The Samba-Bugzilla – Attachment 7754 Details for
Bug 9087
User who belongs to many groups fail to SSO samba server
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
the log of samba-3.6.5
log.smbd.3.6.5 (text/plain), 383.68 KB, created by
jinyunshuai
on 2012-08-09 09:53:44 UTC
(
hide
)
Description:
the log of samba-3.6.5
Filename:
MIME Type:
Creator:
jinyunshuai
Created:
2012-08-09 09:53:44 UTC
Size:
383.68 KB
patch
obsolete
> >[2012/06/27 17:22:50.590215, 10] lib/events.c:221(run_events_poll) > Running timed event "smbd_idle_event_handler" 0xb8a724a8 >[2012/06/27 17:22:50.590385, 10] smbd/process.c:863(smbd_idle_event_handler) > smbd_idle_event_handler: idle_evt(parent_housekeeping) (nil) called >[2012/06/27 17:22:50.590440, 5] smbd/server.c:624(smbd_parent_housekeeping) > parent housekeeping >[2012/06/27 17:22:50.590487, 10] smbd/process.c:874(smbd_idle_event_handler) > smbd_idle_event_handler: idle_evt(parent_housekeeping) (nil) rescheduled >[2012/06/27 17:22:51.915267, 4] smbd/sec_ctx.c:318(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2012/06/27 17:22:51.915368, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2012/06/27 17:22:51.915424, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2012/06/27 17:22:51.915520, 5] smbd/uid.c:400(change_to_root_user) > change_to_root_user: now uid=(0,0) gid=(0,0) >[2012/06/27 17:22:51.915602, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) > Locking key 54160000FFFFFFFF >[2012/06/27 17:22:51.915681, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) > Allocated locked data 0x0xb8a7a150 >[2012/06/27 17:22:51.915775, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) > Unlocking key 54160000FFFFFFFF >[2012/06/27 17:22:51.915987, 3] smbd/server_exit.c:180(exit_server_common) > Server exit (termination signal) >[2012/06/27 17:22:51.916869, 4] smbd/sec_ctx.c:318(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2012/06/27 17:22:51.918234, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2012/06/27 17:22:51.918305, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2012/06/27 17:22:51.919125, 5] smbd/uid.c:400(change_to_root_user) > change_to_root_user: now uid=(0,0) gid=(0,0) >[2012/06/27 17:22:51.919330, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) > Locking key 4F160000FFFFFFFF >[2012/06/27 17:22:51.921336, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) > Allocated locked data 0x0xb8a6a858 >[2012/06/27 17:22:51.921421, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) > Unlocking key 4F160000FFFFFFFF >[2012/06/27 17:22:51.921591, 3] smbd/server_exit.c:180(exit_server_common) > Server exit (termination signal) >[2012/06/27 17:22:52, 0] smbd/server.c:1051(main) > smbd version 3.6.5-cdc-4.5.4-118 started. > Copyright Andrew Tridgell and the Samba Team 1992-2011 >[2012/06/27 17:22:52, 5] ../lib/util/debug.c:330(debug_dump_status) > INFO: Current debug levels: > all: 10 > tdb: 10 > printdrivers: 10 > lanman: 10 > smb: 10 > rpc_parse: 10 > rpc_srv: 10 > rpc_cli: 10 > passdb: 10 > sam: 10 > auth: 10 > winbind: 10 > vfs: 10 > idmap: 10 > quota: 10 > acls: 10 > locking: 10 > msdfs: 10 > dmapi: 10 > registry: 10 >[2012/06/27 17:22:52, 4] param/loadparm.c:9621(lp_load_ex) > pm_process() returned Yes >[2012/06/27 17:22:52, 7] param/loadparm.c:9843(lp_servicenumber) > lp_servicenumber: couldn't find homes >[2012/06/27 17:22:52, 10] param/loadparm_server_role.c:101(set_server_role) > set_server_role: role = ROLE_DOMAIN_MEMBER >[2012/06/27 17:22:52, 5] ../lib/util/charset/codepoints.c:235(map_locale) > Substituting charset 'ANSI_X3.4-1968' for LOCALE >[2012/06/27 17:22:52, 4] smbd/sec_ctx.c:174(get_current_groups) > get_current_groups: user is in 1 groups: 0 >[2012/06/27 17:22:52, 2] lib/tallocmsg.c:124(register_msg_pool_usage) > Registered MSG_REQ_POOL_USAGE >[2012/06/27 17:22:52, 2] lib/dmallocmsg.c:78(register_dmalloc_msgs) > Registered MSG_REQ_DMALLOC_MARK and LOG_CHANGED >[2012/06/27 17:22:52.165942, 3] param/loadparm.c:9585(lp_load_ex) > lp_load_ex: refreshing parameters >[2012/06/27 17:22:52.166017, 3] param/loadparm.c:5203(init_globals) > Initialising global parameters >[2012/06/27 17:22:52.166075, 2] param/loadparm.c:4996(max_open_files) > rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384) >[2012/06/27 17:22:52.166174, 3] ../lib/util/params.c:550(pm_process) > params.c:pm_process() - Processing configuration file "/etc/samba/smb.conf" >[2012/06/27 17:22:52.166242, 3] param/loadparm.c:8323(do_section) > Processing section "[global]" > doing parameter security = ADS > doing parameter realm = ASMB.TEST > doing parameter workgroup = ASMB > doing parameter netbios name = ubs1204v3 >[2012/06/27 17:22:52.166367, 4] param/loadparm.c:7574(handle_netbios_name) > handle_netbios_name: set global_myname to: UBS1204V3 > doing parameter auth methods = guest, sam, winbind, ntdomain > doing parameter machine password timeout = 0 > doing parameter passdb backend = tdbsam:/etc/samba/private/passdb.tdb > doing parameter kerberos method = secrets and keytab > doing parameter client use spnego principal = true > doing parameter send spnego principal = Yes > doing parameter server signing = auto > doing parameter template shell = /bin/bash > doing parameter winbind use default domain = Yes > doing parameter winbind enum users = No > doing parameter winbind enum groups = No > doing parameter winbind nested groups = Yes > doing parameter ignore syssetgroups error = No > doing parameter idmap uid = 1000 - 200000000 >[2012/06/27 17:22:52.166895, 1] param/loadparm.c:8005(lp_do_parameter) > WARNING: The "idmap uid" option is deprecated > doing parameter idmap gid = 1000 - 200000000 >[2012/06/27 17:22:52.167011, 1] param/loadparm.c:8005(lp_do_parameter) > WARNING: The "idmap gid" option is deprecated > doing parameter enable core files = false > doing parameter syslog = 0 > doing parameter log level = 10 >[2012/06/27 17:22:52.167159, 5] ../lib/util/debug.c:330(debug_dump_status) > INFO: Current debug levels: > all: 10 > tdb: 10 > printdrivers: 10 > lanman: 10 > smb: 10 > rpc_parse: 10 > rpc_srv: 10 > rpc_cli: 10 > passdb: 10 > sam: 10 > auth: 10 > winbind: 10 > vfs: 10 > idmap: 10 > quota: 10 > acls: 10 > locking: 10 > msdfs: 10 > dmapi: 10 > registry: 10 >[2012/06/27 17:22:52.167508, 2] param/loadparm.c:8340(do_section) > Processing section "[samba-test]" >[2012/06/27 17:22:52.167604, 8] param/loadparm.c:6493(add_a_service) > add_a_service: Creating snum = 0 for samba-test >[2012/06/27 17:22:52.167658, 10] param/loadparm.c:6531(hash_a_service) > hash_a_service: creating servicehash >[2012/06/27 17:22:52.167702, 10] param/loadparm.c:6540(hash_a_service) > hash_a_service: hashing index 0 for service name samba-test > doing parameter path = /samba-test > doing parameter public = yes > doing parameter writable = yes >[2012/06/27 17:22:52.167834, 2] param/loadparm.c:8340(do_section) > Processing section "[homes]" >[2012/06/27 17:22:52.167914, 8] param/loadparm.c:6493(add_a_service) > add_a_service: Creating snum = 1 for homes >[2012/06/27 17:22:52.167963, 10] param/loadparm.c:6540(hash_a_service) > hash_a_service: hashing index 1 for service name homes > doing parameter comment = Home directories > doing parameter read only = No > doing parameter browseable = No >[2012/06/27 17:22:52.168097, 4] param/loadparm.c:9621(lp_load_ex) > pm_process() returned Yes >[2012/06/27 17:22:52.168188, 8] param/loadparm.c:6493(add_a_service) > add_a_service: Creating snum = 2 for IPC$ >[2012/06/27 17:22:52.168240, 10] param/loadparm.c:6540(hash_a_service) > hash_a_service: hashing index 2 for service name IPC$ >[2012/06/27 17:22:52.168301, 3] param/loadparm.c:6643(lp_add_ipc) > adding IPC service >[2012/06/27 17:22:52.168347, 10] param/loadparm_server_role.c:101(set_server_role) > set_server_role: role = ROLE_DOMAIN_MEMBER >[2012/06/27 17:22:52.168403, 5] ../lib/util/charset/codepoints.c:235(map_locale) > Substituting charset 'ANSI_X3.4-1968' for LOCALE >[2012/06/27 17:22:52.168466, 6] param/loadparm.c:7503(lp_file_list_changed) > lp_file_list_changed() > file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Wed Jun 27 17:20:45 2012 > >[2012/06/27 17:22:52.168769, 2] lib/interface.c:341(add_interface) > added interface eth0 ip=fe80::20c:29ff:feb7:b9f5%eth0 bcast=fe80::ffff:ffff:ffff:ffff%eth0 netmask=ffff:ffff:ffff:ffff:: >[2012/06/27 17:22:52.168944, 2] lib/interface.c:341(add_interface) > added interface eth0 ip=10.100.51.157 bcast=10.100.51.255 netmask=255.255.255.0 >[2012/06/27 17:22:52.169030, 3] smbd/server.c:1086(main) > loaded services >[2012/06/27 17:22:52.169090, 5] lib/util.c:242(init_names) > Netbios name list:- > my_netbios_names[0]="UBS1204V3" >[2012/06/27 17:22:52.169205, 0] smbd/server.c:1107(main) > standard input is not a socket, assuming -D option >[2012/06/27 17:22:52.169259, 3] smbd/server.c:1118(main) > Becoming a daemon. >[2012/06/27 17:22:52.176513, 8] ../lib/util/util.c:263(fcntl_lock) > fcntl_lock 9 13 0 1 1 >[2012/06/27 17:22:52.176644, 8] ../lib/util/util.c:298(fcntl_lock) > fcntl_lock: Lock call successful >[2012/06/27 17:22:52.176907, 5] passdb/pdb_interface.c:71(smb_register_passdb) > Attempting to register passdb backend ldapsam >[2012/06/27 17:22:52.176977, 5] passdb/pdb_interface.c:84(smb_register_passdb) > Successfully added passdb backend 'ldapsam' >[2012/06/27 17:22:52.177023, 5] passdb/pdb_interface.c:71(smb_register_passdb) > Attempting to register passdb backend ldapsam_compat >[2012/06/27 17:22:52.177067, 5] passdb/pdb_interface.c:84(smb_register_passdb) > Successfully added passdb backend 'ldapsam_compat' >[2012/06/27 17:22:52.177118, 5] passdb/pdb_interface.c:71(smb_register_passdb) > Attempting to register passdb backend NDS_ldapsam >[2012/06/27 17:22:52.177168, 5] passdb/pdb_interface.c:84(smb_register_passdb) > Successfully added passdb backend 'NDS_ldapsam' >[2012/06/27 17:22:52.177212, 5] passdb/pdb_interface.c:71(smb_register_passdb) > Attempting to register passdb backend NDS_ldapsam_compat >[2012/06/27 17:22:52.177256, 5] passdb/pdb_interface.c:84(smb_register_passdb) > Successfully added passdb backend 'NDS_ldapsam_compat' >[2012/06/27 17:22:52.177308, 5] passdb/pdb_interface.c:71(smb_register_passdb) > Attempting to register passdb backend IPA_ldapsam >[2012/06/27 17:22:52.177354, 5] passdb/pdb_interface.c:84(smb_register_passdb) > Successfully added passdb backend 'IPA_ldapsam' >[2012/06/27 17:22:52.177400, 5] passdb/pdb_interface.c:71(smb_register_passdb) > Attempting to register passdb backend smbpasswd >[2012/06/27 17:22:52.177445, 5] passdb/pdb_interface.c:84(smb_register_passdb) > Successfully added passdb backend 'smbpasswd' >[2012/06/27 17:22:52.177491, 5] passdb/pdb_interface.c:71(smb_register_passdb) > Attempting to register passdb backend tdbsam >[2012/06/27 17:22:52.177535, 5] passdb/pdb_interface.c:84(smb_register_passdb) > Successfully added passdb backend 'tdbsam' >[2012/06/27 17:22:52.177582, 5] passdb/pdb_interface.c:71(smb_register_passdb) > Attempting to register passdb backend wbc_sam >[2012/06/27 17:22:52.177629, 5] passdb/pdb_interface.c:84(smb_register_passdb) > Successfully added passdb backend 'wbc_sam' >[2012/06/27 17:22:52.177673, 5] passdb/pdb_interface.c:141(make_pdb_method_name) > Attempting to find a passdb backend to match tdbsam:/etc/samba/private/passdb.tdb (tdbsam) >[2012/06/27 17:22:52.177757, 5] passdb/pdb_interface.c:162(make_pdb_method_name) > Found pdb backend tdbsam >[2012/06/27 17:22:52.177811, 5] passdb/pdb_interface.c:173(make_pdb_method_name) > pdb backend tdbsam:/etc/samba/private/passdb.tdb has a valid init >[2012/06/27 17:22:52.178732, 10] registry/reg_backend_db.c:526(regdb_init) > regdb_init: registry db openend. refcount reset (1) >[2012/06/27 17:22:52.178831, 10] registry/reg_cachehook.c:70(reghook_cache_init) > reghook_cache_init: new tree with default ops 0xb780c7e0 for key [] >[2012/06/27 17:22:52.179114, 10] registry/reg_backend_db.c:1764(regdb_fetch_values_internal) > regdb_fetch_values: Looking for value of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Ports] >[2012/06/27 17:22:52.179204, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) > specific: [Samba Printer Port], len: 2 >[2012/06/27 17:22:52.179269, 10] registry/reg_backend_db.c:1764(regdb_fetch_values_internal) > regdb_fetch_values: Looking for value of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] >[2012/06/27 17:22:52.179344, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) > specific: [DefaultSpoolDirectory], len: 70 >[2012/06/27 17:22:52.179405, 10] registry/reg_backend_db.c:1764(regdb_fetch_values_internal) > regdb_fetch_values: Looking for value of key [HKLM\SYSTEM\CurrentControlSet\Services\Eventlog] >[2012/06/27 17:22:52.179474, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) > specific: [DisplayName], len: 20 >[2012/06/27 17:22:52.179526, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) > specific: [ErrorControl], len: 4 >[2012/06/27 17:22:52.179577, 10] registry/reg_backend_db.c:1764(regdb_fetch_values_internal) > regdb_fetch_values: Looking for value of key [HKLM\SYSTEM\CurrentControlSet\Services\Eventlog] >[2012/06/27 17:22:52.179644, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) > specific: [DisplayName], len: 20 >[2012/06/27 17:22:52.179695, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) > specific: [ErrorControl], len: 4 >[2012/06/27 17:22:52.179749, 10] registry/reg_cachehook.c:94(reghook_cache_add) > reghook_cache_add: Adding ops 0xb780c8c0 for key [\HKLM\SYSTEM\CurrentControlSet\Control\Print\Printers] >[2012/06/27 17:22:52.179795, 8] lib/adt_tree.c:215(pathtree_add) > pathtree_add: Enter >[2012/06/27 17:22:52.179845, 10] lib/adt_tree.c:282(pathtree_add) > pathtree_add: Successfully added node [HKLM\SYSTEM\CurrentControlSet\Control\Print\Printers] to tree >[2012/06/27 17:22:52.179890, 8] lib/adt_tree.c:284(pathtree_add) > pathtree_add: Exit >[2012/06/27 17:22:52.179936, 10] registry/reg_cachehook.c:94(reghook_cache_add) > reghook_cache_add: Adding ops 0xb780c7e0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] >[2012/06/27 17:22:52.179981, 8] lib/adt_tree.c:215(pathtree_add) > pathtree_add: Enter >[2012/06/27 17:22:52.180028, 10] lib/adt_tree.c:282(pathtree_add) > pathtree_add: Successfully added node [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] to tree >[2012/06/27 17:22:52.180085, 8] lib/adt_tree.c:284(pathtree_add) > pathtree_add: Exit >[2012/06/27 17:22:52.180134, 10] registry/reg_cachehook.c:94(reghook_cache_add) > reghook_cache_add: Adding ops 0xb780c7e0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Ports] >[2012/06/27 17:22:52.180179, 8] lib/adt_tree.c:215(pathtree_add) > pathtree_add: Enter >[2012/06/27 17:22:52.180225, 10] lib/adt_tree.c:282(pathtree_add) > pathtree_add: Successfully added node [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Ports] to tree >[2012/06/27 17:22:52.180270, 8] lib/adt_tree.c:284(pathtree_add) > pathtree_add: Exit >[2012/06/27 17:22:52.180316, 10] registry/reg_cachehook.c:94(reghook_cache_add) > reghook_cache_add: Adding ops 0xb780c900 for key [\HKLM\SYSTEM\CurrentControlSet\Services\LanmanServer\Shares] >[2012/06/27 17:22:52.180360, 8] lib/adt_tree.c:215(pathtree_add) > pathtree_add: Enter >[2012/06/27 17:22:52.180406, 10] lib/adt_tree.c:282(pathtree_add) > pathtree_add: Successfully added node [HKLM\SYSTEM\CurrentControlSet\Services\LanmanServer\Shares] to tree >[2012/06/27 17:22:52.180451, 8] lib/adt_tree.c:284(pathtree_add) > pathtree_add: Exit >[2012/06/27 17:22:52.180496, 10] registry/reg_cachehook.c:94(reghook_cache_add) > reghook_cache_add: Adding ops 0xb780c880 for key [\HKLM\SOFTWARE\Samba\smbconf] >[2012/06/27 17:22:52.180540, 8] lib/adt_tree.c:215(pathtree_add) > pathtree_add: Enter >[2012/06/27 17:22:52.180585, 10] lib/adt_tree.c:282(pathtree_add) > pathtree_add: Successfully added node [HKLM\SOFTWARE\Samba\smbconf] to tree >[2012/06/27 17:22:52.180629, 8] lib/adt_tree.c:284(pathtree_add) > pathtree_add: Exit >[2012/06/27 17:22:52.180674, 10] registry/reg_cachehook.c:94(reghook_cache_add) > reghook_cache_add: Adding ops 0xb780c940 for key [\HKLM\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters] >[2012/06/27 17:22:52.180719, 8] lib/adt_tree.c:215(pathtree_add) > pathtree_add: Enter >[2012/06/27 17:22:52.180765, 10] lib/adt_tree.c:282(pathtree_add) > pathtree_add: Successfully added node [HKLM\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters] to tree >[2012/06/27 17:22:52.180810, 8] lib/adt_tree.c:284(pathtree_add) > pathtree_add: Exit >[2012/06/27 17:22:52.180863, 10] registry/reg_cachehook.c:94(reghook_cache_add) > reghook_cache_add: Adding ops 0xb780c980 for key [\HKLM\SYSTEM\CurrentControlSet\Control\ProductOptions] >[2012/06/27 17:22:52.180909, 8] lib/adt_tree.c:215(pathtree_add) > pathtree_add: Enter >[2012/06/27 17:22:52.180955, 10] lib/adt_tree.c:282(pathtree_add) > pathtree_add: Successfully added node [HKLM\SYSTEM\CurrentControlSet\Control\ProductOptions] to tree >[2012/06/27 17:22:52.181000, 8] lib/adt_tree.c:284(pathtree_add) > pathtree_add: Exit >[2012/06/27 17:22:52.181045, 10] registry/reg_cachehook.c:94(reghook_cache_add) > reghook_cache_add: Adding ops 0xb780c9c0 for key [\HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters] >[2012/06/27 17:22:52.181090, 8] lib/adt_tree.c:215(pathtree_add) > pathtree_add: Enter >[2012/06/27 17:22:52.181136, 10] lib/adt_tree.c:282(pathtree_add) > pathtree_add: Successfully added node [HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters] to tree >[2012/06/27 17:22:52.181182, 8] lib/adt_tree.c:284(pathtree_add) > pathtree_add: Exit >[2012/06/27 17:22:52.181227, 10] registry/reg_cachehook.c:94(reghook_cache_add) > reghook_cache_add: Adding ops 0xb780ca00 for key [\HKPT] >[2012/06/27 17:22:52.181271, 8] lib/adt_tree.c:215(pathtree_add) > pathtree_add: Enter >[2012/06/27 17:22:52.181317, 10] lib/adt_tree.c:282(pathtree_add) > pathtree_add: Successfully added node [HKPT] to tree >[2012/06/27 17:22:52.181361, 8] lib/adt_tree.c:284(pathtree_add) > pathtree_add: Exit >[2012/06/27 17:22:52.181406, 10] registry/reg_cachehook.c:94(reghook_cache_add) > reghook_cache_add: Adding ops 0xb780ca40 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] >[2012/06/27 17:22:52.181452, 8] lib/adt_tree.c:215(pathtree_add) > pathtree_add: Enter >[2012/06/27 17:22:52.181496, 10] lib/adt_tree.c:282(pathtree_add) > pathtree_add: Successfully added node [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] to tree >[2012/06/27 17:22:52.181540, 8] lib/adt_tree.c:284(pathtree_add) > pathtree_add: Exit >[2012/06/27 17:22:52.181586, 10] registry/reg_cachehook.c:94(reghook_cache_add) > reghook_cache_add: Adding ops 0xb780ca80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib] >[2012/06/27 17:22:52.181631, 8] lib/adt_tree.c:215(pathtree_add) > pathtree_add: Enter >[2012/06/27 17:22:52.181907, 10] lib/adt_tree.c:282(pathtree_add) > pathtree_add: Successfully added node [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib] to tree >[2012/06/27 17:22:52.181975, 8] lib/adt_tree.c:284(pathtree_add) > pathtree_add: Exit >[2012/06/27 17:22:52.182024, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (1->0) >[2012/06/27 17:22:52.183147, 6] libads/ldap.c:365(ads_find_dc) > ads_find_dc: (ldap) looking for realm 'ASMB.TEST' >[2012/06/27 17:22:52.183259, 5] lib/gencache.c:68(gencache_init) > Opening cache file at /var/lib/samba/gencache.tdb >[2012/06/27 17:22:52.184037, 5] lib/gencache.c:111(gencache_init) > Opening cache file at /var/lib/samba/gencache_notrans.tdb >[2012/06/27 17:22:52.184558, 5] libads/sitename_cache.c:105(sitename_fetch) > sitename_fetch: Returning sitename for ASMB.TEST: "Default-First-Site-Name" >[2012/06/27 17:22:52.184628, 4] libsmb/namequery_dc.c:76(ads_dc_name) > ads_dc_name: domain=ASMB >[2012/06/27 17:22:52.184701, 5] libads/sitename_cache.c:105(sitename_fetch) > sitename_fetch: Returning sitename for ASMB.TEST: "Default-First-Site-Name" >[2012/06/27 17:22:52.184755, 6] libads/ldap.c:385(ads_find_dc) > ads_find_dc: (cldap) looking for realm 'ASMB.TEST' >[2012/06/27 17:22:52.184807, 8] libsmb/namequery.c:2652(get_sorted_dc_list) > get_sorted_dc_list: attempting lookup for name ASMB.TEST (sitename Default-First-Site-Name) using [ads] >[2012/06/27 17:22:52.184917, 5] libsmb/namequery.c:194(saf_fetch) > saf_fetch: Returning "sa2-w2k3r2x64.asmb.test" for "ASMB.TEST" domain >[2012/06/27 17:22:52.184979, 3] libsmb/namequery.c:2461(get_dc_list) > get_dc_list: preferred server list: "sa2-w2k3r2x64.asmb.test, *" >[2012/06/27 17:22:52.185031, 10] libsmb/namequery.c:1975(internal_resolve_name) > internal_resolve_name: looking up ASMB.TEST#1c (sitename Default-First-Site-Name) >[2012/06/27 17:22:52.185114, 5] libsmb/namecache.c:165(namecache_fetch) > name ASMB.TEST#1C found. >[2012/06/27 17:22:52.185282, 8] libsmb/namequery.c:2482(get_dc_list) > Adding 2 DC's from auto lookup >[2012/06/27 17:22:52.185373, 5] libads/sitename_cache.c:105(sitename_fetch) > sitename_fetch: Returning sitename for ASMB.TEST: "Default-First-Site-Name" >[2012/06/27 17:22:52.185432, 10] libsmb/namequery.c:1975(internal_resolve_name) > internal_resolve_name: looking up sa2-w2k3r2x64.asmb.test#20 (sitename Default-First-Site-Name) >[2012/06/27 17:22:52.185494, 5] libsmb/namecache.c:165(namecache_fetch) > name sa2-w2k3r2x64.asmb.test#20 found. >[2012/06/27 17:22:52.185612, 9] libsmb/conncache.c:150(check_negative_conn_cache) > check_negative_conn_cache returning result 0 for domain ASMB.TEST server 10.100.60.234 >[2012/06/27 17:22:52.185720, 9] libsmb/conncache.c:150(check_negative_conn_cache) > check_negative_conn_cache returning result 0 for domain ASMB.TEST server 10.100.60.234 >[2012/06/27 17:22:52.185793, 9] libsmb/conncache.c:150(check_negative_conn_cache) > check_negative_conn_cache returning result 0 for domain ASMB.TEST server 10.100.60.235 >[2012/06/27 17:22:52.185846, 10] libsmb/namequery.c:1079(remove_duplicate_addrs2) > remove_duplicate_addrs2: looking for duplicate address/port pairs >[2012/06/27 17:22:52.185896, 4] libsmb/namequery.c:2601(get_dc_list) > get_dc_list: returning 2 ip addresses in an ordered list >[2012/06/27 17:22:52.185942, 4] libsmb/namequery.c:2602(get_dc_list) > get_dc_list: 10.100.60.234:389 10.100.60.235:389 >[2012/06/27 17:22:52.186010, 9] libsmb/conncache.c:150(check_negative_conn_cache) > check_negative_conn_cache returning result 0 for domain ASMB.TEST server 10.100.60.234 >[2012/06/27 17:22:52.186061, 5] libads/ldap.c:232(ads_try_connect) > ads_try_connect: sending CLDAP request to 10.100.60.234 (realm: ASMB.TEST) >[2012/06/27 17:22:52.187001, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) > &response->data.nt5_ex: struct NETLOGON_SAM_LOGON_RESPONSE_EX > command : LOGON_SAM_LOGON_RESPONSE_EX (23) > sbz : 0x0000 (0) > server_type : 0x000001f8 (504) > 0: NBT_SERVER_PDC > 0: NBT_SERVER_GC > 1: NBT_SERVER_LDAP > 1: NBT_SERVER_DS > 1: NBT_SERVER_KDC > 1: NBT_SERVER_TIMESERV > 1: NBT_SERVER_CLOSEST > 1: NBT_SERVER_WRITABLE > 0: NBT_SERVER_GOOD_TIMESERV > 0: NBT_SERVER_NDNC > 0: NBT_SERVER_SELECT_SECRET_DOMAIN_6 > 0: NBT_SERVER_FULL_SECRET_DOMAIN_6 > 0: NBT_SERVER_ADS_WEB_SERVICE > 0: NBT_SERVER_HAS_DNS_NAME > 0: NBT_SERVER_IS_DEFAULT_NC > 0: NBT_SERVER_FOREST_ROOT > domain_uuid : 5f62e8f9-f9ab-42dc-9c56-ced07e050542 > forest : 'asmb.test' > dns_domain : 'asmb.test' > pdc_dns_name : 'sa2-w2k3r2x64.asmb.test' > domain_name : 'ASMB' > pdc_name : 'SA2-W2K3R2X64' > user_name : '' > server_site : 'Default-First-Site-Name' > client_site : 'Default-First-Site-Name' > sockaddr_size : 0x00 (0) > sockaddr: struct nbt_sockaddr > sockaddr_family : 0x00000000 (0) > pdc_ip : (null) > remaining : DATA_BLOB length=0 > next_closest_site : NULL > nt_version : 0x00000005 (5) > 1: NETLOGON_NT_VERSION_1 > 0: NETLOGON_NT_VERSION_5 > 1: NETLOGON_NT_VERSION_5EX > 0: NETLOGON_NT_VERSION_5EX_WITH_IP > 0: NETLOGON_NT_VERSION_WITH_CLOSEST_SITE > 0: NETLOGON_NT_VERSION_AVOID_NT4EMUL > 0: NETLOGON_NT_VERSION_PDC > 0: NETLOGON_NT_VERSION_IP > 0: NETLOGON_NT_VERSION_LOCAL > 0: NETLOGON_NT_VERSION_GC > lmnt_token : 0xffff (65535) > lm20_token : 0xffff (65535) >[2012/06/27 17:22:52.190071, 10] libads/sitename_cache.c:70(sitename_store) > sitename_store: realm = [ASMB], sitename = [Default-First-Site-Name], expire = [2147483647] >[2012/06/27 17:22:52.190510, 10] lib/gencache.c:183(gencache_set_data_blob) > Adding cache entry with key = AD_SITENAME/DOMAIN/ASMB and timeout = Tue Jan 19 11:14:07 2038 > (806694675 seconds ahead) >[2012/06/27 17:22:52.197553, 10] libads/sitename_cache.c:70(sitename_store) > sitename_store: realm = [asmb.test], sitename = [Default-First-Site-Name], expire = [2147483647] >[2012/06/27 17:22:52.197793, 10] lib/gencache.c:183(gencache_set_data_blob) > Adding cache entry with key = AD_SITENAME/DOMAIN/ASMB.TEST and timeout = Tue Jan 19 11:14:07 2038 > (806694675 seconds ahead) >[2012/06/27 17:22:52.197901, 3] libads/ldap.c:640(ads_connect) > Successfully contacted LDAP server 10.100.60.234 >[2012/06/27 17:22:52.197975, 5] libads/sitename_cache.c:105(sitename_fetch) > sitename_fetch: Returning sitename for ASMB.TEST: "Default-First-Site-Name" >[2012/06/27 17:22:52.198029, 10] libads/ldap.c:171(ads_closest_dc) > ads_closest_dc: NBT_SERVER_CLOSEST flag set >[2012/06/27 17:22:52.198101, 10] libads/kerberos.c:880(create_local_private_krb5_conf_for_domain) > create_local_private_krb5_conf_for_domain: fname = /var/lib/samba/smb_krb5/krb5.conf.ASMB, realm = ASMB.TEST, domain = ASMB >[2012/06/27 17:22:52.198187, 5] libsmb/namequery.c:194(saf_fetch) > saf_fetch: Returning "sa2-w2k3r2x64.asmb.test" for "ASMB.TEST" domain >[2012/06/27 17:22:52.198247, 3] libsmb/namequery.c:2461(get_dc_list) > get_dc_list: preferred server list: "sa2-w2k3r2x64.asmb.test, *" >[2012/06/27 17:22:52.198305, 10] libsmb/namequery.c:1975(internal_resolve_name) > internal_resolve_name: looking up ASMB.TEST#1c (sitename Default-First-Site-Name) >[2012/06/27 17:22:52.198383, 5] libsmb/namecache.c:165(namecache_fetch) > name ASMB.TEST#1C found. >[2012/06/27 17:22:52.198496, 8] libsmb/namequery.c:2482(get_dc_list) > Adding 2 DC's from auto lookup >[2012/06/27 17:22:52.198571, 5] libads/sitename_cache.c:105(sitename_fetch) > sitename_fetch: Returning sitename for ASMB.TEST: "Default-First-Site-Name" >[2012/06/27 17:22:52.198625, 10] libsmb/namequery.c:1975(internal_resolve_name) > internal_resolve_name: looking up sa2-w2k3r2x64.asmb.test#20 (sitename Default-First-Site-Name) >[2012/06/27 17:22:52.198686, 5] libsmb/namecache.c:165(namecache_fetch) > name sa2-w2k3r2x64.asmb.test#20 found. >[2012/06/27 17:22:52.198785, 9] libsmb/conncache.c:150(check_negative_conn_cache) > check_negative_conn_cache returning result 0 for domain ASMB.TEST server 10.100.60.234 >[2012/06/27 17:22:52.198857, 9] libsmb/conncache.c:150(check_negative_conn_cache) > check_negative_conn_cache returning result 0 for domain ASMB.TEST server 10.100.60.234 >[2012/06/27 17:22:52.198936, 9] libsmb/conncache.c:150(check_negative_conn_cache) > check_negative_conn_cache returning result 0 for domain ASMB.TEST server 10.100.60.235 >[2012/06/27 17:22:52.198991, 10] libsmb/namequery.c:1079(remove_duplicate_addrs2) > remove_duplicate_addrs2: looking for duplicate address/port pairs >[2012/06/27 17:22:52.199040, 4] libsmb/namequery.c:2601(get_dc_list) > get_dc_list: returning 2 ip addresses in an ordered list >[2012/06/27 17:22:52.199086, 4] libsmb/namequery.c:2602(get_dc_list) > get_dc_list: 10.100.60.234:389 10.100.60.235:389 >[2012/06/27 17:22:52.199169, 5] libsmb/namequery.c:194(saf_fetch) > saf_fetch: Returning "sa2-w2k3r2x64.asmb.test" for "ASMB.TEST" domain >[2012/06/27 17:22:52.199227, 3] libsmb/namequery.c:2461(get_dc_list) > get_dc_list: preferred server list: "sa2-w2k3r2x64.asmb.test, *" >[2012/06/27 17:22:52.199276, 10] libsmb/namequery.c:1975(internal_resolve_name) > internal_resolve_name: looking up ASMB.TEST#1c (sitename (null)) >[2012/06/27 17:22:52.199374, 5] libsmb/namecache.c:165(namecache_fetch) > name ASMB.TEST#1C found. >[2012/06/27 17:22:52.199484, 8] libsmb/namequery.c:2482(get_dc_list) > Adding 2 DC's from auto lookup >[2012/06/27 17:22:52.199559, 5] libads/sitename_cache.c:105(sitename_fetch) > sitename_fetch: Returning sitename for ASMB.TEST: "Default-First-Site-Name" >[2012/06/27 17:22:52.199613, 10] libsmb/namequery.c:1975(internal_resolve_name) > internal_resolve_name: looking up sa2-w2k3r2x64.asmb.test#20 (sitename Default-First-Site-Name) >[2012/06/27 17:22:52.199675, 5] libsmb/namecache.c:165(namecache_fetch) > name sa2-w2k3r2x64.asmb.test#20 found. >[2012/06/27 17:22:52.199773, 9] libsmb/conncache.c:150(check_negative_conn_cache) > check_negative_conn_cache returning result 0 for domain ASMB.TEST server 10.100.60.234 >[2012/06/27 17:22:52.199845, 9] libsmb/conncache.c:150(check_negative_conn_cache) > check_negative_conn_cache returning result 0 for domain ASMB.TEST server 10.100.60.234 >[2012/06/27 17:22:52.199908, 9] libsmb/conncache.c:150(check_negative_conn_cache) > check_negative_conn_cache returning result 0 for domain ASMB.TEST server 10.100.60.235 >[2012/06/27 17:22:52.199956, 10] libsmb/namequery.c:1079(remove_duplicate_addrs2) > remove_duplicate_addrs2: looking for duplicate address/port pairs >[2012/06/27 17:22:52.200004, 4] libsmb/namequery.c:2601(get_dc_list) > get_dc_list: returning 2 ip addresses in an ordered list >[2012/06/27 17:22:52.200050, 4] libsmb/namequery.c:2602(get_dc_list) > get_dc_list: 10.100.60.234:389 10.100.60.235:389 >[2012/06/27 17:22:52.200114, 10] libads/kerberos.c:825(get_kdc_ip_string) > get_kdc_ip_string: Returning kdc = 10.100.60.234 > kdc = 10.100.60.235 > kdc = 10.100.60.235 > >[2012/06/27 17:22:52.200382, 5] libads/kerberos.c:948(create_local_private_krb5_conf_for_domain) > create_local_private_krb5_conf_for_domain: wrote file /var/lib/samba/smb_krb5/krb5.conf.ASMB with realm ASMB.TEST KDC list = kdc = 10.100.60.234 > kdc = 10.100.60.235 > kdc = 10.100.60.235 > >[2012/06/27 17:22:52.200504, 4] libsmb/namequery_dc.c:148(ads_dc_name) > ads_dc_name: using server='SA2-W2K3R2X64.ASMB.TEST' IP=10.100.60.234 >[2012/06/27 17:22:52.200571, 5] libads/sitename_cache.c:105(sitename_fetch) > sitename_fetch: Returning sitename for ASMB.TEST: "Default-First-Site-Name" >[2012/06/27 17:22:52.200625, 10] libsmb/namequery.c:1975(internal_resolve_name) > internal_resolve_name: looking up SA2-W2K3R2X64.ASMB.TEST#20 (sitename Default-First-Site-Name) >[2012/06/27 17:22:52.200687, 5] libsmb/namecache.c:165(namecache_fetch) > name SA2-W2K3R2X64.ASMB.TEST#20 found. >[2012/06/27 17:22:52.200778, 5] libads/ldap.c:232(ads_try_connect) > ads_try_connect: sending CLDAP request to 10.100.60.234 (realm: ASMB.TEST) >[2012/06/27 17:22:52.202308, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) > &response->data.nt5_ex: struct NETLOGON_SAM_LOGON_RESPONSE_EX > command : LOGON_SAM_LOGON_RESPONSE_EX (23) > sbz : 0x0000 (0) > server_type : 0x000001f8 (504) > 0: NBT_SERVER_PDC > 0: NBT_SERVER_GC > 1: NBT_SERVER_LDAP > 1: NBT_SERVER_DS > 1: NBT_SERVER_KDC > 1: NBT_SERVER_TIMESERV > 1: NBT_SERVER_CLOSEST > 1: NBT_SERVER_WRITABLE > 0: NBT_SERVER_GOOD_TIMESERV > 0: NBT_SERVER_NDNC > 0: NBT_SERVER_SELECT_SECRET_DOMAIN_6 > 0: NBT_SERVER_FULL_SECRET_DOMAIN_6 > 0: NBT_SERVER_ADS_WEB_SERVICE > 0: NBT_SERVER_HAS_DNS_NAME > 0: NBT_SERVER_IS_DEFAULT_NC > 0: NBT_SERVER_FOREST_ROOT > domain_uuid : 5f62e8f9-f9ab-42dc-9c56-ced07e050542 > forest : 'asmb.test' > dns_domain : 'asmb.test' > pdc_dns_name : 'sa2-w2k3r2x64.asmb.test' > domain_name : 'ASMB' > pdc_name : 'SA2-W2K3R2X64' > user_name : '' > server_site : 'Default-First-Site-Name' > client_site : 'Default-First-Site-Name' > sockaddr_size : 0x00 (0) > sockaddr: struct nbt_sockaddr > sockaddr_family : 0x00000000 (0) > pdc_ip : (null) > remaining : DATA_BLOB length=0 > next_closest_site : NULL > nt_version : 0x00000005 (5) > 1: NETLOGON_NT_VERSION_1 > 0: NETLOGON_NT_VERSION_5 > 1: NETLOGON_NT_VERSION_5EX > 0: NETLOGON_NT_VERSION_5EX_WITH_IP > 0: NETLOGON_NT_VERSION_WITH_CLOSEST_SITE > 0: NETLOGON_NT_VERSION_AVOID_NT4EMUL > 0: NETLOGON_NT_VERSION_PDC > 0: NETLOGON_NT_VERSION_IP > 0: NETLOGON_NT_VERSION_LOCAL > 0: NETLOGON_NT_VERSION_GC > lmnt_token : 0xffff (65535) > lm20_token : 0xffff (65535) >[2012/06/27 17:22:52.205449, 10] libads/sitename_cache.c:70(sitename_store) > sitename_store: realm = [ASMB], sitename = [Default-First-Site-Name], expire = [2147483647] >[2012/06/27 17:22:52.205516, 10] lib/gencache.c:183(gencache_set_data_blob) > Adding cache entry with key = AD_SITENAME/DOMAIN/ASMB and timeout = Tue Jan 19 11:14:07 2038 > (806694675 seconds ahead) >[2012/06/27 17:22:52.205615, 10] libads/sitename_cache.c:70(sitename_store) > sitename_store: realm = [asmb.test], sitename = [Default-First-Site-Name], expire = [2147483647] >[2012/06/27 17:22:52.205671, 10] lib/gencache.c:183(gencache_set_data_blob) > Adding cache entry with key = AD_SITENAME/DOMAIN/ASMB.TEST and timeout = Tue Jan 19 11:14:07 2038 > (806694675 seconds ahead) >[2012/06/27 17:22:52.205805, 3] libads/ldap.c:640(ads_connect) > Successfully contacted LDAP server 10.100.60.234 >[2012/06/27 17:22:52.205861, 10] libads/ldap.c:68(ldap_open_with_timeout) > Opening connection to LDAP server 'sa2-w2k3r2x64.asmb.test:389', timeout 15 seconds >[2012/06/27 17:22:52.212205, 10] libads/ldap.c:82(ldap_open_with_timeout) > Connected to LDAP server 'sa2-w2k3r2x64.asmb.test:389' >[2012/06/27 17:22:52.212280, 3] libads/ldap.c:694(ads_connect) > Connected to LDAP server sa2-w2k3r2x64.asmb.test >[2012/06/27 17:22:52.212328, 10] libads/ldap.c:171(ads_closest_dc) > ads_closest_dc: NBT_SERVER_CLOSEST flag set >[2012/06/27 17:22:52.212377, 10] libsmb/namequery.c:89(saf_store) > saf_store: domain = [ASMB], server = [sa2-w2k3r2x64.asmb.test], expire = [1340789872] >[2012/06/27 17:22:52.212428, 10] lib/gencache.c:183(gencache_set_data_blob) > Adding cache entry with key = SAF/DOMAIN/ASMB and timeout = Wed Jun 27 17:37:52 2012 > (900 seconds ahead) >[2012/06/27 17:22:52.212520, 10] libsmb/namequery.c:89(saf_store) > saf_store: domain = [ASMB.TEST], server = [sa2-w2k3r2x64.asmb.test], expire = [1340789872] >[2012/06/27 17:22:52.212574, 10] lib/gencache.c:183(gencache_set_data_blob) > Adding cache entry with key = SAF/DOMAIN/ASMB.TEST and timeout = Wed Jun 27 17:37:52 2012 > (900 seconds ahead) >[2012/06/27 17:22:52.212725, 5] ../lib/util/charset/codepoints.c:235(map_locale) > Substituting charset 'ANSI_X3.4-1968' for LOCALE >[2012/06/27 17:22:52.215749, 4] libads/ldap.c:2857(ads_current_time) > time offset is 0 seconds >[2012/06/27 17:22:52.216375, 4] libads/sasl.c:1211(ads_sasl_bind) > Found SASL mechanism GSS-SPNEGO >[2012/06/27 17:22:52.216940, 3] libads/sasl.c:869(ads_sasl_spnego_bind) > ads_sasl_spnego_bind: got OID=1.2.840.48018.1.2.2 >[2012/06/27 17:22:52.217006, 3] libads/sasl.c:869(ads_sasl_spnego_bind) > ads_sasl_spnego_bind: got OID=1.2.840.113554.1.2.2 >[2012/06/27 17:22:52.217053, 3] libads/sasl.c:869(ads_sasl_spnego_bind) > ads_sasl_spnego_bind: got OID=1.2.840.113554.1.2.2.3 >[2012/06/27 17:22:52.217097, 3] libads/sasl.c:869(ads_sasl_spnego_bind) > ads_sasl_spnego_bind: got OID=1.3.6.1.4.1.311.2.2.10 >[2012/06/27 17:22:52.217149, 3] libads/sasl.c:878(ads_sasl_spnego_bind) > ads_sasl_spnego_bind: got server principal name = sa2-w2k3r2x64$@ASMB.TEST >[2012/06/27 17:22:52.217729, 3] libsmb/clikrb5.c:787(ads_krb5_mk_req) > ads_krb5_mk_req: krb5_cc_get_principal failed (No credentials cache found) >[2012/06/27 17:22:52.217829, 10] libads/sasl.c:899(ads_sasl_spnego_bind) > ads_sasl_spnego_krb5_bind failed with: No credentials cache found, calling kinit >[2012/06/27 17:22:52.217964, 10] libads/kerberos.c:191(kerberos_kinit_password_ext) > kerberos_kinit_password: as UBS1204V3$@ASMB.TEST using [MEMORY:prtpub_cache] as ccache and config [/var/lib/samba/smb_krb5/krb5.conf.ASMB] >[2012/06/27 17:22:52.232139, 3] libsmb/clikrb5.c:632(ads_cleanup_expired_creds) > ads_cleanup_expired_creds: Ticket in ccache[MEMORY:prtpub_cache] expiration Thu, 28 Jun 2012 03:22:52 CST >[2012/06/27 17:22:52.232227, 10] libsmb/clikrb5.c:821(ads_krb5_mk_req) > ads_krb5_mk_req: Ticket (sa2-w2k3r2x64$@ASMB.TEST) in ccache (MEMORY:prtpub_cache) is valid until: (Thu, 28 Jun 2012 03:22:52 CST - 1340824972) >[2012/06/27 17:22:52.232291, 3] libsmb/clikrb5.c:840(ads_krb5_mk_req) > ads_krb5_mk_req: server marked as OK to delegate to, building forwardable TGT >[2012/06/27 17:22:52.235140, 10] libsmb/clikrb5.c:1044(get_krb5_smb_session_key) > Got KRB5 session key of length 16 >[2012/06/27 17:22:52.236701, 0] printing/nt_printing_ads.c:358(check_published_printers) > check_published_printers: Could not create system session_info >[2012/06/27 17:22:52.237524, 0] printing/nt_printing.c:102(nt_printing_init) > nt_printing_init: error checking published printers: WERR_ACCESS_DENIED >[2012/06/27 17:22:52.239669, 5] lib/username.c:171(Get_Pwnam_alloc) > Finding user root >[2012/06/27 17:22:52.239730, 5] lib/username.c:116(Get_Pwnam_internals) > Trying _Get_Pwnam(), username as lowercase is root >[2012/06/27 17:22:52.239943, 5] lib/username.c:149(Get_Pwnam_internals) > Get_Pwnam_internals did find user [root]! >[2012/06/27 17:22:52.240027, 10] passdb/lookup_sid.c:76(lookup_name) > lookup_name: Unix User\root => domain=[Unix User], name=[root] >[2012/06/27 17:22:52.240080, 10] passdb/lookup_sid.c:77(lookup_name) > lookup_name: flags = 0x073 >[2012/06/27 17:22:52.265070, 10] passdb/pdb_get_set.c:575(pdb_set_username) > pdb_set_username: setting username root, was >[2012/06/27 17:22:52.265156, 10] passdb/pdb_get_set.c:644(pdb_set_fullname) > pdb_set_full_name: setting full name root, was >[2012/06/27 17:22:52.265210, 10] passdb/pdb_get_set.c:598(pdb_set_domain) > pdb_set_domain: setting domain UBS1204V3, was >[2012/06/27 17:22:52.265264, 4] lib/substitute.c:527(automount_server) > Home server: ubs1204v3 >[2012/06/27 17:22:52.265321, 10] passdb/pdb_get_set.c:690(pdb_set_profile_path) > pdb_set_profile_path: setting profile path \\ubs1204v3\root\profile, was >[2012/06/27 17:22:52.265371, 4] lib/substitute.c:527(automount_server) > Home server: ubs1204v3 >[2012/06/27 17:22:52.265422, 10] passdb/pdb_get_set.c:737(pdb_set_homedir) > pdb_set_homedir: setting home dir \\ubs1204v3\root, was >[2012/06/27 17:22:52.265473, 10] passdb/pdb_get_set.c:713(pdb_set_dir_drive) > pdb_set_dir_drive: setting dir drive , was NULL >[2012/06/27 17:22:52.265521, 10] passdb/pdb_get_set.c:667(pdb_set_logon_script) > pdb_set_logon_script: setting logon script , was >[2012/06/27 17:22:52.265571, 10] passdb/pdb_get_set.c:500(pdb_set_user_sid) > pdb_set_user_sid: setting user sid S-1-5-21-3088021615-3987404115-869989681-1000 >[2012/06/27 17:22:52.265624, 10] passdb/pdb_compat.c:73(pdb_set_user_sid_from_rid) > pdb_set_user_sid_from_rid: > setting user sid S-1-5-21-3088021615-3987404115-869989681-1000 from rid 1000 >[2012/06/27 17:22:52.265729, 10] passdb/pdb_get_set.c:575(pdb_set_username) > pdb_set_username: setting username root, was root >[2012/06/27 17:22:52.265782, 10] passdb/pdb_get_set.c:500(pdb_set_user_sid) > pdb_set_user_sid: setting user sid S-1-22-1-0 >[2012/06/27 17:22:52.269403, 5] passdb/lookup_sid.c:1384(gid_to_sid) > gid_to_sid: winbind failed to find a sid for gid 0 >[2012/06/27 17:22:52.269486, 4] smbd/sec_ctx.c:214(push_sec_ctx) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >[2012/06/27 17:22:52.269541, 4] smbd/uid.c:460(push_conn_ctx) > push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >[2012/06/27 17:22:52.269589, 4] smbd/sec_ctx.c:318(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2012/06/27 17:22:52.269635, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2012/06/27 17:22:52.269712, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2012/06/27 17:22:52.269902, 10] groupdb/mapping_tdb.c:235(find_map) > failed to unpack map >[2012/06/27 17:22:52.269988, 10] groupdb/mapping_tdb.c:235(find_map) > failed to unpack map >[2012/06/27 17:22:52.270060, 4] smbd/sec_ctx.c:426(pop_sec_ctx) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2012/06/27 17:22:52.270113, 10] passdb/lookup_sid.c:1181(legacy_gid_to_sid) > LEGACY: gid 0 -> sid S-1-22-2-0 >[2012/06/27 17:22:52.270180, 10] groupdb/mapping_tdb.c:235(find_map) > failed to unpack map >[2012/06/27 17:22:52.270248, 10] groupdb/mapping_tdb.c:235(find_map) > failed to unpack map >[2012/06/27 17:22:52.270311, 3] passdb/lookup_sid.c:1737(get_primary_group_sid) > Forcing Primary Group to 'Domain Users' for root >[2012/06/27 17:22:52.270361, 10] auth/server_info.c:354(samu_to_SamInfo3) > Unix User found in struct samu. Rid marked as special and sid (S-1-22-1-0) saved as extra sid >[2012/06/27 17:22:52.270425, 5] lib/username.c:171(Get_Pwnam_alloc) > Finding user root >[2012/06/27 17:22:52.270476, 5] lib/username.c:116(Get_Pwnam_internals) > Trying _Get_Pwnam(), username as lowercase is root >[2012/06/27 17:22:52.270524, 5] lib/username.c:149(Get_Pwnam_internals) > Get_Pwnam_internals did find user [root]! >[2012/06/27 17:22:52.270594, 10] lib/system_smbd.c:175(sys_getgrouplist) > sys_getgrouplist: user [root] >[2012/06/27 17:22:52.273772, 10] passdb/lookup_sid.c:76(lookup_name) > lookup_name: UBS1204V3\root => domain=[UBS1204V3], name=[root] >[2012/06/27 17:22:52.273972, 10] passdb/lookup_sid.c:77(lookup_name) > lookup_name: flags = 0x073 >[2012/06/27 17:22:52.274025, 4] smbd/sec_ctx.c:214(push_sec_ctx) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >[2012/06/27 17:22:52.274073, 4] smbd/uid.c:460(push_conn_ctx) > push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >[2012/06/27 17:22:52.274117, 4] smbd/sec_ctx.c:318(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2012/06/27 17:22:52.274160, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2012/06/27 17:22:52.274204, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2012/06/27 17:22:52.274329, 4] passdb/pdb_tdb.c:523(tdbsam_open) > tdbsam_open: successfully opened /etc/samba/private/passdb.tdb >[2012/06/27 17:22:52.274393, 5] passdb/pdb_tdb.c:562(tdbsam_getsampwnam) > pdb_getsampwnam (TDB): error fetching database. > Key: USER_root >[2012/06/27 17:22:52.274465, 4] smbd/sec_ctx.c:426(pop_sec_ctx) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2012/06/27 17:22:52.274515, 4] smbd/sec_ctx.c:214(push_sec_ctx) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >[2012/06/27 17:22:52.274560, 4] smbd/uid.c:460(push_conn_ctx) > push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >[2012/06/27 17:22:52.274604, 4] smbd/sec_ctx.c:318(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2012/06/27 17:22:52.274647, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2012/06/27 17:22:52.274690, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2012/06/27 17:22:52.274767, 10] groupdb/mapping_tdb.c:235(find_map) > failed to unpack map >[2012/06/27 17:22:52.274837, 10] groupdb/mapping_tdb.c:235(find_map) > failed to unpack map >[2012/06/27 17:22:52.274905, 4] smbd/sec_ctx.c:426(pop_sec_ctx) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2012/06/27 17:22:52.274972, 10] passdb/lookup_sid.c:76(lookup_name) > lookup_name: Unix User\root => domain=[Unix User], name=[root] >[2012/06/27 17:22:52.275018, 10] passdb/lookup_sid.c:77(lookup_name) > lookup_name: flags = 0x073 >[2012/06/27 17:22:52.284731, 10] passdb/lookup_sid.c:1527(sid_to_uid) > sid S-1-22-1-0 -> uid 0 >[2012/06/27 17:22:52.284960, 10] lib/system_smbd.c:175(sys_getgrouplist) > sys_getgrouplist: user [root] >[2012/06/27 17:22:52.285236, 10] auth/token_util.c:339(create_local_nt_token) > Create local NT token for S-1-22-1-0 >[2012/06/27 17:22:52.286574, 10] passdb/lookup_sid.c:1611(sid_to_gid) > winbind failed to find a gid for sid S-1-5-32-544 >[2012/06/27 17:22:52.286648, 4] smbd/sec_ctx.c:214(push_sec_ctx) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >[2012/06/27 17:22:52.286698, 4] smbd/uid.c:460(push_conn_ctx) > push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >[2012/06/27 17:22:52.286744, 4] smbd/sec_ctx.c:318(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2012/06/27 17:22:52.286788, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2012/06/27 17:22:52.286831, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2012/06/27 17:22:52.286918, 4] smbd/sec_ctx.c:426(pop_sec_ctx) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2012/06/27 17:22:52.286971, 10] passdb/lookup_sid.c:1285(legacy_sid_to_gid) > LEGACY: sid S-1-5-32-544 -> gid 1000 >[2012/06/27 17:22:52.288185, 10] passdb/lookup_sid.c:1611(sid_to_gid) > winbind failed to find a gid for sid S-1-5-32-545 >[2012/06/27 17:22:52.288257, 4] smbd/sec_ctx.c:214(push_sec_ctx) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >[2012/06/27 17:22:52.288308, 4] smbd/uid.c:460(push_conn_ctx) > push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >[2012/06/27 17:22:52.288353, 4] smbd/sec_ctx.c:318(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2012/06/27 17:22:52.288398, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2012/06/27 17:22:52.288442, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2012/06/27 17:22:52.288528, 4] smbd/sec_ctx.c:426(pop_sec_ctx) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2012/06/27 17:22:52.288582, 10] passdb/lookup_sid.c:1285(legacy_sid_to_gid) > LEGACY: sid S-1-5-32-545 -> gid 1001 >[2012/06/27 17:22:52.288634, 4] smbd/sec_ctx.c:214(push_sec_ctx) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >[2012/06/27 17:22:52.288682, 4] smbd/uid.c:460(push_conn_ctx) > push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >[2012/06/27 17:22:52.288751, 4] smbd/sec_ctx.c:318(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2012/06/27 17:22:52.288796, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2012/06/27 17:22:52.288840, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2012/06/27 17:22:52.288978, 4] smbd/sec_ctx.c:426(pop_sec_ctx) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2012/06/27 17:22:52.289131, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-22-1-0] >[2012/06/27 17:22:52.289202, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-22-2-0] >[2012/06/27 17:22:52.289263, 5] lib/privileges.c:175(get_privileges_for_sids) > get_privileges_for_sids: sid = S-1-1-0 > Privilege set: 0x0 >[2012/06/27 17:22:52.289335, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-2] >[2012/06/27 17:22:52.289393, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-11] >[2012/06/27 17:22:52.289512, 10] ../libcli/security/security_token.c:63(security_token_debug) > Security token SIDs (8): > SID[ 0]: S-1-22-1-0 > SID[ 1]: S-1-22-2-0 > SID[ 2]: S-1-1-0 > SID[ 3]: S-1-5-2 > SID[ 4]: S-1-5-11 > SID[ 5]: S-1-22-2-1002 > SID[ 6]: S-1-22-2-1003 > SID[ 7]: S-1-22-2-1004 > Privileges (0x 0): > Rights (0x 0): >[2012/06/27 17:22:52.289790, 10] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 4 supplementary groups > Group[ 0]: 0 > Group[ 1]: 1002 > Group[ 2]: 1003 > Group[ 3]: 1004 >[2012/06/27 17:22:52.289926, 5] lib/username.c:171(Get_Pwnam_alloc) > Finding user nobody >[2012/06/27 17:22:52.289975, 5] lib/username.c:116(Get_Pwnam_internals) > Trying _Get_Pwnam(), username as lowercase is nobody >[2012/06/27 17:22:52.290227, 5] lib/username.c:149(Get_Pwnam_internals) > Get_Pwnam_internals did find user [nobody]! >[2012/06/27 17:22:52.290300, 5] lib/username.c:171(Get_Pwnam_alloc) > Finding user UBS1204V3\nobody >[2012/06/27 17:22:52.290349, 5] lib/username.c:116(Get_Pwnam_internals) > Trying _Get_Pwnam(), username as lowercase is ubs1204v3\nobody >[2012/06/27 17:22:52.295672, 5] lib/username.c:124(Get_Pwnam_internals) > Trying _Get_Pwnam(), username as given is UBS1204V3\nobody >[2012/06/27 17:22:52.298599, 5] lib/username.c:134(Get_Pwnam_internals) > Trying _Get_Pwnam(), username as uppercase is UBS1204V3\NOBODY >[2012/06/27 17:22:52.300513, 5] lib/username.c:143(Get_Pwnam_internals) > Checking combinations of 0 uppercase letters in ubs1204v3\nobody >[2012/06/27 17:22:52.300575, 5] lib/username.c:149(Get_Pwnam_internals) > Get_Pwnam_internals didn't find user [UBS1204V3\nobody]! >[2012/06/27 17:22:52.300628, 5] lib/username.c:171(Get_Pwnam_alloc) > Finding user nobody >[2012/06/27 17:22:52.300676, 5] lib/username.c:116(Get_Pwnam_internals) > Trying _Get_Pwnam(), username as lowercase is nobody >[2012/06/27 17:22:52.300727, 5] lib/username.c:149(Get_Pwnam_internals) > Get_Pwnam_internals did find user [nobody]! >[2012/06/27 17:22:52.307212, 5] passdb/lookup_sid.c:1384(gid_to_sid) > gid_to_sid: winbind failed to find a sid for gid 65534 >[2012/06/27 17:22:52.307289, 4] smbd/sec_ctx.c:214(push_sec_ctx) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >[2012/06/27 17:22:52.307344, 4] smbd/uid.c:460(push_conn_ctx) > push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >[2012/06/27 17:22:52.307395, 4] smbd/sec_ctx.c:318(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2012/06/27 17:22:52.307444, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2012/06/27 17:22:52.307492, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2012/06/27 17:22:52.307582, 10] groupdb/mapping_tdb.c:235(find_map) > failed to unpack map >[2012/06/27 17:22:52.307660, 10] groupdb/mapping_tdb.c:235(find_map) > failed to unpack map >[2012/06/27 17:22:52.307735, 4] smbd/sec_ctx.c:426(pop_sec_ctx) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2012/06/27 17:22:52.307792, 10] passdb/lookup_sid.c:1181(legacy_gid_to_sid) > LEGACY: gid 65534 -> sid S-1-22-2-65534 >[2012/06/27 17:22:52.307862, 10] groupdb/mapping_tdb.c:235(find_map) > failed to unpack map >[2012/06/27 17:22:52.307936, 10] groupdb/mapping_tdb.c:235(find_map) > failed to unpack map >[2012/06/27 17:22:52.308003, 3] passdb/lookup_sid.c:1737(get_primary_group_sid) > Forcing Primary Group to 'Domain Users' for nobody >[2012/06/27 17:22:52.308854, 10] auth/token_util.c:223(create_local_nt_token_from_info3) > Create local NT token for nobody >[2012/06/27 17:22:52.308942, 4] smbd/sec_ctx.c:214(push_sec_ctx) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >[2012/06/27 17:22:52.309001, 4] smbd/uid.c:460(push_conn_ctx) > push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >[2012/06/27 17:22:52.309071, 4] smbd/sec_ctx.c:318(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2012/06/27 17:22:52.309123, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2012/06/27 17:22:52.309170, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2012/06/27 17:22:52.309322, 4] smbd/sec_ctx.c:426(pop_sec_ctx) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2012/06/27 17:22:52.309401, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-3088021615-3987404115-869989681-501] >[2012/06/27 17:22:52.309469, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-3088021615-3987404115-869989681-513] >[2012/06/27 17:22:52.309535, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-3088021615-3987404115-869989681-546] >[2012/06/27 17:22:52.309599, 5] lib/privileges.c:175(get_privileges_for_sids) > get_privileges_for_sids: sid = S-1-1-0 > Privilege set: 0x0 >[2012/06/27 17:22:52.309713, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-2] >[2012/06/27 17:22:52.309789, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-32-546] >[2012/06/27 17:22:52.325543, 4] smbd/sec_ctx.c:214(push_sec_ctx) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >[2012/06/27 17:22:52.325618, 4] smbd/uid.c:460(push_conn_ctx) > push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >[2012/06/27 17:22:52.325671, 4] smbd/sec_ctx.c:318(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2012/06/27 17:22:52.325761, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2012/06/27 17:22:52.325811, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2012/06/27 17:22:52.325897, 5] passdb/pdb_interface.c:1604(lookup_global_sam_rid) > lookup_global_sam_rid: looking up RID 546. >[2012/06/27 17:22:52.325960, 4] smbd/sec_ctx.c:214(push_sec_ctx) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 >[2012/06/27 17:22:52.326011, 4] smbd/uid.c:460(push_conn_ctx) > push_conn_ctx(0) : conn_ctx_stack_ndx = 1 >[2012/06/27 17:22:52.326060, 4] smbd/sec_ctx.c:318(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 >[2012/06/27 17:22:52.326109, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2012/06/27 17:22:52.326156, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2012/06/27 17:22:52.326242, 5] passdb/pdb_tdb.c:614(tdbsam_getsampwrid) > pdb_getsampwrid (TDB): error looking up RID 546 by key RID_00000222. >[2012/06/27 17:22:52.326322, 4] smbd/sec_ctx.c:426(pop_sec_ctx) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2012/06/27 17:22:52.326378, 5] passdb/pdb_interface.c:1666(lookup_global_sam_rid) > Can't find a unix id for an unmapped group >[2012/06/27 17:22:52.326442, 4] smbd/sec_ctx.c:426(pop_sec_ctx) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2012/06/27 17:22:52.326494, 10] passdb/lookup_sid.c:1280(legacy_sid_to_gid) > LEGACY: mapping failed for sid S-1-5-21-3088021615-3987404115-869989681-546 >[2012/06/27 17:22:52.326550, 4] smbd/sec_ctx.c:214(push_sec_ctx) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >[2012/06/27 17:22:52.326601, 4] smbd/uid.c:460(push_conn_ctx) > push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >[2012/06/27 17:22:52.326651, 4] smbd/sec_ctx.c:318(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2012/06/27 17:22:52.326699, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2012/06/27 17:22:52.326752, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2012/06/27 17:22:52.326860, 5] passdb/pdb_interface.c:1604(lookup_global_sam_rid) > lookup_global_sam_rid: looking up RID 546. >[2012/06/27 17:22:52.326918, 4] smbd/sec_ctx.c:214(push_sec_ctx) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 >[2012/06/27 17:22:52.326969, 4] smbd/uid.c:460(push_conn_ctx) > push_conn_ctx(0) : conn_ctx_stack_ndx = 1 >[2012/06/27 17:22:52.327018, 4] smbd/sec_ctx.c:318(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 >[2012/06/27 17:22:52.327067, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2012/06/27 17:22:52.327124, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2012/06/27 17:22:52.327208, 5] passdb/pdb_tdb.c:614(tdbsam_getsampwrid) > pdb_getsampwrid (TDB): error looking up RID 546 by key RID_00000222. >[2012/06/27 17:22:52.327285, 4] smbd/sec_ctx.c:426(pop_sec_ctx) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2012/06/27 17:22:52.327338, 5] passdb/pdb_interface.c:1666(lookup_global_sam_rid) > Can't find a unix id for an unmapped group >[2012/06/27 17:22:52.327393, 4] smbd/sec_ctx.c:426(pop_sec_ctx) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2012/06/27 17:22:52.327445, 10] passdb/lookup_sid.c:1218(legacy_sid_to_uid) > LEGACY: mapping failed for sid S-1-5-21-3088021615-3987404115-869989681-546 >[2012/06/27 17:22:52.327500, 10] auth/auth_util.c:505(create_local_token) > Could not convert SID S-1-5-21-3088021615-3987404115-869989681-546 to gid, ignoring it >[2012/06/27 17:22:52.327562, 10] ../libcli/security/security_token.c:63(security_token_debug) > Security token SIDs (11): > SID[ 0]: S-1-5-21-3088021615-3987404115-869989681-501 > SID[ 1]: S-1-5-21-3088021615-3987404115-869989681-513 > SID[ 2]: S-1-5-21-3088021615-3987404115-869989681-546 > SID[ 3]: S-1-1-0 > SID[ 4]: S-1-5-2 > SID[ 5]: S-1-5-32-546 > SID[ 6]: S-1-22-1-65534 > SID[ 7]: S-1-22-2-1006 > SID[ 8]: S-1-22-2-1002 > SID[ 9]: S-1-22-2-1003 > SID[ 10]: S-1-22-2-1005 > Privileges (0x 0): > Rights (0x 0): >[2012/06/27 17:22:52.327869, 10] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 65534 > Primary group is 65534 and contains 4 supplementary groups > Group[ 0]: 1006 > Group[ 1]: 1002 > Group[ 2]: 1003 > Group[ 3]: 1005 >[2012/06/27 17:22:52.328128, 3] rpc_server/svcctl/srv_svcctl_reg.c:569(svcctl_init_winreg) > Initialise the svcctl registry keys if needed. >[2012/06/27 17:22:52.328199, 4] smbd/sec_ctx.c:214(push_sec_ctx) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >[2012/06/27 17:22:52.328252, 4] smbd/uid.c:460(push_conn_ctx) > push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >[2012/06/27 17:22:52.328318, 4] smbd/sec_ctx.c:318(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2012/06/27 17:22:52.328381, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2012/06/27 17:22:52.328431, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2012/06/27 17:22:52.328561, 4] smbd/sec_ctx.c:426(pop_sec_ctx) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2012/06/27 17:22:52.328622, 10] registry/reg_backend_db.c:602(regdb_open) > regdb_open: registry db opened. refcount reset (1) >[2012/06/27 17:22:52.328701, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) > Create pipe requested \winreg >[2012/06/27 17:22:52.328790, 10] rpc_server/rpc_handles.c:116(init_pipe_handles) > init_pipe_handle_list: created handle list for pipe \winreg >[2012/06/27 17:22:52.328851, 10] rpc_server/rpc_handles.c:133(init_pipe_handles) > init_pipe_handle_list: pipe_handles ref count = 1 for pipe \winreg >[2012/06/27 17:22:52.328914, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) > Created internal pipe \winreg (pipes_open=0) >[2012/06/27 17:22:52.329024, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_OpenHKLM: struct winreg_OpenHKLM > in: struct winreg_OpenHKLM > system_name : NULL > access_mask : 0x02000000 (33554432) > 0: KEY_QUERY_VALUE > 0: KEY_SET_VALUE > 0: KEY_CREATE_SUB_KEY > 0: KEY_ENUMERATE_SUB_KEYS > 0: KEY_NOTIFY > 0: KEY_CREATE_LINK > 0: KEY_WOW64_64KEY > 0: KEY_WOW64_32KEY >[2012/06/27 17:22:52.329334, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [HKLM] >[2012/06/27 17:22:52.329399, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (1->2) >[2012/06/27 17:22:52.329461, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM] >[2012/06/27 17:22:52.329510, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM] >[2012/06/27 17:22:52.329559, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/06/27 17:22:52.329605, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0xb780c7e0 for key [\HKLM] >[2012/06/27 17:22:52.333731, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[1] [0000] 00 00 00 00 01 00 00 00 00 00 00 00 EA 4F EC D0 ........ .....O.. > [0010] 0E 18 00 00 .... >[2012/06/27 17:22:52.333875, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_OpenHKLM: struct winreg_OpenHKLM > out: struct winreg_OpenHKLM > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000001-0000-0000-ea4f-ecd00e180000 > result : WERR_OK >[2012/06/27 17:22:52.334131, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_OpenKey: struct winreg_OpenKey > in: struct winreg_OpenKey > parent_handle : * > parent_handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000001-0000-0000-ea4f-ecd00e180000 > keyname: struct winreg_String > name_len : 0x0044 (68) > name_size : 0x0044 (68) > name : * > name : 'SYSTEM\CurrentControlSet\Services' > options : 0x00000000 (0) > 0: REG_OPTION_VOLATILE > 0: REG_OPTION_CREATE_LINK > 0: REG_OPTION_BACKUP_RESTORE > 0: REG_OPTION_OPEN_LINK > access_mask : 0x02000000 (33554432) > 0: KEY_QUERY_VALUE > 0: KEY_SET_VALUE > 0: KEY_CREATE_SUB_KEY > 0: KEY_ENUMERATE_SUB_KEYS > 0: KEY_NOTIFY > 0: KEY_CREATE_LINK > 0: KEY_WOW64_64KEY > 0: KEY_WOW64_32KEY >[2012/06/27 17:22:52.334689, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 01 00 00 00 00 00 00 00 EA 4F EC D0 ........ .....O.. > [0010] 0E 18 00 00 .... >[2012/06/27 17:22:52.334807, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [SYSTEM] >[2012/06/27 17:22:52.334863, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (2->3) >[2012/06/27 17:22:52.334917, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SYSTEM] >[2012/06/27 17:22:52.334966, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SYSTEM] >[2012/06/27 17:22:52.335016, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/06/27 17:22:52.335063, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0xb780c7e0 for key [\HKLM\SYSTEM] >[2012/06/27 17:22:52.335136, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [CurrentControlSet] >[2012/06/27 17:22:52.335192, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (3->4) >[2012/06/27 17:22:52.335247, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet] >[2012/06/27 17:22:52.335314, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet] >[2012/06/27 17:22:52.335367, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/06/27 17:22:52.335414, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0xb780c7e0 for key [\HKLM\SYSTEM\CurrentControlSet] >[2012/06/27 17:22:52.335485, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (4->3) >[2012/06/27 17:22:52.335540, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Services] >[2012/06/27 17:22:52.335592, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (3->4) >[2012/06/27 17:22:52.335646, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services] >[2012/06/27 17:22:52.335694, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services] >[2012/06/27 17:22:52.335744, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/06/27 17:22:52.335791, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0xb780c7e0 for key [\HKLM\SYSTEM\CurrentControlSet\Services] >[2012/06/27 17:22:52.335877, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (4->3) >[2012/06/27 17:22:52.335933, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[2] [0000] 00 00 00 00 02 00 00 00 00 00 00 00 EA 4F EC D0 ........ .....O.. > [0010] 0E 18 00 00 .... >[2012/06/27 17:22:52.336075, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_OpenKey: struct winreg_OpenKey > out: struct winreg_OpenKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000002-0000-0000-ea4f-ecd00e180000 > result : WERR_OK >[2012/06/27 17:22:52.336314, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_QueryInfoKey: struct winreg_QueryInfoKey > in: struct winreg_QueryInfoKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000002-0000-0000-ea4f-ecd00e180000 > classname : * > classname: struct winreg_String > name_len : 0x0000 (0) > name_size : 0x0000 (0) > name : NULL >[2012/06/27 17:22:52.336591, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 02 00 00 00 00 00 00 00 EA 4F EC D0 ........ .....O.. > [0010] 0E 18 00 00 .... >[2012/06/27 17:22:52.336739, 10] registry/reg_dispatcher.c:150(fetch_reg_values) > fetch_reg_values called for key 'HKLM\SYSTEM\CurrentControlSet\Services' (ops 0xb780c7e0) >[2012/06/27 17:22:52.336799, 10] registry/reg_backend_db.c:1764(regdb_fetch_values_internal) > regdb_fetch_values: Looking for value of key [HKLM\SYSTEM\CurrentControlSet\Services] >[2012/06/27 17:22:52.336863, 10] registry/reg_backend_db.c:1871(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM\CurrentControlSet\Services] >[2012/06/27 17:22:52.336940, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_QueryInfoKey: struct winreg_QueryInfoKey > out: struct winreg_QueryInfoKey > classname : * > classname: struct winreg_String > name_len : 0x0000 (0) > name_size : 0x0000 (0) > name : NULL > num_subkeys : * > num_subkeys : 0x00000007 (7) > max_subkeylen : * > max_subkeylen : 0x0000001c (28) > max_classlen : * > max_classlen : 0x00000000 (0) > num_values : * > num_values : 0x00000000 (0) > max_valnamelen : * > max_valnamelen : 0x00000002 (2) > max_valbufsize : * > max_valbufsize : 0x00000000 (0) > secdescsize : * > secdescsize : 0x00000078 (120) > last_changed_time : * > last_changed_time : NTTIME(0) > result : WERR_OK >[2012/06/27 17:22:52.337530, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumKey: struct winreg_EnumKey > in: struct winreg_EnumKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000002-0000-0000-ea4f-ecd00e180000 > enum_index : 0x00000000 (0) > name : * > name: struct winreg_StringBuf > length : 0x0000 (0) > size : 0x001e (30) > name : * > name : '' > keyclass : * > keyclass: struct winreg_StringBuf > length : 0x0000 (0) > size : 0x0002 (2) > name : * > name : '' > last_changed_time : * > last_changed_time : NTTIME(0) >[2012/06/27 17:22:52.339314, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 02 00 00 00 00 00 00 00 EA 4F EC D0 ........ .....O.. > [0010] 0E 18 00 00 .... >[2012/06/27 17:22:52.339431, 8] rpc_server/winreg/srv_winreg_nt.c:420(_winreg_EnumKey) > _winreg_EnumKey: enumerating key [HKLM\SYSTEM\CurrentControlSet\Services] >[2012/06/27 17:22:52.339524, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumKey: struct winreg_EnumKey > out: struct winreg_EnumKey > name : * > name: struct winreg_StringBuf > length : 0x001a (26) > size : 0x001e (30) > name : * > name : 'LanmanServer' > keyclass : * > keyclass: struct winreg_StringBuf > length : 0x0000 (0) > size : 0x0002 (2) > name : * > name : '' > last_changed_time : * > last_changed_time : NTTIME(0) > result : WERR_OK >[2012/06/27 17:22:52.339948, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumKey: struct winreg_EnumKey > in: struct winreg_EnumKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000002-0000-0000-ea4f-ecd00e180000 > enum_index : 0x00000001 (1) > name : * > name: struct winreg_StringBuf > length : 0x0000 (0) > size : 0x001e (30) > name : * > name : '' > keyclass : * > keyclass: struct winreg_StringBuf > length : 0x0000 (0) > size : 0x0002 (2) > name : * > name : '' > last_changed_time : * > last_changed_time : NTTIME(0) >[2012/06/27 17:22:52.340484, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 02 00 00 00 00 00 00 00 EA 4F EC D0 ........ .....O.. > [0010] 0E 18 00 00 .... >[2012/06/27 17:22:52.340600, 8] rpc_server/winreg/srv_winreg_nt.c:420(_winreg_EnumKey) > _winreg_EnumKey: enumerating key [HKLM\SYSTEM\CurrentControlSet\Services] >[2012/06/27 17:22:52.340690, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumKey: struct winreg_EnumKey > out: struct winreg_EnumKey > name : * > name: struct winreg_StringBuf > length : 0x0012 (18) > size : 0x001e (30) > name : * > name : 'Eventlog' > keyclass : * > keyclass: struct winreg_StringBuf > length : 0x0000 (0) > size : 0x0002 (2) > name : * > name : '' > last_changed_time : * > last_changed_time : NTTIME(0) > result : WERR_OK >[2012/06/27 17:22:52.341134, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumKey: struct winreg_EnumKey > in: struct winreg_EnumKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000002-0000-0000-ea4f-ecd00e180000 > enum_index : 0x00000002 (2) > name : * > name: struct winreg_StringBuf > length : 0x0000 (0) > size : 0x001e (30) > name : * > name : '' > keyclass : * > keyclass: struct winreg_StringBuf > length : 0x0000 (0) > size : 0x0002 (2) > name : * > name : '' > last_changed_time : * > last_changed_time : NTTIME(0) >[2012/06/27 17:22:52.341623, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 02 00 00 00 00 00 00 00 EA 4F EC D0 ........ .....O.. > [0010] 0E 18 00 00 .... >[2012/06/27 17:22:52.341787, 8] rpc_server/winreg/srv_winreg_nt.c:420(_winreg_EnumKey) > _winreg_EnumKey: enumerating key [HKLM\SYSTEM\CurrentControlSet\Services] >[2012/06/27 17:22:52.341879, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumKey: struct winreg_EnumKey > out: struct winreg_EnumKey > name : * > name: struct winreg_StringBuf > length : 0x000c (12) > size : 0x001e (30) > name : * > name : 'Tcpip' > keyclass : * > keyclass: struct winreg_StringBuf > length : 0x0000 (0) > size : 0x0002 (2) > name : * > name : '' > last_changed_time : * > last_changed_time : NTTIME(0) > result : WERR_OK >[2012/06/27 17:22:52.342331, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumKey: struct winreg_EnumKey > in: struct winreg_EnumKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000002-0000-0000-ea4f-ecd00e180000 > enum_index : 0x00000003 (3) > name : * > name: struct winreg_StringBuf > length : 0x0000 (0) > size : 0x001e (30) > name : * > name : '' > keyclass : * > keyclass: struct winreg_StringBuf > length : 0x0000 (0) > size : 0x0002 (2) > name : * > name : '' > last_changed_time : * > last_changed_time : NTTIME(0) >[2012/06/27 17:22:52.342926, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 02 00 00 00 00 00 00 00 EA 4F EC D0 ........ .....O.. > [0010] 0E 18 00 00 .... >[2012/06/27 17:22:52.343040, 8] rpc_server/winreg/srv_winreg_nt.c:420(_winreg_EnumKey) > _winreg_EnumKey: enumerating key [HKLM\SYSTEM\CurrentControlSet\Services] >[2012/06/27 17:22:52.343134, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumKey: struct winreg_EnumKey > out: struct winreg_EnumKey > name : * > name: struct winreg_StringBuf > length : 0x0012 (18) > size : 0x001e (30) > name : * > name : 'Netlogon' > keyclass : * > keyclass: struct winreg_StringBuf > length : 0x0000 (0) > size : 0x0002 (2) > name : * > name : '' > last_changed_time : * > last_changed_time : NTTIME(0) > result : WERR_OK >[2012/06/27 17:22:52.343584, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumKey: struct winreg_EnumKey > in: struct winreg_EnumKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000002-0000-0000-ea4f-ecd00e180000 > enum_index : 0x00000004 (4) > name : * > name: struct winreg_StringBuf > length : 0x0000 (0) > size : 0x001e (30) > name : * > name : '' > keyclass : * > keyclass: struct winreg_StringBuf > length : 0x0000 (0) > size : 0x0002 (2) > name : * > name : '' > last_changed_time : * > last_changed_time : NTTIME(0) >[2012/06/27 17:22:52.344090, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 02 00 00 00 00 00 00 00 EA 4F EC D0 ........ .....O.. > [0010] 0E 18 00 00 .... >[2012/06/27 17:22:52.344204, 8] rpc_server/winreg/srv_winreg_nt.c:420(_winreg_EnumKey) > _winreg_EnumKey: enumerating key [HKLM\SYSTEM\CurrentControlSet\Services] >[2012/06/27 17:22:52.344293, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumKey: struct winreg_EnumKey > out: struct winreg_EnumKey > name : * > name: struct winreg_StringBuf > length : 0x0010 (16) > size : 0x001e (30) > name : * > name : 'Spooler' > keyclass : * > keyclass: struct winreg_StringBuf > length : 0x0000 (0) > size : 0x0002 (2) > name : * > name : '' > last_changed_time : * > last_changed_time : NTTIME(0) > result : WERR_OK >[2012/06/27 17:22:52.344710, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumKey: struct winreg_EnumKey > in: struct winreg_EnumKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000002-0000-0000-ea4f-ecd00e180000 > enum_index : 0x00000005 (5) > name : * > name: struct winreg_StringBuf > length : 0x0000 (0) > size : 0x001e (30) > name : * > name : '' > keyclass : * > keyclass: struct winreg_StringBuf > length : 0x0000 (0) > size : 0x0002 (2) > name : * > name : '' > last_changed_time : * > last_changed_time : NTTIME(0) >[2012/06/27 17:22:52.345275, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 02 00 00 00 00 00 00 00 EA 4F EC D0 ........ .....O.. > [0010] 0E 18 00 00 .... >[2012/06/27 17:22:52.345424, 8] rpc_server/winreg/srv_winreg_nt.c:420(_winreg_EnumKey) > _winreg_EnumKey: enumerating key [HKLM\SYSTEM\CurrentControlSet\Services] >[2012/06/27 17:22:52.345521, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumKey: struct winreg_EnumKey > out: struct winreg_EnumKey > name : * > name: struct winreg_StringBuf > length : 0x001e (30) > size : 0x001e (30) > name : * > name : 'RemoteRegistry' > keyclass : * > keyclass: struct winreg_StringBuf > length : 0x0000 (0) > size : 0x0002 (2) > name : * > name : '' > last_changed_time : * > last_changed_time : NTTIME(0) > result : WERR_OK >[2012/06/27 17:22:52.346200, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumKey: struct winreg_EnumKey > in: struct winreg_EnumKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000002-0000-0000-ea4f-ecd00e180000 > enum_index : 0x00000006 (6) > name : * > name: struct winreg_StringBuf > length : 0x0000 (0) > size : 0x001e (30) > name : * > name : '' > keyclass : * > keyclass: struct winreg_StringBuf > length : 0x0000 (0) > size : 0x0002 (2) > name : * > name : '' > last_changed_time : * > last_changed_time : NTTIME(0) >[2012/06/27 17:22:52.346667, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 02 00 00 00 00 00 00 00 EA 4F EC D0 ........ .....O.. > [0010] 0E 18 00 00 .... >[2012/06/27 17:22:52.346800, 8] rpc_server/winreg/srv_winreg_nt.c:420(_winreg_EnumKey) > _winreg_EnumKey: enumerating key [HKLM\SYSTEM\CurrentControlSet\Services] >[2012/06/27 17:22:52.346891, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumKey: struct winreg_EnumKey > out: struct winreg_EnumKey > name : * > name: struct winreg_StringBuf > length : 0x000a (10) > size : 0x001e (30) > name : * > name : 'WINS' > keyclass : * > keyclass: struct winreg_StringBuf > length : 0x0000 (0) > size : 0x0002 (2) > name : * > name : '' > last_changed_time : * > last_changed_time : NTTIME(0) > result : WERR_OK >[2012/06/27 17:22:52.349727, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CreateKey: struct winreg_CreateKey > in: struct winreg_CreateKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000001-0000-0000-ea4f-ecd00e180000 > name: struct winreg_String > name_len : 0x0054 (84) > name_size : 0x0054 (84) > name : * > name : 'SYSTEM\CurrentControlSet\Services\Spooler' > keyclass: struct winreg_String > name_len : 0x0002 (2) > name_size : 0x0002 (2) > name : * > name : '' > options : 0x00000000 (0) > 0: REG_OPTION_VOLATILE > 0: REG_OPTION_CREATE_LINK > 0: REG_OPTION_BACKUP_RESTORE > 0: REG_OPTION_OPEN_LINK > access_mask : 0x02000000 (33554432) > 0: KEY_QUERY_VALUE > 0: KEY_SET_VALUE > 0: KEY_CREATE_SUB_KEY > 0: KEY_ENUMERATE_SUB_KEYS > 0: KEY_NOTIFY > 0: KEY_CREATE_LINK > 0: KEY_WOW64_64KEY > 0: KEY_WOW64_32KEY > secdesc : NULL > action_taken : * > action_taken : REG_ACTION_NONE (0) >[2012/06/27 17:22:52.350540, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[1] [0000] 00 00 00 00 01 00 00 00 00 00 00 00 EA 4F EC D0 ........ .....O.. > [0010] 0E 18 00 00 .... >[2012/06/27 17:22:52.350672, 10] rpc_server/winreg/srv_winreg_nt.c:782(_winreg_CreateKey) > _winreg_CreateKey called with parent key 'HKLM' and subkey name 'SYSTEM\CurrentControlSet\Services\Spooler' >[2012/06/27 17:22:52.350759, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [SYSTEM] >[2012/06/27 17:22:52.350822, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (3->4) >[2012/06/27 17:22:52.350879, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SYSTEM] >[2012/06/27 17:22:52.350928, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SYSTEM] >[2012/06/27 17:22:52.350981, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/06/27 17:22:52.351028, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0xb780c7e0 for key [\HKLM\SYSTEM] >[2012/06/27 17:22:52.351106, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [CurrentControlSet] >[2012/06/27 17:22:52.351163, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (4->5) >[2012/06/27 17:22:52.351219, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet] >[2012/06/27 17:22:52.351268, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet] >[2012/06/27 17:22:52.351318, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/06/27 17:22:52.351366, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0xb780c7e0 for key [\HKLM\SYSTEM\CurrentControlSet] >[2012/06/27 17:22:52.351438, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (5->4) >[2012/06/27 17:22:52.351496, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Services] >[2012/06/27 17:22:52.351548, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (4->5) >[2012/06/27 17:22:52.351607, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services] >[2012/06/27 17:22:52.351675, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services] >[2012/06/27 17:22:52.351729, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/06/27 17:22:52.351778, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0xb780c7e0 for key [\HKLM\SYSTEM\CurrentControlSet\Services] >[2012/06/27 17:22:52.351865, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (5->4) >[2012/06/27 17:22:52.351923, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Spooler] >[2012/06/27 17:22:52.351975, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (4->5) >[2012/06/27 17:22:52.352031, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services\Spooler] >[2012/06/27 17:22:52.352096, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services\Spooler] >[2012/06/27 17:22:52.352151, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/06/27 17:22:52.352199, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0xb780c7e0 for key [\HKLM\SYSTEM\CurrentControlSet\Services\Spooler] >[2012/06/27 17:22:52.352279, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (5->4) >[2012/06/27 17:22:52.352339, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[3] [0000] 00 00 00 00 03 00 00 00 00 00 00 00 EA 4F EC D0 ........ .....O.. > [0010] 0E 18 00 00 .... >[2012/06/27 17:22:52.352448, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CreateKey: struct winreg_CreateKey > out: struct winreg_CreateKey > new_handle : * > new_handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000003-0000-0000-ea4f-ecd00e180000 > action_taken : * > action_taken : REG_OPENED_EXISTING_KEY (2) > result : WERR_OK >[2012/06/27 17:22:52.352767, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_SetValue: struct winreg_SetValue > in: struct winreg_SetValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000003-0000-0000-ea4f-ecd00e180000 > name: struct winreg_String > name_len : 0x000c (12) > name_size : 0x000c (12) > name : * > name : 'Start' > type : REG_DWORD (4) > data : * > data: ARRAY(4) > [0] : 0x02 (2) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > size : 0x00000004 (4) >[2012/06/27 17:22:52.353233, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 03 00 00 00 00 00 00 00 EA 4F EC D0 ........ .....O.. > [0010] 0E 18 00 00 .... >[2012/06/27 17:22:52.353361, 8] rpc_server/winreg/srv_winreg_nt.c:812(_winreg_SetValue) > _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\Spooler:Start] >[2012/06/27 17:22:52.353416, 10] registry/reg_dispatcher.c:150(fetch_reg_values) > fetch_reg_values called for key 'HKLM\SYSTEM\CurrentControlSet\Services\Spooler' (ops 0xb780c7e0) >[2012/06/27 17:22:52.353468, 10] registry/reg_backend_db.c:1764(regdb_fetch_values_internal) > regdb_fetch_values: Looking for value of key [HKLM\SYSTEM\CurrentControlSet\Services\Spooler] >[2012/06/27 17:22:52.353540, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) > specific: [Start], len: 4 >[2012/06/27 17:22:52.353599, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) > specific: [Type], len: 4 >[2012/06/27 17:22:52.353653, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) > specific: [ErrorControl], len: 4 >[2012/06/27 17:22:52.353762, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) > specific: [ObjectName], len: 24 >[2012/06/27 17:22:52.353837, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) > specific: [DisplayName], len: 28 >[2012/06/27 17:22:52.353893, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) > specific: [ImagePath], len: 84 >[2012/06/27 17:22:52.353946, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) > specific: [Description], len: 106 >[2012/06/27 17:22:52.353998, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_SetValue: struct winreg_SetValue > out: struct winreg_SetValue > result : WERR_OK >[2012/06/27 17:22:52.354118, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_SetValue: struct winreg_SetValue > in: struct winreg_SetValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000003-0000-0000-ea4f-ecd00e180000 > name: struct winreg_String > name_len : 0x000a (10) > name_size : 0x000a (10) > name : * > name : 'Type' > type : REG_DWORD (4) > data : * > data: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > size : 0x00000004 (4) >[2012/06/27 17:22:52.354587, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 03 00 00 00 00 00 00 00 EA 4F EC D0 ........ .....O.. > [0010] 0E 18 00 00 .... >[2012/06/27 17:22:52.354698, 8] rpc_server/winreg/srv_winreg_nt.c:812(_winreg_SetValue) > _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\Spooler:Type] >[2012/06/27 17:22:52.354755, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_SetValue: struct winreg_SetValue > out: struct winreg_SetValue > result : WERR_OK >[2012/06/27 17:22:52.354875, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_SetValue: struct winreg_SetValue > in: struct winreg_SetValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000003-0000-0000-ea4f-ecd00e180000 > name: struct winreg_String > name_len : 0x001a (26) > name_size : 0x001a (26) > name : * > name : 'ErrorControl' > type : REG_DWORD (4) > data : * > data: ARRAY(4) > [0] : 0x01 (1) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > size : 0x00000004 (4) >[2012/06/27 17:22:52.355321, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 03 00 00 00 00 00 00 00 EA 4F EC D0 ........ .....O.. > [0010] 0E 18 00 00 .... >[2012/06/27 17:22:52.355429, 8] rpc_server/winreg/srv_winreg_nt.c:812(_winreg_SetValue) > _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\Spooler:ErrorControl] >[2012/06/27 17:22:52.355484, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_SetValue: struct winreg_SetValue > out: struct winreg_SetValue > result : WERR_OK >[2012/06/27 17:22:52.355637, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_SetValue: struct winreg_SetValue > in: struct winreg_SetValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000003-0000-0000-ea4f-ecd00e180000 > name: struct winreg_String > name_len : 0x0016 (22) > name_size : 0x0016 (22) > name : * > name : 'ObjectName' > type : REG_SZ (1) > data : * > data: ARRAY(24) > [0] : 0x4c (76) > [1] : 0x00 (0) > [2] : 0x6f (111) > [3] : 0x00 (0) > [4] : 0x63 (99) > [5] : 0x00 (0) > [6] : 0x61 (97) > [7] : 0x00 (0) > [8] : 0x6c (108) > [9] : 0x00 (0) > [10] : 0x53 (83) > [11] : 0x00 (0) > [12] : 0x79 (121) > [13] : 0x00 (0) > [14] : 0x73 (115) > [15] : 0x00 (0) > [16] : 0x74 (116) > [17] : 0x00 (0) > [18] : 0x65 (101) > [19] : 0x00 (0) > [20] : 0x6d (109) > [21] : 0x00 (0) > [22] : 0x00 (0) > [23] : 0x00 (0) > size : 0x00000018 (24) >[2012/06/27 17:22:52.356521, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 03 00 00 00 00 00 00 00 EA 4F EC D0 ........ .....O.. > [0010] 0E 18 00 00 .... >[2012/06/27 17:22:52.356667, 8] rpc_server/winreg/srv_winreg_nt.c:812(_winreg_SetValue) > _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\Spooler:ObjectName] >[2012/06/27 17:22:52.356727, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_SetValue: struct winreg_SetValue > out: struct winreg_SetValue > result : WERR_OK >[2012/06/27 17:22:52.356857, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_SetValue: struct winreg_SetValue > in: struct winreg_SetValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000003-0000-0000-ea4f-ecd00e180000 > name: struct winreg_String > name_len : 0x0018 (24) > name_size : 0x0018 (24) > name : * > name : 'DisplayName' > type : REG_SZ (1) > data : * > data: ARRAY(28) > [0] : 0x50 (80) > [1] : 0x00 (0) > [2] : 0x72 (114) > [3] : 0x00 (0) > [4] : 0x69 (105) > [5] : 0x00 (0) > [6] : 0x6e (110) > [7] : 0x00 (0) > [8] : 0x74 (116) > [9] : 0x00 (0) > [10] : 0x20 (32) > [11] : 0x00 (0) > [12] : 0x53 (83) > [13] : 0x00 (0) > [14] : 0x70 (112) > [15] : 0x00 (0) > [16] : 0x6f (111) > [17] : 0x00 (0) > [18] : 0x6f (111) > [19] : 0x00 (0) > [20] : 0x6c (108) > [21] : 0x00 (0) > [22] : 0x65 (101) > [23] : 0x00 (0) > [24] : 0x72 (114) > [25] : 0x00 (0) > [26] : 0x00 (0) > [27] : 0x00 (0) > size : 0x0000001c (28) >[2012/06/27 17:22:52.357894, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 03 00 00 00 00 00 00 00 EA 4F EC D0 ........ .....O.. > [0010] 0E 18 00 00 .... >[2012/06/27 17:22:52.358005, 8] rpc_server/winreg/srv_winreg_nt.c:812(_winreg_SetValue) > _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\Spooler:DisplayName] >[2012/06/27 17:22:52.358095, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_SetValue: struct winreg_SetValue > out: struct winreg_SetValue > result : WERR_OK >[2012/06/27 17:22:52.358237, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_SetValue: struct winreg_SetValue > in: struct winreg_SetValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000003-0000-0000-ea4f-ecd00e180000 > name: struct winreg_String > name_len : 0x0014 (20) > name_size : 0x0014 (20) > name : * > name : 'ImagePath' > type : REG_SZ (1) > data : * > data: ARRAY(84) > [0] : 0x2f (47) > [1] : 0x00 (0) > [2] : 0x6f (111) > [3] : 0x00 (0) > [4] : 0x70 (112) > [5] : 0x00 (0) > [6] : 0x74 (116) > [7] : 0x00 (0) > [8] : 0x2f (47) > [9] : 0x00 (0) > [10] : 0x63 (99) > [11] : 0x00 (0) > [12] : 0x65 (101) > [13] : 0x00 (0) > [14] : 0x6e (110) > [15] : 0x00 (0) > [16] : 0x74 (116) > [17] : 0x00 (0) > [18] : 0x72 (114) > [19] : 0x00 (0) > [20] : 0x69 (105) > [21] : 0x00 (0) > [22] : 0x66 (102) > [23] : 0x00 (0) > [24] : 0x79 (121) > [25] : 0x00 (0) > [26] : 0x2f (47) > [27] : 0x00 (0) > [28] : 0x73 (115) > [29] : 0x00 (0) > [30] : 0x61 (97) > [31] : 0x00 (0) > [32] : 0x6d (109) > [33] : 0x00 (0) > [34] : 0x62 (98) > [35] : 0x00 (0) > [36] : 0x61 (97) > [37] : 0x00 (0) > [38] : 0x2f (47) > [39] : 0x00 (0) > [40] : 0x6c (108) > [41] : 0x00 (0) > [42] : 0x69 (105) > [43] : 0x00 (0) > [44] : 0x62 (98) > [45] : 0x00 (0) > [46] : 0x2f (47) > [47] : 0x00 (0) > [48] : 0x73 (115) > [49] : 0x00 (0) > [50] : 0x61 (97) > [51] : 0x00 (0) > [52] : 0x6d (109) > [53] : 0x00 (0) > [54] : 0x62 (98) > [55] : 0x00 (0) > [56] : 0x61 (97) > [57] : 0x00 (0) > [58] : 0x2f (47) > [59] : 0x00 (0) > [60] : 0x73 (115) > [61] : 0x00 (0) > [62] : 0x76 (118) > [63] : 0x00 (0) > [64] : 0x63 (99) > [65] : 0x00 (0) > [66] : 0x63 (99) > [67] : 0x00 (0) > [68] : 0x74 (116) > [69] : 0x00 (0) > [70] : 0x6c (108) > [71] : 0x00 (0) > [72] : 0x2f (47) > [73] : 0x00 (0) > [74] : 0x73 (115) > [75] : 0x00 (0) > [76] : 0x6d (109) > [77] : 0x00 (0) > [78] : 0x62 (98) > [79] : 0x00 (0) > [80] : 0x64 (100) > [81] : 0x00 (0) > [82] : 0x00 (0) > [83] : 0x00 (0) > size : 0x00000054 (84) >[2012/06/27 17:22:52.360530, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 03 00 00 00 00 00 00 00 EA 4F EC D0 ........ .....O.. > [0010] 0E 18 00 00 .... >[2012/06/27 17:22:52.360642, 8] rpc_server/winreg/srv_winreg_nt.c:812(_winreg_SetValue) > _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\Spooler:ImagePath] >[2012/06/27 17:22:52.360698, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_SetValue: struct winreg_SetValue > out: struct winreg_SetValue > result : WERR_OK >[2012/06/27 17:22:52.360819, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_SetValue: struct winreg_SetValue > in: struct winreg_SetValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000003-0000-0000-ea4f-ecd00e180000 > name: struct winreg_String > name_len : 0x0018 (24) > name_size : 0x0018 (24) > name : * > name : 'Description' > type : REG_SZ (1) > data : * > data: ARRAY(106) > [0] : 0x49 (73) > [1] : 0x00 (0) > [2] : 0x6e (110) > [3] : 0x00 (0) > [4] : 0x74 (116) > [5] : 0x00 (0) > [6] : 0x65 (101) > [7] : 0x00 (0) > [8] : 0x72 (114) > [9] : 0x00 (0) > [10] : 0x6e (110) > [11] : 0x00 (0) > [12] : 0x61 (97) > [13] : 0x00 (0) > [14] : 0x6c (108) > [15] : 0x00 (0) > [16] : 0x20 (32) > [17] : 0x00 (0) > [18] : 0x73 (115) > [19] : 0x00 (0) > [20] : 0x65 (101) > [21] : 0x00 (0) > [22] : 0x72 (114) > [23] : 0x00 (0) > [24] : 0x76 (118) > [25] : 0x00 (0) > [26] : 0x69 (105) > [27] : 0x00 (0) > [28] : 0x63 (99) > [29] : 0x00 (0) > [30] : 0x65 (101) > [31] : 0x00 (0) > [32] : 0x20 (32) > [33] : 0x00 (0) > [34] : 0x66 (102) > [35] : 0x00 (0) > [36] : 0x6f (111) > [37] : 0x00 (0) > [38] : 0x72 (114) > [39] : 0x00 (0) > [40] : 0x20 (32) > [41] : 0x00 (0) > [42] : 0x73 (115) > [43] : 0x00 (0) > [44] : 0x70 (112) > [45] : 0x00 (0) > [46] : 0x6f (111) > [47] : 0x00 (0) > [48] : 0x6f (111) > [49] : 0x00 (0) > [50] : 0x6c (108) > [51] : 0x00 (0) > [52] : 0x69 (105) > [53] : 0x00 (0) > [54] : 0x6e (110) > [55] : 0x00 (0) > [56] : 0x67 (103) > [57] : 0x00 (0) > [58] : 0x20 (32) > [59] : 0x00 (0) > [60] : 0x66 (102) > [61] : 0x00 (0) > [62] : 0x69 (105) > [63] : 0x00 (0) > [64] : 0x6c (108) > [65] : 0x00 (0) > [66] : 0x65 (101) > [67] : 0x00 (0) > [68] : 0x73 (115) > [69] : 0x00 (0) > [70] : 0x20 (32) > [71] : 0x00 (0) > [72] : 0x74 (116) > [73] : 0x00 (0) > [74] : 0x6f (111) > [75] : 0x00 (0) > [76] : 0x20 (32) > [77] : 0x00 (0) > [78] : 0x70 (112) > [79] : 0x00 (0) > [80] : 0x72 (114) > [81] : 0x00 (0) > [82] : 0x69 (105) > [83] : 0x00 (0) > [84] : 0x6e (110) > [85] : 0x00 (0) > [86] : 0x74 (116) > [87] : 0x00 (0) > [88] : 0x20 (32) > [89] : 0x00 (0) > [90] : 0x64 (100) > [91] : 0x00 (0) > [92] : 0x65 (101) > [93] : 0x00 (0) > [94] : 0x76 (118) > [95] : 0x00 (0) > [96] : 0x69 (105) > [97] : 0x00 (0) > [98] : 0x63 (99) > [99] : 0x00 (0) > [100] : 0x65 (101) > [101] : 0x00 (0) > [102] : 0x73 (115) > [103] : 0x00 (0) > [104] : 0x00 (0) > [105] : 0x00 (0) > size : 0x0000006a (106) >[2012/06/27 17:22:52.363746, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 03 00 00 00 00 00 00 00 EA 4F EC D0 ........ .....O.. > [0010] 0E 18 00 00 .... >[2012/06/27 17:22:52.363857, 8] rpc_server/winreg/srv_winreg_nt.c:812(_winreg_SetValue) > _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\Spooler:Description] >[2012/06/27 17:22:52.363913, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_SetValue: struct winreg_SetValue > out: struct winreg_SetValue > result : WERR_OK >[2012/06/27 17:22:52.364044, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > in: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000003-0000-0000-ea4f-ecd00e180000 >[2012/06/27 17:22:52.364220, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 03 00 00 00 00 00 00 00 EA 4F EC D0 ........ .....O.. > [0010] 0E 18 00 00 .... >[2012/06/27 17:22:52.364351, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 03 00 00 00 00 00 00 00 EA 4F EC D0 ........ .....O.. > [0010] 0E 18 00 00 .... >[2012/06/27 17:22:52.364467, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/06/27 17:22:52.364532, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (4->3) >[2012/06/27 17:22:52.364585, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > out: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000000-0000-0000-0000-000000000000 > result : WERR_OK >[2012/06/27 17:22:52.364795, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CreateKey: struct winreg_CreateKey > in: struct winreg_CreateKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000001-0000-0000-ea4f-ecd00e180000 > name: struct winreg_String > name_len : 0x0066 (102) > name_size : 0x0066 (102) > name : * > name : 'SYSTEM\CurrentControlSet\Services\Spooler\Security' > keyclass: struct winreg_String > name_len : 0x0002 (2) > name_size : 0x0002 (2) > name : * > name : '' > options : 0x00000000 (0) > 0: REG_OPTION_VOLATILE > 0: REG_OPTION_CREATE_LINK > 0: REG_OPTION_BACKUP_RESTORE > 0: REG_OPTION_OPEN_LINK > access_mask : 0x02000000 (33554432) > 0: KEY_QUERY_VALUE > 0: KEY_SET_VALUE > 0: KEY_CREATE_SUB_KEY > 0: KEY_ENUMERATE_SUB_KEYS > 0: KEY_NOTIFY > 0: KEY_CREATE_LINK > 0: KEY_WOW64_64KEY > 0: KEY_WOW64_32KEY > secdesc : NULL > action_taken : * > action_taken : REG_OPENED_EXISTING_KEY (2) >[2012/06/27 17:22:52.365529, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[1] [0000] 00 00 00 00 01 00 00 00 00 00 00 00 EA 4F EC D0 ........ .....O.. > [0010] 0E 18 00 00 .... >[2012/06/27 17:22:52.365639, 10] rpc_server/winreg/srv_winreg_nt.c:782(_winreg_CreateKey) > _winreg_CreateKey called with parent key 'HKLM' and subkey name 'SYSTEM\CurrentControlSet\Services\Spooler\Security' >[2012/06/27 17:22:52.365734, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [SYSTEM] >[2012/06/27 17:22:52.365793, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (3->4) >[2012/06/27 17:22:52.365848, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SYSTEM] >[2012/06/27 17:22:52.365896, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SYSTEM] >[2012/06/27 17:22:52.365946, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/06/27 17:22:52.365993, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0xb780c7e0 for key [\HKLM\SYSTEM] >[2012/06/27 17:22:52.366066, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [CurrentControlSet] >[2012/06/27 17:22:52.366123, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (4->5) >[2012/06/27 17:22:52.366178, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet] >[2012/06/27 17:22:52.366227, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet] >[2012/06/27 17:22:52.366307, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/06/27 17:22:52.366359, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0xb780c7e0 for key [\HKLM\SYSTEM\CurrentControlSet] >[2012/06/27 17:22:52.366432, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (5->4) >[2012/06/27 17:22:52.366489, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Services] >[2012/06/27 17:22:52.366541, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (4->5) >[2012/06/27 17:22:52.366596, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services] >[2012/06/27 17:22:52.366644, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services] >[2012/06/27 17:22:52.366694, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/06/27 17:22:52.366741, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0xb780c7e0 for key [\HKLM\SYSTEM\CurrentControlSet\Services] >[2012/06/27 17:22:52.366825, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (5->4) >[2012/06/27 17:22:52.366880, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Spooler] >[2012/06/27 17:22:52.366933, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (4->5) >[2012/06/27 17:22:52.366988, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services\Spooler] >[2012/06/27 17:22:52.367036, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services\Spooler] >[2012/06/27 17:22:52.367087, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/06/27 17:22:52.367134, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0xb780c7e0 for key [\HKLM\SYSTEM\CurrentControlSet\Services\Spooler] >[2012/06/27 17:22:52.367202, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (5->4) >[2012/06/27 17:22:52.367276, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Security] >[2012/06/27 17:22:52.367331, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (4->5) >[2012/06/27 17:22:52.367387, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services\Spooler\Security] >[2012/06/27 17:22:52.367435, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services\Spooler\Security] >[2012/06/27 17:22:52.367486, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/06/27 17:22:52.367533, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0xb780c7e0 for key [\HKLM\SYSTEM\CurrentControlSet\Services\Spooler\Security] >[2012/06/27 17:22:52.367597, 10] registry/reg_backend_db.c:1630(regdb_fetch_keys_internal) > regdb_fetch_keys: no subkeys found for key [HKLM\SYSTEM\CurrentControlSet\Services\Spooler\Security] >[2012/06/27 17:22:52.367650, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (5->4) >[2012/06/27 17:22:52.367702, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[3] [0000] 00 00 00 00 04 00 00 00 00 00 00 00 EA 4F EC D0 ........ .....O.. > [0010] 0E 18 00 00 .... >[2012/06/27 17:22:52.367806, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CreateKey: struct winreg_CreateKey > out: struct winreg_CreateKey > new_handle : * > new_handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000004-0000-0000-ea4f-ecd00e180000 > action_taken : * > action_taken : REG_OPENED_EXISTING_KEY (2) > result : WERR_OK >[2012/06/27 17:22:52.368076, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_SetValue: struct winreg_SetValue > in: struct winreg_SetValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000004-0000-0000-ea4f-ecd00e180000 > name: struct winreg_String > name_len : 0x0012 (18) > name_size : 0x0012 (18) > name : * > name : 'Security' > type : REG_BINARY (3) > data : * > data: ARRAY(120) > [0] : 0x01 (1) > [1] : 0x00 (0) > [2] : 0x04 (4) > [3] : 0x80 (128) > [4] : 0x00 (0) > [5] : 0x00 (0) > [6] : 0x00 (0) > [7] : 0x00 (0) > [8] : 0x00 (0) > [9] : 0x00 (0) > [10] : 0x00 (0) > [11] : 0x00 (0) > [12] : 0x00 (0) > [13] : 0x00 (0) > [14] : 0x00 (0) > [15] : 0x00 (0) > [16] : 0x14 (20) > [17] : 0x00 (0) > [18] : 0x00 (0) > [19] : 0x00 (0) > [20] : 0x02 (2) > [21] : 0x00 (0) > [22] : 0x64 (100) > [23] : 0x00 (0) > [24] : 0x04 (4) > [25] : 0x00 (0) > [26] : 0x00 (0) > [27] : 0x00 (0) > [28] : 0x00 (0) > [29] : 0x00 (0) > [30] : 0x14 (20) > [31] : 0x00 (0) > [32] : 0x8d (141) > [33] : 0x01 (1) > [34] : 0x02 (2) > [35] : 0x00 (0) > [36] : 0x01 (1) > [37] : 0x01 (1) > [38] : 0x00 (0) > [39] : 0x00 (0) > [40] : 0x00 (0) > [41] : 0x00 (0) > [42] : 0x00 (0) > [43] : 0x01 (1) > [44] : 0x00 (0) > [45] : 0x00 (0) > [46] : 0x00 (0) > [47] : 0x00 (0) > [48] : 0x00 (0) > [49] : 0x00 (0) > [50] : 0x18 (24) > [51] : 0x00 (0) > [52] : 0xfd (253) > [53] : 0x01 (1) > [54] : 0x02 (2) > [55] : 0x00 (0) > [56] : 0x01 (1) > [57] : 0x02 (2) > [58] : 0x00 (0) > [59] : 0x00 (0) > [60] : 0x00 (0) > [61] : 0x00 (0) > [62] : 0x00 (0) > [63] : 0x05 (5) > [64] : 0x20 (32) > [65] : 0x00 (0) > [66] : 0x00 (0) > [67] : 0x00 (0) > [68] : 0x23 (35) > [69] : 0x02 (2) > [70] : 0x00 (0) > [71] : 0x00 (0) > [72] : 0x00 (0) > [73] : 0x00 (0) > [74] : 0x18 (24) > [75] : 0x00 (0) > [76] : 0xff (255) > [77] : 0x01 (1) > [78] : 0x0f (15) > [79] : 0x00 (0) > [80] : 0x01 (1) > [81] : 0x02 (2) > [82] : 0x00 (0) > [83] : 0x00 (0) > [84] : 0x00 (0) > [85] : 0x00 (0) > [86] : 0x00 (0) > [87] : 0x05 (5) > [88] : 0x20 (32) > [89] : 0x00 (0) > [90] : 0x00 (0) > [91] : 0x00 (0) > [92] : 0x25 (37) > [93] : 0x02 (2) > [94] : 0x00 (0) > [95] : 0x00 (0) > [96] : 0x00 (0) > [97] : 0x00 (0) > [98] : 0x18 (24) > [99] : 0x00 (0) > [100] : 0xff (255) > [101] : 0x01 (1) > [102] : 0x0f (15) > [103] : 0x00 (0) > [104] : 0x01 (1) > [105] : 0x02 (2) > [106] : 0x00 (0) > [107] : 0x00 (0) > [108] : 0x00 (0) > [109] : 0x00 (0) > [110] : 0x00 (0) > [111] : 0x05 (5) > [112] : 0x20 (32) > [113] : 0x00 (0) > [114] : 0x00 (0) > [115] : 0x00 (0) > [116] : 0x20 (32) > [117] : 0x02 (2) > [118] : 0x00 (0) > [119] : 0x00 (0) > size : 0x00000078 (120) >[2012/06/27 17:22:52.371092, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 04 00 00 00 00 00 00 00 EA 4F EC D0 ........ .....O.. > [0010] 0E 18 00 00 .... >[2012/06/27 17:22:52.371213, 8] rpc_server/winreg/srv_winreg_nt.c:812(_winreg_SetValue) > _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\Spooler\Security:Security] >[2012/06/27 17:22:52.371267, 10] registry/reg_dispatcher.c:150(fetch_reg_values) > fetch_reg_values called for key 'HKLM\SYSTEM\CurrentControlSet\Services\Spooler\Security' (ops 0xb780c7e0) >[2012/06/27 17:22:52.371327, 10] registry/reg_backend_db.c:1764(regdb_fetch_values_internal) > regdb_fetch_values: Looking for value of key [HKLM\SYSTEM\CurrentControlSet\Services\Spooler\Security] >[2012/06/27 17:22:52.371414, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) > specific: [Security], len: 120 >[2012/06/27 17:22:52.371493, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_SetValue: struct winreg_SetValue > out: struct winreg_SetValue > result : WERR_OK >[2012/06/27 17:22:52.371612, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > in: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000004-0000-0000-ea4f-ecd00e180000 >[2012/06/27 17:22:52.371794, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 04 00 00 00 00 00 00 00 EA 4F EC D0 ........ .....O.. > [0010] 0E 18 00 00 .... >[2012/06/27 17:22:52.371903, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 04 00 00 00 00 00 00 00 EA 4F EC D0 ........ .....O.. > [0010] 0E 18 00 00 .... >[2012/06/27 17:22:52.372006, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/06/27 17:22:52.372055, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (4->3) >[2012/06/27 17:22:52.372106, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > out: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000000-0000-0000-0000-000000000000 > result : WERR_OK >[2012/06/27 17:22:52.372314, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CreateKey: struct winreg_CreateKey > in: struct winreg_CreateKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000001-0000-0000-ea4f-ecd00e180000 > name: struct winreg_String > name_len : 0x0056 (86) > name_size : 0x0056 (86) > name : * > name : 'SYSTEM\CurrentControlSet\Services\NETLOGON' > keyclass: struct winreg_String > name_len : 0x0002 (2) > name_size : 0x0002 (2) > name : * > name : '' > options : 0x00000000 (0) > 0: REG_OPTION_VOLATILE > 0: REG_OPTION_CREATE_LINK > 0: REG_OPTION_BACKUP_RESTORE > 0: REG_OPTION_OPEN_LINK > access_mask : 0x02000000 (33554432) > 0: KEY_QUERY_VALUE > 0: KEY_SET_VALUE > 0: KEY_CREATE_SUB_KEY > 0: KEY_ENUMERATE_SUB_KEYS > 0: KEY_NOTIFY > 0: KEY_CREATE_LINK > 0: KEY_WOW64_64KEY > 0: KEY_WOW64_32KEY > secdesc : NULL > action_taken : * > action_taken : REG_ACTION_NONE (0) >[2012/06/27 17:22:52.373056, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[1] [0000] 00 00 00 00 01 00 00 00 00 00 00 00 EA 4F EC D0 ........ .....O.. > [0010] 0E 18 00 00 .... >[2012/06/27 17:22:52.373167, 10] rpc_server/winreg/srv_winreg_nt.c:782(_winreg_CreateKey) > _winreg_CreateKey called with parent key 'HKLM' and subkey name 'SYSTEM\CurrentControlSet\Services\NETLOGON' >[2012/06/27 17:22:52.373230, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [SYSTEM] >[2012/06/27 17:22:52.373299, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (3->4) >[2012/06/27 17:22:52.373357, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SYSTEM] >[2012/06/27 17:22:52.373405, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SYSTEM] >[2012/06/27 17:22:52.373455, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/06/27 17:22:52.373501, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0xb780c7e0 for key [\HKLM\SYSTEM] >[2012/06/27 17:22:52.373570, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [CurrentControlSet] >[2012/06/27 17:22:52.373627, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (4->5) >[2012/06/27 17:22:52.373754, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet] >[2012/06/27 17:22:52.373808, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet] >[2012/06/27 17:22:52.373859, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/06/27 17:22:52.373907, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0xb780c7e0 for key [\HKLM\SYSTEM\CurrentControlSet] >[2012/06/27 17:22:52.373981, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (5->4) >[2012/06/27 17:22:52.374038, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Services] >[2012/06/27 17:22:52.374105, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (4->5) >[2012/06/27 17:22:52.374176, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services] >[2012/06/27 17:22:52.374225, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services] >[2012/06/27 17:22:52.374275, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/06/27 17:22:52.374322, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0xb780c7e0 for key [\HKLM\SYSTEM\CurrentControlSet\Services] >[2012/06/27 17:22:52.374407, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (5->4) >[2012/06/27 17:22:52.374464, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [NETLOGON] >[2012/06/27 17:22:52.374516, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (4->5) >[2012/06/27 17:22:52.374571, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON] >[2012/06/27 17:22:52.374619, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON] >[2012/06/27 17:22:52.374669, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/06/27 17:22:52.374716, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0xb780c7e0 for key [\HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON] >[2012/06/27 17:22:52.374796, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (5->4) >[2012/06/27 17:22:52.374852, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[3] [0000] 00 00 00 00 05 00 00 00 00 00 00 00 EA 4F EC D0 ........ .....O.. > [0010] 0E 18 00 00 .... >[2012/06/27 17:22:52.374957, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CreateKey: struct winreg_CreateKey > out: struct winreg_CreateKey > new_handle : * > new_handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000005-0000-0000-ea4f-ecd00e180000 > action_taken : * > action_taken : REG_OPENED_EXISTING_KEY (2) > result : WERR_OK >[2012/06/27 17:22:52.375229, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_SetValue: struct winreg_SetValue > in: struct winreg_SetValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000005-0000-0000-ea4f-ecd00e180000 > name: struct winreg_String > name_len : 0x000c (12) > name_size : 0x000c (12) > name : * > name : 'Start' > type : REG_DWORD (4) > data : * > data: ARRAY(4) > [0] : 0x02 (2) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > size : 0x00000004 (4) >[2012/06/27 17:22:52.375672, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 05 00 00 00 00 00 00 00 EA 4F EC D0 ........ .....O.. > [0010] 0E 18 00 00 .... >[2012/06/27 17:22:52.376473, 8] rpc_server/winreg/srv_winreg_nt.c:812(_winreg_SetValue) > _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON:Start] >[2012/06/27 17:22:52.376532, 10] registry/reg_dispatcher.c:150(fetch_reg_values) > fetch_reg_values called for key 'HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON' (ops 0xb780c7e0) >[2012/06/27 17:22:52.376584, 10] registry/reg_backend_db.c:1764(regdb_fetch_values_internal) > regdb_fetch_values: Looking for value of key [HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON] >[2012/06/27 17:22:52.376653, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) > specific: [Start], len: 4 >[2012/06/27 17:22:52.376709, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) > specific: [Type], len: 4 >[2012/06/27 17:22:52.376761, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) > specific: [ErrorControl], len: 4 >[2012/06/27 17:22:52.376813, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) > specific: [ObjectName], len: 24 >[2012/06/27 17:22:52.376864, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) > specific: [DisplayName], len: 20 >[2012/06/27 17:22:52.376920, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) > specific: [ImagePath], len: 84 >[2012/06/27 17:22:52.376973, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) > specific: [Description], len: 164 >[2012/06/27 17:22:52.377046, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_SetValue: struct winreg_SetValue > out: struct winreg_SetValue > result : WERR_OK >[2012/06/27 17:22:52.377169, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_SetValue: struct winreg_SetValue > in: struct winreg_SetValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000005-0000-0000-ea4f-ecd00e180000 > name: struct winreg_String > name_len : 0x000a (10) > name_size : 0x000a (10) > name : * > name : 'Type' > type : REG_DWORD (4) > data : * > data: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > size : 0x00000004 (4) >[2012/06/27 17:22:52.377610, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 05 00 00 00 00 00 00 00 EA 4F EC D0 ........ .....O.. > [0010] 0E 18 00 00 .... >[2012/06/27 17:22:52.377757, 8] rpc_server/winreg/srv_winreg_nt.c:812(_winreg_SetValue) > _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON:Type] >[2012/06/27 17:22:52.377815, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_SetValue: struct winreg_SetValue > out: struct winreg_SetValue > result : WERR_OK >[2012/06/27 17:22:52.377944, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_SetValue: struct winreg_SetValue > in: struct winreg_SetValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000005-0000-0000-ea4f-ecd00e180000 > name: struct winreg_String > name_len : 0x001a (26) > name_size : 0x001a (26) > name : * > name : 'ErrorControl' > type : REG_DWORD (4) > data : * > data: ARRAY(4) > [0] : 0x01 (1) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > size : 0x00000004 (4) >[2012/06/27 17:22:52.378395, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 05 00 00 00 00 00 00 00 EA 4F EC D0 ........ .....O.. > [0010] 0E 18 00 00 .... >[2012/06/27 17:22:52.378504, 8] rpc_server/winreg/srv_winreg_nt.c:812(_winreg_SetValue) > _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON:ErrorControl] >[2012/06/27 17:22:52.378559, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_SetValue: struct winreg_SetValue > out: struct winreg_SetValue > result : WERR_OK >[2012/06/27 17:22:52.378677, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_SetValue: struct winreg_SetValue > in: struct winreg_SetValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000005-0000-0000-ea4f-ecd00e180000 > name: struct winreg_String > name_len : 0x0016 (22) > name_size : 0x0016 (22) > name : * > name : 'ObjectName' > type : REG_SZ (1) > data : * > data: ARRAY(24) > [0] : 0x4c (76) > [1] : 0x00 (0) > [2] : 0x6f (111) > [3] : 0x00 (0) > [4] : 0x63 (99) > [5] : 0x00 (0) > [6] : 0x61 (97) > [7] : 0x00 (0) > [8] : 0x6c (108) > [9] : 0x00 (0) > [10] : 0x53 (83) > [11] : 0x00 (0) > [12] : 0x79 (121) > [13] : 0x00 (0) > [14] : 0x73 (115) > [15] : 0x00 (0) > [16] : 0x74 (116) > [17] : 0x00 (0) > [18] : 0x65 (101) > [19] : 0x00 (0) > [20] : 0x6d (109) > [21] : 0x00 (0) > [22] : 0x00 (0) > [23] : 0x00 (0) > size : 0x00000018 (24) >[2012/06/27 17:22:52.379580, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 05 00 00 00 00 00 00 00 EA 4F EC D0 ........ .....O.. > [0010] 0E 18 00 00 .... >[2012/06/27 17:22:52.379690, 8] rpc_server/winreg/srv_winreg_nt.c:812(_winreg_SetValue) > _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON:ObjectName] >[2012/06/27 17:22:52.379745, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_SetValue: struct winreg_SetValue > out: struct winreg_SetValue > result : WERR_OK >[2012/06/27 17:22:52.379869, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_SetValue: struct winreg_SetValue > in: struct winreg_SetValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000005-0000-0000-ea4f-ecd00e180000 > name: struct winreg_String > name_len : 0x0018 (24) > name_size : 0x0018 (24) > name : * > name : 'DisplayName' > type : REG_SZ (1) > data : * > data: ARRAY(20) > [0] : 0x4e (78) > [1] : 0x00 (0) > [2] : 0x65 (101) > [3] : 0x00 (0) > [4] : 0x74 (116) > [5] : 0x00 (0) > [6] : 0x20 (32) > [7] : 0x00 (0) > [8] : 0x4c (76) > [9] : 0x00 (0) > [10] : 0x6f (111) > [11] : 0x00 (0) > [12] : 0x67 (103) > [13] : 0x00 (0) > [14] : 0x6f (111) > [15] : 0x00 (0) > [16] : 0x6e (110) > [17] : 0x00 (0) > [18] : 0x00 (0) > [19] : 0x00 (0) > size : 0x00000014 (20) >[2012/06/27 17:22:52.380689, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 05 00 00 00 00 00 00 00 EA 4F EC D0 ........ .....O.. > [0010] 0E 18 00 00 .... >[2012/06/27 17:22:52.380799, 8] rpc_server/winreg/srv_winreg_nt.c:812(_winreg_SetValue) > _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON:DisplayName] >[2012/06/27 17:22:52.380854, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_SetValue: struct winreg_SetValue > out: struct winreg_SetValue > result : WERR_OK >[2012/06/27 17:22:52.380995, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_SetValue: struct winreg_SetValue > in: struct winreg_SetValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000005-0000-0000-ea4f-ecd00e180000 > name: struct winreg_String > name_len : 0x0014 (20) > name_size : 0x0014 (20) > name : * > name : 'ImagePath' > type : REG_SZ (1) > data : * > data: ARRAY(84) > [0] : 0x2f (47) > [1] : 0x00 (0) > [2] : 0x6f (111) > [3] : 0x00 (0) > [4] : 0x70 (112) > [5] : 0x00 (0) > [6] : 0x74 (116) > [7] : 0x00 (0) > [8] : 0x2f (47) > [9] : 0x00 (0) > [10] : 0x63 (99) > [11] : 0x00 (0) > [12] : 0x65 (101) > [13] : 0x00 (0) > [14] : 0x6e (110) > [15] : 0x00 (0) > [16] : 0x74 (116) > [17] : 0x00 (0) > [18] : 0x72 (114) > [19] : 0x00 (0) > [20] : 0x69 (105) > [21] : 0x00 (0) > [22] : 0x66 (102) > [23] : 0x00 (0) > [24] : 0x79 (121) > [25] : 0x00 (0) > [26] : 0x2f (47) > [27] : 0x00 (0) > [28] : 0x73 (115) > [29] : 0x00 (0) > [30] : 0x61 (97) > [31] : 0x00 (0) > [32] : 0x6d (109) > [33] : 0x00 (0) > [34] : 0x62 (98) > [35] : 0x00 (0) > [36] : 0x61 (97) > [37] : 0x00 (0) > [38] : 0x2f (47) > [39] : 0x00 (0) > [40] : 0x6c (108) > [41] : 0x00 (0) > [42] : 0x69 (105) > [43] : 0x00 (0) > [44] : 0x62 (98) > [45] : 0x00 (0) > [46] : 0x2f (47) > [47] : 0x00 (0) > [48] : 0x73 (115) > [49] : 0x00 (0) > [50] : 0x61 (97) > [51] : 0x00 (0) > [52] : 0x6d (109) > [53] : 0x00 (0) > [54] : 0x62 (98) > [55] : 0x00 (0) > [56] : 0x61 (97) > [57] : 0x00 (0) > [58] : 0x2f (47) > [59] : 0x00 (0) > [60] : 0x73 (115) > [61] : 0x00 (0) > [62] : 0x76 (118) > [63] : 0x00 (0) > [64] : 0x63 (99) > [65] : 0x00 (0) > [66] : 0x63 (99) > [67] : 0x00 (0) > [68] : 0x74 (116) > [69] : 0x00 (0) > [70] : 0x6c (108) > [71] : 0x00 (0) > [72] : 0x2f (47) > [73] : 0x00 (0) > [74] : 0x73 (115) > [75] : 0x00 (0) > [76] : 0x6d (109) > [77] : 0x00 (0) > [78] : 0x62 (98) > [79] : 0x00 (0) > [80] : 0x64 (100) > [81] : 0x00 (0) > [82] : 0x00 (0) > [83] : 0x00 (0) > size : 0x00000054 (84) >[2012/06/27 17:22:52.383200, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 05 00 00 00 00 00 00 00 EA 4F EC D0 ........ .....O.. > [0010] 0E 18 00 00 .... >[2012/06/27 17:22:52.383329, 8] rpc_server/winreg/srv_winreg_nt.c:812(_winreg_SetValue) > _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON:ImagePath] >[2012/06/27 17:22:52.383387, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_SetValue: struct winreg_SetValue > out: struct winreg_SetValue > result : WERR_OK >[2012/06/27 17:22:52.383511, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_SetValue: struct winreg_SetValue > in: struct winreg_SetValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000005-0000-0000-ea4f-ecd00e180000 > name: struct winreg_String > name_len : 0x0018 (24) > name_size : 0x0018 (24) > name : * > name : 'Description' > type : REG_SZ (1) > data : * > data: ARRAY(164) > [0] : 0x46 (70) > [1] : 0x00 (0) > [2] : 0x69 (105) > [3] : 0x00 (0) > [4] : 0x6c (108) > [5] : 0x00 (0) > [6] : 0x65 (101) > [7] : 0x00 (0) > [8] : 0x20 (32) > [9] : 0x00 (0) > [10] : 0x73 (115) > [11] : 0x00 (0) > [12] : 0x65 (101) > [13] : 0x00 (0) > [14] : 0x72 (114) > [15] : 0x00 (0) > [16] : 0x76 (118) > [17] : 0x00 (0) > [18] : 0x69 (105) > [19] : 0x00 (0) > [20] : 0x63 (99) > [21] : 0x00 (0) > [22] : 0x65 (101) > [23] : 0x00 (0) > [24] : 0x20 (32) > [25] : 0x00 (0) > [26] : 0x70 (112) > [27] : 0x00 (0) > [28] : 0x72 (114) > [29] : 0x00 (0) > [30] : 0x6f (111) > [31] : 0x00 (0) > [32] : 0x76 (118) > [33] : 0x00 (0) > [34] : 0x69 (105) > [35] : 0x00 (0) > [36] : 0x64 (100) > [37] : 0x00 (0) > [38] : 0x69 (105) > [39] : 0x00 (0) > [40] : 0x6e (110) > [41] : 0x00 (0) > [42] : 0x67 (103) > [43] : 0x00 (0) > [44] : 0x20 (32) > [45] : 0x00 (0) > [46] : 0x61 (97) > [47] : 0x00 (0) > [48] : 0x63 (99) > [49] : 0x00 (0) > [50] : 0x63 (99) > [51] : 0x00 (0) > [52] : 0x65 (101) > [53] : 0x00 (0) > [54] : 0x73 (115) > [55] : 0x00 (0) > [56] : 0x73 (115) > [57] : 0x00 (0) > [58] : 0x20 (32) > [59] : 0x00 (0) > [60] : 0x74 (116) > [61] : 0x00 (0) > [62] : 0x6f (111) > [63] : 0x00 (0) > [64] : 0x20 (32) > [65] : 0x00 (0) > [66] : 0x70 (112) > [67] : 0x00 (0) > [68] : 0x6f (111) > [69] : 0x00 (0) > [70] : 0x6c (108) > [71] : 0x00 (0) > [72] : 0x69 (105) > [73] : 0x00 (0) > [74] : 0x63 (99) > [75] : 0x00 (0) > [76] : 0x79 (121) > [77] : 0x00 (0) > [78] : 0x20 (32) > [79] : 0x00 (0) > [80] : 0x61 (97) > [81] : 0x00 (0) > [82] : 0x6e (110) > [83] : 0x00 (0) > [84] : 0x64 (100) > [85] : 0x00 (0) > [86] : 0x20 (32) > [87] : 0x00 (0) > [88] : 0x70 (112) > [89] : 0x00 (0) > [90] : 0x72 (114) > [91] : 0x00 (0) > [92] : 0x6f (111) > [93] : 0x00 (0) > [94] : 0x66 (102) > [95] : 0x00 (0) > [96] : 0x69 (105) > [97] : 0x00 (0) > [98] : 0x6c (108) > [99] : 0x00 (0) > [100] : 0x65 (101) > [101] : 0x00 (0) > [102] : 0x20 (32) > [103] : 0x00 (0) > [104] : 0x64 (100) > [105] : 0x00 (0) > [106] : 0x61 (97) > [107] : 0x00 (0) > [108] : 0x74 (116) > [109] : 0x00 (0) > [110] : 0x61 (97) > [111] : 0x00 (0) > [112] : 0x20 (32) > [113] : 0x00 (0) > [114] : 0x28 (40) > [115] : 0x00 (0) > [116] : 0x6e (110) > [117] : 0x00 (0) > [118] : 0x6f (111) > [119] : 0x00 (0) > [120] : 0x74 (116) > [121] : 0x00 (0) > [122] : 0x72 (114) > [123] : 0x00 (0) > [124] : 0x65 (101) > [125] : 0x00 (0) > [126] : 0x6d (109) > [127] : 0x00 (0) > [128] : 0x6f (111) > [129] : 0x00 (0) > [130] : 0x74 (116) > [131] : 0x00 (0) > [132] : 0x65 (101) > [133] : 0x00 (0) > [134] : 0x6c (108) > [135] : 0x00 (0) > [136] : 0x79 (121) > [137] : 0x00 (0) > [138] : 0x20 (32) > [139] : 0x00 (0) > [140] : 0x6d (109) > [141] : 0x00 (0) > [142] : 0x61 (97) > [143] : 0x00 (0) > [144] : 0x6e (110) > [145] : 0x00 (0) > [146] : 0x61 (97) > [147] : 0x00 (0) > [148] : 0x67 (103) > [149] : 0x00 (0) > [150] : 0x65 (101) > [151] : 0x00 (0) > [152] : 0x61 (97) > [153] : 0x00 (0) > [154] : 0x62 (98) > [155] : 0x00 (0) > [156] : 0x6c (108) > [157] : 0x00 (0) > [158] : 0x65 (101) > [159] : 0x00 (0) > [160] : 0x29 (41) > [161] : 0x00 (0) > [162] : 0x00 (0) > [163] : 0x00 (0) > size : 0x000000a4 (164) >[2012/06/27 17:22:52.387466, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 05 00 00 00 00 00 00 00 EA 4F EC D0 ........ .....O.. > [0010] 0E 18 00 00 .... >[2012/06/27 17:22:52.387578, 8] rpc_server/winreg/srv_winreg_nt.c:812(_winreg_SetValue) > _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON:Description] >[2012/06/27 17:22:52.387634, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_SetValue: struct winreg_SetValue > out: struct winreg_SetValue > result : WERR_OK >[2012/06/27 17:22:52.387766, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > in: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000005-0000-0000-ea4f-ecd00e180000 >[2012/06/27 17:22:52.387940, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 05 00 00 00 00 00 00 00 EA 4F EC D0 ........ .....O.. > [0010] 0E 18 00 00 .... >[2012/06/27 17:22:52.388047, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 05 00 00 00 00 00 00 00 EA 4F EC D0 ........ .....O.. > [0010] 0E 18 00 00 .... >[2012/06/27 17:22:52.388151, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/06/27 17:22:52.388201, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (4->3) >[2012/06/27 17:22:52.388252, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > out: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000000-0000-0000-0000-000000000000 > result : WERR_OK >[2012/06/27 17:22:52.388478, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CreateKey: struct winreg_CreateKey > in: struct winreg_CreateKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000001-0000-0000-ea4f-ecd00e180000 > name: struct winreg_String > name_len : 0x0068 (104) > name_size : 0x0068 (104) > name : * > name : 'SYSTEM\CurrentControlSet\Services\NETLOGON\Security' > keyclass: struct winreg_String > name_len : 0x0002 (2) > name_size : 0x0002 (2) > name : * > name : '' > options : 0x00000000 (0) > 0: REG_OPTION_VOLATILE > 0: REG_OPTION_CREATE_LINK > 0: REG_OPTION_BACKUP_RESTORE > 0: REG_OPTION_OPEN_LINK > access_mask : 0x02000000 (33554432) > 0: KEY_QUERY_VALUE > 0: KEY_SET_VALUE > 0: KEY_CREATE_SUB_KEY > 0: KEY_ENUMERATE_SUB_KEYS > 0: KEY_NOTIFY > 0: KEY_CREATE_LINK > 0: KEY_WOW64_64KEY > 0: KEY_WOW64_32KEY > secdesc : NULL > action_taken : * > action_taken : REG_OPENED_EXISTING_KEY (2) >[2012/06/27 17:22:52.389250, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[1] [0000] 00 00 00 00 01 00 00 00 00 00 00 00 EA 4F EC D0 ........ .....O.. > [0010] 0E 18 00 00 .... >[2012/06/27 17:22:52.389427, 10] rpc_server/winreg/srv_winreg_nt.c:782(_winreg_CreateKey) > _winreg_CreateKey called with parent key 'HKLM' and subkey name 'SYSTEM\CurrentControlSet\Services\NETLOGON\Security' >[2012/06/27 17:22:52.389488, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [SYSTEM] >[2012/06/27 17:22:52.389542, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (3->4) >[2012/06/27 17:22:52.389623, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SYSTEM] >[2012/06/27 17:22:52.389706, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SYSTEM] >[2012/06/27 17:22:52.389770, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/06/27 17:22:52.389818, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0xb780c7e0 for key [\HKLM\SYSTEM] >[2012/06/27 17:22:52.389892, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [CurrentControlSet] >[2012/06/27 17:22:52.389950, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (4->5) >[2012/06/27 17:22:52.390005, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet] >[2012/06/27 17:22:52.390053, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet] >[2012/06/27 17:22:52.390104, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/06/27 17:22:52.390151, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0xb780c7e0 for key [\HKLM\SYSTEM\CurrentControlSet] >[2012/06/27 17:22:52.390221, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (5->4) >[2012/06/27 17:22:52.390291, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Services] >[2012/06/27 17:22:52.390345, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (4->5) >[2012/06/27 17:22:52.390400, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services] >[2012/06/27 17:22:52.390448, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services] >[2012/06/27 17:22:52.390499, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/06/27 17:22:52.390555, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0xb780c7e0 for key [\HKLM\SYSTEM\CurrentControlSet\Services] >[2012/06/27 17:22:52.390640, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (5->4) >[2012/06/27 17:22:52.390697, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [NETLOGON] >[2012/06/27 17:22:52.390750, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (4->5) >[2012/06/27 17:22:52.390805, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON] >[2012/06/27 17:22:52.390854, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON] >[2012/06/27 17:22:52.390905, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/06/27 17:22:52.390952, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0xb780c7e0 for key [\HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON] >[2012/06/27 17:22:52.391023, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (5->4) >[2012/06/27 17:22:52.391078, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Security] >[2012/06/27 17:22:52.391130, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (4->5) >[2012/06/27 17:22:52.391185, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON\Security] >[2012/06/27 17:22:52.391234, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON\Security] >[2012/06/27 17:22:52.391285, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/06/27 17:22:52.391340, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0xb780c7e0 for key [\HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON\Security] >[2012/06/27 17:22:52.391404, 10] registry/reg_backend_db.c:1630(regdb_fetch_keys_internal) > regdb_fetch_keys: no subkeys found for key [HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON\Security] >[2012/06/27 17:22:52.391458, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (5->4) >[2012/06/27 17:22:52.391511, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[3] [0000] 00 00 00 00 06 00 00 00 00 00 00 00 EA 4F EC D0 ........ .....O.. > [0010] 0E 18 00 00 .... >[2012/06/27 17:22:52.391615, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CreateKey: struct winreg_CreateKey > out: struct winreg_CreateKey > new_handle : * > new_handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000006-0000-0000-ea4f-ecd00e180000 > action_taken : * > action_taken : REG_OPENED_EXISTING_KEY (2) > result : WERR_OK >[2012/06/27 17:22:52.391873, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_SetValue: struct winreg_SetValue > in: struct winreg_SetValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000006-0000-0000-ea4f-ecd00e180000 > name: struct winreg_String > name_len : 0x0012 (18) > name_size : 0x0012 (18) > name : * > name : 'Security' > type : REG_BINARY (3) > data : * > data: ARRAY(120) > [0] : 0x01 (1) > [1] : 0x00 (0) > [2] : 0x04 (4) > [3] : 0x80 (128) > [4] : 0x00 (0) > [5] : 0x00 (0) > [6] : 0x00 (0) > [7] : 0x00 (0) > [8] : 0x00 (0) > [9] : 0x00 (0) > [10] : 0x00 (0) > [11] : 0x00 (0) > [12] : 0x00 (0) > [13] : 0x00 (0) > [14] : 0x00 (0) > [15] : 0x00 (0) > [16] : 0x14 (20) > [17] : 0x00 (0) > [18] : 0x00 (0) > [19] : 0x00 (0) > [20] : 0x02 (2) > [21] : 0x00 (0) > [22] : 0x64 (100) > [23] : 0x00 (0) > [24] : 0x04 (4) > [25] : 0x00 (0) > [26] : 0x00 (0) > [27] : 0x00 (0) > [28] : 0x00 (0) > [29] : 0x00 (0) > [30] : 0x14 (20) > [31] : 0x00 (0) > [32] : 0x8d (141) > [33] : 0x01 (1) > [34] : 0x02 (2) > [35] : 0x00 (0) > [36] : 0x01 (1) > [37] : 0x01 (1) > [38] : 0x00 (0) > [39] : 0x00 (0) > [40] : 0x00 (0) > [41] : 0x00 (0) > [42] : 0x00 (0) > [43] : 0x01 (1) > [44] : 0x00 (0) > [45] : 0x00 (0) > [46] : 0x00 (0) > [47] : 0x00 (0) > [48] : 0x00 (0) > [49] : 0x00 (0) > [50] : 0x18 (24) > [51] : 0x00 (0) > [52] : 0xfd (253) > [53] : 0x01 (1) > [54] : 0x02 (2) > [55] : 0x00 (0) > [56] : 0x01 (1) > [57] : 0x02 (2) > [58] : 0x00 (0) > [59] : 0x00 (0) > [60] : 0x00 (0) > [61] : 0x00 (0) > [62] : 0x00 (0) > [63] : 0x05 (5) > [64] : 0x20 (32) > [65] : 0x00 (0) > [66] : 0x00 (0) > [67] : 0x00 (0) > [68] : 0x23 (35) > [69] : 0x02 (2) > [70] : 0x00 (0) > [71] : 0x00 (0) > [72] : 0x00 (0) > [73] : 0x00 (0) > [74] : 0x18 (24) > [75] : 0x00 (0) > [76] : 0xff (255) > [77] : 0x01 (1) > [78] : 0x0f (15) > [79] : 0x00 (0) > [80] : 0x01 (1) > [81] : 0x02 (2) > [82] : 0x00 (0) > [83] : 0x00 (0) > [84] : 0x00 (0) > [85] : 0x00 (0) > [86] : 0x00 (0) > [87] : 0x05 (5) > [88] : 0x20 (32) > [89] : 0x00 (0) > [90] : 0x00 (0) > [91] : 0x00 (0) > [92] : 0x25 (37) > [93] : 0x02 (2) > [94] : 0x00 (0) > [95] : 0x00 (0) > [96] : 0x00 (0) > [97] : 0x00 (0) > [98] : 0x18 (24) > [99] : 0x00 (0) > [100] : 0xff (255) > [101] : 0x01 (1) > [102] : 0x0f (15) > [103] : 0x00 (0) > [104] : 0x01 (1) > [105] : 0x02 (2) > [106] : 0x00 (0) > [107] : 0x00 (0) > [108] : 0x00 (0) > [109] : 0x00 (0) > [110] : 0x00 (0) > [111] : 0x05 (5) > [112] : 0x20 (32) > [113] : 0x00 (0) > [114] : 0x00 (0) > [115] : 0x00 (0) > [116] : 0x20 (32) > [117] : 0x02 (2) > [118] : 0x00 (0) > [119] : 0x00 (0) > size : 0x00000078 (120) >[2012/06/27 17:22:52.394852, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 06 00 00 00 00 00 00 00 EA 4F EC D0 ........ .....O.. > [0010] 0E 18 00 00 .... >[2012/06/27 17:22:52.394962, 8] rpc_server/winreg/srv_winreg_nt.c:812(_winreg_SetValue) > _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON\Security:Security] >[2012/06/27 17:22:52.395016, 10] registry/reg_dispatcher.c:150(fetch_reg_values) > fetch_reg_values called for key 'HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON\Security' (ops 0xb780c7e0) >[2012/06/27 17:22:52.395068, 10] registry/reg_backend_db.c:1764(regdb_fetch_values_internal) > regdb_fetch_values: Looking for value of key [HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON\Security] >[2012/06/27 17:22:52.395137, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) > specific: [Security], len: 120 >[2012/06/27 17:22:52.395191, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_SetValue: struct winreg_SetValue > out: struct winreg_SetValue > result : WERR_OK >[2012/06/27 17:22:52.395316, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > in: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000006-0000-0000-ea4f-ecd00e180000 >[2012/06/27 17:22:52.395487, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 06 00 00 00 00 00 00 00 EA 4F EC D0 ........ .....O.. > [0010] 0E 18 00 00 .... >[2012/06/27 17:22:52.395594, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 06 00 00 00 00 00 00 00 EA 4F EC D0 ........ .....O.. > [0010] 0E 18 00 00 .... >[2012/06/27 17:22:52.395714, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/06/27 17:22:52.395771, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (4->3) >[2012/06/27 17:22:52.395823, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > out: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000000-0000-0000-0000-000000000000 > result : WERR_OK >[2012/06/27 17:22:52.396032, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CreateKey: struct winreg_CreateKey > in: struct winreg_CreateKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000001-0000-0000-ea4f-ecd00e180000 > name: struct winreg_String > name_len : 0x0062 (98) > name_size : 0x0062 (98) > name : * > name : 'SYSTEM\CurrentControlSet\Services\RemoteRegistry' > keyclass: struct winreg_String > name_len : 0x0002 (2) > name_size : 0x0002 (2) > name : * > name : '' > options : 0x00000000 (0) > 0: REG_OPTION_VOLATILE > 0: REG_OPTION_CREATE_LINK > 0: REG_OPTION_BACKUP_RESTORE > 0: REG_OPTION_OPEN_LINK > access_mask : 0x02000000 (33554432) > 0: KEY_QUERY_VALUE > 0: KEY_SET_VALUE > 0: KEY_CREATE_SUB_KEY > 0: KEY_ENUMERATE_SUB_KEYS > 0: KEY_NOTIFY > 0: KEY_CREATE_LINK > 0: KEY_WOW64_64KEY > 0: KEY_WOW64_32KEY > secdesc : NULL > action_taken : * > action_taken : REG_ACTION_NONE (0) >[2012/06/27 17:22:52.396781, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[1] [0000] 00 00 00 00 01 00 00 00 00 00 00 00 EA 4F EC D0 ........ .....O.. > [0010] 0E 18 00 00 .... >[2012/06/27 17:22:52.396892, 10] rpc_server/winreg/srv_winreg_nt.c:782(_winreg_CreateKey) > _winreg_CreateKey called with parent key 'HKLM' and subkey name 'SYSTEM\CurrentControlSet\Services\RemoteRegistry' >[2012/06/27 17:22:52.396947, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [SYSTEM] >[2012/06/27 17:22:52.397000, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (3->4) >[2012/06/27 17:22:52.397063, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SYSTEM] >[2012/06/27 17:22:52.397111, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SYSTEM] >[2012/06/27 17:22:52.397161, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/06/27 17:22:52.397208, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0xb780c7e0 for key [\HKLM\SYSTEM] >[2012/06/27 17:22:52.397278, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [CurrentControlSet] >[2012/06/27 17:22:52.397335, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (4->5) >[2012/06/27 17:22:52.397390, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet] >[2012/06/27 17:22:52.397438, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet] >[2012/06/27 17:22:52.397489, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/06/27 17:22:52.397557, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0xb780c7e0 for key [\HKLM\SYSTEM\CurrentControlSet] >[2012/06/27 17:22:52.397632, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (5->4) >[2012/06/27 17:22:52.397726, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Services] >[2012/06/27 17:22:52.397785, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (4->5) >[2012/06/27 17:22:52.397840, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services] >[2012/06/27 17:22:52.397895, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services] >[2012/06/27 17:22:52.397947, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/06/27 17:22:52.397994, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0xb780c7e0 for key [\HKLM\SYSTEM\CurrentControlSet\Services] >[2012/06/27 17:22:52.398078, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (5->4) >[2012/06/27 17:22:52.398134, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [RemoteRegistry] >[2012/06/27 17:22:52.398186, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (4->5) >[2012/06/27 17:22:52.398241, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry] >[2012/06/27 17:22:52.398289, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry] >[2012/06/27 17:22:52.398339, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/06/27 17:22:52.398386, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0xb780c7e0 for key [\HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry] >[2012/06/27 17:22:52.398455, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (5->4) >[2012/06/27 17:22:52.398532, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[3] [0000] 00 00 00 00 07 00 00 00 00 00 00 00 EA 4F EC D0 ........ .....O.. > [0010] 0E 18 00 00 .... >[2012/06/27 17:22:52.398642, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CreateKey: struct winreg_CreateKey > out: struct winreg_CreateKey > new_handle : * > new_handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000007-0000-0000-ea4f-ecd00e180000 > action_taken : * > action_taken : REG_OPENED_EXISTING_KEY (2) > result : WERR_OK >[2012/06/27 17:22:52.398902, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_SetValue: struct winreg_SetValue > in: struct winreg_SetValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000007-0000-0000-ea4f-ecd00e180000 > name: struct winreg_String > name_len : 0x000c (12) > name_size : 0x000c (12) > name : * > name : 'Start' > type : REG_DWORD (4) > data : * > data: ARRAY(4) > [0] : 0x02 (2) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > size : 0x00000004 (4) >[2012/06/27 17:22:52.399356, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 07 00 00 00 00 00 00 00 EA 4F EC D0 ........ .....O.. > [0010] 0E 18 00 00 .... >[2012/06/27 17:22:52.399464, 8] rpc_server/winreg/srv_winreg_nt.c:812(_winreg_SetValue) > _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry:Start] >[2012/06/27 17:22:52.399517, 10] registry/reg_dispatcher.c:150(fetch_reg_values) > fetch_reg_values called for key 'HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry' (ops 0xb780c7e0) >[2012/06/27 17:22:52.399590, 10] registry/reg_backend_db.c:1764(regdb_fetch_values_internal) > regdb_fetch_values: Looking for value of key [HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry] >[2012/06/27 17:22:52.399664, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) > specific: [Start], len: 4 >[2012/06/27 17:22:52.399721, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) > specific: [Type], len: 4 >[2012/06/27 17:22:52.399773, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) > specific: [ErrorControl], len: 4 >[2012/06/27 17:22:52.399826, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) > specific: [ObjectName], len: 24 >[2012/06/27 17:22:52.399878, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) > specific: [DisplayName], len: 48 >[2012/06/27 17:22:52.399930, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) > specific: [ImagePath], len: 84 >[2012/06/27 17:22:52.399981, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) > specific: [Description], len: 126 >[2012/06/27 17:22:52.400032, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_SetValue: struct winreg_SetValue > out: struct winreg_SetValue > result : WERR_OK >[2012/06/27 17:22:52.400153, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_SetValue: struct winreg_SetValue > in: struct winreg_SetValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000007-0000-0000-ea4f-ecd00e180000 > name: struct winreg_String > name_len : 0x000a (10) > name_size : 0x000a (10) > name : * > name : 'Type' > type : REG_DWORD (4) > data : * > data: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > size : 0x00000004 (4) >[2012/06/27 17:22:52.400638, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 07 00 00 00 00 00 00 00 EA 4F EC D0 ........ .....O.. > [0010] 0E 18 00 00 .... >[2012/06/27 17:22:52.400748, 8] rpc_server/winreg/srv_winreg_nt.c:812(_winreg_SetValue) > _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry:Type] >[2012/06/27 17:22:52.400804, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_SetValue: struct winreg_SetValue > out: struct winreg_SetValue > result : WERR_OK >[2012/06/27 17:22:52.400922, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_SetValue: struct winreg_SetValue > in: struct winreg_SetValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000007-0000-0000-ea4f-ecd00e180000 > name: struct winreg_String > name_len : 0x001a (26) > name_size : 0x001a (26) > name : * > name : 'ErrorControl' > type : REG_DWORD (4) > data : * > data: ARRAY(4) > [0] : 0x01 (1) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > size : 0x00000004 (4) >[2012/06/27 17:22:52.401355, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 07 00 00 00 00 00 00 00 EA 4F EC D0 ........ .....O.. > [0010] 0E 18 00 00 .... >[2012/06/27 17:22:52.401484, 8] rpc_server/winreg/srv_winreg_nt.c:812(_winreg_SetValue) > _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry:ErrorControl] >[2012/06/27 17:22:52.401544, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_SetValue: struct winreg_SetValue > out: struct winreg_SetValue > result : WERR_OK >[2012/06/27 17:22:52.401664, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_SetValue: struct winreg_SetValue > in: struct winreg_SetValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000007-0000-0000-ea4f-ecd00e180000 > name: struct winreg_String > name_len : 0x0016 (22) > name_size : 0x0016 (22) > name : * > name : 'ObjectName' > type : REG_SZ (1) > data : * > data: ARRAY(24) > [0] : 0x4c (76) > [1] : 0x00 (0) > [2] : 0x6f (111) > [3] : 0x00 (0) > [4] : 0x63 (99) > [5] : 0x00 (0) > [6] : 0x61 (97) > [7] : 0x00 (0) > [8] : 0x6c (108) > [9] : 0x00 (0) > [10] : 0x53 (83) > [11] : 0x00 (0) > [12] : 0x79 (121) > [13] : 0x00 (0) > [14] : 0x73 (115) > [15] : 0x00 (0) > [16] : 0x74 (116) > [17] : 0x00 (0) > [18] : 0x65 (101) > [19] : 0x00 (0) > [20] : 0x6d (109) > [21] : 0x00 (0) > [22] : 0x00 (0) > [23] : 0x00 (0) > size : 0x00000018 (24) >[2012/06/27 17:22:52.402661, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 07 00 00 00 00 00 00 00 EA 4F EC D0 ........ .....O.. > [0010] 0E 18 00 00 .... >[2012/06/27 17:22:52.402773, 8] rpc_server/winreg/srv_winreg_nt.c:812(_winreg_SetValue) > _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry:ObjectName] >[2012/06/27 17:22:52.402829, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_SetValue: struct winreg_SetValue > out: struct winreg_SetValue > result : WERR_OK >[2012/06/27 17:22:52.402957, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_SetValue: struct winreg_SetValue > in: struct winreg_SetValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000007-0000-0000-ea4f-ecd00e180000 > name: struct winreg_String > name_len : 0x0018 (24) > name_size : 0x0018 (24) > name : * > name : 'DisplayName' > type : REG_SZ (1) > data : * > data: ARRAY(48) > [0] : 0x52 (82) > [1] : 0x00 (0) > [2] : 0x65 (101) > [3] : 0x00 (0) > [4] : 0x6d (109) > [5] : 0x00 (0) > [6] : 0x6f (111) > [7] : 0x00 (0) > [8] : 0x74 (116) > [9] : 0x00 (0) > [10] : 0x65 (101) > [11] : 0x00 (0) > [12] : 0x20 (32) > [13] : 0x00 (0) > [14] : 0x52 (82) > [15] : 0x00 (0) > [16] : 0x65 (101) > [17] : 0x00 (0) > [18] : 0x67 (103) > [19] : 0x00 (0) > [20] : 0x69 (105) > [21] : 0x00 (0) > [22] : 0x73 (115) > [23] : 0x00 (0) > [24] : 0x74 (116) > [25] : 0x00 (0) > [26] : 0x72 (114) > [27] : 0x00 (0) > [28] : 0x79 (121) > [29] : 0x00 (0) > [30] : 0x20 (32) > [31] : 0x00 (0) > [32] : 0x53 (83) > [33] : 0x00 (0) > [34] : 0x65 (101) > [35] : 0x00 (0) > [36] : 0x72 (114) > [37] : 0x00 (0) > [38] : 0x76 (118) > [39] : 0x00 (0) > [40] : 0x69 (105) > [41] : 0x00 (0) > [42] : 0x63 (99) > [43] : 0x00 (0) > [44] : 0x65 (101) > [45] : 0x00 (0) > [46] : 0x00 (0) > [47] : 0x00 (0) > size : 0x00000030 (48) >[2012/06/27 17:22:52.404398, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 07 00 00 00 00 00 00 00 EA 4F EC D0 ........ .....O.. > [0010] 0E 18 00 00 .... >[2012/06/27 17:22:52.404526, 8] rpc_server/winreg/srv_winreg_nt.c:812(_winreg_SetValue) > _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry:DisplayName] >[2012/06/27 17:22:52.404584, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_SetValue: struct winreg_SetValue > out: struct winreg_SetValue > result : WERR_OK >[2012/06/27 17:22:52.404708, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_SetValue: struct winreg_SetValue > in: struct winreg_SetValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000007-0000-0000-ea4f-ecd00e180000 > name: struct winreg_String > name_len : 0x0014 (20) > name_size : 0x0014 (20) > name : * > name : 'ImagePath' > type : REG_SZ (1) > data : * > data: ARRAY(84) > [0] : 0x2f (47) > [1] : 0x00 (0) > [2] : 0x6f (111) > [3] : 0x00 (0) > [4] : 0x70 (112) > [5] : 0x00 (0) > [6] : 0x74 (116) > [7] : 0x00 (0) > [8] : 0x2f (47) > [9] : 0x00 (0) > [10] : 0x63 (99) > [11] : 0x00 (0) > [12] : 0x65 (101) > [13] : 0x00 (0) > [14] : 0x6e (110) > [15] : 0x00 (0) > [16] : 0x74 (116) > [17] : 0x00 (0) > [18] : 0x72 (114) > [19] : 0x00 (0) > [20] : 0x69 (105) > [21] : 0x00 (0) > [22] : 0x66 (102) > [23] : 0x00 (0) > [24] : 0x79 (121) > [25] : 0x00 (0) > [26] : 0x2f (47) > [27] : 0x00 (0) > [28] : 0x73 (115) > [29] : 0x00 (0) > [30] : 0x61 (97) > [31] : 0x00 (0) > [32] : 0x6d (109) > [33] : 0x00 (0) > [34] : 0x62 (98) > [35] : 0x00 (0) > [36] : 0x61 (97) > [37] : 0x00 (0) > [38] : 0x2f (47) > [39] : 0x00 (0) > [40] : 0x6c (108) > [41] : 0x00 (0) > [42] : 0x69 (105) > [43] : 0x00 (0) > [44] : 0x62 (98) > [45] : 0x00 (0) > [46] : 0x2f (47) > [47] : 0x00 (0) > [48] : 0x73 (115) > [49] : 0x00 (0) > [50] : 0x61 (97) > [51] : 0x00 (0) > [52] : 0x6d (109) > [53] : 0x00 (0) > [54] : 0x62 (98) > [55] : 0x00 (0) > [56] : 0x61 (97) > [57] : 0x00 (0) > [58] : 0x2f (47) > [59] : 0x00 (0) > [60] : 0x73 (115) > [61] : 0x00 (0) > [62] : 0x76 (118) > [63] : 0x00 (0) > [64] : 0x63 (99) > [65] : 0x00 (0) > [66] : 0x63 (99) > [67] : 0x00 (0) > [68] : 0x74 (116) > [69] : 0x00 (0) > [70] : 0x6c (108) > [71] : 0x00 (0) > [72] : 0x2f (47) > [73] : 0x00 (0) > [74] : 0x73 (115) > [75] : 0x00 (0) > [76] : 0x6d (109) > [77] : 0x00 (0) > [78] : 0x62 (98) > [79] : 0x00 (0) > [80] : 0x64 (100) > [81] : 0x00 (0) > [82] : 0x00 (0) > [83] : 0x00 (0) > size : 0x00000054 (84) >[2012/06/27 17:22:52.407005, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 07 00 00 00 00 00 00 00 EA 4F EC D0 ........ .....O.. > [0010] 0E 18 00 00 .... >[2012/06/27 17:22:52.407119, 8] rpc_server/winreg/srv_winreg_nt.c:812(_winreg_SetValue) > _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry:ImagePath] >[2012/06/27 17:22:52.407177, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_SetValue: struct winreg_SetValue > out: struct winreg_SetValue > result : WERR_OK >[2012/06/27 17:22:52.407317, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_SetValue: struct winreg_SetValue > in: struct winreg_SetValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000007-0000-0000-ea4f-ecd00e180000 > name: struct winreg_String > name_len : 0x0018 (24) > name_size : 0x0018 (24) > name : * > name : 'Description' > type : REG_SZ (1) > data : * > data: ARRAY(126) > [0] : 0x49 (73) > [1] : 0x00 (0) > [2] : 0x6e (110) > [3] : 0x00 (0) > [4] : 0x74 (116) > [5] : 0x00 (0) > [6] : 0x65 (101) > [7] : 0x00 (0) > [8] : 0x72 (114) > [9] : 0x00 (0) > [10] : 0x6e (110) > [11] : 0x00 (0) > [12] : 0x61 (97) > [13] : 0x00 (0) > [14] : 0x6c (108) > [15] : 0x00 (0) > [16] : 0x20 (32) > [17] : 0x00 (0) > [18] : 0x73 (115) > [19] : 0x00 (0) > [20] : 0x65 (101) > [21] : 0x00 (0) > [22] : 0x72 (114) > [23] : 0x00 (0) > [24] : 0x76 (118) > [25] : 0x00 (0) > [26] : 0x69 (105) > [27] : 0x00 (0) > [28] : 0x63 (99) > [29] : 0x00 (0) > [30] : 0x65 (101) > [31] : 0x00 (0) > [32] : 0x20 (32) > [33] : 0x00 (0) > [34] : 0x70 (112) > [35] : 0x00 (0) > [36] : 0x72 (114) > [37] : 0x00 (0) > [38] : 0x6f (111) > [39] : 0x00 (0) > [40] : 0x76 (118) > [41] : 0x00 (0) > [42] : 0x69 (105) > [43] : 0x00 (0) > [44] : 0x64 (100) > [45] : 0x00 (0) > [46] : 0x69 (105) > [47] : 0x00 (0) > [48] : 0x6e (110) > [49] : 0x00 (0) > [50] : 0x67 (103) > [51] : 0x00 (0) > [52] : 0x20 (32) > [53] : 0x00 (0) > [54] : 0x72 (114) > [55] : 0x00 (0) > [56] : 0x65 (101) > [57] : 0x00 (0) > [58] : 0x6d (109) > [59] : 0x00 (0) > [60] : 0x6f (111) > [61] : 0x00 (0) > [62] : 0x74 (116) > [63] : 0x00 (0) > [64] : 0x65 (101) > [65] : 0x00 (0) > [66] : 0x20 (32) > [67] : 0x00 (0) > [68] : 0x61 (97) > [69] : 0x00 (0) > [70] : 0x63 (99) > [71] : 0x00 (0) > [72] : 0x63 (99) > [73] : 0x00 (0) > [74] : 0x65 (101) > [75] : 0x00 (0) > [76] : 0x73 (115) > [77] : 0x00 (0) > [78] : 0x73 (115) > [79] : 0x00 (0) > [80] : 0x20 (32) > [81] : 0x00 (0) > [82] : 0x74 (116) > [83] : 0x00 (0) > [84] : 0x6f (111) > [85] : 0x00 (0) > [86] : 0x20 (32) > [87] : 0x00 (0) > [88] : 0x74 (116) > [89] : 0x00 (0) > [90] : 0x68 (104) > [91] : 0x00 (0) > [92] : 0x65 (101) > [93] : 0x00 (0) > [94] : 0x20 (32) > [95] : 0x00 (0) > [96] : 0x53 (83) > [97] : 0x00 (0) > [98] : 0x61 (97) > [99] : 0x00 (0) > [100] : 0x6d (109) > [101] : 0x00 (0) > [102] : 0x62 (98) > [103] : 0x00 (0) > [104] : 0x61 (97) > [105] : 0x00 (0) > [106] : 0x20 (32) > [107] : 0x00 (0) > [108] : 0x72 (114) > [109] : 0x00 (0) > [110] : 0x65 (101) > [111] : 0x00 (0) > [112] : 0x67 (103) > [113] : 0x00 (0) > [114] : 0x69 (105) > [115] : 0x00 (0) > [116] : 0x73 (115) > [117] : 0x00 (0) > [118] : 0x74 (116) > [119] : 0x00 (0) > [120] : 0x72 (114) > [121] : 0x00 (0) > [122] : 0x79 (121) > [123] : 0x00 (0) > [124] : 0x00 (0) > [125] : 0x00 (0) > size : 0x0000007e (126) >[2012/06/27 17:22:52.410519, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 07 00 00 00 00 00 00 00 EA 4F EC D0 ........ .....O.. > [0010] 0E 18 00 00 .... >[2012/06/27 17:22:52.410653, 8] rpc_server/winreg/srv_winreg_nt.c:812(_winreg_SetValue) > _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry:Description] >[2012/06/27 17:22:52.410711, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_SetValue: struct winreg_SetValue > out: struct winreg_SetValue > result : WERR_OK >[2012/06/27 17:22:52.410836, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > in: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000007-0000-0000-ea4f-ecd00e180000 >[2012/06/27 17:22:52.411003, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 07 00 00 00 00 00 00 00 EA 4F EC D0 ........ .....O.. > [0010] 0E 18 00 00 .... >[2012/06/27 17:22:52.411111, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 07 00 00 00 00 00 00 00 EA 4F EC D0 ........ .....O.. > [0010] 0E 18 00 00 .... >[2012/06/27 17:22:52.411238, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/06/27 17:22:52.411295, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (4->3) >[2012/06/27 17:22:52.411348, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > out: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000000-0000-0000-0000-000000000000 > result : WERR_OK >[2012/06/27 17:22:52.411563, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CreateKey: struct winreg_CreateKey > in: struct winreg_CreateKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000001-0000-0000-ea4f-ecd00e180000 > name: struct winreg_String > name_len : 0x0074 (116) > name_size : 0x0074 (116) > name : * > name : 'SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security' > keyclass: struct winreg_String > name_len : 0x0002 (2) > name_size : 0x0002 (2) > name : * > name : '' > options : 0x00000000 (0) > 0: REG_OPTION_VOLATILE > 0: REG_OPTION_CREATE_LINK > 0: REG_OPTION_BACKUP_RESTORE > 0: REG_OPTION_OPEN_LINK > access_mask : 0x02000000 (33554432) > 0: KEY_QUERY_VALUE > 0: KEY_SET_VALUE > 0: KEY_CREATE_SUB_KEY > 0: KEY_ENUMERATE_SUB_KEYS > 0: KEY_NOTIFY > 0: KEY_CREATE_LINK > 0: KEY_WOW64_64KEY > 0: KEY_WOW64_32KEY > secdesc : NULL > action_taken : * > action_taken : REG_OPENED_EXISTING_KEY (2) >[2012/06/27 17:22:52.412328, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[1] [0000] 00 00 00 00 01 00 00 00 00 00 00 00 EA 4F EC D0 ........ .....O.. > [0010] 0E 18 00 00 .... >[2012/06/27 17:22:52.412469, 10] rpc_server/winreg/srv_winreg_nt.c:782(_winreg_CreateKey) > _winreg_CreateKey called with parent key 'HKLM' and subkey name 'SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security' >[2012/06/27 17:22:52.412526, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [SYSTEM] >[2012/06/27 17:22:52.412580, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (3->4) >[2012/06/27 17:22:52.412635, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SYSTEM] >[2012/06/27 17:22:52.412683, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SYSTEM] >[2012/06/27 17:22:52.412733, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/06/27 17:22:52.412780, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0xb780c7e0 for key [\HKLM\SYSTEM] >[2012/06/27 17:22:52.412856, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [CurrentControlSet] >[2012/06/27 17:22:52.412913, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (4->5) >[2012/06/27 17:22:52.412969, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet] >[2012/06/27 17:22:52.413017, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet] >[2012/06/27 17:22:52.413068, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/06/27 17:22:52.413115, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0xb780c7e0 for key [\HKLM\SYSTEM\CurrentControlSet] >[2012/06/27 17:22:52.413199, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (5->4) >[2012/06/27 17:22:52.413282, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Services] >[2012/06/27 17:22:52.413340, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (4->5) >[2012/06/27 17:22:52.413396, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services] >[2012/06/27 17:22:52.413445, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services] >[2012/06/27 17:22:52.413495, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/06/27 17:22:52.413543, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0xb780c7e0 for key [\HKLM\SYSTEM\CurrentControlSet\Services] >[2012/06/27 17:22:52.413627, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (5->4) >[2012/06/27 17:22:52.413720, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [RemoteRegistry] >[2012/06/27 17:22:52.413783, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (4->5) >[2012/06/27 17:22:52.413840, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry] >[2012/06/27 17:22:52.413888, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry] >[2012/06/27 17:22:52.413939, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/06/27 17:22:52.413987, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0xb780c7e0 for key [\HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry] >[2012/06/27 17:22:52.414057, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (5->4) >[2012/06/27 17:22:52.414111, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Security] >[2012/06/27 17:22:52.414187, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (4->5) >[2012/06/27 17:22:52.414270, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security] >[2012/06/27 17:22:52.414322, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security] >[2012/06/27 17:22:52.414374, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/06/27 17:22:52.414421, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0xb780c7e0 for key [\HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security] >[2012/06/27 17:22:52.414491, 10] registry/reg_backend_db.c:1630(regdb_fetch_keys_internal) > regdb_fetch_keys: no subkeys found for key [HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security] >[2012/06/27 17:22:52.414546, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (5->4) >[2012/06/27 17:22:52.414599, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[3] [0000] 00 00 00 00 08 00 00 00 00 00 00 00 EA 4F EC D0 ........ .....O.. > [0010] 0E 18 00 00 .... >[2012/06/27 17:22:52.414704, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CreateKey: struct winreg_CreateKey > out: struct winreg_CreateKey > new_handle : * > new_handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000008-0000-0000-ea4f-ecd00e180000 > action_taken : * > action_taken : REG_OPENED_EXISTING_KEY (2) > result : WERR_OK >[2012/06/27 17:22:52.414966, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_SetValue: struct winreg_SetValue > in: struct winreg_SetValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000008-0000-0000-ea4f-ecd00e180000 > name: struct winreg_String > name_len : 0x0012 (18) > name_size : 0x0012 (18) > name : * > name : 'Security' > type : REG_BINARY (3) > data : * > data: ARRAY(120) > [0] : 0x01 (1) > [1] : 0x00 (0) > [2] : 0x04 (4) > [3] : 0x80 (128) > [4] : 0x00 (0) > [5] : 0x00 (0) > [6] : 0x00 (0) > [7] : 0x00 (0) > [8] : 0x00 (0) > [9] : 0x00 (0) > [10] : 0x00 (0) > [11] : 0x00 (0) > [12] : 0x00 (0) > [13] : 0x00 (0) > [14] : 0x00 (0) > [15] : 0x00 (0) > [16] : 0x14 (20) > [17] : 0x00 (0) > [18] : 0x00 (0) > [19] : 0x00 (0) > [20] : 0x02 (2) > [21] : 0x00 (0) > [22] : 0x64 (100) > [23] : 0x00 (0) > [24] : 0x04 (4) > [25] : 0x00 (0) > [26] : 0x00 (0) > [27] : 0x00 (0) > [28] : 0x00 (0) > [29] : 0x00 (0) > [30] : 0x14 (20) > [31] : 0x00 (0) > [32] : 0x8d (141) > [33] : 0x01 (1) > [34] : 0x02 (2) > [35] : 0x00 (0) > [36] : 0x01 (1) > [37] : 0x01 (1) > [38] : 0x00 (0) > [39] : 0x00 (0) > [40] : 0x00 (0) > [41] : 0x00 (0) > [42] : 0x00 (0) > [43] : 0x01 (1) > [44] : 0x00 (0) > [45] : 0x00 (0) > [46] : 0x00 (0) > [47] : 0x00 (0) > [48] : 0x00 (0) > [49] : 0x00 (0) > [50] : 0x18 (24) > [51] : 0x00 (0) > [52] : 0xfd (253) > [53] : 0x01 (1) > [54] : 0x02 (2) > [55] : 0x00 (0) > [56] : 0x01 (1) > [57] : 0x02 (2) > [58] : 0x00 (0) > [59] : 0x00 (0) > [60] : 0x00 (0) > [61] : 0x00 (0) > [62] : 0x00 (0) > [63] : 0x05 (5) > [64] : 0x20 (32) > [65] : 0x00 (0) > [66] : 0x00 (0) > [67] : 0x00 (0) > [68] : 0x23 (35) > [69] : 0x02 (2) > [70] : 0x00 (0) > [71] : 0x00 (0) > [72] : 0x00 (0) > [73] : 0x00 (0) > [74] : 0x18 (24) > [75] : 0x00 (0) > [76] : 0xff (255) > [77] : 0x01 (1) > [78] : 0x0f (15) > [79] : 0x00 (0) > [80] : 0x01 (1) > [81] : 0x02 (2) > [82] : 0x00 (0) > [83] : 0x00 (0) > [84] : 0x00 (0) > [85] : 0x00 (0) > [86] : 0x00 (0) > [87] : 0x05 (5) > [88] : 0x20 (32) > [89] : 0x00 (0) > [90] : 0x00 (0) > [91] : 0x00 (0) > [92] : 0x25 (37) > [93] : 0x02 (2) > [94] : 0x00 (0) > [95] : 0x00 (0) > [96] : 0x00 (0) > [97] : 0x00 (0) > [98] : 0x18 (24) > [99] : 0x00 (0) > [100] : 0xff (255) > [101] : 0x01 (1) > [102] : 0x0f (15) > [103] : 0x00 (0) > [104] : 0x01 (1) > [105] : 0x02 (2) > [106] : 0x00 (0) > [107] : 0x00 (0) > [108] : 0x00 (0) > [109] : 0x00 (0) > [110] : 0x00 (0) > [111] : 0x05 (5) > [112] : 0x20 (32) > [113] : 0x00 (0) > [114] : 0x00 (0) > [115] : 0x00 (0) > [116] : 0x20 (32) > [117] : 0x02 (2) > [118] : 0x00 (0) > [119] : 0x00 (0) > size : 0x00000078 (120) >[2012/06/27 17:22:52.418764, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 08 00 00 00 00 00 00 00 EA 4F EC D0 ........ .....O.. > [0010] 0E 18 00 00 .... >[2012/06/27 17:22:52.418883, 8] rpc_server/winreg/srv_winreg_nt.c:812(_winreg_SetValue) > _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security:Security] >[2012/06/27 17:22:52.418938, 10] registry/reg_dispatcher.c:150(fetch_reg_values) > fetch_reg_values called for key 'HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security' (ops 0xb780c7e0) >[2012/06/27 17:22:52.418991, 10] registry/reg_backend_db.c:1764(regdb_fetch_values_internal) > regdb_fetch_values: Looking for value of key [HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security] >[2012/06/27 17:22:52.419087, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) > specific: [Security], len: 120 >[2012/06/27 17:22:52.419185, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_SetValue: struct winreg_SetValue > out: struct winreg_SetValue > result : WERR_OK >[2012/06/27 17:22:52.419311, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > in: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000008-0000-0000-ea4f-ecd00e180000 >[2012/06/27 17:22:52.419479, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 08 00 00 00 00 00 00 00 EA 4F EC D0 ........ .....O.. > [0010] 0E 18 00 00 .... >[2012/06/27 17:22:52.419612, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 08 00 00 00 00 00 00 00 EA 4F EC D0 ........ .....O.. > [0010] 0E 18 00 00 .... >[2012/06/27 17:22:52.419720, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/06/27 17:22:52.419770, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (4->3) >[2012/06/27 17:22:52.419821, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > out: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000000-0000-0000-0000-000000000000 > result : WERR_OK >[2012/06/27 17:22:52.420133, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CreateKey: struct winreg_CreateKey > in: struct winreg_CreateKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000001-0000-0000-ea4f-ecd00e180000 > name: struct winreg_String > name_len : 0x004e (78) > name_size : 0x004e (78) > name : * > name : 'SYSTEM\CurrentControlSet\Services\WINS' > keyclass: struct winreg_String > name_len : 0x0002 (2) > name_size : 0x0002 (2) > name : * > name : '' > options : 0x00000000 (0) > 0: REG_OPTION_VOLATILE > 0: REG_OPTION_CREATE_LINK > 0: REG_OPTION_BACKUP_RESTORE > 0: REG_OPTION_OPEN_LINK > access_mask : 0x02000000 (33554432) > 0: KEY_QUERY_VALUE > 0: KEY_SET_VALUE > 0: KEY_CREATE_SUB_KEY > 0: KEY_ENUMERATE_SUB_KEYS > 0: KEY_NOTIFY > 0: KEY_CREATE_LINK > 0: KEY_WOW64_64KEY > 0: KEY_WOW64_32KEY > secdesc : NULL > action_taken : * > action_taken : REG_ACTION_NONE (0) >[2012/06/27 17:22:52.420956, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[1] [0000] 00 00 00 00 01 00 00 00 00 00 00 00 EA 4F EC D0 ........ .....O.. > [0010] 0E 18 00 00 .... >[2012/06/27 17:22:52.421070, 10] rpc_server/winreg/srv_winreg_nt.c:782(_winreg_CreateKey) > _winreg_CreateKey called with parent key 'HKLM' and subkey name 'SYSTEM\CurrentControlSet\Services\WINS' >[2012/06/27 17:22:52.421125, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [SYSTEM] >[2012/06/27 17:22:52.421179, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (3->4) >[2012/06/27 17:22:52.421233, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SYSTEM] >[2012/06/27 17:22:52.421282, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SYSTEM] >[2012/06/27 17:22:52.421333, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/06/27 17:22:52.421380, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0xb780c7e0 for key [\HKLM\SYSTEM] >[2012/06/27 17:22:52.421453, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [CurrentControlSet] >[2012/06/27 17:22:52.421509, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (4->5) >[2012/06/27 17:22:52.421564, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet] >[2012/06/27 17:22:52.421613, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet] >[2012/06/27 17:22:52.421664, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/06/27 17:22:52.421758, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0xb780c7e0 for key [\HKLM\SYSTEM\CurrentControlSet] >[2012/06/27 17:22:52.421833, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (5->4) >[2012/06/27 17:22:52.421897, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Services] >[2012/06/27 17:22:52.421952, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (4->5) >[2012/06/27 17:22:52.422007, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services] >[2012/06/27 17:22:52.422056, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services] >[2012/06/27 17:22:52.422106, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/06/27 17:22:52.422153, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0xb780c7e0 for key [\HKLM\SYSTEM\CurrentControlSet\Services] >[2012/06/27 17:22:52.422237, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (5->4) >[2012/06/27 17:22:52.422292, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [WINS] >[2012/06/27 17:22:52.422351, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (4->5) >[2012/06/27 17:22:52.422408, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services\WINS] >[2012/06/27 17:22:52.422456, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services\WINS] >[2012/06/27 17:22:52.422506, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/06/27 17:22:52.422553, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0xb780c7e0 for key [\HKLM\SYSTEM\CurrentControlSet\Services\WINS] >[2012/06/27 17:22:52.422622, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (5->4) >[2012/06/27 17:22:52.422678, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[3] [0000] 00 00 00 00 09 00 00 00 00 00 00 00 EA 4F EC D0 ........ .....O.. > [0010] 0E 18 00 00 .... >[2012/06/27 17:22:52.422785, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CreateKey: struct winreg_CreateKey > out: struct winreg_CreateKey > new_handle : * > new_handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000009-0000-0000-ea4f-ecd00e180000 > action_taken : * > action_taken : REG_OPENED_EXISTING_KEY (2) > result : WERR_OK >[2012/06/27 17:22:52.423038, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_SetValue: struct winreg_SetValue > in: struct winreg_SetValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000009-0000-0000-ea4f-ecd00e180000 > name: struct winreg_String > name_len : 0x000c (12) > name_size : 0x000c (12) > name : * > name : 'Start' > type : REG_DWORD (4) > data : * > data: ARRAY(4) > [0] : 0x02 (2) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > size : 0x00000004 (4) >[2012/06/27 17:22:52.423495, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 09 00 00 00 00 00 00 00 EA 4F EC D0 ........ .....O.. > [0010] 0E 18 00 00 .... >[2012/06/27 17:22:52.423603, 8] rpc_server/winreg/srv_winreg_nt.c:812(_winreg_SetValue) > _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\WINS:Start] >[2012/06/27 17:22:52.423664, 10] registry/reg_dispatcher.c:150(fetch_reg_values) > fetch_reg_values called for key 'HKLM\SYSTEM\CurrentControlSet\Services\WINS' (ops 0xb780c7e0) >[2012/06/27 17:22:52.423717, 10] registry/reg_backend_db.c:1764(regdb_fetch_values_internal) > regdb_fetch_values: Looking for value of key [HKLM\SYSTEM\CurrentControlSet\Services\WINS] >[2012/06/27 17:22:52.423787, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) > specific: [Start], len: 4 >[2012/06/27 17:22:52.423844, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) > specific: [Type], len: 4 >[2012/06/27 17:22:52.423897, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) > specific: [ErrorControl], len: 4 >[2012/06/27 17:22:52.423949, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) > specific: [ObjectName], len: 24 >[2012/06/27 17:22:52.424002, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) > specific: [DisplayName], len: 74 >[2012/06/27 17:22:52.424054, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) > specific: [ImagePath], len: 84 >[2012/06/27 17:22:52.424106, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) > specific: [Description], len: 178 >[2012/06/27 17:22:52.424157, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_SetValue: struct winreg_SetValue > out: struct winreg_SetValue > result : WERR_OK >[2012/06/27 17:22:52.424279, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_SetValue: struct winreg_SetValue > in: struct winreg_SetValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000009-0000-0000-ea4f-ecd00e180000 > name: struct winreg_String > name_len : 0x000a (10) > name_size : 0x000a (10) > name : * > name : 'Type' > type : REG_DWORD (4) > data : * > data: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > size : 0x00000004 (4) >[2012/06/27 17:22:52.424711, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 09 00 00 00 00 00 00 00 EA 4F EC D0 ........ .....O.. > [0010] 0E 18 00 00 .... >[2012/06/27 17:22:52.424817, 8] rpc_server/winreg/srv_winreg_nt.c:812(_winreg_SetValue) > _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\WINS:Type] >[2012/06/27 17:22:52.424871, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_SetValue: struct winreg_SetValue > out: struct winreg_SetValue > result : WERR_OK >[2012/06/27 17:22:52.424989, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_SetValue: struct winreg_SetValue > in: struct winreg_SetValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000009-0000-0000-ea4f-ecd00e180000 > name: struct winreg_String > name_len : 0x001a (26) > name_size : 0x001a (26) > name : * > name : 'ErrorControl' > type : REG_DWORD (4) > data : * > data: ARRAY(4) > [0] : 0x01 (1) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > size : 0x00000004 (4) >[2012/06/27 17:22:52.425455, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 09 00 00 00 00 00 00 00 EA 4F EC D0 ........ .....O.. > [0010] 0E 18 00 00 .... >[2012/06/27 17:22:52.425564, 8] rpc_server/winreg/srv_winreg_nt.c:812(_winreg_SetValue) > _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\WINS:ErrorControl] >[2012/06/27 17:22:52.425620, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_SetValue: struct winreg_SetValue > out: struct winreg_SetValue > result : WERR_OK >[2012/06/27 17:22:52.425792, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_SetValue: struct winreg_SetValue > in: struct winreg_SetValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000009-0000-0000-ea4f-ecd00e180000 > name: struct winreg_String > name_len : 0x0016 (22) > name_size : 0x0016 (22) > name : * > name : 'ObjectName' > type : REG_SZ (1) > data : * > data: ARRAY(24) > [0] : 0x4c (76) > [1] : 0x00 (0) > [2] : 0x6f (111) > [3] : 0x00 (0) > [4] : 0x63 (99) > [5] : 0x00 (0) > [6] : 0x61 (97) > [7] : 0x00 (0) > [8] : 0x6c (108) > [9] : 0x00 (0) > [10] : 0x53 (83) > [11] : 0x00 (0) > [12] : 0x79 (121) > [13] : 0x00 (0) > [14] : 0x73 (115) > [15] : 0x00 (0) > [16] : 0x74 (116) > [17] : 0x00 (0) > [18] : 0x65 (101) > [19] : 0x00 (0) > [20] : 0x6d (109) > [21] : 0x00 (0) > [22] : 0x00 (0) > [23] : 0x00 (0) > size : 0x00000018 (24) >[2012/06/27 17:22:52.426661, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 09 00 00 00 00 00 00 00 EA 4F EC D0 ........ .....O.. > [0010] 0E 18 00 00 .... >[2012/06/27 17:22:52.426785, 8] rpc_server/winreg/srv_winreg_nt.c:812(_winreg_SetValue) > _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\WINS:ObjectName] >[2012/06/27 17:22:52.426841, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_SetValue: struct winreg_SetValue > out: struct winreg_SetValue > result : WERR_OK >[2012/06/27 17:22:52.426970, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_SetValue: struct winreg_SetValue > in: struct winreg_SetValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000009-0000-0000-ea4f-ecd00e180000 > name: struct winreg_String > name_len : 0x0018 (24) > name_size : 0x0018 (24) > name : * > name : 'DisplayName' > type : REG_SZ (1) > data : * > data: ARRAY(74) > [0] : 0x57 (87) > [1] : 0x00 (0) > [2] : 0x69 (105) > [3] : 0x00 (0) > [4] : 0x6e (110) > [5] : 0x00 (0) > [6] : 0x64 (100) > [7] : 0x00 (0) > [8] : 0x6f (111) > [9] : 0x00 (0) > [10] : 0x77 (119) > [11] : 0x00 (0) > [12] : 0x73 (115) > [13] : 0x00 (0) > [14] : 0x20 (32) > [15] : 0x00 (0) > [16] : 0x49 (73) > [17] : 0x00 (0) > [18] : 0x6e (110) > [19] : 0x00 (0) > [20] : 0x74 (116) > [21] : 0x00 (0) > [22] : 0x65 (101) > [23] : 0x00 (0) > [24] : 0x72 (114) > [25] : 0x00 (0) > [26] : 0x6e (110) > [27] : 0x00 (0) > [28] : 0x65 (101) > [29] : 0x00 (0) > [30] : 0x74 (116) > [31] : 0x00 (0) > [32] : 0x20 (32) > [33] : 0x00 (0) > [34] : 0x4e (78) > [35] : 0x00 (0) > [36] : 0x61 (97) > [37] : 0x00 (0) > [38] : 0x6d (109) > [39] : 0x00 (0) > [40] : 0x65 (101) > [41] : 0x00 (0) > [42] : 0x20 (32) > [43] : 0x00 (0) > [44] : 0x53 (83) > [45] : 0x00 (0) > [46] : 0x65 (101) > [47] : 0x00 (0) > [48] : 0x72 (114) > [49] : 0x00 (0) > [50] : 0x76 (118) > [51] : 0x00 (0) > [52] : 0x69 (105) > [53] : 0x00 (0) > [54] : 0x63 (99) > [55] : 0x00 (0) > [56] : 0x65 (101) > [57] : 0x00 (0) > [58] : 0x20 (32) > [59] : 0x00 (0) > [60] : 0x28 (40) > [61] : 0x00 (0) > [62] : 0x57 (87) > [63] : 0x00 (0) > [64] : 0x49 (73) > [65] : 0x00 (0) > [66] : 0x4e (78) > [67] : 0x00 (0) > [68] : 0x53 (83) > [69] : 0x00 (0) > [70] : 0x29 (41) > [71] : 0x00 (0) > [72] : 0x00 (0) > [73] : 0x00 (0) > size : 0x0000004a (74) >[2012/06/27 17:22:52.428947, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 09 00 00 00 00 00 00 00 EA 4F EC D0 ........ .....O.. > [0010] 0E 18 00 00 .... >[2012/06/27 17:22:52.429061, 8] rpc_server/winreg/srv_winreg_nt.c:812(_winreg_SetValue) > _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\WINS:DisplayName] >[2012/06/27 17:22:52.429117, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_SetValue: struct winreg_SetValue > out: struct winreg_SetValue > result : WERR_OK >[2012/06/27 17:22:52.429264, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_SetValue: struct winreg_SetValue > in: struct winreg_SetValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000009-0000-0000-ea4f-ecd00e180000 > name: struct winreg_String > name_len : 0x0014 (20) > name_size : 0x0014 (20) > name : * > name : 'ImagePath' > type : REG_SZ (1) > data : * > data: ARRAY(84) > [0] : 0x2f (47) > [1] : 0x00 (0) > [2] : 0x6f (111) > [3] : 0x00 (0) > [4] : 0x70 (112) > [5] : 0x00 (0) > [6] : 0x74 (116) > [7] : 0x00 (0) > [8] : 0x2f (47) > [9] : 0x00 (0) > [10] : 0x63 (99) > [11] : 0x00 (0) > [12] : 0x65 (101) > [13] : 0x00 (0) > [14] : 0x6e (110) > [15] : 0x00 (0) > [16] : 0x74 (116) > [17] : 0x00 (0) > [18] : 0x72 (114) > [19] : 0x00 (0) > [20] : 0x69 (105) > [21] : 0x00 (0) > [22] : 0x66 (102) > [23] : 0x00 (0) > [24] : 0x79 (121) > [25] : 0x00 (0) > [26] : 0x2f (47) > [27] : 0x00 (0) > [28] : 0x73 (115) > [29] : 0x00 (0) > [30] : 0x61 (97) > [31] : 0x00 (0) > [32] : 0x6d (109) > [33] : 0x00 (0) > [34] : 0x62 (98) > [35] : 0x00 (0) > [36] : 0x61 (97) > [37] : 0x00 (0) > [38] : 0x2f (47) > [39] : 0x00 (0) > [40] : 0x6c (108) > [41] : 0x00 (0) > [42] : 0x69 (105) > [43] : 0x00 (0) > [44] : 0x62 (98) > [45] : 0x00 (0) > [46] : 0x2f (47) > [47] : 0x00 (0) > [48] : 0x73 (115) > [49] : 0x00 (0) > [50] : 0x61 (97) > [51] : 0x00 (0) > [52] : 0x6d (109) > [53] : 0x00 (0) > [54] : 0x62 (98) > [55] : 0x00 (0) > [56] : 0x61 (97) > [57] : 0x00 (0) > [58] : 0x2f (47) > [59] : 0x00 (0) > [60] : 0x73 (115) > [61] : 0x00 (0) > [62] : 0x76 (118) > [63] : 0x00 (0) > [64] : 0x63 (99) > [65] : 0x00 (0) > [66] : 0x63 (99) > [67] : 0x00 (0) > [68] : 0x74 (116) > [69] : 0x00 (0) > [70] : 0x6c (108) > [71] : 0x00 (0) > [72] : 0x2f (47) > [73] : 0x00 (0) > [74] : 0x6e (110) > [75] : 0x00 (0) > [76] : 0x6d (109) > [77] : 0x00 (0) > [78] : 0x62 (98) > [79] : 0x00 (0) > [80] : 0x64 (100) > [81] : 0x00 (0) > [82] : 0x00 (0) > [83] : 0x00 (0) > size : 0x00000054 (84) >[2012/06/27 17:22:52.431446, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 09 00 00 00 00 00 00 00 EA 4F EC D0 ........ .....O.. > [0010] 0E 18 00 00 .... >[2012/06/27 17:22:52.431559, 8] rpc_server/winreg/srv_winreg_nt.c:812(_winreg_SetValue) > _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\WINS:ImagePath] >[2012/06/27 17:22:52.431617, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_SetValue: struct winreg_SetValue > out: struct winreg_SetValue > result : WERR_OK >[2012/06/27 17:22:52.431755, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_SetValue: struct winreg_SetValue > in: struct winreg_SetValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000009-0000-0000-ea4f-ecd00e180000 > name: struct winreg_String > name_len : 0x0018 (24) > name_size : 0x0018 (24) > name : * > name : 'Description' > type : REG_SZ (1) > data : * > data: ARRAY(178) > [0] : 0x49 (73) > [1] : 0x00 (0) > [2] : 0x6e (110) > [3] : 0x00 (0) > [4] : 0x74 (116) > [5] : 0x00 (0) > [6] : 0x65 (101) > [7] : 0x00 (0) > [8] : 0x72 (114) > [9] : 0x00 (0) > [10] : 0x6e (110) > [11] : 0x00 (0) > [12] : 0x61 (97) > [13] : 0x00 (0) > [14] : 0x6c (108) > [15] : 0x00 (0) > [16] : 0x20 (32) > [17] : 0x00 (0) > [18] : 0x73 (115) > [19] : 0x00 (0) > [20] : 0x65 (101) > [21] : 0x00 (0) > [22] : 0x72 (114) > [23] : 0x00 (0) > [24] : 0x76 (118) > [25] : 0x00 (0) > [26] : 0x69 (105) > [27] : 0x00 (0) > [28] : 0x63 (99) > [29] : 0x00 (0) > [30] : 0x65 (101) > [31] : 0x00 (0) > [32] : 0x20 (32) > [33] : 0x00 (0) > [34] : 0x70 (112) > [35] : 0x00 (0) > [36] : 0x72 (114) > [37] : 0x00 (0) > [38] : 0x6f (111) > [39] : 0x00 (0) > [40] : 0x76 (118) > [41] : 0x00 (0) > [42] : 0x69 (105) > [43] : 0x00 (0) > [44] : 0x64 (100) > [45] : 0x00 (0) > [46] : 0x69 (105) > [47] : 0x00 (0) > [48] : 0x6e (110) > [49] : 0x00 (0) > [50] : 0x67 (103) > [51] : 0x00 (0) > [52] : 0x20 (32) > [53] : 0x00 (0) > [54] : 0x61 (97) > [55] : 0x00 (0) > [56] : 0x20 (32) > [57] : 0x00 (0) > [58] : 0x4e (78) > [59] : 0x00 (0) > [60] : 0x65 (101) > [61] : 0x00 (0) > [62] : 0x74 (116) > [63] : 0x00 (0) > [64] : 0x42 (66) > [65] : 0x00 (0) > [66] : 0x49 (73) > [67] : 0x00 (0) > [68] : 0x4f (79) > [69] : 0x00 (0) > [70] : 0x53 (83) > [71] : 0x00 (0) > [72] : 0x20 (32) > [73] : 0x00 (0) > [74] : 0x70 (112) > [75] : 0x00 (0) > [76] : 0x6f (111) > [77] : 0x00 (0) > [78] : 0x69 (105) > [79] : 0x00 (0) > [80] : 0x6e (110) > [81] : 0x00 (0) > [82] : 0x74 (116) > [83] : 0x00 (0) > [84] : 0x2d (45) > [85] : 0x00 (0) > [86] : 0x74 (116) > [87] : 0x00 (0) > [88] : 0x6f (111) > [89] : 0x00 (0) > [90] : 0x2d (45) > [91] : 0x00 (0) > [92] : 0x70 (112) > [93] : 0x00 (0) > [94] : 0x6f (111) > [95] : 0x00 (0) > [96] : 0x69 (105) > [97] : 0x00 (0) > [98] : 0x6e (110) > [99] : 0x00 (0) > [100] : 0x74 (116) > [101] : 0x00 (0) > [102] : 0x20 (32) > [103] : 0x00 (0) > [104] : 0x6e (110) > [105] : 0x00 (0) > [106] : 0x61 (97) > [107] : 0x00 (0) > [108] : 0x6d (109) > [109] : 0x00 (0) > [110] : 0x65 (101) > [111] : 0x00 (0) > [112] : 0x20 (32) > [113] : 0x00 (0) > [114] : 0x73 (115) > [115] : 0x00 (0) > [116] : 0x65 (101) > [117] : 0x00 (0) > [118] : 0x72 (114) > [119] : 0x00 (0) > [120] : 0x76 (118) > [121] : 0x00 (0) > [122] : 0x65 (101) > [123] : 0x00 (0) > [124] : 0x72 (114) > [125] : 0x00 (0) > [126] : 0x28 (40) > [127] : 0x00 (0) > [128] : 0x6e (110) > [129] : 0x00 (0) > [130] : 0x6f (111) > [131] : 0x00 (0) > [132] : 0x74 (116) > [133] : 0x00 (0) > [134] : 0x20 (32) > [135] : 0x00 (0) > [136] : 0x72 (114) > [137] : 0x00 (0) > [138] : 0x65 (101) > [139] : 0x00 (0) > [140] : 0x6d (109) > [141] : 0x00 (0) > [142] : 0x6f (111) > [143] : 0x00 (0) > [144] : 0x74 (116) > [145] : 0x00 (0) > [146] : 0x65 (101) > [147] : 0x00 (0) > [148] : 0x6c (108) > [149] : 0x00 (0) > [150] : 0x79 (121) > [151] : 0x00 (0) > [152] : 0x20 (32) > [153] : 0x00 (0) > [154] : 0x6d (109) > [155] : 0x00 (0) > [156] : 0x61 (97) > [157] : 0x00 (0) > [158] : 0x6e (110) > [159] : 0x00 (0) > [160] : 0x61 (97) > [161] : 0x00 (0) > [162] : 0x67 (103) > [163] : 0x00 (0) > [164] : 0x65 (101) > [165] : 0x00 (0) > [166] : 0x61 (97) > [167] : 0x00 (0) > [168] : 0x62 (98) > [169] : 0x00 (0) > [170] : 0x6c (108) > [171] : 0x00 (0) > [172] : 0x65 (101) > [173] : 0x00 (0) > [174] : 0x29 (41) > [175] : 0x00 (0) > [176] : 0x00 (0) > [177] : 0x00 (0) > size : 0x000000b2 (178) >[2012/06/27 17:22:52.435916, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 09 00 00 00 00 00 00 00 EA 4F EC D0 ........ .....O.. > [0010] 0E 18 00 00 .... >[2012/06/27 17:22:52.436029, 8] rpc_server/winreg/srv_winreg_nt.c:812(_winreg_SetValue) > _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\WINS:Description] >[2012/06/27 17:22:52.436085, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_SetValue: struct winreg_SetValue > out: struct winreg_SetValue > result : WERR_OK >[2012/06/27 17:22:52.436241, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > in: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000009-0000-0000-ea4f-ecd00e180000 >[2012/06/27 17:22:52.436457, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 09 00 00 00 00 00 00 00 EA 4F EC D0 ........ .....O.. > [0010] 0E 18 00 00 .... >[2012/06/27 17:22:52.436577, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 09 00 00 00 00 00 00 00 EA 4F EC D0 ........ .....O.. > [0010] 0E 18 00 00 .... >[2012/06/27 17:22:52.436682, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/06/27 17:22:52.436733, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (4->3) >[2012/06/27 17:22:52.436785, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > out: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000000-0000-0000-0000-000000000000 > result : WERR_OK >[2012/06/27 17:22:52.436998, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CreateKey: struct winreg_CreateKey > in: struct winreg_CreateKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000001-0000-0000-ea4f-ecd00e180000 > name: struct winreg_String > name_len : 0x0060 (96) > name_size : 0x0060 (96) > name : * > name : 'SYSTEM\CurrentControlSet\Services\WINS\Security' > keyclass: struct winreg_String > name_len : 0x0002 (2) > name_size : 0x0002 (2) > name : * > name : '' > options : 0x00000000 (0) > 0: REG_OPTION_VOLATILE > 0: REG_OPTION_CREATE_LINK > 0: REG_OPTION_BACKUP_RESTORE > 0: REG_OPTION_OPEN_LINK > access_mask : 0x02000000 (33554432) > 0: KEY_QUERY_VALUE > 0: KEY_SET_VALUE > 0: KEY_CREATE_SUB_KEY > 0: KEY_ENUMERATE_SUB_KEYS > 0: KEY_NOTIFY > 0: KEY_CREATE_LINK > 0: KEY_WOW64_64KEY > 0: KEY_WOW64_32KEY > secdesc : NULL > action_taken : * > action_taken : REG_OPENED_EXISTING_KEY (2) >[2012/06/27 17:22:52.437752, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[1] [0000] 00 00 00 00 01 00 00 00 00 00 00 00 EA 4F EC D0 ........ .....O.. > [0010] 0E 18 00 00 .... >[2012/06/27 17:22:52.437862, 10] rpc_server/winreg/srv_winreg_nt.c:782(_winreg_CreateKey) > _winreg_CreateKey called with parent key 'HKLM' and subkey name 'SYSTEM\CurrentControlSet\Services\WINS\Security' >[2012/06/27 17:22:52.437925, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [SYSTEM] >[2012/06/27 17:22:52.437980, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (3->4) >[2012/06/27 17:22:52.438036, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SYSTEM] >[2012/06/27 17:22:52.438084, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SYSTEM] >[2012/06/27 17:22:52.438135, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/06/27 17:22:52.438183, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0xb780c7e0 for key [\HKLM\SYSTEM] >[2012/06/27 17:22:52.438258, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [CurrentControlSet] >[2012/06/27 17:22:52.438323, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (4->5) >[2012/06/27 17:22:52.438380, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet] >[2012/06/27 17:22:52.438427, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet] >[2012/06/27 17:22:52.438478, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/06/27 17:22:52.438536, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0xb780c7e0 for key [\HKLM\SYSTEM\CurrentControlSet] >[2012/06/27 17:22:52.438628, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (5->4) >[2012/06/27 17:22:52.438686, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Services] >[2012/06/27 17:22:52.438739, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (4->5) >[2012/06/27 17:22:52.438794, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services] >[2012/06/27 17:22:52.438842, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services] >[2012/06/27 17:22:52.438893, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/06/27 17:22:52.438940, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0xb780c7e0 for key [\HKLM\SYSTEM\CurrentControlSet\Services] >[2012/06/27 17:22:52.439022, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (5->4) >[2012/06/27 17:22:52.439078, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [WINS] >[2012/06/27 17:22:52.439129, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (4->5) >[2012/06/27 17:22:52.439209, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services\WINS] >[2012/06/27 17:22:52.439258, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services\WINS] >[2012/06/27 17:22:52.439309, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/06/27 17:22:52.439379, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0xb780c7e0 for key [\HKLM\SYSTEM\CurrentControlSet\Services\WINS] >[2012/06/27 17:22:52.439458, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (5->4) >[2012/06/27 17:22:52.439513, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Security] >[2012/06/27 17:22:52.439565, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (4->5) >[2012/06/27 17:22:52.439620, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services\WINS\Security] >[2012/06/27 17:22:52.439669, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services\WINS\Security] >[2012/06/27 17:22:52.439719, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/06/27 17:22:52.439765, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0xb780c7e0 for key [\HKLM\SYSTEM\CurrentControlSet\Services\WINS\Security] >[2012/06/27 17:22:52.439827, 10] registry/reg_backend_db.c:1630(regdb_fetch_keys_internal) > regdb_fetch_keys: no subkeys found for key [HKLM\SYSTEM\CurrentControlSet\Services\WINS\Security] >[2012/06/27 17:22:52.439880, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (5->4) >[2012/06/27 17:22:52.439932, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[3] [0000] 00 00 00 00 0A 00 00 00 00 00 00 00 EA 4F EC D0 ........ .....O.. > [0010] 0E 18 00 00 .... >[2012/06/27 17:22:52.440042, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CreateKey: struct winreg_CreateKey > out: struct winreg_CreateKey > new_handle : * > new_handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000000a-0000-0000-ea4f-ecd00e180000 > action_taken : * > action_taken : REG_OPENED_EXISTING_KEY (2) > result : WERR_OK >[2012/06/27 17:22:52.440303, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_SetValue: struct winreg_SetValue > in: struct winreg_SetValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000000a-0000-0000-ea4f-ecd00e180000 > name: struct winreg_String > name_len : 0x0012 (18) > name_size : 0x0012 (18) > name : * > name : 'Security' > type : REG_BINARY (3) > data : * > data: ARRAY(120) > [0] : 0x01 (1) > [1] : 0x00 (0) > [2] : 0x04 (4) > [3] : 0x80 (128) > [4] : 0x00 (0) > [5] : 0x00 (0) > [6] : 0x00 (0) > [7] : 0x00 (0) > [8] : 0x00 (0) > [9] : 0x00 (0) > [10] : 0x00 (0) > [11] : 0x00 (0) > [12] : 0x00 (0) > [13] : 0x00 (0) > [14] : 0x00 (0) > [15] : 0x00 (0) > [16] : 0x14 (20) > [17] : 0x00 (0) > [18] : 0x00 (0) > [19] : 0x00 (0) > [20] : 0x02 (2) > [21] : 0x00 (0) > [22] : 0x64 (100) > [23] : 0x00 (0) > [24] : 0x04 (4) > [25] : 0x00 (0) > [26] : 0x00 (0) > [27] : 0x00 (0) > [28] : 0x00 (0) > [29] : 0x00 (0) > [30] : 0x14 (20) > [31] : 0x00 (0) > [32] : 0x8d (141) > [33] : 0x01 (1) > [34] : 0x02 (2) > [35] : 0x00 (0) > [36] : 0x01 (1) > [37] : 0x01 (1) > [38] : 0x00 (0) > [39] : 0x00 (0) > [40] : 0x00 (0) > [41] : 0x00 (0) > [42] : 0x00 (0) > [43] : 0x01 (1) > [44] : 0x00 (0) > [45] : 0x00 (0) > [46] : 0x00 (0) > [47] : 0x00 (0) > [48] : 0x00 (0) > [49] : 0x00 (0) > [50] : 0x18 (24) > [51] : 0x00 (0) > [52] : 0xfd (253) > [53] : 0x01 (1) > [54] : 0x02 (2) > [55] : 0x00 (0) > [56] : 0x01 (1) > [57] : 0x02 (2) > [58] : 0x00 (0) > [59] : 0x00 (0) > [60] : 0x00 (0) > [61] : 0x00 (0) > [62] : 0x00 (0) > [63] : 0x05 (5) > [64] : 0x20 (32) > [65] : 0x00 (0) > [66] : 0x00 (0) > [67] : 0x00 (0) > [68] : 0x23 (35) > [69] : 0x02 (2) > [70] : 0x00 (0) > [71] : 0x00 (0) > [72] : 0x00 (0) > [73] : 0x00 (0) > [74] : 0x18 (24) > [75] : 0x00 (0) > [76] : 0xff (255) > [77] : 0x01 (1) > [78] : 0x0f (15) > [79] : 0x00 (0) > [80] : 0x01 (1) > [81] : 0x02 (2) > [82] : 0x00 (0) > [83] : 0x00 (0) > [84] : 0x00 (0) > [85] : 0x00 (0) > [86] : 0x00 (0) > [87] : 0x05 (5) > [88] : 0x20 (32) > [89] : 0x00 (0) > [90] : 0x00 (0) > [91] : 0x00 (0) > [92] : 0x25 (37) > [93] : 0x02 (2) > [94] : 0x00 (0) > [95] : 0x00 (0) > [96] : 0x00 (0) > [97] : 0x00 (0) > [98] : 0x18 (24) > [99] : 0x00 (0) > [100] : 0xff (255) > [101] : 0x01 (1) > [102] : 0x0f (15) > [103] : 0x00 (0) > [104] : 0x01 (1) > [105] : 0x02 (2) > [106] : 0x00 (0) > [107] : 0x00 (0) > [108] : 0x00 (0) > [109] : 0x00 (0) > [110] : 0x00 (0) > [111] : 0x05 (5) > [112] : 0x20 (32) > [113] : 0x00 (0) > [114] : 0x00 (0) > [115] : 0x00 (0) > [116] : 0x20 (32) > [117] : 0x02 (2) > [118] : 0x00 (0) > [119] : 0x00 (0) > size : 0x00000078 (120) >[2012/06/27 17:22:52.443277, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 0A 00 00 00 00 00 00 00 EA 4F EC D0 ........ .....O.. > [0010] 0E 18 00 00 .... >[2012/06/27 17:22:52.443392, 8] rpc_server/winreg/srv_winreg_nt.c:812(_winreg_SetValue) > _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\WINS\Security:Security] >[2012/06/27 17:22:52.443446, 10] registry/reg_dispatcher.c:150(fetch_reg_values) > fetch_reg_values called for key 'HKLM\SYSTEM\CurrentControlSet\Services\WINS\Security' (ops 0xb780c7e0) >[2012/06/27 17:22:52.443499, 10] registry/reg_backend_db.c:1764(regdb_fetch_values_internal) > regdb_fetch_values: Looking for value of key [HKLM\SYSTEM\CurrentControlSet\Services\WINS\Security] >[2012/06/27 17:22:52.443569, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) > specific: [Security], len: 120 >[2012/06/27 17:22:52.443624, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_SetValue: struct winreg_SetValue > out: struct winreg_SetValue > result : WERR_OK >[2012/06/27 17:22:52.443739, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > in: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000000a-0000-0000-ea4f-ecd00e180000 >[2012/06/27 17:22:52.443905, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 0A 00 00 00 00 00 00 00 EA 4F EC D0 ........ .....O.. > [0010] 0E 18 00 00 .... >[2012/06/27 17:22:52.444011, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 0A 00 00 00 00 00 00 00 EA 4F EC D0 ........ .....O.. > [0010] 0E 18 00 00 .... >[2012/06/27 17:22:52.444114, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/06/27 17:22:52.444163, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (4->3) >[2012/06/27 17:22:52.444212, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > out: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000000-0000-0000-0000-000000000000 > result : WERR_OK >[2012/06/27 17:22:52.444411, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > in: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000002-0000-0000-ea4f-ecd00e180000 >[2012/06/27 17:22:52.444605, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 02 00 00 00 00 00 00 00 EA 4F EC D0 ........ .....O.. > [0010] 0E 18 00 00 .... >[2012/06/27 17:22:52.444716, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 02 00 00 00 00 00 00 00 EA 4F EC D0 ........ .....O.. > [0010] 0E 18 00 00 .... >[2012/06/27 17:22:52.444821, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/06/27 17:22:52.444884, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (3->2) >[2012/06/27 17:22:52.444947, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > out: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000000-0000-0000-0000-000000000000 > result : WERR_OK >[2012/06/27 17:22:52.445151, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (2->1) >[2012/06/27 17:22:52.445257, 3] rpc_server/eventlog/srv_eventlog_reg.c:59(eventlog_init_winreg) > Initialise the eventlog registry keys if needed. >[2012/06/27 17:22:52.445331, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) > Create pipe requested \winreg >[2012/06/27 17:22:52.445413, 10] rpc_server/rpc_handles.c:133(init_pipe_handles) > init_pipe_handle_list: pipe_handles ref count = 2 for pipe \winreg >[2012/06/27 17:22:52.445479, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) > Created internal pipe \winreg (pipes_open=0) >[2012/06/27 17:22:52.445546, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_OpenHKLM: struct winreg_OpenHKLM > in: struct winreg_OpenHKLM > system_name : NULL > access_mask : 0x02000000 (33554432) > 0: KEY_QUERY_VALUE > 0: KEY_SET_VALUE > 0: KEY_CREATE_SUB_KEY > 0: KEY_ENUMERATE_SUB_KEYS > 0: KEY_NOTIFY > 0: KEY_CREATE_LINK > 0: KEY_WOW64_64KEY > 0: KEY_WOW64_32KEY >[2012/06/27 17:22:52.445868, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [HKLM] >[2012/06/27 17:22:52.445932, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (1->2) >[2012/06/27 17:22:52.445986, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM] >[2012/06/27 17:22:52.446034, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM] >[2012/06/27 17:22:52.446084, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/06/27 17:22:52.446130, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0xb780c7e0 for key [\HKLM] >[2012/06/27 17:22:52.446206, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[2] [0000] 00 00 00 00 0B 00 00 00 00 00 00 00 EA 4F EC D0 ........ .....O.. > [0010] 0E 18 00 00 .... >[2012/06/27 17:22:52.446318, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_OpenHKLM: struct winreg_OpenHKLM > out: struct winreg_OpenHKLM > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000000b-0000-0000-ea4f-ecd00e180000 > result : WERR_OK >[2012/06/27 17:22:52.446643, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_OpenKey: struct winreg_OpenKey > in: struct winreg_OpenKey > parent_handle : * > parent_handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000000b-0000-0000-ea4f-ecd00e180000 > keyname: struct winreg_String > name_len : 0x0056 (86) > name_size : 0x0056 (86) > name : * > name : 'SYSTEM\CurrentControlSet\Services\Eventlog' > options : 0x00000000 (0) > 0: REG_OPTION_VOLATILE > 0: REG_OPTION_CREATE_LINK > 0: REG_OPTION_BACKUP_RESTORE > 0: REG_OPTION_OPEN_LINK > access_mask : 0x02000000 (33554432) > 0: KEY_QUERY_VALUE > 0: KEY_SET_VALUE > 0: KEY_CREATE_SUB_KEY > 0: KEY_ENUMERATE_SUB_KEYS > 0: KEY_NOTIFY > 0: KEY_CREATE_LINK > 0: KEY_WOW64_64KEY > 0: KEY_WOW64_32KEY >[2012/06/27 17:22:52.447207, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 0B 00 00 00 00 00 00 00 EA 4F EC D0 ........ .....O.. > [0010] 0E 18 00 00 .... >[2012/06/27 17:22:52.447316, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [SYSTEM] >[2012/06/27 17:22:52.447390, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (2->3) >[2012/06/27 17:22:52.447448, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SYSTEM] >[2012/06/27 17:22:52.447497, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SYSTEM] >[2012/06/27 17:22:52.447547, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/06/27 17:22:52.447594, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0xb780c7e0 for key [\HKLM\SYSTEM] >[2012/06/27 17:22:52.447671, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [CurrentControlSet] >[2012/06/27 17:22:52.447730, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (3->4) >[2012/06/27 17:22:52.447785, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet] >[2012/06/27 17:22:52.447833, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet] >[2012/06/27 17:22:52.447883, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/06/27 17:22:52.447931, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0xb780c7e0 for key [\HKLM\SYSTEM\CurrentControlSet] >[2012/06/27 17:22:52.448007, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (4->3) >[2012/06/27 17:22:52.448063, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Services] >[2012/06/27 17:22:52.448114, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (3->4) >[2012/06/27 17:22:52.448169, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services] >[2012/06/27 17:22:52.448217, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services] >[2012/06/27 17:22:52.448274, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/06/27 17:22:52.448334, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0xb780c7e0 for key [\HKLM\SYSTEM\CurrentControlSet\Services] >[2012/06/27 17:22:52.448447, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (4->3) >[2012/06/27 17:22:52.448507, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Eventlog] >[2012/06/27 17:22:52.448560, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (3->4) >[2012/06/27 17:22:52.448616, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services\Eventlog] >[2012/06/27 17:22:52.448701, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services\Eventlog] >[2012/06/27 17:22:52.448762, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/06/27 17:22:52.448811, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0xb780c7e0 for key [\HKLM\SYSTEM\CurrentControlSet\Services\Eventlog] >[2012/06/27 17:22:52.448894, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (4->3) >[2012/06/27 17:22:52.448951, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[3] [0000] 00 00 00 00 0C 00 00 00 00 00 00 00 EA 4F EC D0 ........ .....O.. > [0010] 0E 18 00 00 .... >[2012/06/27 17:22:52.449057, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_OpenKey: struct winreg_OpenKey > out: struct winreg_OpenKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000000c-0000-0000-ea4f-ecd00e180000 > result : WERR_OK >[2012/06/27 17:22:52.449283, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_QueryInfoKey: struct winreg_QueryInfoKey > in: struct winreg_QueryInfoKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000000c-0000-0000-ea4f-ecd00e180000 > classname : * > classname: struct winreg_String > name_len : 0x0000 (0) > name_size : 0x0000 (0) > name : NULL >[2012/06/27 17:22:52.449584, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 0C 00 00 00 00 00 00 00 EA 4F EC D0 ........ .....O.. > [0010] 0E 18 00 00 .... >[2012/06/27 17:22:52.449762, 10] registry/reg_dispatcher.c:150(fetch_reg_values) > fetch_reg_values called for key 'HKLM\SYSTEM\CurrentControlSet\Services\Eventlog' (ops 0xb780c7e0) >[2012/06/27 17:22:52.449822, 10] registry/reg_backend_db.c:1764(regdb_fetch_values_internal) > regdb_fetch_values: Looking for value of key [HKLM\SYSTEM\CurrentControlSet\Services\Eventlog] >[2012/06/27 17:22:52.449896, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) > specific: [DisplayName], len: 20 >[2012/06/27 17:22:52.449953, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) > specific: [ErrorControl], len: 4 >[2012/06/27 17:22:52.450006, 10] registry/reg_backend_db.c:1871(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM\CurrentControlSet\Services\Eventlog] >[2012/06/27 17:22:52.450081, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_QueryInfoKey: struct winreg_QueryInfoKey > out: struct winreg_QueryInfoKey > classname : * > classname: struct winreg_String > name_len : 0x0000 (0) > name_size : 0x0000 (0) > name : NULL > num_subkeys : * > num_subkeys : 0x00000000 (0) > max_subkeylen : * > max_subkeylen : 0x00000000 (0) > max_classlen : * > max_classlen : 0x00000000 (0) > num_values : * > num_values : 0x00000002 (2) > max_valnamelen : * > max_valnamelen : 0x0000001a (26) > max_valbufsize : * > max_valbufsize : 0x00000014 (20) > secdescsize : * > secdescsize : 0x00000078 (120) > last_changed_time : * > last_changed_time : NTTIME(0) > result : WERR_OK >[2012/06/27 17:22:52.450642, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > in: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000000c-0000-0000-ea4f-ecd00e180000 >[2012/06/27 17:22:52.450821, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 0C 00 00 00 00 00 00 00 EA 4F EC D0 ........ .....O.. > [0010] 0E 18 00 00 .... >[2012/06/27 17:22:52.450929, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 0C 00 00 00 00 00 00 00 EA 4F EC D0 ........ .....O.. > [0010] 0E 18 00 00 .... >[2012/06/27 17:22:52.451033, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/06/27 17:22:52.451083, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (3->2) >[2012/06/27 17:22:52.451133, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > out: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000000-0000-0000-0000-000000000000 > result : WERR_OK >[2012/06/27 17:22:52.451404, 3] printing/pcap.c:138(pcap_cache_reload) > reloading printcap cache >[2012/06/27 17:22:52.451484, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) > Locking key 5052494E5445524C4953 >[2012/06/27 17:22:52.451555, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) > Allocated locked data 0x0xb792f370 >[2012/06/27 17:22:52.451700, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) > Unlocking key 5052494E5445524C4953 >[2012/06/27 17:22:52.451821, 5] printing/print_cups.c:408(cups_pcap_load_async) > cups_pcap_load_async: asynchronously loading cups printers >[2012/06/27 17:22:52.452111, 10] printing/print_cups.c:425(cups_pcap_load_async) > cups_pcap_load_async: child pid = 6162 >[2012/06/27 17:22:52.452228, 10] printing/print_cups.c:545(cups_cache_reload) > cups_cache_reload: async read on fd 28 >[2012/06/27 17:22:52.452313, 3] printing/pcap.c:189(pcap_cache_reload) > reload status: ok >[2012/06/27 17:22:52.452405, 3] printing/printing.c:1644(start_background_queue) > start_background_queue: Starting background LPQ thread >[2012/06/27 17:22:52.452882, 3] ../lib/util/util_net.c:70(interpret_string_addr_internal) > interpret_string_addr_internal: getaddrinfo failed for name :: [Address family for hostname not supported] >[2012/06/27 17:22:52.453009, 3] ../lib/util/util_net.c:70(interpret_string_addr_internal) > interpret_string_addr_internal: getaddrinfo failed for name :: [Address family for hostname not supported] >[2012/06/27 17:22:52.453149, 10] lib/util_sock.c:680(open_socket_in) > bind succeeded on port 445 >[2012/06/27 17:22:52.453228, 5] lib/util_sock.c:165(print_socket_options) > Socket options: > SO_KEEPALIVE = 1 > SO_REUSEADDR = 1 > SO_BROADCAST = 0 > TCP_NODELAY = 0 > TCP_KEEPCNT = 9 > TCP_KEEPIDLE = 7200 > TCP_KEEPINTVL = 75 > IPTOS_LOWDELAY = 0 > IPTOS_THROUGHPUT = 0 > SO_SNDBUF = 16384 > SO_RCVBUF = 87380 > SO_SNDLOWAT = 1 > SO_RCVLOWAT = 1 > SO_SNDTIMEO = 0 > SO_RCVTIMEO = 0 > TCP_QUICKACK = 1 >[2012/06/27 17:22:52.453663, 5] lib/util_sock.c:165(print_socket_options) > Socket options: > SO_KEEPALIVE = 1 > SO_REUSEADDR = 1 > SO_BROADCAST = 0 > TCP_NODELAY = 1 > TCP_KEEPCNT = 9 > TCP_KEEPIDLE = 7200 > TCP_KEEPINTVL = 75 > IPTOS_LOWDELAY = 0 > IPTOS_THROUGHPUT = 0 > SO_SNDBUF = 16384 > SO_RCVBUF = 87380 > SO_SNDLOWAT = 1 > SO_RCVLOWAT = 1 > SO_SNDTIMEO = 0 > SO_RCVTIMEO = 0 > TCP_QUICKACK = 1 >[2012/06/27 17:22:52.454133, 10] lib/util_sock.c:680(open_socket_in) > bind succeeded on port 139 >[2012/06/27 17:22:52.454202, 5] lib/util_sock.c:165(print_socket_options) > Socket options: > SO_KEEPALIVE = 1 > SO_REUSEADDR = 1 > SO_BROADCAST = 0 > TCP_NODELAY = 0 > TCP_KEEPCNT = 9 > TCP_KEEPIDLE = 7200 > TCP_KEEPINTVL = 75 > IPTOS_LOWDELAY = 0 > IPTOS_THROUGHPUT = 0 > SO_SNDBUF = 16384 > SO_RCVBUF = 87380 > SO_SNDLOWAT = 1 > SO_RCVLOWAT = 1 > SO_SNDTIMEO = 0 > SO_RCVTIMEO = 0 > TCP_QUICKACK = 1 >[2012/06/27 17:22:52.454609, 5] lib/util_sock.c:165(print_socket_options) > Socket options: > SO_KEEPALIVE = 1 > SO_REUSEADDR = 1 > SO_BROADCAST = 0 > TCP_NODELAY = 1 > TCP_KEEPCNT = 9 > TCP_KEEPIDLE = 7200 > TCP_KEEPINTVL = 75 > IPTOS_LOWDELAY = 0 > IPTOS_THROUGHPUT = 0 > SO_SNDBUF = 16384 > SO_RCVBUF = 87380 > SO_SNDLOWAT = 1 > SO_RCVLOWAT = 1 > SO_SNDTIMEO = 0 > SO_RCVTIMEO = 0 > TCP_QUICKACK = 1 >[2012/06/27 17:22:52.455006, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) > Locking key 0E180000FFFFFFFF >[2012/06/27 17:22:52.455068, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) > Allocated locked data 0x0xb792fac8 >[2012/06/27 17:22:52.455142, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) > Unlocking key 0E180000FFFFFFFF >[2012/06/27 17:22:52.455214, 10] smbd/process.c:920(event_add_idle) > event_add_idle: idle_evt(parent_housekeeping) 0xb792d4d8 >[2012/06/27 17:22:52.455279, 5] lib/messages.c:300(messaging_register) > Overriding messaging pointer for type 1 - private_data=(nil) >[2012/06/27 17:22:52.455418, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (2->1) >[2012/06/27 17:22:52.455500, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (1->0) >[2012/06/27 17:22:52.455568, 10] rpc_server/rpc_handles.c:307(close_policy_by_pipe) > close_policy_by_pipe: deleted handle list for pipe \winreg >[2012/06/27 17:22:52.455678, 2] smbd/server.c:839(smbd_parent_loop) > waiting for connections >[2012/06/27 17:22:52.455861, 5] printing/printing.c:1667(start_background_queue) > start_background_queue: background LPQ thread started >[2012/06/27 17:22:52.456186, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) > Locking key 13180000FFFFFFFF >[2012/06/27 17:22:52.456265, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) > Allocated locked data 0x0xb792fa90 >[2012/06/27 17:22:52.456335, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) > Unlocking key 13180000FFFFFFFF >[2012/06/27 17:22:52.456405, 5] printing/printing.c:1703(start_background_queue) > start_background_queue: background LPQ thread waiting for messages >[2012/06/27 17:22:52.456757, 5] printing/print_cups.c:277(cups_cache_reload_async) > reloading cups printcap cache >[2012/06/27 17:22:52.457491, 10] printing/print_cups.c:89(cups_connect) > connecting to cups server /var/run/cups/cups.sock:631 >[2012/06/27 17:22:52.462012, 5] printing/print_cups.c:471(cups_async_callback) > cups_async_callback: callback received for printer data. fd = 28 >[2012/06/27 17:22:52.462134, 10] printing/print_cups.c:155(recv_pcap_blob) > successfully recvd blob of len 12 >[2012/06/27 17:22:52.462237, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) > Locking key 5052494E5445524C4953 >[2012/06/27 17:22:52.462329, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) > Allocated locked data 0x0xb7929448 >[2012/06/27 17:22:52.462396, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) > Unlocking key 5052494E5445524C4953 >[2012/06/27 17:22:52.462494, 7] param/loadparm.c:9843(lp_servicenumber) > lp_servicenumber: couldn't find printers >[2012/06/27 17:22:52.462564, 10] smbd/server_reload.c:49(reload_printers) > reloading printer services from pcap cache >[2012/06/27 17:22:52.462658, 7] param/loadparm.c:9843(lp_servicenumber) > lp_servicenumber: couldn't find printers >[2012/06/27 17:22:52.462729, 10] registry/reg_init_smbconf.c:41(registry_init_smbconf) > registry_init_smbconf called >[2012/06/27 17:22:52.462829, 10] registry/reg_backend_db.c:526(regdb_init) > regdb_init: registry db openend. refcount reset (1) >[2012/06/27 17:22:52.463174, 10] registry/reg_backend_db.c:1764(regdb_fetch_values_internal) > regdb_fetch_values: Looking for value of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Ports] >[2012/06/27 17:22:52.463281, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) > specific: [Samba Printer Port], len: 2 >[2012/06/27 17:22:52.463356, 10] registry/reg_backend_db.c:1764(regdb_fetch_values_internal) > regdb_fetch_values: Looking for value of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] >[2012/06/27 17:22:52.463433, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) > specific: [DefaultSpoolDirectory], len: 70 >[2012/06/27 17:22:52.463489, 10] registry/reg_backend_db.c:1764(regdb_fetch_values_internal) > regdb_fetch_values: Looking for value of key [HKLM\SYSTEM\CurrentControlSet\Services\Eventlog] >[2012/06/27 17:22:52.463583, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) > specific: [DisplayName], len: 20 >[2012/06/27 17:22:52.463644, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) > specific: [ErrorControl], len: 4 >[2012/06/27 17:22:52.463698, 10] registry/reg_backend_db.c:1764(regdb_fetch_values_internal) > regdb_fetch_values: Looking for value of key [HKLM\SYSTEM\CurrentControlSet\Services\Eventlog] >[2012/06/27 17:22:52.463770, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) > specific: [DisplayName], len: 20 >[2012/06/27 17:22:52.463828, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) > specific: [ErrorControl], len: 4 >[2012/06/27 17:22:52.463895, 10] registry/reg_cachehook.c:94(reghook_cache_add) > reghook_cache_add: Adding ops 0xb780c880 for key [\HKLM\SOFTWARE\Samba\smbconf] >[2012/06/27 17:22:52.463949, 8] lib/adt_tree.c:215(pathtree_add) > pathtree_add: Enter >[2012/06/27 17:22:52.464023, 10] lib/adt_tree.c:282(pathtree_add) > pathtree_add: Successfully added node [HKLM\SOFTWARE\Samba\smbconf] to tree >[2012/06/27 17:22:52.464083, 8] lib/adt_tree.c:284(pathtree_add) > pathtree_add: Exit >[2012/06/27 17:22:52.464132, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (1->0) >[2012/06/27 17:22:52.464195, 4] smbd/sec_ctx.c:214(push_sec_ctx) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >[2012/06/27 17:22:52.464249, 4] smbd/uid.c:460(push_conn_ctx) > push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >[2012/06/27 17:22:52.464299, 4] smbd/sec_ctx.c:318(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2012/06/27 17:22:52.464348, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2012/06/27 17:22:52.464396, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2012/06/27 17:22:52.464528, 4] smbd/sec_ctx.c:426(pop_sec_ctx) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2012/06/27 17:22:52.464590, 10] registry/reg_backend_db.c:602(regdb_open) > regdb_open: registry db opened. refcount reset (1) >[2012/06/27 17:22:52.464643, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [HKLM] >[2012/06/27 17:22:52.464695, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (1->2) >[2012/06/27 17:22:52.464749, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM] >[2012/06/27 17:22:52.464799, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM] >[2012/06/27 17:22:52.464850, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/06/27 17:22:52.464898, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0xb780c7e0 for key [\HKLM] >[2012/06/27 17:22:52.465001, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [SOFTWARE] >[2012/06/27 17:22:52.465062, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (2->3) >[2012/06/27 17:22:52.465117, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] >[2012/06/27 17:22:52.465166, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE] >[2012/06/27 17:22:52.465217, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/06/27 17:22:52.465271, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0xb780c7e0 for key [\HKLM\SOFTWARE] >[2012/06/27 17:22:52.465368, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Samba] >[2012/06/27 17:22:52.465435, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (3->4) >[2012/06/27 17:22:52.465491, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Samba] >[2012/06/27 17:22:52.465540, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Samba] >[2012/06/27 17:22:52.465591, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/06/27 17:22:52.465639, 10] registry/reg_cachehook.c:127(reghook_cache_find) >[2012/06/27 17:22:52.465722, 10] printing/print_cups.c:130(send_pcap_blob) > successfully sent blob of len 12 > reghook_cache_find: found ops 0xb780c7e0 for key [\HKLM\SOFTWARE\Samba] >[2012/06/27 17:22:52.466090, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (4->3) >[2012/06/27 17:22:52.466154, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [smbconf] >[2012/06/27 17:22:52.466206, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (3->4) >[2012/06/27 17:22:52.466260, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Samba\smbconf] >[2012/06/27 17:22:52.466308, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Samba\smbconf] >[2012/06/27 17:22:52.466358, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/06/27 17:22:52.466405, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0xb780c880 for key [\HKLM\SOFTWARE\Samba\smbconf] >[2012/06/27 17:22:52.466476, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (4->3) >[2012/06/27 17:22:52.466530, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (3->2) >[2012/06/27 17:22:52.466581, 5] param/loadparm.c:7293(process_registry_service) > process_registry_service: service name printers >[2012/06/27 17:22:52.466633, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [printers] >[2012/06/27 17:22:52.466683, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (2->3) >[2012/06/27 17:22:52.466736, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Samba\smbconf\printers] >[2012/06/27 17:22:52.466783, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Samba\smbconf\printers] >[2012/06/27 17:22:52.466835, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/06/27 17:22:52.466903, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0xb780c880 for key [\HKLM\SOFTWARE\Samba\smbconf\printers] >[2012/06/27 17:22:52.466974, 10] registry/reg_backend_db.c:1618(regdb_fetch_keys_internal) > key [HKLM\SOFTWARE\Samba\smbconf\printers] not found >[2012/06/27 17:22:52.467028, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (3->2) >[2012/06/27 17:22:52.467085, 7] param/loadparm.c:9843(lp_servicenumber) > lp_servicenumber: couldn't find printers >[2012/06/27 17:22:52.467139, 7] param/loadparm.c:9843(lp_servicenumber) > lp_servicenumber: couldn't find printers >[2012/06/27 17:22:52.467222, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) > Locking key 12180000FFFFFFFF >[2012/06/27 17:22:52.467286, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) > Allocated locked data 0x0xb7931b98 >[2012/06/27 17:22:52.467343, 1] lib/serverid.c:197(serverid_deregister) > Deleting serverid.tdb record failed: NT_STATUS_NOT_FOUND >[2012/06/27 17:22:52.467426, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) > Unlocking key 12180000FFFFFFFF >[2012/06/27 17:22:52.467498, 1] smbd/server.c:309(remove_child_pid) > Could not remove pid 6162 from serverid.tdb >[2012/06/27 17:22:52.467550, 1] smbd/server.c:323(remove_child_pid) > Could not find child 6162 -- ignoring >[2012/06/27 17:23:19.720555, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) > Locking key AF190000FFFFFFFF >[2012/06/27 17:23:19.720701, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) > Allocated locked data 0x0xb7926430 >[2012/06/27 17:23:19.720798, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) > Unlocking key AF190000FFFFFFFF >[2012/06/27 17:23:19.720889, 5] lib/util_sock.c:165(print_socket_options) > Socket options: > SO_KEEPALIVE = 1 > SO_REUSEADDR = 1 > SO_BROADCAST = 0 > TCP_NODELAY = 1 > TCP_KEEPCNT = 9 > TCP_KEEPIDLE = 7200 > TCP_KEEPINTVL = 75 > IPTOS_LOWDELAY = 0 > IPTOS_THROUGHPUT = 0 > SO_SNDBUF = 170840 > SO_RCVBUF = 87380 > SO_SNDLOWAT = 1 > SO_RCVLOWAT = 1 > SO_SNDTIMEO = 0 > SO_RCVTIMEO = 0 > TCP_QUICKACK = 1 >[2012/06/27 17:23:19.721219, 5] lib/util_sock.c:165(print_socket_options) > Socket options: > SO_KEEPALIVE = 1 > SO_REUSEADDR = 1 > SO_BROADCAST = 0 > TCP_NODELAY = 1 > TCP_KEEPCNT = 9 > TCP_KEEPIDLE = 7200 > TCP_KEEPINTVL = 75 > IPTOS_LOWDELAY = 0 > IPTOS_THROUGHPUT = 0 > SO_SNDBUF = 170840 > SO_RCVBUF = 87380 > SO_SNDLOWAT = 1 > SO_RCVLOWAT = 1 > SO_SNDTIMEO = 0 > SO_RCVTIMEO = 0 > TCP_QUICKACK = 1 >[2012/06/27 17:23:19.721732, 6] param/loadparm.c:7503(lp_file_list_changed) > lp_file_list_changed() > file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Wed Jun 27 17:20:45 2012 > >[2012/06/27 17:23:19.721856, 3] lib/access.c:338(allow_access) > Allowed connection from 127.0.0.1 (127.0.0.1) >[2012/06/27 17:23:19.721901, 10] smbd/process.c:3019(smbd_process) > Connection allowed from ipv4:127.0.0.1:52269 to ipv4:127.0.0.1:445 >[2012/06/27 17:23:19.721985, 3] smbd/oplock.c:922(init_oplocks) > init_oplocks: initializing messages. >[2012/06/27 17:23:19.722081, 3] smbd/oplock_linux.c:226(linux_init_kernel_oplocks) > Linux kernel oplocks enabled >[2012/06/27 17:23:19.722136, 5] lib/messages.c:332(messaging_deregister) > Deregistering messaging pointer for type 1 - private_data=(nil) >[2012/06/27 17:23:19.722195, 10] smbd/process.c:920(event_add_idle) > event_add_idle: idle_evt(keepalive) 0xb7931b80 >[2012/06/27 17:23:19.722246, 10] smbd/process.c:920(event_add_idle) > event_add_idle: idle_evt(deadtime) 0xb792da48 >[2012/06/27 17:23:19.722296, 10] smbd/process.c:920(event_add_idle) > event_add_idle: idle_evt(housekeeping) 0xb792b9a0 >[2012/06/27 17:23:19.722681, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 190 >[2012/06/27 17:23:19.722786, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0xbe >[2012/06/27 17:23:19.722843, 3] smbd/process.c:1662(process_smb) > Transaction 0 of length 194 (0 toread) >[2012/06/27 17:23:19.722888, 5] lib/util.c:332(show_msg) >[2012/06/27 17:23:19.722916, 5] lib/util.c:342(show_msg) > size=190 > smb_com=0x72 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=8 > smb_flg2=51201 > smb_tid=0 > smb_pid=6574 > smb_uid=0 > smb_mid=1 > smt_wct=0 > smb_bcc=155 >[2012/06/27 17:23:19.723121, 10] ../lib/util/util.c:415(dump_data) > [0000] 02 50 43 20 4E 45 54 57 4F 52 4B 20 50 52 4F 47 .PC NETW ORK PROG > [0010] 52 41 4D 20 31 2E 30 00 02 4D 49 43 52 4F 53 4F RAM 1.0. .MICROSO > [0020] 46 54 20 4E 45 54 57 4F 52 4B 53 20 31 2E 30 33 FT NETWO RKS 1.03 > [0030] 00 02 4D 49 43 52 4F 53 4F 46 54 20 4E 45 54 57 ..MICROS OFT NETW > [0040] 4F 52 4B 53 20 33 2E 30 00 02 4C 41 4E 4D 41 4E ORKS 3.0 ..LANMAN > [0050] 31 2E 30 00 02 4C 4D 31 2E 32 58 30 30 32 00 02 1.0..LM1 .2X002.. > [0060] 44 4F 53 20 4C 41 4E 4D 41 4E 32 2E 31 00 02 4C DOS LANM AN2.1..L > [0070] 41 4E 4D 41 4E 32 2E 31 00 02 53 61 6D 62 61 00 ANMAN2.1 ..Samba. > [0080] 02 4E 54 20 4C 41 4E 4D 41 4E 20 31 2E 30 00 02 .NT LANM AN 1.0.. > [0090] 4E 54 20 4C 4D 20 30 2E 31 32 00 NT LM 0. 12. >[2012/06/27 17:23:19.723546, 3] smbd/process.c:1467(switch_message) > switch message SMBnegprot (pid 6575) conn 0x0 >[2012/06/27 17:23:19.723613, 4] smbd/sec_ctx.c:318(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2012/06/27 17:23:19.723681, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2012/06/27 17:23:19.723743, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2012/06/27 17:23:19.723820, 5] smbd/uid.c:400(change_to_root_user) > change_to_root_user: now uid=(0,0) gid=(0,0) >[2012/06/27 17:23:19.723913, 3] smbd/negprot.c:598(reply_negprot) > Requested protocol [PC NETWORK PROGRAM 1.0] >[2012/06/27 17:23:19.723969, 3] smbd/negprot.c:598(reply_negprot) > Requested protocol [MICROSOFT NETWORKS 1.03] >[2012/06/27 17:23:19.724015, 3] smbd/negprot.c:598(reply_negprot) > Requested protocol [MICROSOFT NETWORKS 3.0] >[2012/06/27 17:23:19.724060, 3] smbd/negprot.c:598(reply_negprot) > Requested protocol [LANMAN1.0] >[2012/06/27 17:23:19.724105, 3] smbd/negprot.c:598(reply_negprot) > Requested protocol [LM1.2X002] >[2012/06/27 17:23:19.724154, 3] smbd/negprot.c:598(reply_negprot) > Requested protocol [DOS LANMAN2.1] >[2012/06/27 17:23:19.724202, 3] smbd/negprot.c:598(reply_negprot) > Requested protocol [LANMAN2.1] >[2012/06/27 17:23:19.724247, 3] smbd/negprot.c:598(reply_negprot) > Requested protocol [Samba] >[2012/06/27 17:23:19.724292, 3] smbd/negprot.c:598(reply_negprot) > Requested protocol [NT LANMAN 1.0] >[2012/06/27 17:23:19.724337, 3] smbd/negprot.c:598(reply_negprot) > Requested protocol [NT LM 0.12] >[2012/06/27 17:23:19.724386, 10] lib/util.c:1624(set_remote_arch) > set_remote_arch: Client arch is 'Samba' >[2012/06/27 17:23:19.724446, 6] param/loadparm.c:7503(lp_file_list_changed) > lp_file_list_changed() > file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Wed Jun 27 17:20:45 2012 > >[2012/06/27 17:23:19.724545, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) > Locking key AF190000FFFFFFFF >[2012/06/27 17:23:19.724595, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) > Allocated locked data 0x0xb79372e0 >[2012/06/27 17:23:19.724666, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) > Unlocking key AF190000FFFFFFFF >[2012/06/27 17:23:19.724740, 6] param/loadparm.c:7503(lp_file_list_changed) > lp_file_list_changed() > file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Wed Jun 27 17:20:45 2012 > >[2012/06/27 17:23:19.724935, 10] lib/util.c:2242(name_to_fqdn) > name_to_fqdn: lookup for UBS1204V3 -> ubs1204v3. >[2012/06/27 17:23:19.725024, 3] smbd/negprot.c:419(reply_nt1) > using SPNEGO >[2012/06/27 17:23:19.725072, 3] smbd/negprot.c:704(reply_negprot) > Selected protocol NT LANMAN 1.0 >[2012/06/27 17:23:19.725115, 5] smbd/negprot.c:711(reply_negprot) > negprot index=8 >[2012/06/27 17:23:19.725159, 5] lib/util.c:332(show_msg) >[2012/06/27 17:23:19.725187, 5] lib/util.c:342(show_msg) > size=169 > smb_com=0x72 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=0 > smb_pid=6574 > smb_uid=0 > smb_mid=1 > smt_wct=17 > smb_vwv[ 0]= 8 (0x8) > smb_vwv[ 1]=12807 (0x3207) > smb_vwv[ 2]= 256 (0x100) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 65 (0x41) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 256 (0x100) > smb_vwv[ 7]=44800 (0xAF00) > smb_vwv[ 8]= 25 (0x19) > smb_vwv[ 9]=64512 (0xFC00) > smb_vwv[10]=33011 (0x80F3) > smb_vwv[11]=50560 (0xC580) > smb_vwv[12]=47031 (0xB7B7) > smb_vwv[13]=18045 (0x467D) > smb_vwv[14]=52564 (0xCD54) > smb_vwv[15]= 8193 (0x2001) > smb_vwv[16]= 254 (0xFE) > smb_bcc=100 >[2012/06/27 17:23:19.725756, 10] ../lib/util/util.c:415(dump_data) > [0000] 75 62 73 31 32 30 34 76 33 00 00 00 00 00 00 00 ubs1204v 3....... > [0010] 60 52 06 06 2B 06 01 05 05 02 A0 48 30 46 A0 24 `R..+... ...H0F.$ > [0020] 30 22 06 09 2A 86 48 86 F7 12 01 02 02 06 09 2A 0"..*.H. .......* > [0030] 86 48 82 F7 12 01 02 02 06 0A 2B 06 01 04 01 82 .H...... ..+..... > [0040] 37 02 02 0A A3 1E 30 1C A0 1A 1B 18 63 69 66 73 7.....0. ....cifs > [0050] 2F 75 62 73 31 32 30 34 76 33 40 41 53 4D 42 2E /ubs1204 v3@ASMB. > [0060] 54 45 53 54 TEST >[2012/06/27 17:23:19.774389, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 16644 >[2012/06/27 17:23:19.774541, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x4104 >[2012/06/27 17:23:19.774604, 3] smbd/process.c:1662(process_smb) > Transaction 1 of length 16648 (0 toread) >[2012/06/27 17:23:19.774651, 5] lib/util.c:332(show_msg) >[2012/06/27 17:23:19.774679, 5] lib/util.c:342(show_msg) > size=16644 > smb_com=0x73 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=8 > smb_flg2=51205 > smb_tid=65535 > smb_pid=6574 > smb_uid=0 > smb_mid=2 > smt_wct=12 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]=65535 (0xFFFF) > smb_vwv[ 3]= 2 (0x2) > smb_vwv[ 4]= 1 (0x1) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]=16563 (0x40B3) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]=53340 (0xD05C) > smb_vwv[11]=32768 (0x8000) > smb_bcc=16585 >[2012/06/27 17:23:19.775068, 10] ../lib/util/util.c:415(dump_data) > [0000] 60 82 BF 60 06 06 2B 06 01 05 05 02 A0 82 BF 54 `..`..+. .......T > [0010] 30 82 BF 50 A0 24 30 22 06 09 2A 86 48 82 F7 12 0..P.$0" ..*.H... > [0020] 01 02 02 06 09 2A 86 48 86 F7 12 01 02 02 06 0A .....*.H ........ > [0030] 2B 06 01 04 01 82 37 02 02 0A A2 82 BF 26 04 82 +.....7. .....&.. > [0040] BF 22 60 82 BF 1E 06 09 2A 86 48 86 F7 12 01 02 ."`..... *.H..... > [0050] 02 01 00 6E 82 BF 0D 30 82 BF 09 A0 03 02 01 05 ...n...0 ........ > [0060] A1 03 02 01 0E A2 07 03 05 00 00 00 00 00 A3 82 ........ ........ > [0070] BE 40 61 82 BE 3C 30 82 BE 38 A0 03 02 01 05 A1 .@a..<0. .8...... > [0080] 0B 1B 09 41 53 4D 42 2E 54 45 53 54 A2 1C 30 1A ...ASMB. TEST..0. > [0090] A0 03 02 01 01 A1 13 30 11 1B 04 63 69 66 73 1B .......0 ...cifs. > [00A0] 09 75 62 73 31 32 30 34 76 33 A3 82 BE 04 30 82 .ubs1204 v3....0. > [00B0] BE 00 A0 03 02 01 17 A1 03 02 01 04 A2 82 BD F2 ........ ........ > [00C0] 04 82 BD EE 27 35 16 47 35 49 B1 AA 40 17 CB BC ....'5.G 5I..@... > [00D0] 75 F5 CA A7 51 A6 77 23 47 99 B4 B2 D2 57 F1 08 u...Q.w# G....W.. > [00E0] 73 60 C9 FA 64 74 9B B2 A5 EC 7F 8F FD 67 1F 99 s`..dt.. .....g.. > [00F0] 3F 3A 7C 9C AC 11 31 88 44 84 3D C6 36 22 5A E0 ?:|...1. D.=.6"Z. > [0100] D0 8F 16 97 1D A4 BF 6B 83 B9 9A 72 96 E5 09 59 .......k ...r...Y > [0110] 4A 48 9A 9D E0 AC 99 79 EF 05 0E 1C 2C 04 77 1C JH.....y ....,.w. > [0120] 2C BB 29 CE E5 A8 13 4A D9 B4 9D 6F 64 61 04 B2 ,.)....J ...oda.. > [0130] A3 5E FB 37 07 8D B6 92 CE 7C A4 B1 A0 7C 48 31 .^.7.... .|...|H1 > [0140] C1 72 FC 0D 7B AD 2E EB 05 2E DD EE 99 6D 0D 17 .r..{... .....m.. > [0150] 4C 81 06 F3 16 FD F7 3E C3 ED 76 5C BB FF B5 66 L......> ..v\...f > [0160] 40 6A C0 3A E7 CB C3 26 4C 87 78 4F BA 07 D6 D4 @j.:...& L.xO.... > [0170] B2 2D E3 E8 9E C9 E5 C4 01 B6 47 03 CF 33 B4 A9 .-...... ..G..3.. > [0180] F2 01 88 7A DF 56 92 85 D1 02 FA 91 46 3F 20 2F ...z.V.. ....F? / > [0190] 78 55 34 C3 52 58 C8 F4 B4 5F D9 F1 9D 10 9C 2C xU4.RX.. ._....., > [01A0] 6F F0 F0 6F 42 07 9C D5 9F 05 D1 5E 3E DB 30 94 o..oB... ...^>.0. > [01B0] 56 30 42 75 D0 D5 64 8D 63 89 08 6F 1C C7 1E 65 V0Bu..d. c..o...e > [01C0] 7C 40 2B 5E A0 FD 39 D2 68 6C 3A B6 96 EC 8E E3 |@+^..9. hl:..... > [01D0] 70 3A 49 81 D2 FB 3A 76 14 2F 98 B8 1B A4 C1 07 p:I...:v ./...... > [01E0] 8A 58 1D 48 AA DC 8D E0 ED FB 5F 00 2C C3 F6 24 .X.H.... .._.,..$ > [01F0] 43 2A 9C 6F 53 23 5F 0B 43 D1 F0 23 02 69 28 6A C*.oS#_. C..#.i(j >[2012/06/27 17:23:19.776403, 3] smbd/process.c:1467(switch_message) > switch message SMBsesssetupX (pid 6575) conn 0x0 >[2012/06/27 17:23:19.776458, 4] smbd/sec_ctx.c:318(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2012/06/27 17:23:19.776504, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2012/06/27 17:23:19.776547, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2012/06/27 17:23:19.776617, 5] smbd/uid.c:400(change_to_root_user) > change_to_root_user: now uid=(0,0) gid=(0,0) >[2012/06/27 17:23:19.776684, 3] smbd/sesssetup.c:1333(reply_sesssetup_and_X) > wct=12 flg2=0xc805 >[2012/06/27 17:23:19.776756, 3] smbd/sesssetup.c:1065(reply_sesssetup_and_X_spnego) > Doing spnego session setup >[2012/06/27 17:23:19.776829, 3] smbd/sesssetup.c:1107(reply_sesssetup_and_X_spnego) > NativeOS=[Unix] NativeLanMan=[Samba] PrimaryDomain=[] >[2012/06/27 17:23:19.776882, 10] smbd/password.c:199(register_initial_vuid) > register_initial_vuid: allocated vuid = 100 >[2012/06/27 17:23:19.776943, 10] smbd/sesssetup.c:1003(check_spnego_blob_complete) > check_spnego_blob_complete: needed_len = 48996, pblob->length = 16563 >[2012/06/27 17:23:19.777003, 3] smbd/error.c:81(error_packet_set) > error packet at smbd/sesssetup.c(1174) cmd=115 (SMBsesssetupX) NT_STATUS_MORE_PROCESSING_REQUIRED >[2012/06/27 17:23:19.777057, 5] lib/util.c:332(show_msg) >[2012/06/27 17:23:19.777300, 5] lib/util.c:342(show_msg) > size=35 > smb_com=0x73 > smb_rcls=22 > smb_reh=0 > smb_err=49152 > smb_flg=136 > smb_flg2=51203 > smb_tid=65535 > smb_pid=6574 > smb_uid=0 > smb_mid=2 > smt_wct=0 > smb_bcc=0 >[2012/06/27 17:23:19.777538, 10] ../lib/util/util.c:415(dump_data) >[2012/06/27 17:23:19.780428, 5] lib/util_sock.c:319(read_fd_with_timeout) > read_fd_with_timeout: blocking read. EOF from client. >[2012/06/27 17:23:19.780579, 5] smbd/process.c:457(receive_smb_talloc) > receive_smb_raw_talloc failed for client 127.0.0.1 read error = NT_STATUS_END_OF_FILE. >[2012/06/27 17:23:19.780661, 4] smbd/sec_ctx.c:318(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2012/06/27 17:23:19.780709, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2012/06/27 17:23:19.780753, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2012/06/27 17:23:19.780830, 5] smbd/uid.c:400(change_to_root_user) > change_to_root_user: now uid=(0,0) gid=(0,0) >[2012/06/27 17:23:19.780969, 3] smbd/server_exit.c:180(exit_server_common) > Server exit (failed to receive smb request) >[2012/06/27 17:23:19.798014, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) > Locking key AF190000FFFFFFFF >[2012/06/27 17:23:19.798125, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) > Allocated locked data 0x0xb792df80 >[2012/06/27 17:23:19.798188, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) > Unlocking key AF190000FFFFFFFF >[2012/06/27 17:23:52.488076, 10] lib/events.c:221(run_events_poll) > Running timed event "smbd_idle_event_handler" 0xb792d4d8 >[2012/06/27 17:23:52.488253, 10] smbd/process.c:863(smbd_idle_event_handler) > smbd_idle_event_handler: idle_evt(parent_housekeeping) (nil) called >[2012/06/27 17:23:52.488312, 5] smbd/server.c:624(smbd_parent_housekeeping) > parent housekeeping >[2012/06/27 17:23:52.488360, 3] smbd/server.c:629(smbd_parent_housekeeping) > Printcap cache time expired. >[2012/06/27 17:23:52.488412, 3] printing/pcap.c:138(pcap_cache_reload) > reloading printcap cache >[2012/06/27 17:23:52.488494, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) > Locking key 5052494E5445524C4953 >[2012/06/27 17:23:52.488575, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) > Allocated locked data 0x0xb7929448 >[2012/06/27 17:23:52.488655, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) > Unlocking key 5052494E5445524C4953 >[2012/06/27 17:23:52.488726, 5] printing/print_cups.c:408(cups_pcap_load_async) > cups_pcap_load_async: asynchronously loading cups printers >[2012/06/27 17:23:52.489115, 10] printing/print_cups.c:425(cups_pcap_load_async) > cups_pcap_load_async: child pid = 6587 >[2012/06/27 17:23:52.489266, 10] printing/print_cups.c:545(cups_cache_reload) > cups_cache_reload: async read on fd 28 >[2012/06/27 17:23:52.489322, 3] printing/pcap.c:189(pcap_cache_reload) > reload status: ok >[2012/06/27 17:23:52.489381, 10] smbd/process.c:874(smbd_idle_event_handler) > smbd_idle_event_handler: idle_evt(parent_housekeeping) (nil) rescheduled >[2012/06/27 17:23:52.489795, 5] printing/print_cups.c:277(cups_cache_reload_async) > reloading cups printcap cache >[2012/06/27 17:23:52.490916, 10] printing/print_cups.c:89(cups_connect) > connecting to cups server /var/run/cups/cups.sock:631 >[2012/06/27 17:23:52.495474, 5] printing/print_cups.c:471(cups_async_callback) > cups_async_callback: callback received for printer data. fd = 28 >[2012/06/27 17:23:52.495565, 10] printing/print_cups.c:155(recv_pcap_blob) > successfully recvd blob of len 12 >[2012/06/27 17:23:52.495639, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) > Locking key 5052494E5445524C4953 >[2012/06/27 17:23:52.495701, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) > Allocated locked data 0x0xb7921f60 >[2012/06/27 17:23:52.495757, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) > Unlocking key 5052494E5445524C4953 >[2012/06/27 17:23:52.495888, 10] lib/messages_local.c:255(messaging_tdb_store) > messaging_tdb_store: >[2012/06/27 17:23:52.495946, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) > array: struct messaging_array > num_messages : 0x00000001 (1) > messages: ARRAY(1) > messages: struct messaging_rec > msg_version : 0x00000002 (2) > msg_type : MSG_PRINTER_PCAP (519) > dest: struct server_id > pid : 0x0000180e (6158) > vnn : 0xffffffff (4294967295) > unique_id : 0x3d87c7d33b30f243 (4433732068214633027) > src: struct server_id > pid : 0x0000180e (6158) > vnn : 0xffffffff (4294967295) > unique_id : 0x3d87c7d33b30f243 (4433732068214633027) > buf : DATA_BLOB length=0 >[2012/06/27 17:23:52.496430, 10] lib/messages_local.c:255(messaging_tdb_store) > messaging_tdb_store: >[2012/06/27 17:23:52.496493, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) > array: struct messaging_array > num_messages : 0x00000001 (1) > messages: ARRAY(1) > messages: struct messaging_rec > msg_version : 0x00000002 (2) > msg_type : MSG_PRINTER_PCAP (519) > dest: struct server_id > pid : 0x000017fe (6142) > vnn : 0xffffffff (4294967295) > unique_id : 0x0000000000000000 (0) > src: struct server_id > pid : 0x0000180e (6158) > vnn : 0xffffffff (4294967295) > unique_id : 0x3d87c7d33b30f243 (4433732068214633027) > buf : DATA_BLOB length=0 >[2012/06/27 17:23:52.497562, 10] lib/messages_local.c:255(messaging_tdb_store) > messaging_tdb_store: >[2012/06/27 17:23:52.497624, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) > array: struct messaging_array > num_messages : 0x00000001 (1) > messages: ARRAY(1) > messages: struct messaging_rec > msg_version : 0x00000002 (2) > msg_type : MSG_PRINTER_PCAP (519) > dest: struct server_id > pid : 0x000017f9 (6137) > vnn : 0xffffffff (4294967295) > unique_id : 0x0000000000000000 (0) > src: struct server_id > pid : 0x0000180e (6158) > vnn : 0xffffffff (4294967295) > unique_id : 0x3d87c7d33b30f243 (4433732068214633027) > buf : DATA_BLOB length=0 >[2012/06/27 17:23:52.500640, 10] lib/messages_local.c:255(messaging_tdb_store) > messaging_tdb_store: >[2012/06/27 17:23:52.500701, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) > array: struct messaging_array > num_messages : 0x00000001 (1) > messages: ARRAY(1) > messages: struct messaging_rec > msg_version : 0x00000002 (2) > msg_type : MSG_PRINTER_PCAP (519) > dest: struct server_id > pid : 0x00001813 (6163) > vnn : 0xffffffff (4294967295) > unique_id : 0x3d87c7d33b30f243 (4433732068214633027) > src: struct server_id > pid : 0x0000180e (6158) > vnn : 0xffffffff (4294967295) > unique_id : 0x3d87c7d33b30f243 (4433732068214633027) > buf : DATA_BLOB length=0 >[2012/06/27 17:23:52.501096, 10] lib/messages_local.c:74(messaging_tdb_signal_handler) > messaging_tdb_signal_handler: sig[10] count[1] msgs[1] >[2012/06/27 17:23:52.501177, 10] lib/messages_local.c:466(message_dispatch) > message_dispatch: received_messages = 1 >[2012/06/27 17:23:52.501306, 10] lib/messages_local.c:215(messaging_tdb_fetch) > messaging_tdb_fetch: >[2012/06/27 17:23:52.501366, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) > result: struct messaging_array > num_messages : 0x00000001 (1) > messages: ARRAY(1) > messages: struct messaging_rec > msg_version : 0x00000002 (2) > msg_type : MSG_PRINTER_PCAP (519) > dest: struct server_id > pid : 0x00001813 (6163) > vnn : 0xffffffff (4294967295) > unique_id : 0x3d87c7d33b30f243 (4433732068214633027) > src: struct server_id > pid : 0x0000180e (6158) > vnn : 0xffffffff (4294967295) > unique_id : 0x3d87c7d33b30f243 (4433732068214633027) > buf : DATA_BLOB length=0 >[2012/06/27 17:23:52.501826, 10] lib/messages_local.c:74(messaging_tdb_signal_handler) > messaging_tdb_signal_handler: sig[10] count[1] msgs[1] >[2012/06/27 17:23:52.501886, 10] lib/messages_local.c:466(message_dispatch) > message_dispatch: received_messages = 1 >[2012/06/27 17:23:52.501946, 10] lib/messages_local.c:215(messaging_tdb_fetch) > messaging_tdb_fetch: >[2012/06/27 17:23:52.501995, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) > result: struct messaging_array > num_messages : 0x00000001 (1) > messages: ARRAY(1) > messages: struct messaging_rec > msg_version : 0x00000002 (2) > msg_type : MSG_PRINTER_PCAP (519) > dest: struct server_id > pid : 0x0000180e (6158) > vnn : 0xffffffff (4294967295) > unique_id : 0x3d87c7d33b30f243 (4433732068214633027) > src: struct server_id > pid : 0x0000180e (6158) > vnn : 0xffffffff (4294967295) > unique_id : 0x3d87c7d33b30f243 (4433732068214633027) > buf : DATA_BLOB length=0 >[2012/06/27 17:23:52.502318, 10] smbd/server.c:130(smb_pcap_updated) > Got message saying pcap was updated. Reloading. >[2012/06/27 17:23:52.502367, 4] smbd/sec_ctx.c:318(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2012/06/27 17:23:52.502412, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2012/06/27 17:23:52.502456, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2012/06/27 17:23:52.502534, 5] smbd/uid.c:400(change_to_root_user) > change_to_root_user: now uid=(0,0) gid=(0,0) >[2012/06/27 17:23:52.502600, 7] param/loadparm.c:9843(lp_servicenumber) > lp_servicenumber: couldn't find printers >[2012/06/27 17:23:52.502672, 10] smbd/server_reload.c:49(reload_printers) > reloading printer services from pcap cache >[2012/06/27 17:23:52.502759, 7] param/loadparm.c:9843(lp_servicenumber) > lp_servicenumber: couldn't find printers >[2012/06/27 17:23:52.502816, 5] param/loadparm.c:7293(process_registry_service) > process_registry_service: service name printers >[2012/06/27 17:23:52.502863, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [printers] >[2012/06/27 17:23:52.502910, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (2->3) >[2012/06/27 17:23:52.502965, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Samba\smbconf\printers] >[2012/06/27 17:23:52.503015, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Samba\smbconf\printers] >[2012/06/27 17:23:52.503062, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/06/27 17:23:52.503105, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0xb780c880 for key [\HKLM\SOFTWARE\Samba\smbconf\printers] >[2012/06/27 17:23:52.503169, 10] registry/reg_backend_db.c:1618(regdb_fetch_keys_internal) > key [HKLM\SOFTWARE\Samba\smbconf\printers] not found >[2012/06/27 17:23:52.503218, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (3->2) >[2012/06/27 17:23:52.503287, 7] param/loadparm.c:9843(lp_servicenumber) > lp_servicenumber: couldn't find printers >[2012/06/27 17:23:52.503348, 7] param/loadparm.c:9843(lp_servicenumber) > lp_servicenumber: couldn't find printers >[2012/06/27 17:23:52.503425, 10] printing/print_cups.c:130(send_pcap_blob) > successfully sent blob of len 12 >[2012/06/27 17:23:52.503746, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) > Locking key BB190000FFFFFFFF >[2012/06/27 17:23:52.503816, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) > Allocated locked data 0x0xb79271a8 >[2012/06/27 17:23:52.503868, 1] lib/serverid.c:197(serverid_deregister) > Deleting serverid.tdb record failed: NT_STATUS_NOT_FOUND >[2012/06/27 17:23:52.503917, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) > Unlocking key BB190000FFFFFFFF >[2012/06/27 17:23:52.503969, 1] smbd/server.c:309(remove_child_pid) > Could not remove pid 6587 from serverid.tdb >[2012/06/27 17:23:52.504016, 1] smbd/server.c:323(remove_child_pid) > Could not find child 6587 -- ignoring >[2012/06/27 17:24:52.548141, 10] lib/events.c:221(run_events_poll) > Running timed event "smbd_idle_event_handler" 0xb7929250 >[2012/06/27 17:24:52.548303, 10] smbd/process.c:863(smbd_idle_event_handler) > smbd_idle_event_handler: idle_evt(parent_housekeeping) (nil) called >[2012/06/27 17:24:52.548354, 5] smbd/server.c:624(smbd_parent_housekeeping) > parent housekeeping >[2012/06/27 17:24:52.548397, 10] smbd/process.c:874(smbd_idle_event_handler) > smbd_idle_event_handler: idle_evt(parent_housekeeping) (nil) rescheduled >[2012/06/27 17:25:52.608548, 10] lib/events.c:221(run_events_poll) > Running timed event "smbd_idle_event_handler" 0xb7931420 >[2012/06/27 17:25:52.608694, 10] smbd/process.c:863(smbd_idle_event_handler) > smbd_idle_event_handler: idle_evt(parent_housekeeping) (nil) called >[2012/06/27 17:25:52.608745, 5] smbd/server.c:624(smbd_parent_housekeeping) > parent housekeeping >[2012/06/27 17:25:52.608788, 10] smbd/process.c:874(smbd_idle_event_handler) > smbd_idle_event_handler: idle_evt(parent_housekeeping) (nil) rescheduled >[2012/06/27 17:26:52.615046, 10] lib/events.c:221(run_events_poll) > Running timed event "smbd_idle_event_handler" 0xb792f370 >[2012/06/27 17:26:52.615189, 10] smbd/process.c:863(smbd_idle_event_handler) > smbd_idle_event_handler: idle_evt(parent_housekeeping) (nil) called >[2012/06/27 17:26:52.615239, 5] smbd/server.c:624(smbd_parent_housekeeping) > parent housekeeping >[2012/06/27 17:26:52.615281, 10] smbd/process.c:874(smbd_idle_event_handler) > smbd_idle_event_handler: idle_evt(parent_housekeeping) (nil) rescheduled >[2012/06/27 17:27:52.626840, 10] lib/events.c:221(run_events_poll) > Running timed event "smbd_idle_event_handler" 0xb792d4d8 >[2012/06/27 17:27:52.626995, 10] smbd/process.c:863(smbd_idle_event_handler) > smbd_idle_event_handler: idle_evt(parent_housekeeping) (nil) called >[2012/06/27 17:27:52.627048, 5] smbd/server.c:624(smbd_parent_housekeeping) > parent housekeeping >[2012/06/27 17:27:52.627092, 10] smbd/process.c:874(smbd_idle_event_handler) > smbd_idle_event_handler: idle_evt(parent_housekeeping) (nil) rescheduled >[2012/06/27 17:28:07.902320, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) > Locking key BD190000FFFFFFFF >[2012/06/27 17:28:07.902474, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) > Allocated locked data 0x0xb7926f28 >[2012/06/27 17:28:07.902566, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) > Unlocking key BD190000FFFFFFFF >[2012/06/27 17:28:07.902665, 5] lib/util_sock.c:165(print_socket_options) > Socket options: > SO_KEEPALIVE = 1 > SO_REUSEADDR = 1 > SO_BROADCAST = 0 > TCP_NODELAY = 1 > TCP_KEEPCNT = 9 > TCP_KEEPIDLE = 7200 > TCP_KEEPINTVL = 75 > IPTOS_LOWDELAY = 0 > IPTOS_THROUGHPUT = 0 > SO_SNDBUF = 170840 > SO_RCVBUF = 87380 > SO_SNDLOWAT = 1 > SO_RCVLOWAT = 1 > SO_SNDTIMEO = 0 > SO_RCVTIMEO = 0 > TCP_QUICKACK = 1 >[2012/06/27 17:28:07.902990, 5] lib/util_sock.c:165(print_socket_options) > Socket options: > SO_KEEPALIVE = 1 > SO_REUSEADDR = 1 > SO_BROADCAST = 0 > TCP_NODELAY = 1 > TCP_KEEPCNT = 9 > TCP_KEEPIDLE = 7200 > TCP_KEEPINTVL = 75 > IPTOS_LOWDELAY = 0 > IPTOS_THROUGHPUT = 0 > SO_SNDBUF = 170840 > SO_RCVBUF = 87380 > SO_SNDLOWAT = 1 > SO_RCVLOWAT = 1 > SO_SNDTIMEO = 0 > SO_RCVTIMEO = 0 > TCP_QUICKACK = 1 >[2012/06/27 17:28:07.903456, 6] param/loadparm.c:7503(lp_file_list_changed) > lp_file_list_changed() > file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Wed Jun 27 17:20:45 2012 > >[2012/06/27 17:28:07.903571, 3] lib/access.c:338(allow_access) > Allowed connection from 127.0.0.1 (127.0.0.1) >[2012/06/27 17:28:07.903620, 10] smbd/process.c:3019(smbd_process) > Connection allowed from ipv4:127.0.0.1:52271 to ipv4:127.0.0.1:445 >[2012/06/27 17:28:07.903720, 3] smbd/oplock.c:922(init_oplocks) > init_oplocks: initializing messages. >[2012/06/27 17:28:07.903828, 3] smbd/oplock_linux.c:226(linux_init_kernel_oplocks) > Linux kernel oplocks enabled >[2012/06/27 17:28:07.903882, 5] lib/messages.c:332(messaging_deregister) > Deregistering messaging pointer for type 1 - private_data=(nil) >[2012/06/27 17:28:07.903950, 10] smbd/process.c:920(event_add_idle) > event_add_idle: idle_evt(keepalive) 0xb79273c0 >[2012/06/27 17:28:07.904003, 10] smbd/process.c:920(event_add_idle) > event_add_idle: idle_evt(deadtime) 0xb792b2b0 >[2012/06/27 17:28:07.904051, 10] smbd/process.c:920(event_add_idle) > event_add_idle: idle_evt(housekeeping) 0xb7921e40 >[2012/06/27 17:28:07.905266, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) > Locking key BE190000FFFFFFFF >[2012/06/27 17:28:07.905402, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) > Allocated locked data 0x0xb7926f28 >[2012/06/27 17:28:07.905468, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) > Unlocking key BE190000FFFFFFFF >[2012/06/27 17:28:07.905545, 5] lib/util_sock.c:165(print_socket_options) > Socket options: > SO_KEEPALIVE = 1 > SO_REUSEADDR = 1 > SO_BROADCAST = 0 > TCP_NODELAY = 1 > TCP_KEEPCNT = 9 > TCP_KEEPIDLE = 7200 > TCP_KEEPINTVL = 75 > IPTOS_LOWDELAY = 0 > IPTOS_THROUGHPUT = 0 > SO_SNDBUF = 170840 > SO_RCVBUF = 87380 > SO_SNDLOWAT = 1 > SO_RCVLOWAT = 1 > SO_SNDTIMEO = 0 > SO_RCVTIMEO = 0 > TCP_QUICKACK = 1 >[2012/06/27 17:28:07.905895, 5] lib/util_sock.c:165(print_socket_options) > Socket options: > SO_KEEPALIVE = 1 > SO_REUSEADDR = 1 > SO_BROADCAST = 0 > TCP_NODELAY = 1 > TCP_KEEPCNT = 9 > TCP_KEEPIDLE = 7200 > TCP_KEEPINTVL = 75 > IPTOS_LOWDELAY = 0 > IPTOS_THROUGHPUT = 0 > SO_SNDBUF = 170840 > SO_RCVBUF = 87380 > SO_SNDLOWAT = 1 > SO_RCVLOWAT = 1 > SO_SNDTIMEO = 0 > SO_RCVTIMEO = 0 > TCP_QUICKACK = 1 >[2012/06/27 17:28:07.906294, 6] param/loadparm.c:7503(lp_file_list_changed) > lp_file_list_changed() > file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Wed Jun 27 17:20:45 2012 > >[2012/06/27 17:28:07.906421, 3] lib/access.c:338(allow_access) > Allowed connection from 127.0.0.1 (127.0.0.1) >[2012/06/27 17:28:07.906464, 10] smbd/process.c:3019(smbd_process) > Connection allowed from ipv4:127.0.0.1:43074 to ipv4:127.0.0.1:139 >[2012/06/27 17:28:07.906543, 3] smbd/oplock.c:922(init_oplocks) > init_oplocks: initializing messages. >[2012/06/27 17:28:07.906631, 3] smbd/oplock_linux.c:226(linux_init_kernel_oplocks) > Linux kernel oplocks enabled >[2012/06/27 17:28:07.906683, 5] lib/messages.c:332(messaging_deregister) > Deregistering messaging pointer for type 1 - private_data=(nil) >[2012/06/27 17:28:07.906739, 10] smbd/process.c:920(event_add_idle) > event_add_idle: idle_evt(keepalive) 0xb79273c0 >[2012/06/27 17:28:07.906787, 10] smbd/process.c:920(event_add_idle) > event_add_idle: idle_evt(deadtime) 0xb792b2b0 >[2012/06/27 17:28:07.906835, 10] smbd/process.c:920(event_add_idle) > event_add_idle: idle_evt(housekeeping) 0xb7921e40 >[2012/06/27 17:28:07.907113, 5] lib/util_sock.c:319(read_fd_with_timeout) > read_fd_with_timeout: blocking read. EOF from client. >[2012/06/27 17:28:07.907186, 5] smbd/process.c:457(receive_smb_talloc) > receive_smb_raw_talloc failed for client 127.0.0.1 read error = NT_STATUS_END_OF_FILE. >[2012/06/27 17:28:07.907253, 4] smbd/sec_ctx.c:318(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2012/06/27 17:28:07.907304, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2012/06/27 17:28:07.907353, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2012/06/27 17:28:07.907434, 5] smbd/uid.c:400(change_to_root_user) > change_to_root_user: now uid=(0,0) gid=(0,0) >[2012/06/27 17:28:07.907536, 3] smbd/server_exit.c:180(exit_server_common) > Server exit (failed to receive smb request) >[2012/06/27 17:28:07.908599, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) > Locking key BD190000FFFFFFFF >[2012/06/27 17:28:07.908677, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) > Allocated locked data 0x0xb7921938 >[2012/06/27 17:28:07.908740, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) > Unlocking key BD190000FFFFFFFF >[2012/06/27 17:28:07.908832, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 68 >[2012/06/27 17:28:07.908894, 6] smbd/process.c:1660(process_smb) > got message type 0x81 of len 0x44 >[2012/06/27 17:28:07.908939, 3] smbd/process.c:1662(process_smb) > Transaction 0 of length 72 (0 toread) >[2012/06/27 17:28:07.908999, 2] smbd/reply.c:553(reply_special) > netbios connect: name1=LOCALHOST 0x20 name2=UBS1204V3 0x0 >[2012/06/27 17:28:07.909089, 2] smbd/reply.c:573(reply_special) > netbios connect: local=localhost remote=ubs1204v3, name type = 0 >[2012/06/27 17:28:07.909152, 6] param/loadparm.c:7503(lp_file_list_changed) > lp_file_list_changed() > file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Wed Jun 27 17:20:45 2012 > >[2012/06/27 17:28:07.909254, 5] smbd/reply.c:614(reply_special) > init msg_type=0x81 msg_flags=0x0 >[2012/06/27 17:28:07.909473, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 190 >[2012/06/27 17:28:07.909536, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0xbe >[2012/06/27 17:28:07.909580, 3] smbd/process.c:1662(process_smb) > Transaction 0 of length 194 (0 toread) >[2012/06/27 17:28:07.909623, 5] lib/util.c:332(show_msg) >[2012/06/27 17:28:07.909649, 5] lib/util.c:342(show_msg) > size=190 > smb_com=0x72 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=8 > smb_flg2=51201 > smb_tid=0 > smb_pid=6588 > smb_uid=0 > smb_mid=2 > smt_wct=0 > smb_bcc=155 >[2012/06/27 17:28:07.909887, 10] ../lib/util/util.c:415(dump_data) > [0000] 02 50 43 20 4E 45 54 57 4F 52 4B 20 50 52 4F 47 .PC NETW ORK PROG > [0010] 52 41 4D 20 31 2E 30 00 02 4D 49 43 52 4F 53 4F RAM 1.0. .MICROSO > [0020] 46 54 20 4E 45 54 57 4F 52 4B 53 20 31 2E 30 33 FT NETWO RKS 1.03 > [0030] 00 02 4D 49 43 52 4F 53 4F 46 54 20 4E 45 54 57 ..MICROS OFT NETW > [0040] 4F 52 4B 53 20 33 2E 30 00 02 4C 41 4E 4D 41 4E ORKS 3.0 ..LANMAN > [0050] 31 2E 30 00 02 4C 4D 31 2E 32 58 30 30 32 00 02 1.0..LM1 .2X002.. > [0060] 44 4F 53 20 4C 41 4E 4D 41 4E 32 2E 31 00 02 4C DOS LANM AN2.1..L > [0070] 41 4E 4D 41 4E 32 2E 31 00 02 53 61 6D 62 61 00 ANMAN2.1 ..Samba. > [0080] 02 4E 54 20 4C 41 4E 4D 41 4E 20 31 2E 30 00 02 .NT LANM AN 1.0.. > [0090] 4E 54 20 4C 4D 20 30 2E 31 32 00 NT LM 0. 12. >[2012/06/27 17:28:07.910307, 3] smbd/process.c:1467(switch_message) > switch message SMBnegprot (pid 6590) conn 0x0 >[2012/06/27 17:28:07.910365, 4] smbd/sec_ctx.c:318(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2012/06/27 17:28:07.910410, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2012/06/27 17:28:07.910454, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2012/06/27 17:28:07.910524, 5] smbd/uid.c:400(change_to_root_user) > change_to_root_user: now uid=(0,0) gid=(0,0) >[2012/06/27 17:28:07.910632, 3] smbd/negprot.c:598(reply_negprot) > Requested protocol [PC NETWORK PROGRAM 1.0] >[2012/06/27 17:28:07.910691, 3] smbd/negprot.c:598(reply_negprot) > Requested protocol [MICROSOFT NETWORKS 1.03] >[2012/06/27 17:28:07.910737, 3] smbd/negprot.c:598(reply_negprot) > Requested protocol [MICROSOFT NETWORKS 3.0] >[2012/06/27 17:28:07.910781, 3] smbd/negprot.c:598(reply_negprot) > Requested protocol [LANMAN1.0] >[2012/06/27 17:28:07.910825, 3] smbd/negprot.c:598(reply_negprot) > Requested protocol [LM1.2X002] >[2012/06/27 17:28:07.910871, 3] smbd/negprot.c:598(reply_negprot) > Requested protocol [DOS LANMAN2.1] >[2012/06/27 17:28:07.910915, 3] smbd/negprot.c:598(reply_negprot) > Requested protocol [LANMAN2.1] >[2012/06/27 17:28:07.910958, 3] smbd/negprot.c:598(reply_negprot) > Requested protocol [Samba] >[2012/06/27 17:28:07.911001, 3] smbd/negprot.c:598(reply_negprot) > Requested protocol [NT LANMAN 1.0] >[2012/06/27 17:28:07.911043, 3] smbd/negprot.c:598(reply_negprot) > Requested protocol [NT LM 0.12] >[2012/06/27 17:28:07.911094, 10] lib/util.c:1624(set_remote_arch) > set_remote_arch: Client arch is 'Samba' >[2012/06/27 17:28:07.911154, 6] param/loadparm.c:7503(lp_file_list_changed) > lp_file_list_changed() > file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Wed Jun 27 17:20:45 2012 > >[2012/06/27 17:28:07.911247, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) > Locking key BE190000FFFFFFFF >[2012/06/27 17:28:07.911295, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) > Allocated locked data 0x0xb79372e0 >[2012/06/27 17:28:07.911342, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) > Unlocking key BE190000FFFFFFFF >[2012/06/27 17:28:07.911407, 6] param/loadparm.c:7503(lp_file_list_changed) > lp_file_list_changed() > file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Wed Jun 27 17:20:45 2012 > >[2012/06/27 17:28:07.911611, 10] lib/util.c:2242(name_to_fqdn) > name_to_fqdn: lookup for UBS1204V3 -> ubs1204v3. >[2012/06/27 17:28:07.911694, 3] smbd/negprot.c:419(reply_nt1) > using SPNEGO >[2012/06/27 17:28:07.911739, 3] smbd/negprot.c:704(reply_negprot) > Selected protocol NT LANMAN 1.0 >[2012/06/27 17:28:07.911781, 5] smbd/negprot.c:711(reply_negprot) > negprot index=8 >[2012/06/27 17:28:07.911823, 5] lib/util.c:332(show_msg) >[2012/06/27 17:28:07.911850, 5] lib/util.c:342(show_msg) > size=169 > smb_com=0x72 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=0 > smb_pid=6588 > smb_uid=0 > smb_mid=2 > smt_wct=17 > smb_vwv[ 0]= 8 (0x8) > smb_vwv[ 1]=12807 (0x3207) > smb_vwv[ 2]= 256 (0x100) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 65 (0x41) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 256 (0x100) > smb_vwv[ 7]=48640 (0xBE00) > smb_vwv[ 8]= 25 (0x19) > smb_vwv[ 9]=64512 (0xFC00) > smb_vwv[10]=33011 (0x80F3) > smb_vwv[11]=13952 (0x3680) > smb_vwv[12]=32131 (0x7D83) > smb_vwv[13]=18217 (0x4729) > smb_vwv[14]=52564 (0xCD54) > smb_vwv[15]= 8193 (0x2001) > smb_vwv[16]= 254 (0xFE) > smb_bcc=100 >[2012/06/27 17:28:07.912310, 10] ../lib/util/util.c:415(dump_data) > [0000] 75 62 73 31 32 30 34 76 33 00 00 00 00 00 00 00 ubs1204v 3....... > [0010] 60 52 06 06 2B 06 01 05 05 02 A0 48 30 46 A0 24 `R..+... ...H0F.$ > [0020] 30 22 06 09 2A 86 48 86 F7 12 01 02 02 06 09 2A 0"..*.H. .......* > [0030] 86 48 82 F7 12 01 02 02 06 0A 2B 06 01 04 01 82 .H...... ..+..... > [0040] 37 02 02 0A A3 1E 30 1C A0 1A 1B 18 63 69 66 73 7.....0. ....cifs > [0050] 2F 75 62 73 31 32 30 34 76 33 40 41 53 4D 42 2E /ubs1204 v3@ASMB. > [0060] 54 45 53 54 TEST >[2012/06/27 17:28:07.914705, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 16644 >[2012/06/27 17:28:07.914803, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x4104 >[2012/06/27 17:28:07.914858, 3] smbd/process.c:1662(process_smb) > Transaction 1 of length 16648 (0 toread) >[2012/06/27 17:28:07.914901, 5] lib/util.c:332(show_msg) >[2012/06/27 17:28:07.914927, 5] lib/util.c:342(show_msg) > size=16644 > smb_com=0x73 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=8 > smb_flg2=51205 > smb_tid=65535 > smb_pid=6588 > smb_uid=0 > smb_mid=3 > smt_wct=12 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]=65535 (0xFFFF) > smb_vwv[ 3]= 2 (0x2) > smb_vwv[ 4]= 1 (0x1) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]=16563 (0x40B3) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]=53340 (0xD05C) > smb_vwv[11]=32768 (0x8000) > smb_bcc=16585 >[2012/06/27 17:28:07.915300, 10] ../lib/util/util.c:415(dump_data) > [0000] 60 82 BF 60 06 06 2B 06 01 05 05 02 A0 82 BF 54 `..`..+. .......T > [0010] 30 82 BF 50 A0 24 30 22 06 09 2A 86 48 82 F7 12 0..P.$0" ..*.H... > [0020] 01 02 02 06 09 2A 86 48 86 F7 12 01 02 02 06 0A .....*.H ........ > [0030] 2B 06 01 04 01 82 37 02 02 0A A2 82 BF 26 04 82 +.....7. .....&.. > [0040] BF 22 60 82 BF 1E 06 09 2A 86 48 86 F7 12 01 02 ."`..... *.H..... > [0050] 02 01 00 6E 82 BF 0D 30 82 BF 09 A0 03 02 01 05 ...n...0 ........ > [0060] A1 03 02 01 0E A2 07 03 05 00 00 00 00 00 A3 82 ........ ........ > [0070] BE 40 61 82 BE 3C 30 82 BE 38 A0 03 02 01 05 A1 .@a..<0. .8...... > [0080] 0B 1B 09 41 53 4D 42 2E 54 45 53 54 A2 1C 30 1A ...ASMB. TEST..0. > [0090] A0 03 02 01 01 A1 13 30 11 1B 04 63 69 66 73 1B .......0 ...cifs. > [00A0] 09 75 62 73 31 32 30 34 76 33 A3 82 BE 04 30 82 .ubs1204 v3....0. > [00B0] BE 00 A0 03 02 01 17 A1 03 02 01 04 A2 82 BD F2 ........ ........ > [00C0] 04 82 BD EE 27 35 16 47 35 49 B1 AA 40 17 CB BC ....'5.G 5I..@... > [00D0] 75 F5 CA A7 51 A6 77 23 47 99 B4 B2 D2 57 F1 08 u...Q.w# G....W.. > [00E0] 73 60 C9 FA 64 74 9B B2 A5 EC 7F 8F FD 67 1F 99 s`..dt.. .....g.. > [00F0] 3F 3A 7C 9C AC 11 31 88 44 84 3D C6 36 22 5A E0 ?:|...1. D.=.6"Z. > [0100] D0 8F 16 97 1D A4 BF 6B 83 B9 9A 72 96 E5 09 59 .......k ...r...Y > [0110] 4A 48 9A 9D E0 AC 99 79 EF 05 0E 1C 2C 04 77 1C JH.....y ....,.w. > [0120] 2C BB 29 CE E5 A8 13 4A D9 B4 9D 6F 64 61 04 B2 ,.)....J ...oda.. > [0130] A3 5E FB 37 07 8D B6 92 CE 7C A4 B1 A0 7C 48 31 .^.7.... .|...|H1 > [0140] C1 72 FC 0D 7B AD 2E EB 05 2E DD EE 99 6D 0D 17 .r..{... .....m.. > [0150] 4C 81 06 F3 16 FD F7 3E C3 ED 76 5C BB FF B5 66 L......> ..v\...f > [0160] 40 6A C0 3A E7 CB C3 26 4C 87 78 4F BA 07 D6 D4 @j.:...& L.xO.... > [0170] B2 2D E3 E8 9E C9 E5 C4 01 B6 47 03 CF 33 B4 A9 .-...... ..G..3.. > [0180] F2 01 88 7A DF 56 92 85 D1 02 FA 91 46 3F 20 2F ...z.V.. ....F? / > [0190] 78 55 34 C3 52 58 C8 F4 B4 5F D9 F1 9D 10 9C 2C xU4.RX.. ._....., > [01A0] 6F F0 F0 6F 42 07 9C D5 9F 05 D1 5E 3E DB 30 94 o..oB... ...^>.0. > [01B0] 56 30 42 75 D0 D5 64 8D 63 89 08 6F 1C C7 1E 65 V0Bu..d. c..o...e > [01C0] 7C 40 2B 5E A0 FD 39 D2 68 6C 3A B6 96 EC 8E E3 |@+^..9. hl:..... > [01D0] 70 3A 49 81 D2 FB 3A 76 14 2F 98 B8 1B A4 C1 07 p:I...:v ./...... > [01E0] 8A 58 1D 48 AA DC 8D E0 ED FB 5F 00 2C C3 F6 24 .X.H.... .._.,..$ > [01F0] 43 2A 9C 6F 53 23 5F 0B 43 D1 F0 23 02 69 28 6A C*.oS#_. C..#.i(j >[2012/06/27 17:28:07.916513, 3] smbd/process.c:1467(switch_message) > switch message SMBsesssetupX (pid 6590) conn 0x0 >[2012/06/27 17:28:07.916561, 4] smbd/sec_ctx.c:318(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2012/06/27 17:28:07.916604, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2012/06/27 17:28:07.916644, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2012/06/27 17:28:07.916707, 5] smbd/uid.c:400(change_to_root_user) > change_to_root_user: now uid=(0,0) gid=(0,0) >[2012/06/27 17:28:07.916756, 3] smbd/sesssetup.c:1333(reply_sesssetup_and_X) > wct=12 flg2=0xc805 >[2012/06/27 17:28:07.916802, 3] smbd/sesssetup.c:1065(reply_sesssetup_and_X_spnego) > Doing spnego session setup >[2012/06/27 17:28:07.916875, 3] smbd/sesssetup.c:1107(reply_sesssetup_and_X_spnego) > NativeOS=[Unix] NativeLanMan=[Samba] PrimaryDomain=[] >[2012/06/27 17:28:07.916940, 10] smbd/password.c:199(register_initial_vuid) > register_initial_vuid: allocated vuid = 100 >[2012/06/27 17:28:07.917009, 10] smbd/sesssetup.c:1003(check_spnego_blob_complete) > check_spnego_blob_complete: needed_len = 48996, pblob->length = 16563 >[2012/06/27 17:28:07.917067, 3] smbd/error.c:81(error_packet_set) > error packet at smbd/sesssetup.c(1174) cmd=115 (SMBsesssetupX) NT_STATUS_MORE_PROCESSING_REQUIRED >[2012/06/27 17:28:07.917118, 5] lib/util.c:332(show_msg) >[2012/06/27 17:28:07.917146, 5] lib/util.c:342(show_msg) > size=35 > smb_com=0x73 > smb_rcls=22 > smb_reh=0 > smb_err=49152 > smb_flg=136 > smb_flg2=51203 > smb_tid=65535 > smb_pid=6588 > smb_uid=0 > smb_mid=3 > smt_wct=0 > smb_bcc=0 >[2012/06/27 17:28:07.917339, 10] ../lib/util/util.c:415(dump_data) >[2012/06/27 17:28:07.918423, 5] lib/util_sock.c:319(read_fd_with_timeout) > read_fd_with_timeout: blocking read. EOF from client. >[2012/06/27 17:28:07.918490, 5] smbd/process.c:457(receive_smb_talloc) > receive_smb_raw_talloc failed for client 127.0.0.1 read error = NT_STATUS_END_OF_FILE. >[2012/06/27 17:28:07.918541, 4] smbd/sec_ctx.c:318(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2012/06/27 17:28:07.918583, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2012/06/27 17:28:07.918624, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2012/06/27 17:28:07.918687, 5] smbd/uid.c:400(change_to_root_user) > change_to_root_user: now uid=(0,0) gid=(0,0) >[2012/06/27 17:28:07.918787, 3] smbd/server_exit.c:180(exit_server_common) > Server exit (failed to receive smb request) >[2012/06/27 17:28:07.919708, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) > Locking key BE190000FFFFFFFF >[2012/06/27 17:28:07.919783, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) > Allocated locked data 0x0xb7921938 >[2012/06/27 17:28:07.919840, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) > Unlocking key BE190000FFFFFFFF >[2012/06/27 17:28:52.671778, 10] lib/events.c:221(run_events_poll) > Running timed event "smbd_idle_event_handler" 0xb7929250 >[2012/06/27 17:28:52.671929, 10] smbd/process.c:863(smbd_idle_event_handler) > smbd_idle_event_handler: idle_evt(parent_housekeeping) (nil) called >[2012/06/27 17:28:52.671980, 5] smbd/server.c:624(smbd_parent_housekeeping) > parent housekeeping >[2012/06/27 17:28:52.672022, 10] smbd/process.c:874(smbd_idle_event_handler) > smbd_idle_event_handler: idle_evt(parent_housekeeping) (nil) rescheduled
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Raw
Actions:
View
Attachments on
bug 9087
:
7753
| 7754