth.c:48(smb_register_auth) > Attempting to register auth backend unix >[2012/06/12 03:29:56.090252, 5] auth/auth.c:60(smb_register_auth) > Successfully added auth method 'unix' >[2012/06/12 03:29:56.090355, 5] auth/auth.c:48(smb_register_auth) > Attempting to register auth backend winbind >[2012/06/12 03:29:56.090451, 5] auth/auth.c:60(smb_register_auth) > Successfully added auth method 'winbind' >[2012/06/12 03:29:56.090546, 5] auth/auth.c:48(smb_register_auth) > Attempting to register auth backend wbc >[2012/06/12 03:29:56.091105, 5] auth/auth.c:60(smb_register_auth) > Successfully added auth method 'wbc' >[2012/06/12 03:29:56.091260, 5] auth/auth.c:48(smb_register_auth) > Attempting to register auth backend smbserver >[2012/06/12 03:29:56.091364, 5] auth/auth.c:60(smb_register_auth) > Successfully added auth method 'smbserver' >[2012/06/12 03:29:56.091478, 5] auth/auth.c:48(smb_register_auth) > Attempting to register auth backend trustdomain >[2012/06/12 03:29:56.091578, 5] auth/auth.c:60(smb_register_auth) > Successfully added auth method 'trustdomain' >[2012/06/12 03:29:56.091674, 5] auth/auth.c:48(smb_register_auth) > Attempting to register auth backend ntdomain >[2012/06/12 03:29:56.091772, 5] auth/auth.c:60(smb_register_auth) > Successfully added auth method 'ntdomain' >[2012/06/12 03:29:56.091868, 5] auth/auth.c:48(smb_register_auth) > Attempting to register auth backend guest >[2012/06/12 03:29:56.091966, 5] auth/auth.c:60(smb_register_auth) > Successfully added auth method 'guest' >[2012/06/12 03:29:56.092072, 5] auth/auth.c:385(load_auth_module) > load_auth_module: Attempting to find an auth method to match guest >[2012/06/12 03:29:56.092174, 5] auth/auth.c:410(load_auth_module) > load_auth_module: auth method guest has a valid init >[2012/06/12 03:29:56.092298, 5] auth/auth.c:385(load_auth_module) > load_auth_module: Attempting to find an auth method to match sam >[2012/06/12 03:29:56.092397, 5] auth/auth.c:410(load_auth_module) > load_auth_module: auth method sam has a valid init >[2012/06/12 03:29:56.092607, 3] ../libcli/auth/ntlmssp.c:34(debug_ntlmssp_flags) > Got NTLMSSP neg_flags=0x60088215 > NTLMSSP_NEGOTIATE_UNICODE > NTLMSSP_REQUEST_TARGET > NTLMSSP_NEGOTIATE_SIGN > NTLMSSP_NEGOTIATE_NTLM > NTLMSSP_NEGOTIATE_ALWAYS_SIGN > NTLMSSP_NEGOTIATE_NTLM2 > NTLMSSP_NEGOTIATE_128 > NTLMSSP_NEGOTIATE_KEY_EXCH >[2012/06/12 03:29:56.093253, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) > negotiate: struct NEGOTIATE_MESSAGE > Signature : 'NTLMSSP' > MessageType : NtLmNegotiate (1) > NegotiateFlags : 0x60088215 (1611170325) > 1: NTLMSSP_NEGOTIATE_UNICODE > 0: NTLMSSP_NEGOTIATE_OEM > 1: NTLMSSP_REQUEST_TARGET > 1: NTLMSSP_NEGOTIATE_SIGN > 0: NTLMSSP_NEGOTIATE_SEAL > 0: NTLMSSP_NEGOTIATE_DATAGRAM > 0: NTLMSSP_NEGOTIATE_LM_KEY > 0: NTLMSSP_NEGOTIATE_NETWARE > 1: NTLMSSP_NEGOTIATE_NTLM > 0: NTLMSSP_NEGOTIATE_NT_ONLY > 0: NTLMSSP_ANONYMOUS > 0: NTLMSSP_NEGOTIATE_OEM_DOMAIN_SUPPLIED > 0: NTLMSSP_NEGOTIATE_OEM_WORKSTATION_SUPPLIED > 0: NTLMSSP_NEGOTIATE_THIS_IS_LOCAL_CALL > 1: NTLMSSP_NEGOTIATE_ALWAYS_SIGN > 0: NTLMSSP_TARGET_TYPE_DOMAIN > 0: NTLMSSP_TARGET_TYPE_SERVER > 0: NTLMSSP_TARGET_TYPE_SHARE > 1: NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY > 0: NTLMSSP_NEGOTIATE_IDENTIFY > 0: NTLMSSP_REQUEST_NON_NT_SESSION_KEY > 0: NTLMSSP_NEGOTIATE_TARGET_INFO > 0: NTLMSSP_NEGOTIATE_VERSION > 1: NTLMSSP_NEGOTIATE_128 > 1: NTLMSSP_NEGOTIATE_KEY_EXCH > 0: NTLMSSP_NEGOTIATE_56 > DomainNameLen : 0x0005 (5) > DomainNameMaxLen : 0x0005 (5) > DomainName : * > DomainName : 'LNETW' > WorkstationLen : 0x0003 (3) > WorkstationMaxLen : 0x0003 (3) > Workstation : * > Workstation : 'LSS' >[2012/06/12 03:29:56.095187, 5] auth/auth.c:99(get_ntlm_challenge) > auth_get_challenge: module guest did not want to specify a challenge >[2012/06/12 03:29:56.095300, 5] auth/auth.c:99(get_ntlm_challenge) > auth_get_challenge: module sam did not want to specify a challenge >[2012/06/12 03:29:56.095425, 5] auth/auth.c:134(get_ntlm_challenge) > auth_context challenge created by random >[2012/06/12 03:29:56.095528, 5] auth/auth.c:135(get_ntlm_challenge) > challenge is: >[2012/06/12 03:29:56.095626, 5] ../lib/util/util.c:415(dump_data) > [0000] C6 41 F1 C8 3B 48 2B 76 .A..;H+v >[2012/06/12 03:29:56.095765, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) > challenge: struct CHALLENGE_MESSAGE > Signature : 'NTLMSSP' > MessageType : NtLmChallenge (0x2) > TargetNameLen : 0x0006 (6) > TargetNameMaxLen : 0x0006 (6) > TargetName : * > TargetName : 'LSS' > NegotiateFlags : 0x608a8215 (1619690005) > 1: NTLMSSP_NEGOTIATE_UNICODE > 0: NTLMSSP_NEGOTIATE_OEM > 1: NTLMSSP_REQUEST_TARGET > 1: NTLMSSP_NEGOTIATE_SIGN > 0: NTLMSSP_NEGOTIATE_SEAL > 0: NTLMSSP_NEGOTIATE_DATAGRAM > 0: NTLMSSP_NEGOTIATE_LM_KEY > 0: NTLMSSP_NEGOTIATE_NETWARE > 1: NTLMSSP_NEGOTIATE_NTLM > 0: NTLMSSP_NEGOTIATE_NT_ONLY > 0: NTLMSSP_ANONYMOUS > 0: NTLMSSP_NEGOTIATE_OEM_DOMAIN_SUPPLIED > 0: NTLMSSP_NEGOTIATE_OEM_WORKSTATION_SUPPLIED > 0: NTLMSSP_NEGOTIATE_THIS_IS_LOCAL_CALL > 1: NTLMSSP_NEGOTIATE_ALWAYS_SIGN > 0: NTLMSSP_TARGET_TYPE_DOMAIN > 1: NTLMSSP_TARGET_TYPE_SERVER > 0: NTLMSSP_TARGET_TYPE_SHARE > 1: NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY > 0: NTLMSSP_NEGOTIATE_IDENTIFY > 0: NTLMSSP_REQUEST_NON_NT_SESSION_KEY > 1: NTLMSSP_NEGOTIATE_TARGET_INFO > 0: NTLMSSP_NEGOTIATE_VERSION > 1: NTLMSSP_NEGOTIATE_128 > 1: NTLMSSP_NEGOTIATE_KEY_EXCH > 0: NTLMSSP_NEGOTIATE_56 > ServerChallenge : c641f1c83b482b76 > Reserved : 0000000000000000 > TargetInfoLen : 0x0048 (72) > TargetNameInfoMaxLen : 0x0048 (72) > TargetInfo : * > TargetInfo: struct AV_PAIR_LIST > count : 0x00000005 (5) > pair: ARRAY(5) > pair: struct AV_PAIR > AvId : MsvAvNbDomainName (0x2) > AvLen : 0x0006 (6) > Value : union ntlmssp_AvValue(case 0x2) > AvNbDomainName : 'LSS' > pair: struct AV_PAIR > AvId : MsvAvNbComputerName (0x1) > AvLen : 0x0006 (6) > Value : union ntlmssp_AvValue(case 0x1) > AvNbComputerName : 'LSS' > pair: struct AV_PAIR > AvId : MsvAvDnsDomainName (0x4) > AvLen : 0x0010 (16) > Value : union ntlmssp_AvValue(case 0x4) > AvDnsDomainName : 'lnetw.ru' > pair: struct AV_PAIR > AvId : MsvAvDnsComputerName (0x3) > AvLen : 0x0018 (24) > Value : union ntlmssp_AvValue(case 0x3) > AvDnsComputerName : 'lss.lnetw.ru' > pair: struct AV_PAIR > AvId : MsvAvEOL (0x0) > AvLen : 0x0000 (0) > Value : union ntlmssp_AvValue(case 0x0) >[2012/06/12 03:29:56.099043, 5] lib/util.c:332(show_msg) >[2012/06/12 03:29:56.099105, 5] lib/util.c:342(show_msg) > size=262 > smb_com=0x73 > smb_rcls=22 > smb_reh=0 > smb_err=49152 > smb_flg=136 > smb_flg2=51203 > smb_tid=65535 > smb_pid=9681 > smb_uid=100 > smb_mid=2 > smt_wct=4 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 156 (0x9C) > smb_bcc=219 >[2012/06/12 03:29:56.099908, 10] ../lib/util/util.c:415(dump_data) > [0000] A1 81 99 30 81 96 A0 03 0A 01 01 A1 0C 06 0A 2B ...0.... .......+ > [0010] 06 01 04 01 82 37 02 02 0A A2 81 80 04 7E 4E 54 .....7.. .....~NT > [0020] 4C 4D 53 53 50 00 02 00 00 00 06 00 06 00 30 00 LMSSP... ......0. > [0030] 00 00 15 82 8A 60 C6 41 F1 C8 3B 48 2B 76 00 00 .....`.A ..;H+v.. > [0040] 00 00 00 00 00 00 48 00 48 00 36 00 00 00 4C 00 ......H. H.6...L. > [0050] 53 00 53 00 02 00 06 00 4C 00 53 00 53 00 01 00 S.S..... L.S.S... > [0060] 06 00 4C 00 53 00 53 00 04 00 10 00 6C 00 6E 00 ..L.S.S. ....l.n. > [0070] 65 00 74 00 77 00 2E 00 72 00 75 00 03 00 18 00 e.t.w... r.u..... > [0080] 6C 00 73 00 73 00 2E 00 6C 00 6E 00 65 00 74 00 l.s.s... l.n.e.t. > [0090] 77 00 2E 00 72 00 75 00 00 00 00 00 00 55 00 6E w...r.u. .....U.n > [00A0] 00 69 00 78 00 00 00 53 00 61 00 6D 00 62 00 61 .i.x...S .a.m.b.a > [00B0] 00 20 00 33 00 2E 00 36 00 2E 00 35 00 2D 00 38 . .3...6 ...5.-.8 > [00C0] 00 35 00 2E 00 66 00 63 00 31 00 36 00 00 00 4C .5...f.c .1.6...L > [00D0] 00 4E 00 45 00 54 00 57 00 00 00 .N.E.T.W ... >[2012/06/12 03:29:56.102205, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 340 >[2012/06/12 03:29:56.102396, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x154 >[2012/06/12 03:29:56.102514, 3] smbd/process.c:1662(process_smb) > Transaction 2 of length 344 (0 toread) >[2012/06/12 03:29:56.102614, 5] lib/util.c:332(show_msg) >[2012/06/12 03:29:56.102668, 5] lib/util.c:342(show_msg) > size=340 > smb_com=0x73 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=8 > smb_flg2=51201 > smb_tid=65535 > smb_pid=9681 > smb_uid=100 > smb_mid=3 > smt_wct=12 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]=65535 (0xFFFF) > smb_vwv[ 3]= 2 (0x2) > smb_vwv[ 4]= 1 (0x1) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 258 (0x102) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]=53340 (0xD05C) > smb_vwv[11]=32768 (0x8000) > smb_bcc=281 >[2012/06/12 03:29:56.103836, 10] ../lib/util/util.c:415(dump_data) > [0000] A1 81 FF 30 81 FC A2 81 F9 04 81 F6 4E 54 4C 4D ...0.... ....NTLM > [0010] 53 53 50 00 03 00 00 00 18 00 18 00 40 00 00 00 SSP..... ....@... > [0020] 74 00 74 00 58 00 00 00 0A 00 0A 00 CC 00 00 00 t.t.X... ........ > [0030] 0A 00 0A 00 D6 00 00 00 06 00 06 00 E0 00 00 00 ........ ........ > [0040] 10 00 10 00 E6 00 00 00 15 82 08 60 0E C1 8B 5F ........ ...`..._ > [0050] 36 96 49 70 68 5F 87 DC 67 68 E6 9C AC 38 7A BB 6.Iph_.. gh...8z. > [0060] C2 73 E0 7F 67 09 63 E8 73 14 04 6D DE 6E B1 7A .s..g.c. s..m.n.z > [0070] 90 C9 AA 37 01 01 00 00 00 00 00 00 00 32 0C 1C ...7.... .....2.. > [0080] 2A 48 CD 01 A7 14 75 FB 52 19 B1 E1 00 00 00 00 *H....u. R....... > [0090] 02 00 06 00 4C 00 53 00 53 00 01 00 06 00 4C 00 ....L.S. S.....L. > [00A0] 53 00 53 00 04 00 10 00 6C 00 6E 00 65 00 74 00 S.S..... l.n.e.t. > [00B0] 77 00 2E 00 72 00 75 00 03 00 18 00 6C 00 73 00 w...r.u. ....l.s. > [00C0] 73 00 2E 00 6C 00 6E 00 65 00 74 00 77 00 2E 00 s...l.n. e.t.w... > [00D0] 72 00 75 00 00 00 00 00 4C 00 4E 00 45 00 54 00 r.u..... L.N.E.T. > [00E0] 57 00 41 00 6D 00 69 00 47 00 4F 00 4C 00 53 00 W.A.m.i. G.O.L.S. > [00F0] 53 00 2E 97 7D 5E 44 62 F5 85 CD 8F 65 89 DF 74 S...}^Db ....e..t > [0100] 21 14 00 55 00 6E 00 69 00 78 00 00 00 53 00 61 !..U.n.i .x...S.a > [0110] 00 6D 00 62 00 61 00 00 00 .m.b.a.. . >[2012/06/12 03:29:56.104887, 3] smbd/process.c:1467(switch_message) > switch message SMBsesssetupX (pid 9682) conn 0x0 >[2012/06/12 03:29:56.104990, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2012/06/12 03:29:56.105088, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2012/06/12 03:29:56.105186, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2012/06/12 03:29:56.105354, 5] smbd/uid.c:400(change_to_root_user) > change_to_root_user: now uid=(0,0) gid=(0,0) >[2012/06/12 03:29:56.105455, 3] smbd/sesssetup.c:1333(reply_sesssetup_and_X) > wct=12 flg2=0xc801 >[2012/06/12 03:29:56.105554, 3] smbd/sesssetup.c:1065(reply_sesssetup_and_X_spnego) > Doing spnego session setup >[2012/06/12 03:29:56.105654, 3] smbd/sesssetup.c:1107(reply_sesssetup_and_X_spnego) > NativeOS=[Unix] NativeLanMan=[Samba] PrimaryDomain=[] >[2012/06/12 03:29:56.105852, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) > authenticate: struct AUTHENTICATE_MESSAGE > Signature : 'NTLMSSP' > MessageType : NtLmAuthenticate (3) > LmChallengeResponseLen : 0x0018 (24) > LmChallengeResponseMaxLen: 0x0018 (24) > LmChallengeResponse : * > LmChallengeResponse : union ntlmssp_LM_RESPONSE(case 24) > v1: struct LM_RESPONSE > Response : 0ec18b5f36964970685f87dc6768e69cac387abbc273e07f > NtChallengeResponseLen : 0x0074 (116) > NtChallengeResponseMaxLen: 0x0074 (116) > NtChallengeResponse : * > NtChallengeResponse : union ntlmssp_NTLM_RESPONSE(case 116) > v2: struct NTLMv2_RESPONSE > Response : 670963e87314046dde6eb17a90c9aa37 > Challenge: struct NTLMv2_CLIENT_CHALLENGE > RespType : 0x01 (1) > HiRespType : 0x01 (1) > Reserved1 : 0x0000 (0) > Reserved2 : 0x00000000 (0) > TimeStamp : ÐÑ. иÑÐ½Ñ 12 03:29:56 2012 MSK > ChallengeFromClient : a71475fb5219b1e1 > Reserved3 : 0x00000000 (0) > AvPairs: struct AV_PAIR_LIST > count : 0x00000005 (5) > pair: ARRAY(5) > pair: struct AV_PAIR > AvId : MsvAvNbDomainName (0x2) > AvLen : 0x0006 (6) > Value : union ntlmssp_AvValue(case 0x2) > AvNbDomainName : 'LSS' > pair: struct AV_PAIR > AvId : MsvAvNbComputerName (0x1) > AvLen : 0x0006 (6) > Value : union ntlmssp_AvValue(case 0x1) > AvNbComputerName : 'LSS' > pair: struct AV_PAIR > AvId : MsvAvDnsDomainName (0x4) > AvLen : 0x0010 (16) > Value : union ntlmssp_AvValue(case 0x4) > AvDnsDomainName : 'lnetw.ru' > pair: struct AV_PAIR > AvId : MsvAvDnsComputerName (0x3) > AvLen : 0x0018 (24) > Value : union ntlmssp_AvValue(case 0x3) > AvDnsComputerName : 'lss.lnetw.ru' > pair: struct AV_PAIR > AvId : MsvAvEOL (0x0) > AvLen : 0x0000 (0) > Value : union ntlmssp_AvValue(case 0x0) > DomainNameLen : 0x000a (10) > DomainNameMaxLen : 0x000a (10) > DomainName : * > DomainName : 'LNETW' > UserNameLen : 0x000a (10) > UserNameMaxLen : 0x000a (10) > UserName : * > UserName : 'AmiGO' > WorkstationLen : 0x0006 (6) > WorkstationMaxLen : 0x0006 (6) > Workstation : * > Workstation : 'LSS' > EncryptedRandomSessionKeyLen: 0x0010 (16) > EncryptedRandomSessionKeyMaxLen: 0x0010 (16) > EncryptedRandomSessionKey: * > EncryptedRandomSessionKey: DATA_BLOB length=16 > [0000] 2E 97 7D 5E 44 62 F5 85 CD 8F 65 89 DF 74 21 14 ..}^Db.. ..e..t!. > NegotiateFlags : 0x60088215 (1611170325) > 1: NTLMSSP_NEGOTIATE_UNICODE > 0: NTLMSSP_NEGOTIATE_OEM > 1: NTLMSSP_REQUEST_TARGET > 1: NTLMSSP_NEGOTIATE_SIGN > 0: NTLMSSP_NEGOTIATE_SEAL > 0: NTLMSSP_NEGOTIATE_DATAGRAM > 0: NTLMSSP_NEGOTIATE_LM_KEY > 0: NTLMSSP_NEGOTIATE_NETWARE > 1: NTLMSSP_NEGOTIATE_NTLM > 0: NTLMSSP_NEGOTIATE_NT_ONLY > 0: NTLMSSP_ANONYMOUS > 0: NTLMSSP_NEGOTIATE_OEM_DOMAIN_SUPPLIED > 0: NTLMSSP_NEGOTIATE_OEM_WORKSTATION_SUPPLIED > 0: NTLMSSP_NEGOTIATE_THIS_IS_LOCAL_CALL > 1: NTLMSSP_NEGOTIATE_ALWAYS_SIGN > 0: NTLMSSP_TARGET_TYPE_DOMAIN > 0: NTLMSSP_TARGET_TYPE_SERVER > 0: NTLMSSP_TARGET_TYPE_SHARE > 1: NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY > 0: NTLMSSP_NEGOTIATE_IDENTIFY > 0: NTLMSSP_REQUEST_NON_NT_SESSION_KEY > 0: NTLMSSP_NEGOTIATE_TARGET_INFO > 0: NTLMSSP_NEGOTIATE_VERSION > 1: NTLMSSP_NEGOTIATE_128 > 1: NTLMSSP_NEGOTIATE_KEY_EXCH > 0: NTLMSSP_NEGOTIATE_56 >[2012/06/12 03:29:56.110478, 3] ../libcli/auth/ntlmssp_server.c:348(ntlmssp_server_preauth) > Got user=[AmiGO] domain=[LNETW] workstation=[LSS] len1=24 len2=116 >[2012/06/12 03:29:56.110610, 6] param/loadparm.c:7490(lp_file_list_changed) > lp_file_list_changed() > file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Tue Jun 12 03:25:04 2012 > >[2012/06/12 03:29:56.110875, 4] auth/user_util.c:361(map_username) > Scanning username map /etc/samba/smbusers >[2012/06/12 03:29:56.111044, 10] auth/user_util.c:195(user_in_list) > user_in_list: checking user AmiGO in list >[2012/06/12 03:29:56.111143, 10] auth/user_util.c:200(user_in_list) > user_in_list: checking user |AmiGO| against |administrator| >[2012/06/12 03:29:56.111282, 10] auth/user_util.c:200(user_in_list) > user_in_list: checking user |AmiGO| against |admin| >[2012/06/12 03:29:56.111436, 10] auth/user_util.c:195(user_in_list) > user_in_list: checking user AmiGO in list >[2012/06/12 03:29:56.111533, 10] auth/user_util.c:200(user_in_list) > user_in_list: checking user |AmiGO| against |guest| >[2012/06/12 03:29:56.111629, 10] auth/user_util.c:200(user_in_list) > user_in_list: checking user |AmiGO| against |pcguest| >[2012/06/12 03:29:56.111725, 10] auth/user_util.c:200(user_in_list) > user_in_list: checking user |AmiGO| against |smbguest| >[2012/06/12 03:29:56.111876, 5] auth/auth_util.c:110(make_user_info_map) > Mapping user [LNETW]\[AmiGO] from workstation [LSS] >[2012/06/12 03:29:56.112007, 5] auth/auth_util.c:131(make_user_info_map) > Mapped domain from [LNETW] to [LSS] for user [AmiGO] from workstation [LSS] >[2012/06/12 03:29:56.112120, 5] auth/user_info.c:59(make_user_info) > attempting to make a user_info for AmiGO (AmiGO) >[2012/06/12 03:29:56.112252, 5] auth/user_info.c:70(make_user_info) > making strings for AmiGO's user_info struct >[2012/06/12 03:29:56.112369, 5] auth/user_info.c:87(make_user_info) > making blobs for AmiGO's user_info struct >[2012/06/12 03:29:56.112466, 10] auth/user_info.c:123(make_user_info) > made a user_info for AmiGO (AmiGO) >[2012/06/12 03:29:56.112563, 3] auth/auth.c:219(check_ntlm_password) > check_ntlm_password: Checking password for unmapped user [LNETW]\[AmiGO]@[LSS] with the new password interface >[2012/06/12 03:29:56.112660, 3] auth/auth.c:222(check_ntlm_password) > check_ntlm_password: mapped user is: [LSS]\[AmiGO]@[LSS] >[2012/06/12 03:29:56.112757, 10] auth/auth.c:231(check_ntlm_password) > check_ntlm_password: auth_context challenge created by random >[2012/06/12 03:29:56.112866, 10] auth/auth.c:233(check_ntlm_password) > challenge is: >[2012/06/12 03:29:56.112961, 5] ../lib/util/util.c:415(dump_data) > [0000] C6 41 F1 C8 3B 48 2B 76 .A..;H+v >[2012/06/12 03:29:56.113067, 10] auth/auth_builtin.c:44(check_guest_security) > Check auth for: [AmiGO] >[2012/06/12 03:29:56.113163, 10] auth/auth.c:259(check_ntlm_password) > check_ntlm_password: guest had nothing to say >[2012/06/12 03:29:56.113300, 10] auth/auth_sam.c:75(auth_samstrict_auth) > Check auth for: [AmiGO] >[2012/06/12 03:29:56.113397, 8] lib/util.c:1521(is_myname) > is_myname("LSS") returns 1 >[2012/06/12 03:29:56.113495, 4] smbd/sec_ctx.c:214(push_sec_ctx) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >[2012/06/12 03:29:56.113608, 4] smbd/uid.c:460(push_conn_ctx) > push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >[2012/06/12 03:29:56.113704, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2012/06/12 03:29:56.113813, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2012/06/12 03:29:56.113908, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2012/06/12 03:29:56.114187, 5] passdb/pdb_tdb.c:562(tdbsam_getsampwnam) > pdb_getsampwnam (TDB): error fetching database. > Key: USER_amigo >[2012/06/12 03:29:56.114342, 4] smbd/sec_ctx.c:422(pop_sec_ctx) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2012/06/12 03:29:56.114455, 3] auth/check_samsec.c:399(check_sam_security) > check_sam_security: Couldn't find user 'AmiGO' in passdb. >[2012/06/12 03:29:56.114551, 5] auth/auth.c:271(check_ntlm_password) > check_ntlm_password: sam authentication for user [AmiGO] FAILED with error NT_STATUS_NO_SUCH_USER >[2012/06/12 03:29:56.114674, 2] auth/auth.c:319(check_ntlm_password) > check_ntlm_password: Authentication for user [AmiGO] -> [AmiGO] FAILED with error NT_STATUS_NO_SUCH_USER >[2012/06/12 03:29:56.114787, 3] smbd/sesssetup.c:63(do_map_to_guest) > No such user AmiGO [LNETW] - using guest account >[2012/06/12 03:29:56.114930, 0] lib/fault.c:47(fault_report) > =============================================================== >[2012/06/12 03:29:56.115132, 0] lib/fault.c:48(fault_report) > INTERNAL ERROR: Signal 11 in pid 9682 (3.6.5-85.fc16) > Please read the Trouble-Shooting section of the Samba3-HOWTO >[2012/06/12 03:29:56.115381, 0] lib/fault.c:50(fault_report) > > From: http://www.samba.org/samba/docs/Samba3-HOWTO.pdf >[2012/06/12 03:29:56.115544, 0] lib/fault.c:51(fault_report) > =============================================================== >[2012/06/12 03:29:56.115657, 0] lib/util.c:1117(smb_panic) > PANIC (pid 9682): internal error >[2012/06/12 03:29:56.119905, 0] lib/util.c:1221(log_stack_trace) > BACKTRACE: 21 stack frames: > #0 /usr/sbin/smbd(log_stack_trace+0x1a) [0x7ffa881f952a] > #1 /usr/sbin/smbd(smb_panic+0x25) [0x7ffa881f9605] > #2 /usr/sbin/smbd(+0x410898) [0x7ffa881ea898] > #3 /lib64/libc.so.6(+0x392d236300) [0x7ffa84939300] > #4 /usr/sbin/smbd(copy_serverinfo+0x1a) [0x7ffa8824e2ea] > #5 /usr/sbin/smbd(make_server_info_guest+0x10) [0x7ffa8824e4d0] > #6 /usr/sbin/smbd(do_map_to_guest+0xcd) [0x7ffa87f1629d] > #7 /usr/sbin/smbd(+0x13c584) [0x7ffa87f16584] > #8 /usr/sbin/smbd(reply_sesssetup_and_X+0x1ad7) [0x7ffa87f18197] > #9 /usr/sbin/smbd(+0x177374) [0x7ffa87f51374] > #10 /usr/sbin/smbd(+0x17778b) [0x7ffa87f5178b] > #11 /usr/sbin/smbd(+0x177ba3) [0x7ffa87f51ba3] > #12 /usr/sbin/smbd(run_events_poll+0x34e) [0x7ffa8820932e] > #13 /usr/sbin/smbd(smbd_process+0x83a) [0x7ffa87f5333a] > #14 /usr/sbin/smbd(+0x68d2cf) [0x7ffa884672cf] > #15 /usr/sbin/smbd(run_events_poll+0x34e) [0x7ffa8820932e] > #16 /usr/sbin/smbd(+0x42f4ca) [0x7ffa882094ca] > #17 /usr/sbin/smbd(_tevent_loop_once+0x90) [0x7ffa8820a050] > #18 /usr/sbin/smbd(main+0xee6) [0x7ffa87ed15d6] > #19 /lib64/libc.so.6(__libc_start_main+0xed) [0x7ffa8492469d] > #20 /usr/sbin/smbd(+0xf7ab9) [0x7ffa87ed1ab9] >[2012/06/12 03:29:56.121811, 0] lib/util.c:1122(smb_panic) > smb_panic(): calling panic action [/bin/sleep 999999] >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=7637">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Actions:
View
Attachments on
bug 8992
: 7637