[2012/08/30 15:27:51.663228, 6] param/loadparm.c:7490(lp_file_list_changed) lp_file_list_changed() file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Thu Aug 30 15:18:57 2012 [2012/08/30 15:27:51.663529, 5] auth/auth_util.c:110(make_user_info_map) Mapping user [ACR]\[administrator] from workstation [PANAMA] [2012/08/30 15:27:51.663696, 5] auth/user_info.c:59(make_user_info) attempting to make a user_info for administrator (administrator) [2012/08/30 15:27:51.663820, 5] auth/user_info.c:70(make_user_info) making strings for administrator's user_info struct [2012/08/30 15:27:51.663940, 5] auth/user_info.c:87(make_user_info) making blobs for administrator's user_info struct [2012/08/30 15:27:51.664059, 10] auth/user_info.c:123(make_user_info) made a user_info for administrator (administrator) [2012/08/30 15:27:51.664178, 3] auth/auth.c:219(check_ntlm_password) check_ntlm_password: Checking password for unmapped user [ACR]\[administrator]@[PANAMA] with the new password interface [2012/08/30 15:27:51.664325, 3] auth/auth.c:222(check_ntlm_password) check_ntlm_password: mapped user is: [ACR]\[administrator]@[PANAMA] [2012/08/30 15:27:51.664610, 10] auth/auth.c:231(check_ntlm_password) check_ntlm_password: auth_context challenge created by random [2012/08/30 15:27:51.664728, 10] auth/auth.c:233(check_ntlm_password) challenge is: [2012/08/30 15:27:51.664845, 5] ../lib/util/util.c:415(dump_data) [0000] E1 F9 1B D6 03 B5 83 8C ........ [2012/08/30 15:27:51.664976, 10] auth/auth_builtin.c:44(check_guest_security) Check auth for: [administrator] [2012/08/30 15:27:51.665092, 10] auth/auth.c:259(check_ntlm_password) check_ntlm_password: guest had nothing to say [2012/08/30 15:27:51.665212, 10] auth/auth_sam.c:75(auth_samstrict_auth) Check auth for: [administrator] [2012/08/30 15:27:51.665328, 8] lib/util.c:1521(is_myname) is_myname("ACR") returns 0 [2012/08/30 15:27:51.665477, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2012/08/30 15:27:51.665644, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2012/08/30 15:27:51.665763, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2012/08/30 15:27:51.665880, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2012/08/30 15:27:51.665996, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2012/08/30 15:27:51.666609, 5] lib/smbldap.c:1439(smbldap_search_ext) smbldap_search_ext: base => [dc=acr,dc=lab], filter => [(&(uid=administrator)(objectclass=sambaSamAccount))], scope => [2] [2012/08/30 15:27:51.666781, 5] lib/smbldap.c:1341(smbldap_close) The connection to the LDAP server was closed [2012/08/30 15:27:51.666902, 10] lib/smbldap.c:819(smb_ldap_setup_conn) smb_ldap_setup_connection: ldap://192.168.30.15:389 [2012/08/30 15:27:51.667399, 2] lib/smbldap.c:1018(smbldap_open_connection) smbldap_open_connection: connection opened [2012/08/30 15:27:51.667568, 10] lib/smbldap.c:1194(smbldap_connect_system) ldap_connect_system: Binding to ldap server ldap://192.168.30.15:389 as "cn=djadmin,dc=acr,dc=lab" [2012/08/30 15:27:51.671439, 3] lib/smbldap.c:1240(smbldap_connect_system) ldap_connect_system: successful connection to the LDAP server ldap_connect_system: LDAP server does support paged results [2012/08/30 15:27:51.671895, 4] lib/smbldap.c:1319(smbldap_open) The LDAP server is successfully connected [2012/08/30 15:27:51.674783, 2] passdb/pdb_ldap.c:553(init_sam_from_ldap) init_sam_from_ldap: Entry found for user: administrator [2012/08/30 15:27:51.675074, 10] passdb/pdb_get_set.c:575(pdb_set_username) pdb_set_username: setting username administrator, was [2012/08/30 15:27:51.675262, 10] passdb/pdb_get_set.c:598(pdb_set_domain) pdb_set_domain: setting domain ACR, was [2012/08/30 15:27:51.675380, 10] passdb/pdb_get_set.c:621(pdb_set_nt_username) pdb_set_nt_username: setting nt username administrator, was [2012/08/30 15:27:51.675516, 10] passdb/pdb_get_set.c:513(pdb_set_user_sid_from_string) pdb_set_user_sid_from_string: setting user sid S-1-5-21-3266308635-3715972288-3547500332-1001 [2012/08/30 15:27:51.675696, 10] passdb/pdb_get_set.c:500(pdb_set_user_sid) pdb_set_user_sid: setting user sid S-1-5-21-3266308635-3715972288-3547500332-1001 [2012/08/30 15:27:51.675839, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) attribute sambaLogonTime does not exist [2012/08/30 15:27:51.675966, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) attribute sambaLogoffTime does not exist [2012/08/30 15:27:51.676086, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) attribute sambaKickoffTime does not exist [2012/08/30 15:27:51.676207, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) attribute sambaPwdCanChange does not exist [2012/08/30 15:27:51.676332, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) attribute sambaPwdMustChange does not exist [2012/08/30 15:27:51.676456, 10] passdb/pdb_get_set.c:644(pdb_set_fullname) pdb_set_full_name: setting full name administrator, was [2012/08/30 15:27:51.676580, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) attribute sambaHomeDrive does not exist [2012/08/30 15:27:51.676860, 10] passdb/pdb_get_set.c:713(pdb_set_dir_drive) pdb_set_dir_drive: setting dir drive , was NULL [2012/08/30 15:27:51.677005, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) attribute sambaHomePath does not exist [2012/08/30 15:27:51.677149, 10] passdb/pdb_get_set.c:737(pdb_set_homedir) pdb_set_homedir: setting home dir , was [2012/08/30 15:27:51.677272, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) attribute sambaLogonScript does not exist [2012/08/30 15:27:51.677393, 10] passdb/pdb_get_set.c:667(pdb_set_logon_script) pdb_set_logon_script: setting logon script allusers.bat, was [2012/08/30 15:27:51.677515, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) attribute sambaProfilePath does not exist [2012/08/30 15:27:51.677632, 10] passdb/pdb_get_set.c:690(pdb_set_profile_path) pdb_set_profile_path: setting profile path , was [2012/08/30 15:27:51.677756, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) attribute sambaUserWorkstations does not exist [2012/08/30 15:27:51.677879, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) attribute sambaMungedDial does not exist [2012/08/30 15:27:51.678000, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) attribute sambaLMPassword does not exist [2012/08/30 15:27:51.678151, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2012/08/30 15:27:51.678292, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 1 [2012/08/30 15:27:51.678411, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2012/08/30 15:27:51.678529, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2012/08/30 15:27:51.678646, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2012/08/30 15:27:51.679272, 10] lib/gencache.c:183(gencache_set_data_blob) Adding cache entry with key = ACCT_POL/password history and timeout = Wed Dec 31 19:00:00 1969 (-1346354871 seconds in the past) [2012/08/30 15:27:51.680168, 10] passdb/pdb_ldap.c:3966(ldapsam_get_account_policy_from_ldap) ldapsam_get_account_policy_from_ldap [2012/08/30 15:27:51.680288, 5] lib/smbldap.c:1439(smbldap_search_ext) smbldap_search_ext: base => [sambaDomainName=ACR,dc=acr,dc=lab], filter => [(objectClass=sambaDomain)], scope => [0] [2012/08/30 15:27:51.681814, 10] passdb/account_pol.c:402(cache_account_policy_set) cache_account_policy_set: updating account pol cache [2012/08/30 15:27:51.681981, 10] lib/gencache.c:183(gencache_set_data_blob) Adding cache entry with key = ACCT_POL/password history and timeout = Thu Aug 30 15:28:51 2012 (60 seconds ahead) [2012/08/30 15:27:51.682286, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2012/08/30 15:27:51.682460, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) attribute sambaBadPasswordCount does not exist [2012/08/30 15:27:51.682583, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) attribute sambaBadPasswordTime does not exist [2012/08/30 15:27:51.682708, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) attribute sambaLogonHours does not exist [2012/08/30 15:27:51.682922, 5] passdb/login_cache.c:47(login_cache_init) Opening cache file at /var/cache/samba/login_cache.tdb [2012/08/30 15:27:51.683163, 7] passdb/login_cache.c:91(login_cache_read) Looking up login cache for user administrator [2012/08/30 15:27:51.683288, 7] passdb/login_cache.c:102(login_cache_read) No cache entry found [2012/08/30 15:27:51.683406, 9] passdb/pdb_ldap.c:1107(init_sam_from_ldap) No cache entry, bad count = 0, bad time = 0 [2012/08/30 15:27:51.683604, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2012/08/30 15:27:51.683727, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 1 [2012/08/30 15:27:51.683845, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2012/08/30 15:27:51.683980, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2012/08/30 15:27:51.684098, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2012/08/30 15:27:51.684299, 10] lib/gencache.c:183(gencache_set_data_blob) Adding cache entry with key = ACCT_POL/maximum password age and timeout = Wed Dec 31 19:00:00 1969 (-1346354871 seconds in the past) [2012/08/30 15:27:51.684497, 10] passdb/pdb_ldap.c:3966(ldapsam_get_account_policy_from_ldap) ldapsam_get_account_policy_from_ldap [2012/08/30 15:27:51.684633, 5] lib/smbldap.c:1439(smbldap_search_ext) smbldap_search_ext: base => [sambaDomainName=ACR,dc=acr,dc=lab], filter => [(objectClass=sambaDomain)], scope => [0] [2012/08/30 15:27:51.685880, 10] passdb/account_pol.c:402(cache_account_policy_set) cache_account_policy_set: updating account pol cache [2012/08/30 15:27:51.686041, 10] lib/gencache.c:183(gencache_set_data_blob) Adding cache entry with key = ACCT_POL/maximum password age and timeout = Thu Aug 30 15:28:51 2012 (60 seconds ahead) [2012/08/30 15:27:51.686266, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2012/08/30 15:27:51.686462, 5] lib/username.c:171(Get_Pwnam_alloc) Finding user administrator [2012/08/30 15:27:51.686619, 5] lib/username.c:116(Get_Pwnam_internals) Trying _Get_Pwnam(), username as lowercase is administrator [2012/08/30 15:27:51.690763, 5] lib/username.c:149(Get_Pwnam_internals) Get_Pwnam_internals did find user [administrator]! [2012/08/30 15:27:51.691009, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2012/08/30 15:27:51.691132, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 1 [2012/08/30 15:27:51.691251, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2012/08/30 15:27:51.691371, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2012/08/30 15:27:51.691515, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2012/08/30 15:27:51.691763, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2012/08/30 15:27:51.691955, 10] passdb/pdb_get_set.c:575(pdb_set_username) pdb_set_username: setting username administrator, was [2012/08/30 15:27:51.692075, 10] passdb/pdb_get_set.c:598(pdb_set_domain) pdb_set_domain: setting domain ACR, was [2012/08/30 15:27:51.692197, 10] passdb/pdb_get_set.c:621(pdb_set_nt_username) pdb_set_nt_username: setting nt username administrator, was [2012/08/30 15:27:51.692356, 10] passdb/pdb_get_set.c:644(pdb_set_fullname) pdb_set_full_name: setting full name administrator, was [2012/08/30 15:27:51.692487, 10] passdb/pdb_get_set.c:737(pdb_set_homedir) pdb_set_homedir: setting home dir , was [2012/08/30 15:27:51.692606, 10] passdb/pdb_get_set.c:713(pdb_set_dir_drive) pdb_set_dir_drive: setting dir drive , was NULL [2012/08/30 15:27:51.692728, 10] passdb/pdb_get_set.c:667(pdb_set_logon_script) pdb_set_logon_script: setting logon script allusers.bat, was [2012/08/30 15:27:51.692847, 10] passdb/pdb_get_set.c:690(pdb_set_profile_path) pdb_set_profile_path: setting profile path , was [2012/08/30 15:27:51.692964, 10] passdb/pdb_get_set.c:780(pdb_set_workstations) pdb_set_workstations: setting workstations , was [2012/08/30 15:27:51.693100, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2012/08/30 15:27:51.693219, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 1 [2012/08/30 15:27:51.693336, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2012/08/30 15:27:51.693453, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2012/08/30 15:27:51.693573, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2012/08/30 15:27:51.693765, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2012/08/30 15:27:51.693884, 10] passdb/pdb_get_set.c:500(pdb_set_user_sid) pdb_set_user_sid: setting user sid S-1-5-21-3266308635-3715972288-3547500332-1001 [2012/08/30 15:27:51.694040, 10] passdb/pdb_compat.c:73(pdb_set_user_sid_from_rid) pdb_set_user_sid_from_rid: setting user sid S-1-5-21-3266308635-3715972288-3547500332-1001 from rid 1001 [2012/08/30 15:27:51.694253, 10] passdb/pdb_get_set.c:562(pdb_set_group_sid) pdb_set_group_sid: setting group sid S-1-5-21-3266308635-3715972288-3547500332-513 [2012/08/30 15:27:51.694383, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2012/08/30 15:27:51.694555, 4] ../libcli/auth/ntlm_check.c:351(ntlm_password_check) ntlm_password_check: Checking NTLMv2 password with domain [ACR] [2012/08/30 15:27:51.694805, 4] auth/check_samsec.c:183(sam_account_ok) sam_account_ok: Checking SMB password for user administrator [2012/08/30 15:27:51.694947, 5] auth/check_samsec.c:165(logon_hours_ok) logon_hours_ok: user administrator allowed to logon at this time (Thu Aug 30 19:27:51 2012 ) [2012/08/30 15:27:51.695121, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2012/08/30 15:27:51.695240, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2012/08/30 15:27:51.696479, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2012/08/30 15:27:51.696621, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2012/08/30 15:27:51.696740, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2012/08/30 15:27:51.697243, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2012/08/30 15:27:51.697961, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2012/08/30 15:27:51.698091, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2012/08/30 15:27:51.698213, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2012/08/30 15:27:51.698338, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2012/08/30 15:27:51.698457, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2012/08/30 15:27:51.698650, 5] lib/username.c:171(Get_Pwnam_alloc) Finding user administrator [2012/08/30 15:27:51.698799, 5] lib/username.c:116(Get_Pwnam_internals) Trying _Get_Pwnam(), username as lowercase is administrator [2012/08/30 15:27:51.698923, 5] lib/username.c:149(Get_Pwnam_internals) Get_Pwnam_internals did find user [administrator]! [2012/08/30 15:27:51.699084, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2012/08/30 15:27:51.699227, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 1 [2012/08/30 15:27:51.699348, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2012/08/30 15:27:51.699468, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2012/08/30 15:27:51.699624, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2012/08/30 15:27:51.699833, 10] lib/gencache.c:183(gencache_set_data_blob) Adding cache entry with key = ACCT_POL/minimum password age and timeout = Wed Dec 31 19:00:00 1969 (-1346354871 seconds in the past) [2012/08/30 15:27:51.700030, 10] passdb/pdb_ldap.c:3966(ldapsam_get_account_policy_from_ldap) ldapsam_get_account_policy_from_ldap [2012/08/30 15:27:51.700150, 5] lib/smbldap.c:1439(smbldap_search_ext) smbldap_search_ext: base => [sambaDomainName=ACR,dc=acr,dc=lab], filter => [(objectClass=sambaDomain)], scope => [0] [2012/08/30 15:27:51.701944, 10] passdb/account_pol.c:402(cache_account_policy_set) cache_account_policy_set: updating account pol cache [2012/08/30 15:27:51.703011, 10] lib/gencache.c:183(gencache_set_data_blob) Adding cache entry with key = ACCT_POL/minimum password age and timeout = Thu Aug 30 15:28:51 2012 (60 seconds ahead) [2012/08/30 15:27:51.703220, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2012/08/30 15:27:51.703344, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2012/08/30 15:27:51.703462, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 1 [2012/08/30 15:27:51.703638, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2012/08/30 15:27:51.703759, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2012/08/30 15:27:51.703876, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2012/08/30 15:27:51.704067, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2012/08/30 15:27:51.704194, 5] lib/username.c:171(Get_Pwnam_alloc) Finding user administrator [2012/08/30 15:27:51.704311, 5] lib/username.c:116(Get_Pwnam_internals) Trying _Get_Pwnam(), username as lowercase is administrator [2012/08/30 15:27:51.704432, 5] lib/username.c:149(Get_Pwnam_internals) Get_Pwnam_internals did find user [administrator]! [2012/08/30 15:27:51.704602, 10] lib/system_smbd.c:175(sys_getgrouplist) sys_getgrouplist: user [administrator] [2012/08/30 15:27:51.719284, 5] passdb/lookup_sid.c:1384(gid_to_sid) gid_to_sid: winbind failed to find a sid for gid 512 [2012/08/30 15:27:51.719419, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2012/08/30 15:27:51.720406, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 1 [2012/08/30 15:27:51.720526, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2012/08/30 15:27:51.720662, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2012/08/30 15:27:51.720779, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2012/08/30 15:27:51.721026, 5] lib/smbldap.c:1439(smbldap_search_ext) smbldap_search_ext: base => [dc=acr,dc=lab], filter => [(&(objectClass=sambaGroupMapping)(gidNumber=512))], scope => [2] [2012/08/30 15:27:51.722830, 2] passdb/pdb_ldap.c:2427(init_group_from_ldap) init_group_from_ldap: Entry found for group: 512 [2012/08/30 15:27:51.723023, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2012/08/30 15:27:51.723144, 10] passdb/lookup_sid.c:1181(legacy_gid_to_sid) LEGACY: gid 512 -> sid S-1-5-21-3266308635-3715972288-3547500332-512 [2012/08/30 15:27:51.723303, 5] passdb/lookup_sid.c:1384(gid_to_sid) gid_to_sid: winbind failed to find a sid for gid 514 [2012/08/30 15:27:51.723422, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2012/08/30 15:27:51.723579, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 1 [2012/08/30 15:27:51.723710, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2012/08/30 15:27:51.723827, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2012/08/30 15:27:51.723944, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2012/08/30 15:27:51.724131, 5] lib/smbldap.c:1439(smbldap_search_ext) smbldap_search_ext: base => [dc=acr,dc=lab], filter => [(&(objectClass=sambaGroupMapping)(gidNumber=514))], scope => [2] [2012/08/30 15:27:51.725807, 2] passdb/pdb_ldap.c:2427(init_group_from_ldap) init_group_from_ldap: Entry found for group: 514 [2012/08/30 15:27:51.725952, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2012/08/30 15:27:51.726086, 10] passdb/lookup_sid.c:1181(legacy_gid_to_sid) LEGACY: gid 514 -> sid S-1-5-21-3266308635-3715972288-3547500332-514 [2012/08/30 15:27:51.726232, 5] passdb/lookup_sid.c:1384(gid_to_sid) gid_to_sid: winbind failed to find a sid for gid 515 [2012/08/30 15:27:51.726351, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2012/08/30 15:27:51.726489, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 1 [2012/08/30 15:27:51.726608, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2012/08/30 15:27:51.726727, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2012/08/30 15:27:51.726844, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2012/08/30 15:27:51.727049, 5] lib/smbldap.c:1439(smbldap_search_ext) smbldap_search_ext: base => [dc=acr,dc=lab], filter => [(&(objectClass=sambaGroupMapping)(gidNumber=515))], scope => [2] [2012/08/30 15:27:51.728534, 2] passdb/pdb_ldap.c:2427(init_group_from_ldap) init_group_from_ldap: Entry found for group: 515 [2012/08/30 15:27:51.728718, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2012/08/30 15:27:51.728867, 10] passdb/lookup_sid.c:1181(legacy_gid_to_sid) LEGACY: gid 515 -> sid S-1-5-21-3266308635-3715972288-3547500332-515 [2012/08/30 15:27:51.728998, 5] auth/server_info_sam.c:120(make_server_info_sam) make_server_info_sam: made server info for user administrator -> administrator [2012/08/30 15:27:51.729122, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2012/08/30 15:27:51.729246, 3] auth/auth.c:268(check_ntlm_password) check_ntlm_password: sam authentication for user [administrator] succeeded [2012/08/30 15:27:51.729369, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2012/08/30 15:27:51.729487, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2012/08/30 15:27:51.729616, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2012/08/30 15:27:51.729736, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2012/08/30 15:27:51.729836, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2012/08/30 15:27:51.730047, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2012/08/30 15:27:51.730185, 5] auth/auth.c:296(check_ntlm_password) check_ntlm_password: PAM Account for user [administrator] succeeded [2012/08/30 15:27:51.730302, 2] auth/auth.c:309(check_ntlm_password) check_ntlm_password: authentication for user [administrator] -> [administrator] -> [administrator] succeeded [2012/08/30 15:27:51.730475, 10] auth/token_util.c:223(create_local_nt_token_from_info3) Create local NT token for administrator [2012/08/30 15:27:51.730676, 10] passdb/lookup_sid.c:1628(sid_to_gid) winbind failed to find a gid for sid S-1-5-32-544 [2012/08/30 15:27:51.730796, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2012/08/30 15:27:51.730915, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2012/08/30 15:27:51.731100, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2012/08/30 15:27:51.731219, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2012/08/30 15:27:51.731335, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2012/08/30 15:27:51.731772, 5] lib/smbldap.c:1439(smbldap_search_ext) smbldap_search_ext: base => [dc=acr,dc=lab], filter => [(&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-32-544))], scope => [2] [2012/08/30 15:27:51.733429, 4] passdb/pdb_ldap.c:2543(ldapsam_getgroup) ldapsam_getgroup: Did not find group, filter was (&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-32-544)) [2012/08/30 15:27:51.733611, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2012/08/30 15:27:51.733738, 10] passdb/lookup_sid.c:1253(legacy_sid_to_gid) LEGACY: mapping failed for sid S-1-5-32-544 [2012/08/30 15:27:51.733860, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2012/08/30 15:27:51.733979, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2012/08/30 15:27:51.734101, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2012/08/30 15:27:51.734220, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2012/08/30 15:27:51.734337, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2012/08/30 15:27:51.734741, 10] passdb/lookup_sid.c:1628(sid_to_gid) winbind failed to find a gid for sid S-1-5-32-544 [2012/08/30 15:27:51.734870, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2012/08/30 15:27:51.735001, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 1 [2012/08/30 15:27:51.735124, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2012/08/30 15:27:51.735242, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2012/08/30 15:27:51.735358, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2012/08/30 15:27:51.735603, 5] lib/smbldap.c:1439(smbldap_search_ext) smbldap_search_ext: base => [dc=acr,dc=lab], filter => [(&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-32-544))], scope => [2] [2012/08/30 15:27:51.737586, 4] passdb/pdb_ldap.c:2543(ldapsam_getgroup) ldapsam_getgroup: Did not find group, filter was (&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-32-544)) [2012/08/30 15:27:51.737768, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2012/08/30 15:27:51.737892, 10] passdb/lookup_sid.c:1253(legacy_sid_to_gid) LEGACY: mapping failed for sid S-1-5-32-544 [2012/08/30 15:27:51.738020, 5] passdb/pdb_util.c:128(create_builtin_administrators) create_builtin_administrators: Failed to create Administrators [2012/08/30 15:27:51.738168, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2012/08/30 15:27:51.738336, 10] passdb/lookup_sid.c:1628(sid_to_gid) winbind failed to find a gid for sid S-1-5-32-545 [2012/08/30 15:27:51.738456, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2012/08/30 15:27:51.738575, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2012/08/30 15:27:51.738717, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2012/08/30 15:27:51.738842, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2012/08/30 15:27:51.738959, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2012/08/30 15:27:51.739175, 5] lib/smbldap.c:1439(smbldap_search_ext) smbldap_search_ext: base => [dc=acr,dc=lab], filter => [(&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-32-545))], scope => [2] [2012/08/30 15:27:51.741062, 4] passdb/pdb_ldap.c:2543(ldapsam_getgroup) ldapsam_getgroup: Did not find group, filter was (&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-32-545)) [2012/08/30 15:27:51.741250, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2012/08/30 15:27:51.741375, 10] passdb/lookup_sid.c:1253(legacy_sid_to_gid) LEGACY: mapping failed for sid S-1-5-32-545 [2012/08/30 15:27:51.741498, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2012/08/30 15:27:51.741616, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2012/08/30 15:27:51.741749, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2012/08/30 15:27:51.741873, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2012/08/30 15:27:51.741990, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2012/08/30 15:27:51.742230, 10] passdb/lookup_sid.c:1628(sid_to_gid) winbind failed to find a gid for sid S-1-5-32-545 [2012/08/30 15:27:51.742353, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2012/08/30 15:27:51.742472, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 1 [2012/08/30 15:27:51.742590, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2012/08/30 15:27:51.742725, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2012/08/30 15:27:51.742842, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2012/08/30 15:27:51.743033, 5] lib/smbldap.c:1439(smbldap_search_ext) smbldap_search_ext: base => [dc=acr,dc=lab], filter => [(&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-32-545))], scope => [2] [2012/08/30 15:27:51.745680, 4] passdb/pdb_ldap.c:2543(ldapsam_getgroup) ldapsam_getgroup: Did not find group, filter was (&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-32-545)) [2012/08/30 15:27:51.745856, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2012/08/30 15:27:51.745976, 10] passdb/lookup_sid.c:1253(legacy_sid_to_gid) LEGACY: mapping failed for sid S-1-5-32-545 [2012/08/30 15:27:51.746120, 5] passdb/pdb_util.c:99(create_builtin_users) create_builtin_users: Failed to create Users [2012/08/30 15:27:51.746242, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2012/08/30 15:27:51.746361, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2012/08/30 15:27:51.746478, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2012/08/30 15:27:51.746613, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2012/08/30 15:27:51.746730, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2012/08/30 15:27:51.746846, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2012/08/30 15:27:51.747138, 5] lib/smbldap.c:1439(smbldap_search_ext) smbldap_search_ext: base => [dc=acr,dc=lab], filter => [(&(objectclass=sambaGroupMapping)(sambaGroupType=4)(|(sambaSIDList=S-1-5-21-3266308635-3715972288-3547500332-1001)(sambaSIDList=S-1-5-21-3266308635-3715972288-3547500332-513)(sambaSIDList=S-1-5-21-3266308635-3715972288-3547500332-512)(sambaSIDList=S-1-5-21-3266308635-3715972288-3547500332-514)(sambaSIDList=S-1-5-21-3266308635-3715972288-3547500332-515)(sambaSIDList=S-1-1-0)(sambaSIDList=S-1-5-2)(sambaSIDList=S-1-5-11)(sambaSIDList=S-1-5-32-544)))], scope => [2] [2012/08/30 15:27:51.748732, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2012/08/30 15:27:51.748999, 5] lib/privileges.c:175(get_privileges_for_sids) get_privileges_for_sids: sid = S-1-5-21-3266308635-3715972288-3547500332-1001 Privilege set: 0x10 [2012/08/30 15:27:51.749191, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-3266308635-3715972288-3547500332-513] [2012/08/30 15:27:51.749316, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-3266308635-3715972288-3547500332-512] [2012/08/30 15:27:51.749445, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-3266308635-3715972288-3547500332-514] [2012/08/30 15:27:51.749570, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-3266308635-3715972288-3547500332-515] [2012/08/30 15:27:51.749695, 5] lib/privileges.c:175(get_privileges_for_sids) get_privileges_for_sids: sid = S-1-1-0 Privilege set: 0x0 [2012/08/30 15:27:51.749880, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-2] [2012/08/30 15:27:51.750005, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-11] [2012/08/30 15:27:51.750131, 5] lib/privileges.c:175(get_privileges_for_sids) get_privileges_for_sids: sid = S-1-5-32-544 Privilege set: 0x1ffffff0 [2012/08/30 15:27:51.750413, 10] passdb/lookup_sid.c:1468(sids_to_unix_ids) wbcSidsToUnixIds returned WBC_ERR_WINBIND_NOT_AVAILABLE [2012/08/30 15:27:51.750536, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2012/08/30 15:27:51.750655, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2012/08/30 15:27:51.750784, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2012/08/30 15:27:51.750908, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2012/08/30 15:27:51.751025, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2012/08/30 15:27:51.751204, 5] passdb/pdb_interface.c:1606(lookup_global_sam_rid) lookup_global_sam_rid: looking up RID 1001. [2012/08/30 15:27:51.751295, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2012/08/30 15:27:51.751413, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 1 [2012/08/30 15:27:51.751552, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2012/08/30 15:27:51.751678, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2012/08/30 15:27:51.751795, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2012/08/30 15:27:51.751976, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 3 [2012/08/30 15:27:51.752094, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 2 [2012/08/30 15:27:51.752211, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 3 [2012/08/30 15:27:51.752357, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2012/08/30 15:27:51.752487, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2012/08/30 15:27:51.752678, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 2 [2012/08/30 15:27:51.752799, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 3 [2012/08/30 15:27:51.752943, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 2 [2012/08/30 15:27:51.753061, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 3 [2012/08/30 15:27:51.753178, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2012/08/30 15:27:51.753295, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2012/08/30 15:27:51.753490, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 2 [2012/08/30 15:27:51.753618, 10] passdb/pdb_get_set.c:575(pdb_set_username) pdb_set_username: setting username administrator, was [2012/08/30 15:27:51.753738, 10] passdb/pdb_get_set.c:598(pdb_set_domain) pdb_set_domain: setting domain ACR, was [2012/08/30 15:27:51.753860, 10] passdb/pdb_get_set.c:621(pdb_set_nt_username) pdb_set_nt_username: setting nt username administrator, was [2012/08/30 15:27:51.753978, 10] passdb/pdb_get_set.c:644(pdb_set_fullname) pdb_set_full_name: setting full name administrator, was [2012/08/30 15:27:51.754118, 10] passdb/pdb_get_set.c:737(pdb_set_homedir) pdb_set_homedir: setting home dir , was [2012/08/30 15:27:51.754253, 10] passdb/pdb_get_set.c:713(pdb_set_dir_drive) pdb_set_dir_drive: setting dir drive , was NULL [2012/08/30 15:27:51.754372, 10] passdb/pdb_get_set.c:667(pdb_set_logon_script) pdb_set_logon_script: setting logon script allusers.bat, was [2012/08/30 15:27:51.754491, 10] passdb/pdb_get_set.c:690(pdb_set_profile_path) pdb_set_profile_path: setting profile path , was [2012/08/30 15:27:51.754610, 10] passdb/pdb_get_set.c:780(pdb_set_workstations) pdb_set_workstations: setting workstations , was [2012/08/30 15:27:51.754733, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 3 [2012/08/30 15:27:51.754851, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 2 [2012/08/30 15:27:51.754968, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 3 [2012/08/30 15:27:51.755085, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2012/08/30 15:27:51.755205, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2012/08/30 15:27:51.755393, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 2 [2012/08/30 15:27:51.755567, 10] passdb/pdb_get_set.c:500(pdb_set_user_sid) pdb_set_user_sid: setting user sid S-1-5-21-3266308635-3715972288-3547500332-1001 [2012/08/30 15:27:51.755697, 10] passdb/pdb_compat.c:73(pdb_set_user_sid_from_rid) pdb_set_user_sid_from_rid: setting user sid S-1-5-21-3266308635-3715972288-3547500332-1001 from rid 1001 [2012/08/30 15:27:51.755879, 10] passdb/pdb_get_set.c:562(pdb_set_group_sid) pdb_set_group_sid: setting group sid S-1-5-21-3266308635-3715972288-3547500332-513 [2012/08/30 15:27:51.756016, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2012/08/30 15:27:51.756144, 5] lib/username.c:171(Get_Pwnam_alloc) Finding user administrator [2012/08/30 15:27:51.756274, 5] lib/username.c:116(Get_Pwnam_internals) Trying _Get_Pwnam(), username as lowercase is administrator [2012/08/30 15:27:51.756394, 5] lib/username.c:149(Get_Pwnam_internals) Get_Pwnam_internals did find user [administrator]! [2012/08/30 15:27:51.756519, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2012/08/30 15:27:51.756648, 5] passdb/lookup_sid.c:1269(legacy_sid_to_gid) LEGACY: sid S-1-5-21-3266308635-3715972288-3547500332-1001 is a User, expected a group [2012/08/30 15:27:51.756776, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2012/08/30 15:27:51.756896, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2012/08/30 15:27:51.757013, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2012/08/30 15:27:51.757138, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2012/08/30 15:27:51.757254, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2012/08/30 15:27:51.757448, 5] passdb/pdb_interface.c:1606(lookup_global_sam_rid) lookup_global_sam_rid: looking up RID 1001. [2012/08/30 15:27:51.757575, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2012/08/30 15:27:51.757693, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 1 [2012/08/30 15:27:51.757814, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2012/08/30 15:27:51.757932, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2012/08/30 15:27:51.758050, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2012/08/30 15:27:51.758252, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 3 [2012/08/30 15:27:51.758375, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 2 [2012/08/30 15:27:51.758491, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 3 [2012/08/30 15:27:51.758609, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2012/08/30 15:27:51.758743, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2012/08/30 15:27:51.758937, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 2 [2012/08/30 15:27:51.759057, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 3 [2012/08/30 15:27:51.759177, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 2 [2012/08/30 15:27:51.759294, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 3 [2012/08/30 15:27:51.759428, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2012/08/30 15:27:51.759591, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2012/08/30 15:27:51.759782, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 2 [2012/08/30 15:27:51.759909, 10] passdb/pdb_get_set.c:575(pdb_set_username) pdb_set_username: setting username administrator, was [2012/08/30 15:27:51.760032, 10] passdb/pdb_get_set.c:598(pdb_set_domain) pdb_set_domain: setting domain ACR, was [2012/08/30 15:27:51.760151, 10] passdb/pdb_get_set.c:621(pdb_set_nt_username) pdb_set_nt_username: setting nt username administrator, was [2012/08/30 15:27:51.760425, 10] passdb/pdb_get_set.c:644(pdb_set_fullname) pdb_set_full_name: setting full name administrator, was [2012/08/30 15:27:51.760546, 10] passdb/pdb_get_set.c:737(pdb_set_homedir) pdb_set_homedir: setting home dir , was [2012/08/30 15:27:51.760686, 10] passdb/pdb_get_set.c:713(pdb_set_dir_drive) pdb_set_dir_drive: setting dir drive , was NULL [2012/08/30 15:27:51.760805, 10] passdb/pdb_get_set.c:667(pdb_set_logon_script) pdb_set_logon_script: setting logon script allusers.bat, was [2012/08/30 15:27:51.760923, 10] passdb/pdb_get_set.c:690(pdb_set_profile_path) pdb_set_profile_path: setting profile path , was [2012/08/30 15:27:51.761041, 10] passdb/pdb_get_set.c:780(pdb_set_workstations) pdb_set_workstations: setting workstations , was [2012/08/30 15:27:51.761179, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 3 [2012/08/30 15:27:51.761316, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 2 [2012/08/30 15:27:51.761434, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 3 [2012/08/30 15:27:51.761569, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2012/08/30 15:27:51.761695, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2012/08/30 15:27:51.761891, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 2 [2012/08/30 15:27:51.762031, 10] passdb/pdb_get_set.c:500(pdb_set_user_sid) pdb_set_user_sid: setting user sid S-1-5-21-3266308635-3715972288-3547500332-1001 [2012/08/30 15:27:51.762153, 10] passdb/pdb_compat.c:73(pdb_set_user_sid_from_rid) pdb_set_user_sid_from_rid: setting user sid S-1-5-21-3266308635-3715972288-3547500332-1001 from rid 1001 [2012/08/30 15:27:51.762334, 10] passdb/pdb_get_set.c:562(pdb_set_group_sid) pdb_set_group_sid: setting group sid S-1-5-21-3266308635-3715972288-3547500332-513 [2012/08/30 15:27:51.762475, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2012/08/30 15:27:51.762613, 5] lib/username.c:171(Get_Pwnam_alloc) Finding user administrator [2012/08/30 15:27:51.762732, 5] lib/username.c:116(Get_Pwnam_internals) Trying _Get_Pwnam(), username as lowercase is administrator [2012/08/30 15:27:51.762854, 5] lib/username.c:149(Get_Pwnam_internals) Get_Pwnam_internals did find user [administrator]! [2012/08/30 15:27:51.762976, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2012/08/30 15:27:51.763094, 10] passdb/lookup_sid.c:1223(legacy_sid_to_uid) LEGACY: sid S-1-5-21-3266308635-3715972288-3547500332-1001 -> uid 10000 [2012/08/30 15:27:51.763219, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2012/08/30 15:27:51.763356, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2012/08/30 15:27:51.763475, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2012/08/30 15:27:51.763649, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2012/08/30 15:27:51.763774, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2012/08/30 15:27:51.763968, 5] lib/smbldap.c:1439(smbldap_search_ext) smbldap_search_ext: base => [dc=acr,dc=lab], filter => [(&(objectClass=sambaGroupMapping)(sambaSID=S-1-1-0))], scope => [2] [2012/08/30 15:27:51.766003, 4] passdb/pdb_ldap.c:2543(ldapsam_getgroup) ldapsam_getgroup: Did not find group, filter was (&(objectClass=sambaGroupMapping)(sambaSID=S-1-1-0)) [2012/08/30 15:27:51.766187, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2012/08/30 15:27:51.766309, 10] passdb/lookup_sid.c:1253(legacy_sid_to_gid) LEGACY: mapping failed for sid S-1-1-0 [2012/08/30 15:27:51.766450, 10] passdb/lookup_sid.c:1218(legacy_sid_to_uid) LEGACY: mapping failed for sid S-1-1-0 [2012/08/30 15:27:51.766572, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2012/08/30 15:27:51.766692, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2012/08/30 15:27:51.766810, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2012/08/30 15:27:51.766948, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2012/08/30 15:27:51.767065, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2012/08/30 15:27:51.767256, 5] lib/smbldap.c:1439(smbldap_search_ext) smbldap_search_ext: base => [dc=acr,dc=lab], filter => [(&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-2))], scope => [2] [2012/08/30 15:27:51.769416, 4] passdb/pdb_ldap.c:2543(ldapsam_getgroup) ldapsam_getgroup: Did not find group, filter was (&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-2)) [2012/08/30 15:27:51.769593, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2012/08/30 15:27:51.769713, 10] passdb/lookup_sid.c:1253(legacy_sid_to_gid) LEGACY: mapping failed for sid S-1-5-2 [2012/08/30 15:27:51.769867, 10] passdb/lookup_sid.c:1218(legacy_sid_to_uid) LEGACY: mapping failed for sid S-1-5-2 [2012/08/30 15:27:51.769995, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2012/08/30 15:27:51.770112, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2012/08/30 15:27:51.770230, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2012/08/30 15:27:51.770365, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2012/08/30 15:27:51.770543, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2012/08/30 15:27:51.770735, 5] lib/smbldap.c:1439(smbldap_search_ext) smbldap_search_ext: base => [dc=acr,dc=lab], filter => [(&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-11))], scope => [2] [2012/08/30 15:27:51.772466, 4] passdb/pdb_ldap.c:2543(ldapsam_getgroup) ldapsam_getgroup: Did not find group, filter was (&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-11)) [2012/08/30 15:27:51.772635, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2012/08/30 15:27:51.772755, 10] passdb/lookup_sid.c:1253(legacy_sid_to_gid) LEGACY: mapping failed for sid S-1-5-11 [2012/08/30 15:27:51.772876, 10] passdb/lookup_sid.c:1218(legacy_sid_to_uid) LEGACY: mapping failed for sid S-1-5-11 [2012/08/30 15:27:51.773006, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2012/08/30 15:27:51.773130, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2012/08/30 15:27:51.773248, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2012/08/30 15:27:51.773365, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2012/08/30 15:27:51.773486, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2012/08/30 15:27:51.773676, 5] lib/smbldap.c:1439(smbldap_search_ext) smbldap_search_ext: base => [dc=acr,dc=lab], filter => [(&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-32-544))], scope => [2] [2012/08/30 15:27:51.775342, 4] passdb/pdb_ldap.c:2543(ldapsam_getgroup) ldapsam_getgroup: Did not find group, filter was (&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-32-544)) [2012/08/30 15:27:51.775535, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2012/08/30 15:27:51.775688, 10] passdb/lookup_sid.c:1253(legacy_sid_to_gid) LEGACY: mapping failed for sid S-1-5-32-544 [2012/08/30 15:27:51.775812, 10] passdb/lookup_sid.c:1218(legacy_sid_to_uid) LEGACY: mapping failed for sid S-1-5-32-544 [2012/08/30 15:27:51.775934, 10] auth/auth_util.c:505(create_local_token) Could not convert SID S-1-1-0 to gid, ignoring it [2012/08/30 15:27:51.776056, 10] auth/auth_util.c:505(create_local_token) Could not convert SID S-1-5-2 to gid, ignoring it [2012/08/30 15:27:51.776174, 10] auth/auth_util.c:505(create_local_token) Could not convert SID S-1-5-11 to gid, ignoring it [2012/08/30 15:27:51.776322, 10] auth/auth_util.c:505(create_local_token) Could not convert SID S-1-5-32-544 to gid, ignoring it [2012/08/30 15:27:51.776454, 10] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (14): SID[ 0]: S-1-5-21-3266308635-3715972288-3547500332-1001 SID[ 1]: S-1-5-21-3266308635-3715972288-3547500332-513 SID[ 2]: S-1-5-21-3266308635-3715972288-3547500332-512 SID[ 3]: S-1-5-21-3266308635-3715972288-3547500332-514 SID[ 4]: S-1-5-21-3266308635-3715972288-3547500332-515 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-10000 SID[ 10]: S-1-22-2-513 SID[ 11]: S-1-22-2-512 SID[ 12]: S-1-22-2-514 SID[ 13]: S-1-22-2-515 Privileges (0x 1FFFFFF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Privilege[ 8]: SeSecurityPrivilege Privilege[ 9]: SeSystemtimePrivilege Privilege[ 10]: SeShutdownPrivilege Privilege[ 11]: SeDebugPrivilege Privilege[ 12]: SeSystemEnvironmentPrivilege Privilege[ 13]: SeSystemProfilePrivilege Privilege[ 14]: SeProfileSingleProcessPrivilege Privilege[ 15]: SeIncreaseBasePriorityPrivilege Privilege[ 16]: SeLoadDriverPrivilege Privilege[ 17]: SeCreatePagefilePrivilege Privilege[ 18]: SeIncreaseQuotaPrivilege Privilege[ 19]: SeChangeNotifyPrivilege Privilege[ 20]: SeUndockPrivilege Privilege[ 21]: SeManageVolumePrivilege Privilege[ 22]: SeImpersonatePrivilege Privilege[ 23]: SeCreateGlobalPrivilege Privilege[ 24]: SeEnableDelegationPrivilege Rights (0x 0): [2012/08/30 15:27:51.779018, 10] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 10000 Primary group is 513 and contains 4 supplementary groups Group[ 0]: 513 Group[ 1]: 512 Group[ 2]: 514 Group[ 3]: 515 [2012/08/30 15:27:51.779537, 10] auth/auth_ntlmssp.c:174(auth_ntlmssp_check_password) Got NT session key of length 16 [2012/08/30 15:27:51.779697, 10] auth/auth_ntlmssp.c:181(auth_ntlmssp_check_password) Got LM session key of length 8 [2012/08/30 15:27:51.779817, 10] ../libcli/auth/ntlmssp_server.c:462(ntlmssp_server_postauth) ntlmssp_server_auth: Using unmodified nt session key. [2012/08/30 15:27:51.779941, 3] ../libcli/auth/ntlmssp_sign.c:535(ntlmssp_sign_init) NTLMSSP Sign/Seal - Initialising with flags: [2012/08/30 15:27:51.780058, 3] ../libcli/auth/ntlmssp.c:34(debug_ntlmssp_flags) Got NTLMSSP neg_flags=0xe2088215 NTLMSSP_NEGOTIATE_UNICODE NTLMSSP_REQUEST_TARGET NTLMSSP_NEGOTIATE_SIGN NTLMSSP_NEGOTIATE_NTLM NTLMSSP_NEGOTIATE_ALWAYS_SIGN NTLMSSP_NEGOTIATE_NTLM2 NTLMSSP_NEGOTIATE_VERSION NTLMSSP_NEGOTIATE_128 NTLMSSP_NEGOTIATE_KEY_EXCH NTLMSSP_NEGOTIATE_56 [2012/08/30 15:27:51.780794, 10] smbd/password.c:293(register_existing_vuid) register_existing_vuid: (10000,513) administrator administrator ACR guest=0 [2012/08/30 15:27:51.780913, 3] smbd/password.c:298(register_existing_vuid) register_existing_vuid: User name: administrator Real name: administrator [2012/08/30 15:27:51.781035, 3] smbd/password.c:308(register_existing_vuid) register_existing_vuid: UNIX uid 10000 is UNIX user administrator, and will be vuid 100 [2012/08/30 15:27:51.781740, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 49442F333035342F3130 [2012/08/30 15:27:51.781988, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fd50c008860 [2012/08/30 15:27:51.782209, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 49442F333035342F3130 [2012/08/30 15:27:51.782372, 7] param/loadparm.c:9834(lp_servicenumber) lp_servicenumber: couldn't find administrator [2012/08/30 15:27:51.782581, 5] lib/username.c:171(Get_Pwnam_alloc) Finding user administrator [2012/08/30 15:27:51.782740, 5] lib/username.c:116(Get_Pwnam_internals) Trying _Get_Pwnam(), username as lowercase is administrator [2012/08/30 15:27:51.782864, 5] lib/username.c:149(Get_Pwnam_internals) Get_Pwnam_internals did find user [administrator]! [2012/08/30 15:27:51.782983, 3] smbd/password.c:238(register_homes_share) Adding homes service for user 'administrator' using home directory: '/home/administrator' [2012/08/30 15:27:51.783343, 8] param/loadparm.c:6480(add_a_service) add_a_service: Creating snum = 6 for administrator [2012/08/30 15:27:51.783467, 10] param/loadparm.c:6527(hash_a_service) hash_a_service: hashing index 6 for service name administrator [2012/08/30 15:27:51.783700, 3] param/loadparm.c:6582(lp_add_home) adding home's share [administrator] for user 'administrator' at '/home/%u' [2012/08/30 15:27:51.783852, 6] param/loadparm.c:7490(lp_file_list_changed) lp_file_list_changed() file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Thu Aug 30 15:18:57 2012 [2012/08/30 15:27:51.784290, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:51.784353, 5] lib/util.c:342(show_msg) size=94 smb_com=0x73 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=65535 smb_pid=65279 smb_uid=100 smb_mid=5184 smt_wct=4 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 9 (0x9) smb_bcc=51 [2012/08/30 15:27:51.785361, 10] ../lib/util/util.c:415(dump_data) [0000] A1 07 30 05 A0 03 0A 01 00 55 00 6E 00 69 00 78 ..0..... .U.n.i.x [0010] 00 00 00 53 00 61 00 6D 00 62 00 61 00 20 00 33 ...S.a.m .b.a. .3 [0020] 00 2E 00 36 00 2E 00 37 00 00 00 41 00 43 00 52 ...6...7 ...A.C.R [0030] 00 00 00 ... [2012/08/30 15:27:51.787401, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 78 [2012/08/30 15:27:51.787803, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x4e [2012/08/30 15:27:51.787923, 3] smbd/process.c:1662(process_smb) Transaction 3 of length 82 (0 toread) [2012/08/30 15:27:51.788040, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:51.788313, 5] lib/util.c:342(show_msg) size=78 smb_com=0x75 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=0 smb_pid=65279 smb_uid=100 smb_mid=5248 smt_wct=4 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 78 (0x4E) smb_vwv[ 2]= 8 (0x8) smb_vwv[ 3]= 1 (0x1) smb_bcc=35 [2012/08/30 15:27:51.789327, 10] ../lib/util/util.c:415(dump_data) [0000] 00 5C 00 5C 00 4F 00 52 00 41 00 4E 00 47 00 45 .\.\.O.R .A.N.G.E [0010] 00 5C 00 49 00 50 00 43 00 24 00 00 00 3F 3F 3F .\.I.P.C .$...??? [0020] 3F 3F 00 ??. [2012/08/30 15:27:51.789599, 3] smbd/process.c:1467(switch_message) switch message SMBtconX (pid 3054) conn 0x0 [2012/08/30 15:27:51.789719, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2012/08/30 15:27:51.789837, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2012/08/30 15:27:51.789978, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2012/08/30 15:27:51.790167, 5] smbd/uid.c:400(change_to_root_user) change_to_root_user: now uid=(0,0) gid=(0,0) [2012/08/30 15:27:51.790342, 4] smbd/reply.c:794(reply_tcon_and_X) Client requested device type [?????] for share [IPC$] [2012/08/30 15:27:51.791125, 5] smbd/service.c:1354(make_connection) making a connection to 'normal' service ipc$ [2012/08/30 15:27:51.791319, 3] lib/access.c:338(allow_access) Allowed connection from 192.168.30.50 (192.168.30.50) [2012/08/30 15:27:51.791444, 3] ../libcli/security/dom_sid.c:208(dom_sid_parse_endp) string_to_sid: SID root is not in a valid format [2012/08/30 15:27:51.792428, 10] passdb/lookup_sid.c:76(lookup_name) lookup_name: ACR\root => domain=[ACR], name=[root] [2012/08/30 15:27:51.792564, 10] passdb/lookup_sid.c:77(lookup_name) lookup_name: flags = 0x073 [2012/08/30 15:27:51.792707, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2012/08/30 15:27:51.792848, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2012/08/30 15:27:51.792969, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2012/08/30 15:27:51.793086, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2012/08/30 15:27:51.794009, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2012/08/30 15:27:51.794212, 5] lib/smbldap.c:1439(smbldap_search_ext) smbldap_search_ext: base => [dc=acr,dc=lab], filter => [(&(uid=root)(objectclass=sambaSamAccount))], scope => [2] [2012/08/30 15:27:51.795567, 4] passdb/pdb_ldap.c:1581(ldapsam_getsampwnam) ldapsam_getsampwnam: Unable to locate user [root] count=0 [2012/08/30 15:27:51.795800, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2012/08/30 15:27:51.795921, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2012/08/30 15:27:51.796039, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2012/08/30 15:27:51.796161, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2012/08/30 15:27:51.796360, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2012/08/30 15:27:51.796537, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2012/08/30 15:27:51.796914, 5] lib/smbldap.c:1439(smbldap_search_ext) smbldap_search_ext: base => [dc=acr,dc=lab], filter => [(&(objectClass=sambaGroupMapping)(|(displayName=root)(cn=root)))], scope => [2] [2012/08/30 15:27:51.798557, 4] passdb/pdb_ldap.c:2543(ldapsam_getgroup) ldapsam_getgroup: Did not find group, filter was (&(objectClass=sambaGroupMapping)(|(displayName=root)(cn=root))) [2012/08/30 15:27:51.798985, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2012/08/30 15:27:51.799123, 10] passdb/lookup_sid.c:76(lookup_name) lookup_name: Unix User\root => domain=[Unix User], name=[root] [2012/08/30 15:27:51.799241, 10] passdb/lookup_sid.c:77(lookup_name) lookup_name: flags = 0x073 [2012/08/30 15:27:51.799396, 5] lib/username.c:171(Get_Pwnam_alloc) Finding user root [2012/08/30 15:27:51.799565, 5] lib/username.c:116(Get_Pwnam_internals) Trying _Get_Pwnam(), username as lowercase is root [2012/08/30 15:27:51.799700, 5] lib/username.c:149(Get_Pwnam_internals) Get_Pwnam_internals did find user [root]! [2012/08/30 15:27:51.799825, 10] smbd/share_access.c:241(user_ok_token) user_ok_token: share IPC$ is ok for unix user administrator [2012/08/30 15:27:51.799984, 5] lib/username.c:171(Get_Pwnam_alloc) Finding user administrator [2012/08/30 15:27:51.800102, 5] lib/username.c:116(Get_Pwnam_internals) Trying _Get_Pwnam(), username as lowercase is administrator [2012/08/30 15:27:51.800225, 5] lib/username.c:149(Get_Pwnam_internals) Get_Pwnam_internals did find user [administrator]! [2012/08/30 15:27:51.800348, 10] smbd/service.c:162(set_conn_connectpath) set_conn_connectpath: service IPC$, connectpath = /tmp [2012/08/30 15:27:51.800469, 3] smbd/service.c:872(make_connection_snum) Connect path is '/tmp' for service [IPC$] [2012/08/30 15:27:51.800701, 10] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0x10000000 to 0x001f01ff [2012/08/30 15:27:51.800893, 10] ../libcli/security/access_check.c:178(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0x101f01ff, remaining = 0x101f01ff [2012/08/30 15:27:51.801064, 3] smbd/vfs.c:102(vfs_init_default) Initialising default vfs hooks [2012/08/30 15:27:51.801318, 10] smbd/vfs.c:53(vfs_find_backend_entry) vfs_find_backend_entry called for /[Default VFS]/ [2012/08/30 15:27:51.801446, 5] smbd/vfs.c:92(smb_register_vfs) Successfully added vfs backend '/[Default VFS]/' [2012/08/30 15:27:51.801589, 10] smbd/vfs.c:53(vfs_find_backend_entry) vfs_find_backend_entry called for posixacl [2012/08/30 15:27:51.801709, 5] smbd/vfs.c:92(smb_register_vfs) Successfully added vfs backend 'posixacl' [2012/08/30 15:27:51.801827, 3] smbd/vfs.c:128(vfs_init_custom) Initialising custom vfs hooks from [/[Default VFS]/] [2012/08/30 15:27:51.801948, 10] smbd/vfs.c:53(vfs_find_backend_entry) vfs_find_backend_entry called for /[Default VFS]/ Successfully loaded vfs module [/[Default VFS]/] with the new modules system [2012/08/30 15:27:51.802158, 5] smbd/connection.c:134(claim_connection) claiming [IPC$] [2012/08/30 15:27:51.802324, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key EE0B0000FFFFFFFF00D9 [2012/08/30 15:27:51.802482, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fd50c00dcd0 [2012/08/30 15:27:51.802708, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key EE0B0000FFFFFFFF00D9 [2012/08/30 15:27:51.802979, 10] smbd/service.c:162(set_conn_connectpath) set_conn_connectpath: service IPC$, connectpath = /tmp [2012/08/30 15:27:51.803106, 3] ../libcli/security/dom_sid.c:208(dom_sid_parse_endp) string_to_sid: SID root is not in a valid format [2012/08/30 15:27:51.803229, 10] passdb/lookup_sid.c:76(lookup_name) lookup_name: ACR\root => domain=[ACR], name=[root] [2012/08/30 15:27:51.803346, 10] passdb/lookup_sid.c:77(lookup_name) lookup_name: flags = 0x073 [2012/08/30 15:27:51.803575, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2012/08/30 15:27:51.803724, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2012/08/30 15:27:51.803865, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2012/08/30 15:27:51.803982, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2012/08/30 15:27:51.804099, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2012/08/30 15:27:51.804302, 5] lib/smbldap.c:1439(smbldap_search_ext) smbldap_search_ext: base => [dc=acr,dc=lab], filter => [(&(uid=root)(objectclass=sambaSamAccount))], scope => [2] [2012/08/30 15:27:51.805583, 4] passdb/pdb_ldap.c:1581(ldapsam_getsampwnam) ldapsam_getsampwnam: Unable to locate user [root] count=0 [2012/08/30 15:27:51.805741, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2012/08/30 15:27:51.805864, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2012/08/30 15:27:51.805984, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2012/08/30 15:27:51.806123, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2012/08/30 15:27:51.806243, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2012/08/30 15:27:51.806361, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2012/08/30 15:27:51.806557, 5] lib/smbldap.c:1439(smbldap_search_ext) smbldap_search_ext: base => [dc=acr,dc=lab], filter => [(&(objectClass=sambaGroupMapping)(|(displayName=root)(cn=root)))], scope => [2] [2012/08/30 15:27:51.808073, 4] passdb/pdb_ldap.c:2543(ldapsam_getgroup) ldapsam_getgroup: Did not find group, filter was (&(objectClass=sambaGroupMapping)(|(displayName=root)(cn=root))) [2012/08/30 15:27:51.808234, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2012/08/30 15:27:51.808530, 10] passdb/lookup_sid.c:76(lookup_name) lookup_name: Unix User\root => domain=[Unix User], name=[root] [2012/08/30 15:27:51.808784, 10] passdb/lookup_sid.c:77(lookup_name) lookup_name: flags = 0x073 [2012/08/30 15:27:51.808927, 5] lib/username.c:171(Get_Pwnam_alloc) Finding user root [2012/08/30 15:27:51.809065, 5] lib/username.c:116(Get_Pwnam_internals) Trying _Get_Pwnam(), username as lowercase is root [2012/08/30 15:27:51.809187, 5] lib/username.c:149(Get_Pwnam_internals) Get_Pwnam_internals did find user [root]! [2012/08/30 15:27:51.809308, 10] smbd/share_access.c:241(user_ok_token) user_ok_token: share IPC$ is ok for unix user administrator [2012/08/30 15:27:51.809460, 10] smbd/share_access.c:286(is_share_read_only_for_token) is_share_read_only_for_user: share IPC$ is read-only for unix user administrator [2012/08/30 15:27:51.809597, 10] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0x10000000 to 0x001f01ff [2012/08/30 15:27:51.809756, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (10000, 513) - sec_ctx_stack_ndx = 0 [2012/08/30 15:27:51.809881, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (14): SID[ 0]: S-1-5-21-3266308635-3715972288-3547500332-1001 SID[ 1]: S-1-5-21-3266308635-3715972288-3547500332-513 SID[ 2]: S-1-5-21-3266308635-3715972288-3547500332-512 SID[ 3]: S-1-5-21-3266308635-3715972288-3547500332-514 SID[ 4]: S-1-5-21-3266308635-3715972288-3547500332-515 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-10000 SID[ 10]: S-1-22-2-513 SID[ 11]: S-1-22-2-512 SID[ 12]: S-1-22-2-514 SID[ 13]: S-1-22-2-515 Privileges (0x 1FFFFFF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Privilege[ 8]: SeSecurityPrivilege Privilege[ 9]: SeSystemtimePrivilege Privilege[ 10]: SeShutdownPrivilege Privilege[ 11]: SeDebugPrivilege Privilege[ 12]: SeSystemEnvironmentPrivilege Privilege[ 13]: SeSystemProfilePrivilege Privilege[ 14]: SeProfileSingleProcessPrivilege Privilege[ 15]: SeIncreaseBasePriorityPrivilege Privilege[ 16]: SeLoadDriverPrivilege Privilege[ 17]: SeCreatePagefilePrivilege Privilege[ 18]: SeIncreaseQuotaPrivilege Privilege[ 19]: SeChangeNotifyPrivilege Privilege[ 20]: SeUndockPrivilege Privilege[ 21]: SeManageVolumePrivilege Privilege[ 22]: SeImpersonatePrivilege Privilege[ 23]: SeCreateGlobalPrivilege Privilege[ 24]: SeEnableDelegationPrivilege Rights (0x 0): [2012/08/30 15:27:51.812574, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 10000 Primary group is 513 and contains 4 supplementary groups Group[ 0]: 513 Group[ 1]: 512 Group[ 2]: 514 Group[ 3]: 515 [2012/08/30 15:27:51.812996, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,10000), gid=(0,513) [2012/08/30 15:27:51.813126, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2012/08/30 15:27:51.813246, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2012/08/30 15:27:51.813364, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2012/08/30 15:27:51.813549, 5] smbd/uid.c:400(change_to_root_user) change_to_root_user: now uid=(0,0) gid=(0,0) [2012/08/30 15:27:51.813676, 10] smbd/service.c:162(set_conn_connectpath) set_conn_connectpath: service IPC$, connectpath = /tmp [2012/08/30 15:27:51.813831, 10] modules/vfs_default.c:160(vfswrap_fs_capabilities) vfswrap_fs_capabilities: timestamp resolution of sec available on share IPC$, directory /tmp [2012/08/30 15:27:51.814004, 3] smbd/service.c:1114(make_connection_snum) panama (192.168.30.50) connect to service IPC$ initially as user administrator (uid=10000, gid=513) (pid 3054) [2012/08/30 15:27:51.814135, 3] smbd/reply.c:871(reply_tcon_and_X) tconX service=IPC$ [2012/08/30 15:27:51.817377, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 102 [2012/08/30 15:27:51.817585, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x66 [2012/08/30 15:27:51.817705, 3] smbd/process.c:1662(process_smb) Transaction 4 of length 106 (0 toread) [2012/08/30 15:27:51.817823, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:51.817884, 5] lib/util.c:342(show_msg) size=102 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=1080 smb_uid=100 smb_mid=5312 smt_wct=24 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 4096 (0x1000) smb_vwv[ 3]= 4096 (0x1000) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]=40704 (0x9F00) smb_vwv[ 8]= 4609 (0x1201) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 1792 (0x700) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 256 (0x100) smb_vwv[18]= 0 (0x0) smb_vwv[19]=16384 (0x4000) smb_vwv[20]=16384 (0x4000) smb_vwv[21]= 512 (0x200) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 768 (0x300) smb_bcc=19 [2012/08/30 15:27:51.820572, 10] ../lib/util/util.c:415(dump_data) [0000] 00 5C 00 73 00 70 00 6F 00 6F 00 6C 00 73 00 73 .\.s.p.o .o.l.s.s [0010] 00 00 00 ... [2012/08/30 15:27:51.820901, 3] smbd/process.c:1467(switch_message) switch message SMBntcreateX (pid 3054) conn 0x7fd50c02fa20 [2012/08/30 15:27:51.821026, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (10000, 513) - sec_ctx_stack_ndx = 0 [2012/08/30 15:27:51.821146, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (14): SID[ 0]: S-1-5-21-3266308635-3715972288-3547500332-1001 SID[ 1]: S-1-5-21-3266308635-3715972288-3547500332-513 SID[ 2]: S-1-5-21-3266308635-3715972288-3547500332-512 SID[ 3]: S-1-5-21-3266308635-3715972288-3547500332-514 SID[ 4]: S-1-5-21-3266308635-3715972288-3547500332-515 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-10000 SID[ 10]: S-1-22-2-513 SID[ 11]: S-1-22-2-512 SID[ 12]: S-1-22-2-514 SID[ 13]: S-1-22-2-515 Privileges (0x 1FFFFFF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Privilege[ 8]: SeSecurityPrivilege Privilege[ 9]: SeSystemtimePrivilege Privilege[ 10]: SeShutdownPrivilege Privilege[ 11]: SeDebugPrivilege Privilege[ 12]: SeSystemEnvironmentPrivilege Privilege[ 13]: SeSystemProfilePrivilege Privilege[ 14]: SeProfileSingleProcessPrivilege Privilege[ 15]: SeIncreaseBasePriorityPrivilege Privilege[ 16]: SeLoadDriverPrivilege Privilege[ 17]: SeCreatePagefilePrivilege Privilege[ 18]: SeIncreaseQuotaPrivilege Privilege[ 19]: SeChangeNotifyPrivilege Privilege[ 20]: SeUndockPrivilege Privilege[ 21]: SeManageVolumePrivilege Privilege[ 22]: SeImpersonatePrivilege Privilege[ 23]: SeCreateGlobalPrivilege Privilege[ 24]: SeEnableDelegationPrivilege Rights (0x 0): [2012/08/30 15:27:51.824355, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 10000 Primary group is 513 and contains 4 supplementary groups Group[ 0]: 513 Group[ 1]: 512 Group[ 2]: 514 Group[ 3]: 515 [2012/08/30 15:27:51.824811, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,10000), gid=(0,513) [2012/08/30 15:27:51.824960, 4] smbd/vfs.c:780(vfs_ChDir) vfs_ChDir to /tmp [2012/08/30 15:27:51.825193, 10] smbd/nttrans.c:500(reply_ntcreate_and_X) reply_ntcreate_and_X: flags = 0x10, access_mask = 0x12019f file_attributes = 0x0, share_access = 0x7, create_disposition = 0x1 create_options = 0x400040 root_dir_fid = 0x0, fname = spoolss [2012/08/30 15:27:51.825363, 4] smbd/nttrans.c:288(nt_open_pipe) nt_open_pipe: Opening pipe \spoolss. [2012/08/30 15:27:51.825513, 5] smbd/files.c:140(file_new) allocated file structure 13657, fnum = 17753 (1 used) [2012/08/30 15:27:51.825702, 10] smbd/files.c:705(file_name_hash) file_name_hash: /tmp/spoolss hash 0x7d4e46e5 [2012/08/30 15:27:51.825956, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) Create pipe requested \spoolss [2012/08/30 15:27:51.826240, 10] rpc_server/rpc_handles.c:116(init_pipe_handles) init_pipe_handle_list: created handle list for pipe \spoolss [2012/08/30 15:27:51.826464, 10] rpc_server/rpc_handles.c:133(init_pipe_handles) init_pipe_handle_list: pipe_handles ref count = 1 for pipe \spoolss [2012/08/30 15:27:51.826610, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) Created internal pipe \spoolss (pipes_open=0) [2012/08/30 15:27:51.826741, 5] smbd/nttrans.c:377(do_ntcreate_pipe_open) do_ntcreate_pipe_open: open pipe = \spoolss [2012/08/30 15:27:51.828529, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 72 [2012/08/30 15:27:51.828860, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x48 [2012/08/30 15:27:51.829001, 3] smbd/process.c:1662(process_smb) Transaction 5 of length 76 (0 toread) [2012/08/30 15:27:51.829120, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:51.829182, 5] lib/util.c:342(show_msg) size=72 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=1080 smb_uid=100 smb_mid=5376 smt_wct=15 smb_vwv[ 0]= 4 (0x4) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 2 (0x2) smb_vwv[ 3]= 24 (0x18) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 4 (0x4) smb_vwv[10]= 68 (0x44) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 1 (0x1) smb_vwv[14]= 7 (0x7) smb_bcc=7 [2012/08/30 15:27:51.830895, 10] ../lib/util/util.c:415(dump_data) [0000] 00 00 00 59 45 ED 03 ...YE.. [2012/08/30 15:27:51.831038, 3] smbd/process.c:1467(switch_message) switch message SMBtrans2 (pid 3054) conn 0x7fd50c02fa20 [2012/08/30 15:27:51.831247, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/08/30 15:27:51.831468, 9] smbd/trans2.c:935(send_trans2_replies) t2_rep: params_sent_thistime = 2, data_sent_thistime = 24, useable_space = 131010 [2012/08/30 15:27:51.831696, 9] smbd/trans2.c:937(send_trans2_replies) t2_rep: params_to_send = 2, data_to_send = 24, paramsize = 2, datasize = 24 [2012/08/30 15:27:51.831819, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:51.831881, 5] lib/util.c:342(show_msg) size=84 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=1 smb_pid=1080 smb_uid=100 smb_mid=5376 smt_wct=10 smb_vwv[ 0]= 2 (0x2) smb_vwv[ 1]= 24 (0x18) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 2 (0x2) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 24 (0x18) smb_vwv[ 7]= 60 (0x3C) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=29 [2012/08/30 15:27:51.833525, 10] ../lib/util/util.c:415(dump_data) [0000] 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 ........ ........ [0010] 00 00 00 00 00 01 00 00 00 01 00 00 00 ........ ..... [2012/08/30 15:27:51.835388, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 224 [2012/08/30 15:27:51.835584, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0xe0 [2012/08/30 15:27:51.835733, 3] smbd/process.c:1662(process_smb) Transaction 6 of length 228 (0 toread) [2012/08/30 15:27:51.835852, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:51.835914, 5] lib/util.c:342(show_msg) size=224 smb_com=0x2f smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=100 smb_mid=5440 smt_wct=14 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]=17753 (0x4559) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]=65535 (0xFFFF) smb_vwv[ 6]=65535 (0xFFFF) smb_vwv[ 7]= 8 (0x8) smb_vwv[ 8]= 160 (0xA0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 160 (0xA0) smb_vwv[11]= 64 (0x40) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_bcc=161 [2012/08/30 15:27:51.837649, 10] ../lib/util/util.c:415(dump_data) [0000] EE 05 00 0B 03 10 00 00 00 A0 00 00 00 02 00 00 ........ ........ [0010] 00 B8 10 B8 10 00 00 00 00 03 00 00 00 00 00 01 ........ ........ [0020] 00 78 56 34 12 34 12 CD AB EF 00 01 23 45 67 89 .xV4.4.. ....#Eg. [0030] AB 01 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 ......]. ........ [0040] 00 2B 10 48 60 02 00 00 00 01 00 01 00 78 56 34 .+.H`... .....xV4 [0050] 12 34 12 CD AB EF 00 01 23 45 67 89 AB 01 00 00 .4...... #Eg..... [0060] 00 33 05 71 71 BA BE 37 49 83 19 B5 DB EF 9C CC .3.qq..7 I....... [0070] 36 01 00 00 00 02 00 01 00 78 56 34 12 34 12 CD 6....... .xV4.4.. [0080] AB EF 00 01 23 45 67 89 AB 01 00 00 00 2C 1C B7 ....#Eg. .....,.. [0090] 6C 12 98 40 45 03 00 00 00 00 00 00 00 01 00 00 l..@E... ........ [00A0] 00 . [2012/08/30 15:27:51.839316, 3] smbd/process.c:1467(switch_message) switch message SMBwriteX (pid 3054) conn 0x7fd50c02fa20 [2012/08/30 15:27:51.839453, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/08/30 15:27:51.839686, 6] smbd/pipes.c:300(reply_pipe_write_and_X) reply_pipe_write_and_X: 4559 name: spoolss len: 160 [2012/08/30 15:27:51.839808, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 160 [2012/08/30 15:27:51.839928, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 160 [2012/08/30 15:27:51.840675, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 160 [2012/08/30 15:27:51.840856, 10] rpc_server/srv_pipe_hnd.c:50(fill_rpc_header) fill_rpc_header: data_to_copy = 160, len_needed_to_complete_hdr = 16, receive_len = 0 [2012/08/30 15:27:51.841006, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 16 [2012/08/30 15:27:51.841129, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 144 [2012/08/30 15:27:51.841246, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 144 [2012/08/30 15:27:51.841389, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 0 [2012/08/30 15:27:51.841544, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 144 [2012/08/30 15:27:51.841662, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 144, incoming data = 144 [2012/08/30 15:27:51.841806, 10] rpc_server/srv_pipe.c:1877(process_complete_pdu) PDU is in Little Endian format! [2012/08/30 15:27:51.842380, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_BIND (11) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x00a0 (160) auth_length : 0x0000 (0) call_id : 0x00000002 (2) u : union dcerpc_payload(case 11) bind: struct dcerpc_bind max_xmit_frag : 0x10b8 (4280) max_recv_frag : 0x10b8 (4280) assoc_group_id : 0x00000000 (0) num_contexts : 0x03 (3) ctx_list: ARRAY(3) ctx_list: struct dcerpc_ctx_list context_id : 0x0000 (0) num_transfer_syntaxes : 0x01 (1) abstract_syntax: struct ndr_syntax_id uuid : 12345678-1234-abcd-ef00-0123456789ab if_version : 0x00000001 (1) transfer_syntaxes: ARRAY(1) transfer_syntaxes: struct ndr_syntax_id uuid : 8a885d04-1ceb-11c9-9fe8-08002b104860 if_version : 0x00000002 (2) ctx_list: struct dcerpc_ctx_list context_id : 0x0001 (1) num_transfer_syntaxes : 0x01 (1) abstract_syntax: struct ndr_syntax_id uuid : 12345678-1234-abcd-ef00-0123456789ab if_version : 0x00000001 (1) transfer_syntaxes: ARRAY(1) transfer_syntaxes: struct ndr_syntax_id uuid : 71710533-beba-4937-8319-b5dbef9ccc36 if_version : 0x00000001 (1) ctx_list: struct dcerpc_ctx_list context_id : 0x0002 (2) num_transfer_syntaxes : 0x01 (1) abstract_syntax: struct ndr_syntax_id uuid : 12345678-1234-abcd-ef00-0123456789ab if_version : 0x00000001 (1) transfer_syntaxes: ARRAY(1) transfer_syntaxes: struct ndr_syntax_id uuid : 6cb71c2c-9812-4540-0300-000000000000 if_version : 0x00000001 (1) auth_info : DATA_BLOB length=0 [2012/08/30 15:27:51.845946, 10] rpc_server/srv_pipe.c:1890(process_complete_pdu) Processing packet type 11 [2012/08/30 15:27:51.846158, 3] rpc_server/srv_pipe.c:889(api_pipe_bind_req) api_pipe_bind_req: \PIPE\spoolss -> \PIPE\spoolss [2012/08/30 15:27:51.846301, 5] rpc_server/srv_pipe.c:923(api_pipe_bind_req) api_pipe_bind_req: make response. 923 [2012/08/30 15:27:51.846420, 3] rpc_server/srv_pipe.c:339(check_bind_req) check_bind_req for \spoolss [2012/08/30 15:27:51.846546, 3] rpc_server/srv_pipe.c:346(check_bind_req) check_bind_req: \PIPE\spoolss -> \PIPE\spoolss [2012/08/30 15:27:51.846678, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) &r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_BIND_ACK (12) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0044 (68) auth_length : 0x0000 (0) call_id : 0x00000002 (2) u : union dcerpc_payload(case 12) bind_ack: struct dcerpc_bind_ack max_xmit_frag : 0x10b8 (4280) max_recv_frag : 0x10b8 (4280) assoc_group_id : 0x000053f0 (21488) secondary_address_size : 0x000e (14) secondary_address : '\PIPE\spoolss' _pad1 : DATA_BLOB length=0 num_results : 0x01 (1) ctx_list: ARRAY(1) ctx_list: struct dcerpc_ack_ctx result : 0x0000 (0) reason : 0x0000 (0) syntax: struct ndr_syntax_id uuid : 8a885d04-1ceb-11c9-9fe8-08002b104860 if_version : 0x00000002 (2) auth_info : DATA_BLOB length=0 [2012/08/30 15:27:51.848774, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 144 [2012/08/30 15:27:51.848962, 3] smbd/pipes.c:361(pipe_write_andx_done) writeX-IPC nwritten=160 [2012/08/30 15:27:51.851580, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 59 [2012/08/30 15:27:51.851759, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x3b [2012/08/30 15:27:51.851881, 3] smbd/process.c:1662(process_smb) Transaction 7 of length 63 (0 toread) [2012/08/30 15:27:51.852009, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:51.852072, 5] lib/util.c:342(show_msg) size=59 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=100 smb_mid=5504 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]=17753 (0x4559) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 1024 (0x400) smb_vwv[ 6]= 1024 (0x400) smb_vwv[ 7]=65535 (0xFFFF) smb_vwv[ 8]=65535 (0xFFFF) smb_vwv[ 9]= 1024 (0x400) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=0 [2012/08/30 15:27:51.853578, 10] ../lib/util/util.c:415(dump_data) [2012/08/30 15:27:51.853644, 3] smbd/process.c:1467(switch_message) switch message SMBreadX (pid 3054) conn 0x7fd50c02fa20 [2012/08/30 15:27:51.853783, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/08/30 15:27:51.853936, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) name: \spoolss len: 1024 [2012/08/30 15:27:51.854060, 10] rpc_server/srv_pipe_hnd.c:325(read_from_internal_pipe) read_from_pipe: \spoolss: current_pdu_len = 68, current_pdu_sent = 0 returning 68 bytes. [2012/08/30 15:27:51.854199, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) free_pipe_context: destroying talloc pool of size 29 [2012/08/30 15:27:51.854335, 10] rpc_server/srv_pipe_hnd.c:788(np_read_recv) Received 68 bytes. There is no more data outstanding [2012/08/30 15:27:51.854455, 3] smbd/pipes.c:485(pipe_read_andx_done) readX-IPC min=1024 max=1024 nread=68 [2012/08/30 15:27:51.857785, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 292 [2012/08/30 15:27:51.857947, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x124 [2012/08/30 15:27:51.858083, 3] smbd/process.c:1662(process_smb) Transaction 8 of length 296 (0 toread) [2012/08/30 15:27:51.858207, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:51.858269, 5] lib/util.c:342(show_msg) size=292 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=1080 smb_uid=100 smb_mid=5568 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 208 (0xD0) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 208 (0xD0) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=17753 (0x4559) smb_bcc=225 [2012/08/30 15:27:51.860390, 10] ../lib/util/util.c:415(dump_data) [0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [0010] 00 05 00 00 03 10 00 00 00 D0 00 00 00 02 00 00 ........ ........ [0020] 00 B8 00 00 00 00 00 45 00 00 00 02 00 11 00 00 .......E ........ [0030] 00 00 00 00 00 11 00 00 00 5C 00 5C 00 6F 00 72 ........ .\.\.o.r [0040] 00 61 00 6E 00 67 00 65 00 5C 00 48 00 50 00 5F .a.n.g.e .\.H.P._ [0050] 00 34 00 35 00 31 00 35 00 00 00 00 00 00 00 00 .4.5.1.5 ........ [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 ........ ........ [0070] 00 01 00 00 00 04 00 02 00 28 00 00 00 08 00 02 ........ .(...... [0080] 00 0C 00 02 00 B1 1D 00 00 03 00 00 00 00 00 00 ........ ........ [0090] 00 09 00 00 00 07 00 00 00 00 00 00 00 07 00 00 ........ ........ [00A0] 00 50 00 41 00 4E 00 41 00 4D 00 41 00 00 00 00 .P.A.N.A .M.A.... [00B0] 00 12 00 00 00 00 00 00 00 12 00 00 00 41 00 43 ........ .....A.C [00C0] 00 52 00 5C 00 61 00 64 00 6D 00 69 00 6E 00 69 .R.\.a.d .m.i.n.i [00D0] 00 73 00 74 00 72 00 61 00 74 00 6F 00 72 00 00 .s.t.r.a .t.o.r.. [00E0] 00 . [2012/08/30 15:27:51.861682, 3] smbd/process.c:1467(switch_message) switch message SMBtrans (pid 3054) conn 0x7fd50c02fa20 [2012/08/30 15:27:51.861857, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/08/30 15:27:51.862040, 3] smbd/ipc.c:560(handle_trans) trans <\PIPE\> data=208 params=0 setup=2 [2012/08/30 15:27:51.862299, 5] smbd/ipc.c:593(handle_trans) calling named_pipe [2012/08/30 15:27:51.862418, 3] smbd/ipc.c:511(named_pipe) named pipe command on <> name [2012/08/30 15:27:51.862580, 5] smbd/ipc.c:434(api_fd_reply) api_fd_reply [2012/08/30 15:27:51.863446, 3] smbd/ipc.c:475(api_fd_reply) Got API command 0x26 on pipe "spoolss" (pnum 4559) [2012/08/30 15:27:51.863631, 10] smbd/ipc.c:477(api_fd_reply) api_fd_reply: p:0x7fd50c02ba70 max_trans_reply: 1024 [2012/08/30 15:27:51.863755, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 208 [2012/08/30 15:27:51.863875, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 208 [2012/08/30 15:27:51.863993, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 208 [2012/08/30 15:27:51.864113, 10] rpc_server/srv_pipe_hnd.c:50(fill_rpc_header) fill_rpc_header: data_to_copy = 208, len_needed_to_complete_hdr = 16, receive_len = 0 [2012/08/30 15:27:51.864232, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 16 [2012/08/30 15:27:51.864349, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 192 [2012/08/30 15:27:51.864470, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 192 [2012/08/30 15:27:51.864590, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 0 [2012/08/30 15:27:51.864738, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 192 [2012/08/30 15:27:51.864870, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 192, incoming data = 192 [2012/08/30 15:27:51.864997, 10] rpc_server/srv_pipe.c:1877(process_complete_pdu) PDU is in Little Endian format! [2012/08/30 15:27:51.865122, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_REQUEST (0) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x00d0 (208) auth_length : 0x0000 (0) call_id : 0x00000002 (2) u : union dcerpc_payload(case 0) request: struct dcerpc_request alloc_hint : 0x000000b8 (184) context_id : 0x0000 (0) opnum : 0x0045 (69) object : union dcerpc_object(case 0) empty: struct dcerpc_empty _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=184 [0000] 00 00 02 00 11 00 00 00 00 00 00 00 11 00 00 00 ........ ........ [0010] 5C 00 5C 00 6F 00 72 00 61 00 6E 00 67 00 65 00 \.\.o.r. a.n.g.e. [0020] 5C 00 48 00 50 00 5F 00 34 00 35 00 31 00 35 00 \.H.P._. 4.5.1.5. [0030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0040] 00 00 00 00 01 00 00 00 01 00 00 00 04 00 02 00 ........ ........ [0050] 28 00 00 00 08 00 02 00 0C 00 02 00 B1 1D 00 00 (....... ........ [0060] 03 00 00 00 00 00 00 00 09 00 00 00 07 00 00 00 ........ ........ [0070] 00 00 00 00 07 00 00 00 50 00 41 00 4E 00 41 00 ........ P.A.N.A. [0080] 4D 00 41 00 00 00 00 00 12 00 00 00 00 00 00 00 M.A..... ........ [0090] 12 00 00 00 41 00 43 00 52 00 5C 00 61 00 64 00 ....A.C. R.\.a.d. [00A0] 6D 00 69 00 6E 00 69 00 73 00 74 00 72 00 61 00 m.i.n.i. s.t.r.a. [00B0] 74 00 6F 00 72 00 00 00 t.o.r... [2012/08/30 15:27:51.867443, 10] rpc_server/srv_pipe.c:1890(process_complete_pdu) Processing packet type 0 [2012/08/30 15:27:51.867624, 10] rpc_server/srv_pipe.c:1734(dcesrv_auth_request) Checking request auth. [2012/08/30 15:27:51.867771, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) Requested \PIPE\\spoolss [2012/08/30 15:27:51.867905, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) api_rpcTNP: \spoolss op 0x45 - api_rpcTNP: rpc command: SPOOLSS_OPENPRINTEREX [2012/08/30 15:27:51.868065, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) api_rpc_cmds[69].fn == 0x7fd50aec9b10 [2012/08/30 15:27:51.868316, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) spoolss_OpenPrinterEx: struct spoolss_OpenPrinterEx in: struct spoolss_OpenPrinterEx printername : * printername : '\\orange\HP_4515' datatype : NULL devmode_ctr: struct spoolss_DevmodeContainer _ndr_size : 0x00000000 (0) devmode : NULL access_mask : 0x00000000 (0) 0: SERVER_ACCESS_ADMINISTER 0: SERVER_ACCESS_ENUMERATE 0: PRINTER_ACCESS_ADMINISTER 0: PRINTER_ACCESS_USE 0: JOB_ACCESS_ADMINISTER 0: JOB_ACCESS_READ level : 0x00000001 (1) userlevel : union spoolss_UserLevel(case 1) level1 : * level1: struct spoolss_UserLevel1 size : 0x00000028 (40) client : * client : 'PANAMA' user : * user : 'ACR\administrator' build : 0x00001db1 (7601) major : UNKNOWN_ENUM_VALUE (3) minor : SPOOLSS_MINOR_VERSION_0 (0) processor : PROCESSOR_ARCHITECTURE_AMD64 (9) checking name: \\orange\HP_4515 [2012/08/30 15:27:51.871428, 10] rpc_server/spoolss/srv_spoolss_nt.c:752(open_printer_hnd) open_printer_hnd: name [\\orange\HP_4515] [2012/08/30 15:27:51.871620, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[1] [0000] 00 00 00 00 11 00 00 00 00 00 00 00 3F 50 B7 BE ........ ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:51.871903, 3] rpc_server/spoolss/srv_spoolss_nt.c:521(set_printer_hnd_printertype) Setting printer type=\\orange\HP_4515 Printer is a printer [2012/08/30 15:27:51.872132, 4] rpc_server/spoolss/srv_spoolss_nt.c:581(set_printer_hnd_name) Setting printer name=\\orange\HP_4515 (len=16) searching for [HP_4515] [2012/08/30 15:27:51.872379, 10] lib/gencache.c:183(gencache_set_data_blob) Adding cache entry with key = PRINTERNAME/HP_4515 and timeout = Wed Dec 31 19:00:00 1969 (-1346354871 seconds in the past) [2012/08/30 15:27:51.872616, 10] lib/gencache.c:183(gencache_set_data_blob) Adding cache entry with key = PRINTERNAME/HP_4515 and timeout = Thu Aug 30 15:32:51 2012 (300 seconds ahead) set_printer_hnd_name: Printer found: HP_4515 -> HP_4515 [2012/08/30 15:27:51.872859, 5] rpc_server/spoolss/srv_spoolss_nt.c:788(open_printer_hnd) 1 printer handles active [2012/08/30 15:27:51.873003, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 11 00 00 00 00 00 00 00 3F 50 B7 BE ........ ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:51.873198, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 11 00 00 00 00 00 00 00 3F 50 B7 BE ........ ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:51.873428, 4] rpc_server/spoolss/srv_spoolss_nt.c:504(get_printer_snum) short name:HP_4515 [2012/08/30 15:27:51.873584, 3] lib/access.c:338(allow_access) Allowed connection from 192.168.30.50 (192.168.30.50) [2012/08/30 15:27:51.877534, 3] ../libcli/security/dom_sid.c:208(dom_sid_parse_endp) string_to_sid: SID root is not in a valid format [2012/08/30 15:27:51.877717, 10] passdb/lookup_sid.c:76(lookup_name) lookup_name: ACR\root => domain=[ACR], name=[root] [2012/08/30 15:27:51.878243, 10] passdb/lookup_sid.c:77(lookup_name) lookup_name: flags = 0x073 [2012/08/30 15:27:51.878368, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(10000, 513) : sec_ctx_stack_ndx = 1 [2012/08/30 15:27:51.878493, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(100) : conn_ctx_stack_ndx = 0 [2012/08/30 15:27:51.878616, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2012/08/30 15:27:51.878739, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2012/08/30 15:27:51.878857, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2012/08/30 15:27:51.879070, 5] lib/smbldap.c:1439(smbldap_search_ext) smbldap_search_ext: base => [dc=acr,dc=lab], filter => [(&(uid=root)(objectclass=sambaSamAccount))], scope => [2] [2012/08/30 15:27:51.880348, 4] passdb/pdb_ldap.c:1581(ldapsam_getsampwnam) ldapsam_getsampwnam: Unable to locate user [root] count=0 [2012/08/30 15:27:51.880537, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (10000, 513) - sec_ctx_stack_ndx = 0 [2012/08/30 15:27:51.880660, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(10000, 513) : sec_ctx_stack_ndx = 1 [2012/08/30 15:27:51.880801, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(100) : conn_ctx_stack_ndx = 0 [2012/08/30 15:27:51.880920, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2012/08/30 15:27:51.881038, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2012/08/30 15:27:51.881158, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2012/08/30 15:27:51.881348, 5] lib/smbldap.c:1439(smbldap_search_ext) smbldap_search_ext: base => [dc=acr,dc=lab], filter => [(&(objectClass=sambaGroupMapping)(|(displayName=root)(cn=root)))], scope => [2] [2012/08/30 15:27:51.883872, 4] passdb/pdb_ldap.c:2543(ldapsam_getgroup) ldapsam_getgroup: Did not find group, filter was (&(objectClass=sambaGroupMapping)(|(displayName=root)(cn=root))) [2012/08/30 15:27:51.884069, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (10000, 513) - sec_ctx_stack_ndx = 0 [2012/08/30 15:27:51.884196, 10] passdb/lookup_sid.c:76(lookup_name) lookup_name: Unix User\root => domain=[Unix User], name=[root] [2012/08/30 15:27:51.884316, 10] passdb/lookup_sid.c:77(lookup_name) lookup_name: flags = 0x073 [2012/08/30 15:27:51.884465, 5] lib/username.c:171(Get_Pwnam_alloc) Finding user root [2012/08/30 15:27:51.884584, 5] lib/username.c:116(Get_Pwnam_internals) Trying _Get_Pwnam(), username as lowercase is root [2012/08/30 15:27:51.884705, 5] lib/username.c:149(Get_Pwnam_internals) Get_Pwnam_internals did find user [root]! [2012/08/30 15:27:51.884870, 10] smbd/share_access.c:241(user_ok_token) user_ok_token: share HP_4515 is ok for unix user administrator [2012/08/30 15:27:51.885024, 4] rpc_server/spoolss/srv_spoolss_nt.c:1923(_spoolss_OpenPrinterEx) Setting printer access = PRINTER_ACCESS_USE [2012/08/30 15:27:51.885234, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) Create pipe requested \winreg [2012/08/30 15:27:51.885387, 10] rpc_server/rpc_handles.c:116(init_pipe_handles) init_pipe_handle_list: created handle list for pipe \winreg [2012/08/30 15:27:51.885507, 10] rpc_server/rpc_handles.c:133(init_pipe_handles) init_pipe_handle_list: pipe_handles ref count = 1 for pipe \winreg [2012/08/30 15:27:51.885647, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) Created internal pipe \winreg (pipes_open=0) [2012/08/30 15:27:51.886113, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM in: struct winreg_OpenHKLM system_name : NULL access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2012/08/30 15:27:51.887050, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2012/08/30 15:27:51.887239, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (2->3) [2012/08/30 15:27:51.887428, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM] [2012/08/30 15:27:51.887620, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM] [2012/08/30 15:27:51.887749, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:51.887866, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM] [2012/08/30 15:27:51.888172, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM] [2012/08/30 15:27:51.888370, 10] ../libcli/security/access_check.c:178(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2012/08/30 15:27:51.888547, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[1] [0000] 00 00 00 00 12 00 00 00 00 00 00 00 3F 50 B7 BE ........ ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:51.888746, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM out: struct winreg_OpenHKLM handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000012-0000-0000-3f50-b7beee0b0000 result : WERR_OK [2012/08/30 15:27:51.889455, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey in: struct winreg_OpenKey parent_handle : * parent_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000012-0000-0000-3f50-b7beee0b0000 keyname: struct winreg_String name_len : 0x0088 (136) name_size : 0x0088 (136) name : * name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2012/08/30 15:27:51.891313, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 12 00 00 00 00 00 00 00 3F 50 B7 BE ........ ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:51.891569, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2012/08/30 15:27:51.891699, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (3->4) [2012/08/30 15:27:51.891820, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] [2012/08/30 15:27:51.891940, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE] [2012/08/30 15:27:51.892058, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:51.892338, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE] [2012/08/30 15:27:51.892565, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE] [2012/08/30 15:27:51.892737, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2012/08/30 15:27:51.892856, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (4->5) [2012/08/30 15:27:51.892976, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] [2012/08/30 15:27:51.893095, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] [2012/08/30 15:27:51.894129, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:51.894253, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE\Microsoft] [2012/08/30 15:27:51.894420, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft] [2012/08/30 15:27:51.894559, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2012/08/30 15:27:51.894681, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (5->6) [2012/08/30 15:27:51.894802, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] [2012/08/30 15:27:51.894919, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] [2012/08/30 15:27:51.895054, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:51.895171, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] [2012/08/30 15:27:51.895304, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT] [2012/08/30 15:27:51.895436, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2012/08/30 15:27:51.895919, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (6->7) [2012/08/30 15:27:51.896066, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2012/08/30 15:27:51.896226, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2012/08/30 15:27:51.896352, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:51.896471, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b776320 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2012/08/30 15:27:51.896668, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2012/08/30 15:27:51.896788, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (7->8) [2012/08/30 15:27:51.896929, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2012/08/30 15:27:51.897083, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2012/08/30 15:27:51.897203, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:51.897319, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b776320 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2012/08/30 15:27:51.897459, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2012/08/30 15:27:51.897578, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (8->9) [2012/08/30 15:27:51.897699, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2012/08/30 15:27:51.897816, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2012/08/30 15:27:51.897950, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:51.898068, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2012/08/30 15:27:51.898204, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2012/08/30 15:27:51.898338, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [HP_4515] [2012/08/30 15:27:51.898460, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (9->10) [2012/08/30 15:27:51.898581, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:51.898699, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:51.898818, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:51.898946, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:51.899090, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:51.899254, 10] ../libcli/security/access_check.c:178(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2012/08/30 15:27:51.899378, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (10->9) [2012/08/30 15:27:51.899540, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (9->8) [2012/08/30 15:27:51.899669, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (8->7) [2012/08/30 15:27:51.899787, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (7->6) [2012/08/30 15:27:51.899908, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (6->5) [2012/08/30 15:27:51.900032, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (5->4) [2012/08/30 15:27:51.900161, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[2] [0000] 00 00 00 00 13 00 00 00 00 00 00 00 3F 50 B7 BE ........ ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:51.900360, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey out: struct winreg_OpenKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000013-0000-0000-3f50-b7beee0b0000 result : WERR_OK [2012/08/30 15:27:51.900934, 2] rpc_client/cli_winreg_spoolss.c:898(winreg_create_printer) winreg_create_printer: Skipping, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515 already exists [2012/08/30 15:27:51.901131, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000013-0000-0000-3f50-b7beee0b0000 [2012/08/30 15:27:51.901614, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 13 00 00 00 00 00 00 00 3F 50 B7 BE ........ ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:51.901813, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 13 00 00 00 00 00 00 00 3F 50 B7 BE ........ ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:51.902026, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/08/30 15:27:51.902148, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (4->3) [2012/08/30 15:27:51.902268, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2012/08/30 15:27:51.902772, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000012-0000-0000-3f50-b7beee0b0000 [2012/08/30 15:27:51.903222, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 12 00 00 00 00 00 00 00 3F 50 B7 BE ........ ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:51.903422, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 12 00 00 00 00 00 00 00 3F 50 B7 BE ........ ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:51.903618, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/08/30 15:27:51.903741, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (3->2) [2012/08/30 15:27:51.903859, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2012/08/30 15:27:51.904504, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) spoolss_OpenPrinterEx: struct spoolss_OpenPrinterEx out: struct spoolss_OpenPrinterEx handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000011-0000-0000-3f50-b7beee0b0000 result : WERR_OK [2012/08/30 15:27:51.904989, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP) api_rpcTNP: called \spoolss successfully [2012/08/30 15:27:51.905114, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 192 [2012/08/30 15:27:51.905270, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) name: \spoolss len: 1024 [2012/08/30 15:27:51.905407, 10] rpc_server/srv_pipe_hnd.c:346(read_from_internal_pipe) read_from_pipe: \spoolss: fault_state = 0 : data_sent_length = 0, p->out_data.rdata.length = 24. [2012/08/30 15:27:51.905555, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) &r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_RESPONSE (2) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0030 (48) auth_length : 0x0000 (0) call_id : 0x00000002 (2) u : union dcerpc_payload(case 2) response: struct dcerpc_response alloc_hint : 0x00000018 (24) context_id : 0x0000 (0) cancel_count : 0x00 (0) _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=24 [0000] 00 00 00 00 11 00 00 00 00 00 00 00 3F 50 B7 BE ........ ....?P.. [0010] EE 0B 00 00 00 00 00 00 ........ [2012/08/30 15:27:51.907105, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) free_pipe_context: destroying talloc pool of size 1460 [2012/08/30 15:27:51.907226, 10] rpc_server/rpc_handles.c:307(close_policy_by_pipe) close_policy_by_pipe: deleted handle list for pipe \winreg [2012/08/30 15:27:51.907355, 10] rpc_server/srv_pipe_hnd.c:788(np_read_recv) Received 48 bytes. There is no more data outstanding [2012/08/30 15:27:51.907482, 5] smbd/ipc.c:62(copy_trans_params_and_data) copy_trans_params_and_data: params[0..0] data[0..48] (align 0) [2012/08/30 15:27:51.908427, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:51.908489, 5] lib/util.c:342(show_msg) size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=1 smb_pid=1080 smb_uid=100 smb_mid=5568 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [2012/08/30 15:27:51.910034, 10] ../lib/util/util.c:415(dump_data) [0000] 00 05 00 02 03 10 00 00 00 30 00 00 00 02 00 00 ........ .0...... [0010] 00 18 00 00 00 00 00 00 00 00 00 00 00 11 00 00 ........ ........ [0020] 00 00 00 00 00 3F 50 B7 BE EE 0B 00 00 00 00 00 .....?P. ........ [0030] 00 . [2012/08/30 15:27:51.912698, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 102 [2012/08/30 15:27:51.913134, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x66 [2012/08/30 15:27:51.913275, 3] smbd/process.c:1662(process_smb) Transaction 9 of length 106 (0 toread) [2012/08/30 15:27:51.913401, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:51.913464, 5] lib/util.c:342(show_msg) size=102 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=1080 smb_uid=100 smb_mid=5632 smt_wct=24 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 4096 (0x1000) smb_vwv[ 3]= 4096 (0x1000) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]=40704 (0x9F00) smb_vwv[ 8]= 4609 (0x1201) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 1792 (0x700) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 256 (0x100) smb_vwv[18]= 0 (0x0) smb_vwv[19]=16384 (0x4000) smb_vwv[20]=16384 (0x4000) smb_vwv[21]= 512 (0x200) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 768 (0x300) smb_bcc=19 [2012/08/30 15:27:51.915684, 10] ../lib/util/util.c:415(dump_data) [0000] 00 5C 00 73 00 70 00 6F 00 6F 00 6C 00 73 00 73 .\.s.p.o .o.l.s.s [0010] 00 00 00 ... [2012/08/30 15:27:51.915896, 3] smbd/process.c:1467(switch_message) switch message SMBntcreateX (pid 3054) conn 0x7fd50c02fa20 [2012/08/30 15:27:51.916017, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/08/30 15:27:51.916140, 10] smbd/nttrans.c:500(reply_ntcreate_and_X) reply_ntcreate_and_X: flags = 0x10, access_mask = 0x12019f file_attributes = 0x0, share_access = 0x7, create_disposition = 0x1 create_options = 0x400040 root_dir_fid = 0x0, fname = spoolss [2012/08/30 15:27:51.916265, 4] smbd/nttrans.c:288(nt_open_pipe) nt_open_pipe: Opening pipe \spoolss. [2012/08/30 15:27:51.916407, 5] smbd/files.c:140(file_new) allocated file structure 13658, fnum = 17754 (2 used) [2012/08/30 15:27:51.916532, 10] smbd/files.c:705(file_name_hash) file_name_hash: /tmp/spoolss hash 0x7d4e46e5 [2012/08/30 15:27:51.916803, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) Create pipe requested \spoolss [2012/08/30 15:27:51.916949, 10] rpc_server/rpc_handles.c:133(init_pipe_handles) init_pipe_handle_list: pipe_handles ref count = 2 for pipe \spoolss [2012/08/30 15:27:51.917103, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) Created internal pipe \spoolss (pipes_open=0) [2012/08/30 15:27:51.917225, 5] smbd/nttrans.c:377(do_ntcreate_pipe_open) do_ntcreate_pipe_open: open pipe = \spoolss [2012/08/30 15:27:51.918521, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 224 [2012/08/30 15:27:51.918692, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0xe0 [2012/08/30 15:27:51.918844, 3] smbd/process.c:1662(process_smb) Transaction 10 of length 228 (0 toread) [2012/08/30 15:27:51.918966, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:51.919028, 5] lib/util.c:342(show_msg) size=224 smb_com=0x2f smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=100 smb_mid=5696 smt_wct=14 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]=17754 (0x455A) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]=65535 (0xFFFF) smb_vwv[ 6]=65535 (0xFFFF) smb_vwv[ 7]= 8 (0x8) smb_vwv[ 8]= 160 (0xA0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 160 (0xA0) smb_vwv[11]= 64 (0x40) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_bcc=161 [2012/08/30 15:27:51.920826, 10] ../lib/util/util.c:415(dump_data) [0000] EE 05 00 0B 03 10 00 00 00 A0 00 00 00 02 00 00 ........ ........ [0010] 00 B8 10 B8 10 00 00 00 00 03 00 00 00 00 00 01 ........ ........ [0020] 00 78 56 34 12 34 12 CD AB EF 00 01 23 45 67 89 .xV4.4.. ....#Eg. [0030] AB 01 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 ......]. ........ [0040] 00 2B 10 48 60 02 00 00 00 01 00 01 00 78 56 34 .+.H`... .....xV4 [0050] 12 34 12 CD AB EF 00 01 23 45 67 89 AB 01 00 00 .4...... #Eg..... [0060] 00 33 05 71 71 BA BE 37 49 83 19 B5 DB EF 9C CC .3.qq..7 I....... [0070] 36 01 00 00 00 02 00 01 00 78 56 34 12 34 12 CD 6....... .xV4.4.. [0080] AB EF 00 01 23 45 67 89 AB 01 00 00 00 2C 1C B7 ....#Eg. .....,.. [0090] 6C 12 98 40 45 03 00 00 00 00 00 00 00 01 00 00 l..@E... ........ [00A0] 00 . [2012/08/30 15:27:51.922070, 3] smbd/process.c:1467(switch_message) switch message SMBwriteX (pid 3054) conn 0x7fd50c02fa20 [2012/08/30 15:27:51.922195, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/08/30 15:27:51.922329, 6] smbd/pipes.c:300(reply_pipe_write_and_X) reply_pipe_write_and_X: 455a name: spoolss len: 160 [2012/08/30 15:27:51.922449, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 160 [2012/08/30 15:27:51.922568, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 160 [2012/08/30 15:27:51.922685, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 160 [2012/08/30 15:27:51.922805, 10] rpc_server/srv_pipe_hnd.c:50(fill_rpc_header) fill_rpc_header: data_to_copy = 160, len_needed_to_complete_hdr = 16, receive_len = 0 [2012/08/30 15:27:51.922947, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 16 [2012/08/30 15:27:51.923071, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 144 [2012/08/30 15:27:51.923188, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 144 [2012/08/30 15:27:51.923310, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 0 [2012/08/30 15:27:51.923427, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 144 [2012/08/30 15:27:51.923691, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 144, incoming data = 144 [2012/08/30 15:27:51.923816, 10] rpc_server/srv_pipe.c:1877(process_complete_pdu) PDU is in Little Endian format! [2012/08/30 15:27:51.923978, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_BIND (11) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x00a0 (160) auth_length : 0x0000 (0) call_id : 0x00000002 (2) u : union dcerpc_payload(case 11) bind: struct dcerpc_bind max_xmit_frag : 0x10b8 (4280) max_recv_frag : 0x10b8 (4280) assoc_group_id : 0x00000000 (0) num_contexts : 0x03 (3) ctx_list: ARRAY(3) ctx_list: struct dcerpc_ctx_list context_id : 0x0000 (0) num_transfer_syntaxes : 0x01 (1) abstract_syntax: struct ndr_syntax_id uuid : 12345678-1234-abcd-ef00-0123456789ab if_version : 0x00000001 (1) transfer_syntaxes: ARRAY(1) transfer_syntaxes: struct ndr_syntax_id uuid : 8a885d04-1ceb-11c9-9fe8-08002b104860 if_version : 0x00000002 (2) ctx_list: struct dcerpc_ctx_list context_id : 0x0001 (1) num_transfer_syntaxes : 0x01 (1) abstract_syntax: struct ndr_syntax_id uuid : 12345678-1234-abcd-ef00-0123456789ab if_version : 0x00000001 (1) transfer_syntaxes: ARRAY(1) transfer_syntaxes: struct ndr_syntax_id uuid : 71710533-beba-4937-8319-b5dbef9ccc36 if_version : 0x00000001 (1) ctx_list: struct dcerpc_ctx_list context_id : 0x0002 (2) num_transfer_syntaxes : 0x01 (1) abstract_syntax: struct ndr_syntax_id uuid : 12345678-1234-abcd-ef00-0123456789ab if_version : 0x00000001 (1) transfer_syntaxes: ARRAY(1) transfer_syntaxes: struct ndr_syntax_id uuid : 6cb71c2c-9812-4540-0300-000000000000 if_version : 0x00000001 (1) auth_info : DATA_BLOB length=0 [2012/08/30 15:27:51.928520, 10] rpc_server/srv_pipe.c:1890(process_complete_pdu) Processing packet type 11 [2012/08/30 15:27:51.928650, 3] rpc_server/srv_pipe.c:889(api_pipe_bind_req) api_pipe_bind_req: \PIPE\spoolss -> \PIPE\spoolss [2012/08/30 15:27:51.928926, 5] rpc_server/srv_pipe.c:923(api_pipe_bind_req) api_pipe_bind_req: make response. 923 [2012/08/30 15:27:51.929061, 3] rpc_server/srv_pipe.c:339(check_bind_req) check_bind_req for \spoolss [2012/08/30 15:27:51.929182, 3] rpc_server/srv_pipe.c:346(check_bind_req) check_bind_req: \PIPE\spoolss -> \PIPE\spoolss [2012/08/30 15:27:51.929313, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) &r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_BIND_ACK (12) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0044 (68) auth_length : 0x0000 (0) call_id : 0x00000002 (2) u : union dcerpc_payload(case 12) bind_ack: struct dcerpc_bind_ack max_xmit_frag : 0x10b8 (4280) max_recv_frag : 0x10b8 (4280) assoc_group_id : 0x000053f0 (21488) secondary_address_size : 0x000e (14) secondary_address : '\PIPE\spoolss' _pad1 : DATA_BLOB length=0 num_results : 0x01 (1) ctx_list: ARRAY(1) ctx_list: struct dcerpc_ack_ctx result : 0x0000 (0) reason : 0x0000 (0) syntax: struct ndr_syntax_id uuid : 8a885d04-1ceb-11c9-9fe8-08002b104860 if_version : 0x00000002 (2) auth_info : DATA_BLOB length=0 [2012/08/30 15:27:51.931221, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 144 [2012/08/30 15:27:51.931360, 3] smbd/pipes.c:361(pipe_write_andx_done) writeX-IPC nwritten=160 [2012/08/30 15:27:51.932213, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 59 [2012/08/30 15:27:51.932361, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x3b [2012/08/30 15:27:51.932500, 3] smbd/process.c:1662(process_smb) Transaction 11 of length 63 (0 toread) [2012/08/30 15:27:51.932619, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:51.932681, 5] lib/util.c:342(show_msg) size=59 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=100 smb_mid=5760 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]=17754 (0x455A) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 1024 (0x400) smb_vwv[ 6]= 1024 (0x400) smb_vwv[ 7]=65535 (0xFFFF) smb_vwv[ 8]=65535 (0xFFFF) smb_vwv[ 9]= 1024 (0x400) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=0 [2012/08/30 15:27:51.935329, 10] ../lib/util/util.c:415(dump_data) [2012/08/30 15:27:51.935413, 3] smbd/process.c:1467(switch_message) switch message SMBreadX (pid 3054) conn 0x7fd50c02fa20 [2012/08/30 15:27:51.935601, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/08/30 15:27:51.935726, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) name: \spoolss len: 1024 [2012/08/30 15:27:51.935865, 10] rpc_server/srv_pipe_hnd.c:325(read_from_internal_pipe) read_from_pipe: \spoolss: current_pdu_len = 68, current_pdu_sent = 0 returning 68 bytes. [2012/08/30 15:27:51.935985, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) free_pipe_context: destroying talloc pool of size 29 [2012/08/30 15:27:51.936112, 10] rpc_server/srv_pipe_hnd.c:788(np_read_recv) Received 68 bytes. There is no more data outstanding [2012/08/30 15:27:51.936231, 3] smbd/pipes.c:485(pipe_read_andx_done) readX-IPC min=1024 max=1024 nread=68 [2012/08/30 15:27:51.937054, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 276 [2012/08/30 15:27:51.937198, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x114 [2012/08/30 15:27:51.937335, 3] smbd/process.c:1662(process_smb) Transaction 12 of length 280 (0 toread) [2012/08/30 15:27:51.937452, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:51.937549, 5] lib/util.c:342(show_msg) size=276 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=1080 smb_uid=100 smb_mid=5824 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 192 (0xC0) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 192 (0xC0) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=17754 (0x455A) smb_bcc=209 [2012/08/30 15:27:51.939290, 10] ../lib/util/util.c:415(dump_data) [0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [0010] 00 05 00 00 03 10 00 00 00 C0 00 00 00 02 00 00 ........ ........ [0020] 00 A8 00 00 00 00 00 45 00 00 00 02 00 09 00 00 .......E ........ [0030] 00 00 00 00 00 09 00 00 00 5C 00 5C 00 6F 00 72 ........ .\.\.o.r [0040] 00 61 00 6E 00 67 00 65 00 00 00 00 00 00 00 00 .a.n.g.e ........ [0050] 00 00 00 00 00 00 00 00 00 02 00 02 00 01 00 00 ........ ........ [0060] 00 01 00 00 00 04 00 02 00 28 00 00 00 08 00 02 ........ .(...... [0070] 00 0C 00 02 00 B1 1D 00 00 03 00 00 00 00 00 00 ........ ........ [0080] 00 09 00 00 00 07 00 00 00 00 00 00 00 07 00 00 ........ ........ [0090] 00 50 00 41 00 4E 00 41 00 4D 00 41 00 00 00 00 .P.A.N.A .M.A.... [00A0] 00 12 00 00 00 00 00 00 00 12 00 00 00 41 00 43 ........ .....A.C [00B0] 00 52 00 5C 00 61 00 64 00 6D 00 69 00 6E 00 69 .R.\.a.d .m.i.n.i [00C0] 00 73 00 74 00 72 00 61 00 74 00 6F 00 72 00 00 .s.t.r.a .t.o.r.. [00D0] 00 . [2012/08/30 15:27:51.940365, 3] smbd/process.c:1467(switch_message) switch message SMBtrans (pid 3054) conn 0x7fd50c02fa20 [2012/08/30 15:27:51.940516, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/08/30 15:27:51.940818, 3] smbd/ipc.c:560(handle_trans) trans <\PIPE\> data=192 params=0 setup=2 [2012/08/30 15:27:51.940939, 5] smbd/ipc.c:593(handle_trans) calling named_pipe [2012/08/30 15:27:51.941110, 3] smbd/ipc.c:511(named_pipe) named pipe command on <> name [2012/08/30 15:27:51.941228, 5] smbd/ipc.c:434(api_fd_reply) api_fd_reply [2012/08/30 15:27:51.941348, 3] smbd/ipc.c:475(api_fd_reply) Got API command 0x26 on pipe "spoolss" (pnum 455a) [2012/08/30 15:27:51.941467, 10] smbd/ipc.c:477(api_fd_reply) api_fd_reply: p:0x7fd50c02a9f0 max_trans_reply: 1024 [2012/08/30 15:27:51.941585, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 192 [2012/08/30 15:27:51.941703, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 192 [2012/08/30 15:27:51.943273, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 192 [2012/08/30 15:27:51.943400, 10] rpc_server/srv_pipe_hnd.c:50(fill_rpc_header) fill_rpc_header: data_to_copy = 192, len_needed_to_complete_hdr = 16, receive_len = 0 [2012/08/30 15:27:51.943562, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 16 [2012/08/30 15:27:51.943704, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 176 [2012/08/30 15:27:51.943828, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 176 [2012/08/30 15:27:51.943948, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 0 [2012/08/30 15:27:51.944066, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 176 [2012/08/30 15:27:51.944196, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 176, incoming data = 176 [2012/08/30 15:27:51.944320, 10] rpc_server/srv_pipe.c:1877(process_complete_pdu) PDU is in Little Endian format! [2012/08/30 15:27:51.944445, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_REQUEST (0) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x00c0 (192) auth_length : 0x0000 (0) call_id : 0x00000002 (2) u : union dcerpc_payload(case 0) request: struct dcerpc_request alloc_hint : 0x000000a8 (168) context_id : 0x0000 (0) opnum : 0x0045 (69) object : union dcerpc_object(case 0) empty: struct dcerpc_empty _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=168 [0000] 00 00 02 00 09 00 00 00 00 00 00 00 09 00 00 00 ........ ........ [0010] 5C 00 5C 00 6F 00 72 00 61 00 6E 00 67 00 65 00 \.\.o.r. a.n.g.e. [0020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0030] 02 00 02 00 01 00 00 00 01 00 00 00 04 00 02 00 ........ ........ [0040] 28 00 00 00 08 00 02 00 0C 00 02 00 B1 1D 00 00 (....... ........ [0050] 03 00 00 00 00 00 00 00 09 00 00 00 07 00 00 00 ........ ........ [0060] 00 00 00 00 07 00 00 00 50 00 41 00 4E 00 41 00 ........ P.A.N.A. [0070] 4D 00 41 00 00 00 00 00 12 00 00 00 00 00 00 00 M.A..... ........ [0080] 12 00 00 00 41 00 43 00 52 00 5C 00 61 00 64 00 ....A.C. R.\.a.d. [0090] 6D 00 69 00 6E 00 69 00 73 00 74 00 72 00 61 00 m.i.n.i. s.t.r.a. [00A0] 74 00 6F 00 72 00 00 00 t.o.r... [2012/08/30 15:27:51.946781, 10] rpc_server/srv_pipe.c:1890(process_complete_pdu) Processing packet type 0 [2012/08/30 15:27:51.946908, 10] rpc_server/srv_pipe.c:1734(dcesrv_auth_request) Checking request auth. [2012/08/30 15:27:51.947030, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) Requested \PIPE\\spoolss [2012/08/30 15:27:51.947173, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) api_rpcTNP: \spoolss op 0x45 - api_rpcTNP: rpc command: SPOOLSS_OPENPRINTEREX [2012/08/30 15:27:51.947295, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) api_rpc_cmds[69].fn == 0x7fd50aec9b10 [2012/08/30 15:27:51.947422, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) spoolss_OpenPrinterEx: struct spoolss_OpenPrinterEx in: struct spoolss_OpenPrinterEx printername : * printername : '\\orange' datatype : NULL devmode_ctr: struct spoolss_DevmodeContainer _ndr_size : 0x00000000 (0) devmode : NULL access_mask : 0x00020002 (131074) 0: SERVER_ACCESS_ADMINISTER 1: SERVER_ACCESS_ENUMERATE 0: PRINTER_ACCESS_ADMINISTER 0: PRINTER_ACCESS_USE 0: JOB_ACCESS_ADMINISTER 0: JOB_ACCESS_READ level : 0x00000001 (1) userlevel : union spoolss_UserLevel(case 1) level1 : * level1: struct spoolss_UserLevel1 size : 0x00000028 (40) client : * client : 'PANAMA' user : * user : 'ACR\administrator' build : 0x00001db1 (7601) major : UNKNOWN_ENUM_VALUE (3) minor : SPOOLSS_MINOR_VERSION_0 (0) processor : PROCESSOR_ARCHITECTURE_AMD64 (9) checking name: \\orange [2012/08/30 15:27:51.949314, 10] rpc_server/spoolss/srv_spoolss_nt.c:752(open_printer_hnd) open_printer_hnd: name [\\orange] [2012/08/30 15:27:51.949442, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[2] [0000] 00 00 00 00 14 00 00 00 00 00 00 00 3F 50 B7 BE ........ ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:51.949680, 3] rpc_server/spoolss/srv_spoolss_nt.c:521(set_printer_hnd_printertype) Setting printer type=\\orange Printer is a print server [2012/08/30 15:27:51.949856, 4] rpc_server/spoolss/srv_spoolss_nt.c:581(set_printer_hnd_name) Setting printer name=\\orange (len=8) [2012/08/30 15:27:51.949979, 5] rpc_server/spoolss/srv_spoolss_nt.c:788(open_printer_hnd) 2 printer handles active [2012/08/30 15:27:51.950139, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 14 00 00 00 00 00 00 00 3F 50 B7 BE ........ ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:51.950337, 4] rpc_server/spoolss/srv_spoolss_nt.c:1852(_spoolss_OpenPrinterEx) Setting print server access = SERVER_ACCESS_ENUMERATE [2012/08/30 15:27:51.950455, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) spoolss_OpenPrinterEx: struct spoolss_OpenPrinterEx out: struct spoolss_OpenPrinterEx handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000014-0000-0000-3f50-b7beee0b0000 result : WERR_OK [2012/08/30 15:27:51.950972, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP) api_rpcTNP: called \spoolss successfully [2012/08/30 15:27:51.951114, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 176 [2012/08/30 15:27:51.951247, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) name: \spoolss len: 1024 [2012/08/30 15:27:51.951365, 10] rpc_server/srv_pipe_hnd.c:346(read_from_internal_pipe) read_from_pipe: \spoolss: fault_state = 0 : data_sent_length = 0, p->out_data.rdata.length = 24. [2012/08/30 15:27:51.951493, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) &r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_RESPONSE (2) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0030 (48) auth_length : 0x0000 (0) call_id : 0x00000002 (2) u : union dcerpc_payload(case 2) response: struct dcerpc_response alloc_hint : 0x00000018 (24) context_id : 0x0000 (0) cancel_count : 0x00 (0) _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=24 [0000] 00 00 00 00 14 00 00 00 00 00 00 00 3F 50 B7 BE ........ ....?P.. [0010] EE 0B 00 00 00 00 00 00 ........ [2012/08/30 15:27:51.953569, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) free_pipe_context: destroying talloc pool of size 29 [2012/08/30 15:27:51.953700, 10] rpc_server/srv_pipe_hnd.c:788(np_read_recv) Received 48 bytes. There is no more data outstanding [2012/08/30 15:27:51.953820, 5] smbd/ipc.c:62(copy_trans_params_and_data) copy_trans_params_and_data: params[0..0] data[0..48] (align 0) [2012/08/30 15:27:51.953939, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:51.954004, 5] lib/util.c:342(show_msg) size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=1 smb_pid=1080 smb_uid=100 smb_mid=5824 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [2012/08/30 15:27:51.955346, 10] ../lib/util/util.c:415(dump_data) [0000] 00 05 00 02 03 10 00 00 00 30 00 00 00 02 00 00 ........ .0...... [0010] 00 18 00 00 00 00 00 00 00 00 00 00 00 14 00 00 ........ ........ [0020] 00 00 00 00 00 3F 50 B7 BE EE 0B 00 00 00 00 00 .....?P. ........ [0030] 00 . [2012/08/30 15:27:51.956414, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 164 [2012/08/30 15:27:51.956560, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0xa4 [2012/08/30 15:27:51.956702, 3] smbd/process.c:1662(process_smb) Transaction 13 of length 168 (0 toread) [2012/08/30 15:27:51.956820, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:51.956885, 5] lib/util.c:342(show_msg) size=164 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=1080 smb_uid=100 smb_mid=5888 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 80 (0x50) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 80 (0x50) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=17754 (0x455A) smb_bcc=97 [2012/08/30 15:27:51.958728, 10] ../lib/util/util.c:415(dump_data) [0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [0010] 00 05 00 00 03 10 00 00 00 50 00 00 00 03 00 00 ........ .P...... [0020] 00 38 00 00 00 00 00 1A 00 00 00 00 00 14 00 00 .8...... ........ [0030] 00 00 00 00 00 3F 50 B7 BE EE 0B 00 00 0A 00 00 .....?P. ........ [0040] 00 00 00 00 00 0A 00 00 00 4F 00 53 00 56 00 65 ........ .O.S.V.e [0050] 00 72 00 73 00 69 00 6F 00 6E 00 00 00 1C 01 00 .r.s.i.o .n...... [0060] 00 . [2012/08/30 15:27:51.959296, 3] smbd/process.c:1467(switch_message) switch message SMBtrans (pid 3054) conn 0x7fd50c02fa20 [2012/08/30 15:27:51.959435, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/08/30 15:27:51.959629, 3] smbd/ipc.c:560(handle_trans) trans <\PIPE\> data=80 params=0 setup=2 [2012/08/30 15:27:51.959752, 5] smbd/ipc.c:593(handle_trans) calling named_pipe [2012/08/30 15:27:51.959871, 3] smbd/ipc.c:511(named_pipe) named pipe command on <> name [2012/08/30 15:27:51.959988, 5] smbd/ipc.c:434(api_fd_reply) api_fd_reply [2012/08/30 15:27:51.960106, 3] smbd/ipc.c:475(api_fd_reply) Got API command 0x26 on pipe "spoolss" (pnum 455a) [2012/08/30 15:27:51.960224, 10] smbd/ipc.c:477(api_fd_reply) api_fd_reply: p:0x7fd50c02a9f0 max_trans_reply: 1024 [2012/08/30 15:27:51.960357, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 80 [2012/08/30 15:27:51.960496, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 80 [2012/08/30 15:27:51.960635, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 80 [2012/08/30 15:27:51.960755, 10] rpc_server/srv_pipe_hnd.c:50(fill_rpc_header) fill_rpc_header: data_to_copy = 80, len_needed_to_complete_hdr = 16, receive_len = 0 [2012/08/30 15:27:51.960876, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 16 [2012/08/30 15:27:51.961102, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 64 [2012/08/30 15:27:51.961221, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 64 [2012/08/30 15:27:51.961358, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 0 [2012/08/30 15:27:51.961475, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 64 [2012/08/30 15:27:51.961597, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 64, incoming data = 64 [2012/08/30 15:27:51.961717, 10] rpc_server/srv_pipe.c:1877(process_complete_pdu) PDU is in Little Endian format! [2012/08/30 15:27:51.961845, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_REQUEST (0) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0050 (80) auth_length : 0x0000 (0) call_id : 0x00000003 (3) u : union dcerpc_payload(case 0) request: struct dcerpc_request alloc_hint : 0x00000038 (56) context_id : 0x0000 (0) opnum : 0x001a (26) object : union dcerpc_object(case 0) empty: struct dcerpc_empty _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=56 [0000] 00 00 00 00 14 00 00 00 00 00 00 00 3F 50 B7 BE ........ ....?P.. [0010] EE 0B 00 00 0A 00 00 00 00 00 00 00 0A 00 00 00 ........ ........ [0020] 4F 00 53 00 56 00 65 00 72 00 73 00 69 00 6F 00 O.S.V.e. r.s.i.o. [0030] 6E 00 00 00 1C 01 00 00 n....... [2012/08/30 15:27:51.963566, 10] rpc_server/srv_pipe.c:1890(process_complete_pdu) Processing packet type 0 [2012/08/30 15:27:51.963765, 10] rpc_server/srv_pipe.c:1734(dcesrv_auth_request) Checking request auth. [2012/08/30 15:27:51.963887, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) Requested \PIPE\\spoolss [2012/08/30 15:27:51.964011, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) api_rpcTNP: \spoolss op 0x1a - api_rpcTNP: rpc command: SPOOLSS_GETPRINTERDATA [2012/08/30 15:27:51.964141, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) api_rpc_cmds[26].fn == 0x7fd50aed07e0 [2012/08/30 15:27:51.964502, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) spoolss_GetPrinterData: struct spoolss_GetPrinterData in: struct spoolss_GetPrinterData handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000014-0000-0000-3f50-b7beee0b0000 value_name : 'OSVersion' offered : 0x0000011c (284) [2012/08/30 15:27:51.965139, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 14 00 00 00 00 00 00 00 3F 50 B7 BE ........ ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:51.965361, 4] rpc_server/spoolss/srv_spoolss_nt.c:9191(_spoolss_GetPrinterDataEx) _spoolss_GetPrinterDataEx [2012/08/30 15:27:51.965507, 10] rpc_server/spoolss/srv_spoolss_nt.c:9194(_spoolss_GetPrinterDataEx) _spoolss_GetPrinterDataEx: key => [PrinterDriverData], value => [OSVersion] [2012/08/30 15:27:51.965626, 8] rpc_server/spoolss/srv_spoolss_nt.c:2305(getprinterdata_printer_server) getprinterdata_printer_server:OSVersion [2012/08/30 15:27:51.965836, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) spoolss_GetPrinterData: struct spoolss_GetPrinterData out: struct spoolss_GetPrinterData type : * type : REG_BINARY (3) data : * data: ARRAY(284) [0] : 0x14 (20) [1] : 0x01 (1) [2] : 0x00 (0) [3] : 0x00 (0) [4] : 0x05 (5) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) [8] : 0x00 (0) [9] : 0x00 (0) [10] : 0x00 (0) [11] : 0x00 (0) [12] : 0x93 (147) [13] : 0x08 (8) [14] : 0x00 (0) [15] : 0x00 (0) [16] : 0x02 (2) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) [20] : 0x00 (0) [21] : 0x00 (0) [22] : 0x00 (0) [23] : 0x00 (0) [24] : 0x00 (0) [25] : 0x00 (0) [26] : 0x00 (0) [27] : 0x00 (0) [28] : 0x00 (0) [29] : 0x00 (0) [30] : 0x00 (0) [31] : 0x00 (0) [32] : 0x00 (0) [33] : 0x00 (0) [34] : 0x00 (0) [35] : 0x00 (0) [36] : 0x00 (0) [37] : 0x00 (0) [38] : 0x00 (0) [39] : 0x00 (0) [40] : 0x00 (0) [41] : 0x00 (0) [42] : 0x00 (0) [43] : 0x00 (0) [44] : 0x00 (0) [45] : 0x00 (0) [46] : 0x00 (0) [47] : 0x00 (0) [48] : 0x00 (0) [49] : 0x00 (0) [50] : 0x00 (0) [51] : 0x00 (0) [52] : 0x00 (0) [53] : 0x00 (0) [54] : 0x00 (0) [55] : 0x00 (0) [56] : 0x00 (0) [57] : 0x00 (0) [58] : 0x00 (0) [59] : 0x00 (0) [60] : 0x00 (0) [61] : 0x00 (0) [62] : 0x00 (0) [63] : 0x00 (0) [64] : 0x00 (0) [65] : 0x00 (0) [66] : 0x00 (0) [67] : 0x00 (0) [68] : 0x00 (0) [69] : 0x00 (0) [70] : 0x00 (0) [71] : 0x00 (0) [72] : 0x00 (0) [73] : 0x00 (0) [74] : 0x00 (0) [75] : 0x00 (0) [76] : 0x00 (0) [77] : 0x00 (0) [78] : 0x00 (0) [79] : 0x00 (0) [80] : 0x00 (0) [81] : 0x00 (0) [82] : 0x00 (0) [83] : 0x00 (0) [84] : 0x00 (0) [85] : 0x00 (0) [86] : 0x00 (0) [87] : 0x00 (0) [88] : 0x00 (0) [89] : 0x00 (0) [90] : 0x00 (0) [91] : 0x00 (0) [92] : 0x00 (0) [93] : 0x00 (0) [94] : 0x00 (0) [95] : 0x00 (0) [96] : 0x00 (0) [97] : 0x00 (0) [98] : 0x00 (0) [99] : 0x00 (0) [100] : 0x00 (0) [101] : 0x00 (0) [102] : 0x00 (0) [103] : 0x00 (0) [104] : 0x00 (0) [105] : 0x00 (0) [106] : 0x00 (0) [107] : 0x00 (0) [108] : 0x00 (0) [109] : 0x00 (0) [110] : 0x00 (0) [111] : 0x00 (0) [112] : 0x00 (0) [113] : 0x00 (0) [114] : 0x00 (0) [115] : 0x00 (0) [116] : 0x00 (0) [117] : 0x00 (0) [118] : 0x00 (0) [119] : 0x00 (0) [120] : 0x00 (0) [121] : 0x00 (0) [122] : 0x00 (0) [123] : 0x00 (0) [124] : 0x00 (0) [125] : 0x00 (0) [126] : 0x00 (0) [127] : 0x00 (0) [128] : 0x00 (0) [129] : 0x00 (0) [130] : 0x00 (0) [131] : 0x00 (0) [132] : 0x00 (0) [133] : 0x00 (0) [134] : 0x00 (0) [135] : 0x00 (0) [136] : 0x00 (0) [137] : 0x00 (0) [138] : 0x00 (0) [139] : 0x00 (0) [140] : 0x00 (0) [141] : 0x00 (0) [142] : 0x00 (0) [143] : 0x00 (0) [144] : 0x00 (0) [145] : 0x00 (0) [146] : 0x00 (0) [147] : 0x00 (0) [148] : 0x00 (0) [149] : 0x00 (0) [150] : 0x00 (0) [151] : 0x00 (0) [152] : 0x00 (0) [153] : 0x00 (0) [154] : 0x00 (0) [155] : 0x00 (0) [156] : 0x00 (0) [157] : 0x00 (0) [158] : 0x00 (0) [159] : 0x00 (0) [160] : 0x00 (0) [161] : 0x00 (0) [162] : 0x00 (0) [163] : 0x00 (0) [164] : 0x00 (0) [165] : 0x00 (0) [166] : 0x00 (0) [167] : 0x00 (0) [168] : 0x00 (0) [169] : 0x00 (0) [170] : 0x00 (0) [171] : 0x00 (0) [172] : 0x00 (0) [173] : 0x00 (0) [174] : 0x00 (0) [175] : 0x00 (0) [176] : 0x00 (0) [177] : 0x00 (0) [178] : 0x00 (0) [179] : 0x00 (0) [180] : 0x00 (0) [181] : 0x00 (0) [182] : 0x00 (0) [183] : 0x00 (0) [184] : 0x00 (0) [185] : 0x00 (0) [186] : 0x00 (0) [187] : 0x00 (0) [188] : 0x00 (0) [189] : 0x00 (0) [190] : 0x00 (0) [191] : 0x00 (0) [192] : 0x00 (0) [193] : 0x00 (0) [194] : 0x00 (0) [195] : 0x00 (0) [196] : 0x00 (0) [197] : 0x00 (0) [198] : 0x00 (0) [199] : 0x00 (0) [200] : 0x00 (0) [201] : 0x00 (0) [202] : 0x00 (0) [203] : 0x00 (0) [204] : 0x00 (0) [205] : 0x00 (0) [206] : 0x00 (0) [207] : 0x00 (0) [208] : 0x00 (0) [209] : 0x00 (0) [210] : 0x00 (0) [211] : 0x00 (0) [212] : 0x00 (0) [213] : 0x00 (0) [214] : 0x00 (0) [215] : 0x00 (0) [216] : 0x00 (0) [217] : 0x00 (0) [218] : 0x00 (0) [219] : 0x00 (0) [220] : 0x00 (0) [221] : 0x00 (0) [222] : 0x00 (0) [223] : 0x00 (0) [224] : 0x00 (0) [225] : 0x00 (0) [226] : 0x00 (0) [227] : 0x00 (0) [228] : 0x00 (0) [229] : 0x00 (0) [230] : 0x00 (0) [231] : 0x00 (0) [232] : 0x00 (0) [233] : 0x00 (0) [234] : 0x00 (0) [235] : 0x00 (0) [236] : 0x00 (0) [237] : 0x00 (0) [238] : 0x00 (0) [239] : 0x00 (0) [240] : 0x00 (0) [241] : 0x00 (0) [242] : 0x00 (0) [243] : 0x00 (0) [244] : 0x00 (0) [245] : 0x00 (0) [246] : 0x00 (0) [247] : 0x00 (0) [248] : 0x00 (0) [249] : 0x00 (0) [250] : 0x00 (0) [251] : 0x00 (0) [252] : 0x00 (0) [253] : 0x00 (0) [254] : 0x00 (0) [255] : 0x00 (0) [256] : 0x00 (0) [257] : 0x00 (0) [258] : 0x00 (0) [259] : 0x00 (0) [260] : 0x00 (0) [261] : 0x00 (0) [262] : 0x00 (0) [263] : 0x00 (0) [264] : 0x00 (0) [265] : 0x00 (0) [266] : 0x00 (0) [267] : 0x00 (0) [268] : 0x00 (0) [269] : 0x00 (0) [270] : 0x00 (0) [271] : 0x00 (0) [272] : 0x00 (0) [273] : 0x00 (0) [274] : 0x00 (0) [275] : 0x00 (0) [276] : 0x00 (0) [277] : 0x00 (0) [278] : 0x00 (0) [279] : 0x00 (0) [280] : 0x00 (0) [281] : 0x00 (0) [282] : 0x00 (0) [283] : 0x00 (0) needed : * needed : 0x00000114 (276) result : WERR_OK [2012/08/30 15:27:51.985136, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP) api_rpcTNP: called \spoolss successfully [2012/08/30 15:27:51.985270, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 64 [2012/08/30 15:27:51.985404, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) name: \spoolss len: 1024 [2012/08/30 15:27:51.985525, 10] rpc_server/srv_pipe_hnd.c:346(read_from_internal_pipe) read_from_pipe: \spoolss: fault_state = 0 : data_sent_length = 0, p->out_data.rdata.length = 300. [2012/08/30 15:27:51.985650, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) &r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_RESPONSE (2) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0144 (324) auth_length : 0x0000 (0) call_id : 0x00000003 (3) u : union dcerpc_payload(case 2) response: struct dcerpc_response alloc_hint : 0x0000012c (300) context_id : 0x0000 (0) cancel_count : 0x00 (0) _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=300 [0000] 03 00 00 00 1C 01 00 00 14 01 00 00 05 00 00 00 ........ ........ [0010] 00 00 00 00 93 08 00 00 02 00 00 00 00 00 00 00 ........ ........ [0020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0040] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0120] 00 00 00 00 14 01 00 00 00 00 00 00 ........ .... [2012/08/30 15:27:51.988364, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) free_pipe_context: destroying talloc pool of size 2077 [2012/08/30 15:27:51.988668, 10] rpc_server/srv_pipe_hnd.c:788(np_read_recv) Received 324 bytes. There is no more data outstanding [2012/08/30 15:27:51.988788, 5] smbd/ipc.c:62(copy_trans_params_and_data) copy_trans_params_and_data: params[0..0] data[0..324] (align 0) [2012/08/30 15:27:51.988908, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:51.988994, 5] lib/util.c:342(show_msg) size=380 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=1 smb_pid=1080 smb_uid=100 smb_mid=5888 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 324 (0x144) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 324 (0x144) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=325 [2012/08/30 15:27:51.990373, 10] ../lib/util/util.c:415(dump_data) [0000] 00 05 00 02 03 10 00 00 00 44 01 00 00 03 00 00 ........ .D...... [0010] 00 2C 01 00 00 00 00 00 00 03 00 00 00 1C 01 00 .,...... ........ [0020] 00 14 01 00 00 05 00 00 00 00 00 00 00 93 08 00 ........ ........ [0030] 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0040] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 14 01 00 ........ ........ [0140] 00 00 00 00 00 ..... [2012/08/30 15:27:51.992594, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 128 [2012/08/30 15:27:51.992739, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x80 [2012/08/30 15:27:51.992861, 3] smbd/process.c:1662(process_smb) Transaction 14 of length 132 (0 toread) [2012/08/30 15:27:51.992979, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:51.993045, 5] lib/util.c:342(show_msg) size=128 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=1080 smb_uid=100 smb_mid=5952 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 44 (0x2C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 44 (0x2C) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=17754 (0x455A) smb_bcc=61 [2012/08/30 15:27:51.995912, 10] ../lib/util/util.c:415(dump_data) [0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [0010] 00 05 00 00 03 10 00 00 00 2C 00 00 00 04 00 00 ........ .,...... [0020] 00 14 00 00 00 00 00 1D 00 00 00 00 00 14 00 00 ........ ........ [0030] 00 00 00 00 00 3F 50 B7 BE EE 0B 00 00 .....?P. ..... [2012/08/30 15:27:51.996255, 3] smbd/process.c:1467(switch_message) switch message SMBtrans (pid 3054) conn 0x7fd50c02fa20 [2012/08/30 15:27:51.996394, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/08/30 15:27:51.996530, 3] smbd/ipc.c:560(handle_trans) trans <\PIPE\> data=44 params=0 setup=2 [2012/08/30 15:27:51.996651, 5] smbd/ipc.c:593(handle_trans) calling named_pipe [2012/08/30 15:27:51.996788, 3] smbd/ipc.c:511(named_pipe) named pipe command on <> name [2012/08/30 15:27:51.996907, 5] smbd/ipc.c:434(api_fd_reply) api_fd_reply [2012/08/30 15:27:51.997025, 3] smbd/ipc.c:475(api_fd_reply) Got API command 0x26 on pipe "spoolss" (pnum 455a) [2012/08/30 15:27:51.997144, 10] smbd/ipc.c:477(api_fd_reply) api_fd_reply: p:0x7fd50c02a9f0 max_trans_reply: 1024 [2012/08/30 15:27:51.997265, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 44 [2012/08/30 15:27:51.997385, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 44 [2012/08/30 15:27:51.997502, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 44 [2012/08/30 15:27:51.997631, 10] rpc_server/srv_pipe_hnd.c:50(fill_rpc_header) fill_rpc_header: data_to_copy = 44, len_needed_to_complete_hdr = 16, receive_len = 0 [2012/08/30 15:27:51.997757, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 16 [2012/08/30 15:27:51.997874, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 28 [2012/08/30 15:27:51.997991, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 28 [2012/08/30 15:27:51.998109, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 0 [2012/08/30 15:27:51.998245, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 28 [2012/08/30 15:27:51.998368, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 28, incoming data = 28 [2012/08/30 15:27:51.998486, 10] rpc_server/srv_pipe.c:1877(process_complete_pdu) PDU is in Little Endian format! [2012/08/30 15:27:51.998608, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_REQUEST (0) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x002c (44) auth_length : 0x0000 (0) call_id : 0x00000004 (4) u : union dcerpc_payload(case 0) request: struct dcerpc_request alloc_hint : 0x00000014 (20) context_id : 0x0000 (0) opnum : 0x001d (29) object : union dcerpc_object(case 0) empty: struct dcerpc_empty _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=20 [0000] 00 00 00 00 14 00 00 00 00 00 00 00 3F 50 B7 BE ........ ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.000161, 10] rpc_server/srv_pipe.c:1890(process_complete_pdu) Processing packet type 0 [2012/08/30 15:27:52.000296, 10] rpc_server/srv_pipe.c:1734(dcesrv_auth_request) Checking request auth. [2012/08/30 15:27:52.000576, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) Requested \PIPE\\spoolss [2012/08/30 15:27:52.000697, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) api_rpcTNP: \spoolss op 0x1d - api_rpcTNP: rpc command: SPOOLSS_CLOSEPRINTER [2012/08/30 15:27:52.000821, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) api_rpc_cmds[29].fn == 0x7fd50aed00b0 [2012/08/30 15:27:52.000966, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) spoolss_ClosePrinter: struct spoolss_ClosePrinter in: struct spoolss_ClosePrinter handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000014-0000-0000-3f50-b7beee0b0000 [2012/08/30 15:27:52.001453, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 14 00 00 00 00 00 00 00 3F 50 B7 BE ........ ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.001649, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 14 00 00 00 00 00 00 00 3F 50 B7 BE ........ ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.001860, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 14 00 00 00 00 00 00 00 3F 50 B7 BE ........ ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.002054, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/08/30 15:27:52.002173, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) spoolss_ClosePrinter: struct spoolss_ClosePrinter out: struct spoolss_ClosePrinter handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2012/08/30 15:27:52.002661, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP) api_rpcTNP: called \spoolss successfully [2012/08/30 15:27:52.002783, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 28 [2012/08/30 15:27:52.002911, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) name: \spoolss len: 1024 [2012/08/30 15:27:52.003030, 10] rpc_server/srv_pipe_hnd.c:346(read_from_internal_pipe) read_from_pipe: \spoolss: fault_state = 0 : data_sent_length = 0, p->out_data.rdata.length = 24. [2012/08/30 15:27:52.003154, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) &r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_RESPONSE (2) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0030 (48) auth_length : 0x0000 (0) call_id : 0x00000004 (4) u : union dcerpc_payload(case 2) response: struct dcerpc_response alloc_hint : 0x00000018 (24) context_id : 0x0000 (0) cancel_count : 0x00 (0) _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=24 [0000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0010] 00 00 00 00 00 00 00 00 ........ [2012/08/30 15:27:52.004601, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) free_pipe_context: destroying talloc pool of size 29 [2012/08/30 15:27:52.004730, 10] rpc_server/srv_pipe_hnd.c:788(np_read_recv) Received 48 bytes. There is no more data outstanding [2012/08/30 15:27:52.004881, 5] smbd/ipc.c:62(copy_trans_params_and_data) copy_trans_params_and_data: params[0..0] data[0..48] (align 0) [2012/08/30 15:27:52.005000, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:52.005061, 5] lib/util.c:342(show_msg) size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=1 smb_pid=1080 smb_uid=100 smb_mid=5952 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [2012/08/30 15:27:52.006411, 10] ../lib/util/util.c:415(dump_data) [0000] 00 05 00 02 03 10 00 00 00 30 00 00 00 04 00 00 ........ .0...... [0010] 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0030] 00 . [2012/08/30 15:27:52.007396, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 41 [2012/08/30 15:27:52.007555, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x29 [2012/08/30 15:27:52.007687, 3] smbd/process.c:1662(process_smb) Transaction 15 of length 45 (0 toread) [2012/08/30 15:27:52.007804, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:52.007866, 5] lib/util.c:342(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=100 smb_mid=6016 smt_wct=3 smb_vwv[ 0]=17754 (0x455A) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2012/08/30 15:27:52.008835, 10] ../lib/util/util.c:415(dump_data) [2012/08/30 15:27:52.008899, 3] smbd/process.c:1467(switch_message) switch message SMBclose (pid 3054) conn 0x7fd50c02fa20 [2012/08/30 15:27:52.009018, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/08/30 15:27:52.009155, 3] smbd/reply.c:4848(reply_close) close fd=-1 fnum=17754 (numopen=2) [2012/08/30 15:27:52.009324, 6] smbd/close.c:532(set_close_write_time) close_write_time: Sun Feb 7 01:28:15 2106 [2012/08/30 15:27:52.009649, 5] smbd/files.c:482(file_free) freed files structure 17754 (1 used) [2012/08/30 15:27:52.009793, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:52.009855, 5] lib/util.c:342(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=1 smb_pid=65279 smb_uid=100 smb_mid=6016 smt_wct=0 smb_bcc=0 [2012/08/30 15:27:52.010657, 10] ../lib/util/util.c:415(dump_data) [2012/08/30 15:27:52.011282, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 128 [2012/08/30 15:27:52.011418, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x80 [2012/08/30 15:27:52.011555, 3] smbd/process.c:1662(process_smb) Transaction 16 of length 132 (0 toread) [2012/08/30 15:27:52.011685, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:52.011747, 5] lib/util.c:342(show_msg) size=128 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=1080 smb_uid=100 smb_mid=6080 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 44 (0x2C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 44 (0x2C) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=17753 (0x4559) smb_bcc=61 [2012/08/30 15:27:52.013784, 10] ../lib/util/util.c:415(dump_data) [0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [0010] 00 05 00 00 03 10 00 00 00 2C 00 00 00 03 00 00 ........ .,...... [0020] 00 14 00 00 00 00 00 1D 00 00 00 00 00 11 00 00 ........ ........ [0030] 00 00 00 00 00 3F 50 B7 BE EE 0B 00 00 .....?P. ..... [2012/08/30 15:27:52.014175, 3] smbd/process.c:1467(switch_message) switch message SMBtrans (pid 3054) conn 0x7fd50c02fa20 [2012/08/30 15:27:52.014295, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/08/30 15:27:52.014420, 3] smbd/ipc.c:560(handle_trans) trans <\PIPE\> data=44 params=0 setup=2 [2012/08/30 15:27:52.014558, 5] smbd/ipc.c:593(handle_trans) calling named_pipe [2012/08/30 15:27:52.014676, 3] smbd/ipc.c:511(named_pipe) named pipe command on <> name [2012/08/30 15:27:52.014794, 5] smbd/ipc.c:434(api_fd_reply) api_fd_reply [2012/08/30 15:27:52.014912, 3] smbd/ipc.c:475(api_fd_reply) Got API command 0x26 on pipe "spoolss" (pnum 4559) [2012/08/30 15:27:52.015048, 10] smbd/ipc.c:477(api_fd_reply) api_fd_reply: p:0x7fd50c02ba70 max_trans_reply: 1024 [2012/08/30 15:27:52.015166, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 44 [2012/08/30 15:27:52.015285, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 44 [2012/08/30 15:27:52.015402, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 44 [2012/08/30 15:27:52.015590, 10] rpc_server/srv_pipe_hnd.c:50(fill_rpc_header) fill_rpc_header: data_to_copy = 44, len_needed_to_complete_hdr = 16, receive_len = 0 [2012/08/30 15:27:52.015708, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 16 [2012/08/30 15:27:52.015825, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 28 [2012/08/30 15:27:52.015942, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 28 [2012/08/30 15:27:52.016078, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 0 [2012/08/30 15:27:52.016195, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 28 [2012/08/30 15:27:52.016350, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 28, incoming data = 28 [2012/08/30 15:27:52.016473, 10] rpc_server/srv_pipe.c:1877(process_complete_pdu) PDU is in Little Endian format! [2012/08/30 15:27:52.016596, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_REQUEST (0) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x002c (44) auth_length : 0x0000 (0) call_id : 0x00000003 (3) u : union dcerpc_payload(case 0) request: struct dcerpc_request alloc_hint : 0x00000014 (20) context_id : 0x0000 (0) opnum : 0x001d (29) object : union dcerpc_object(case 0) empty: struct dcerpc_empty _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=20 [0000] 00 00 00 00 11 00 00 00 00 00 00 00 3F 50 B7 BE ........ ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.018099, 10] rpc_server/srv_pipe.c:1890(process_complete_pdu) Processing packet type 0 [2012/08/30 15:27:52.018216, 10] rpc_server/srv_pipe.c:1734(dcesrv_auth_request) Checking request auth. [2012/08/30 15:27:52.018351, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) Requested \PIPE\\spoolss [2012/08/30 15:27:52.018488, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) api_rpcTNP: \spoolss op 0x1d - api_rpcTNP: rpc command: SPOOLSS_CLOSEPRINTER [2012/08/30 15:27:52.018608, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) api_rpc_cmds[29].fn == 0x7fd50aed00b0 [2012/08/30 15:27:52.018727, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) spoolss_ClosePrinter: struct spoolss_ClosePrinter in: struct spoolss_ClosePrinter handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000011-0000-0000-3f50-b7beee0b0000 [2012/08/30 15:27:52.019155, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 11 00 00 00 00 00 00 00 3F 50 B7 BE ........ ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.019350, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 11 00 00 00 00 00 00 00 3F 50 B7 BE ........ ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.019608, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 11 00 00 00 00 00 00 00 3F 50 B7 BE ........ ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.019819, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/08/30 15:27:52.019953, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) spoolss_ClosePrinter: struct spoolss_ClosePrinter out: struct spoolss_ClosePrinter handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2012/08/30 15:27:52.020471, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP) api_rpcTNP: called \spoolss successfully [2012/08/30 15:27:52.020598, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 28 [2012/08/30 15:27:52.020726, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) name: \spoolss len: 1024 [2012/08/30 15:27:52.020856, 10] rpc_server/srv_pipe_hnd.c:346(read_from_internal_pipe) read_from_pipe: \spoolss: fault_state = 0 : data_sent_length = 0, p->out_data.rdata.length = 24. [2012/08/30 15:27:52.020986, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) &r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_RESPONSE (2) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0030 (48) auth_length : 0x0000 (0) call_id : 0x00000003 (3) u : union dcerpc_payload(case 2) response: struct dcerpc_response alloc_hint : 0x00000018 (24) context_id : 0x0000 (0) cancel_count : 0x00 (0) _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=24 [0000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0010] 00 00 00 00 00 00 00 00 ........ [2012/08/30 15:27:52.022370, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) free_pipe_context: destroying talloc pool of size 29 [2012/08/30 15:27:52.022511, 10] rpc_server/srv_pipe_hnd.c:788(np_read_recv) Received 48 bytes. There is no more data outstanding [2012/08/30 15:27:52.022630, 5] smbd/ipc.c:62(copy_trans_params_and_data) copy_trans_params_and_data: params[0..0] data[0..48] (align 0) [2012/08/30 15:27:52.022749, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:52.022812, 5] lib/util.c:342(show_msg) size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=1 smb_pid=1080 smb_uid=100 smb_mid=6080 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [2012/08/30 15:27:52.024351, 10] ../lib/util/util.c:415(dump_data) [0000] 00 05 00 02 03 10 00 00 00 30 00 00 00 03 00 00 ........ .0...... [0010] 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0030] 00 . [2012/08/30 15:27:52.025343, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 41 [2012/08/30 15:27:52.025481, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x29 [2012/08/30 15:27:52.025600, 3] smbd/process.c:1662(process_smb) Transaction 17 of length 45 (0 toread) [2012/08/30 15:27:52.025718, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:52.025780, 5] lib/util.c:342(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=100 smb_mid=6144 smt_wct=3 smb_vwv[ 0]=17753 (0x4559) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2012/08/30 15:27:52.026742, 10] ../lib/util/util.c:415(dump_data) [2012/08/30 15:27:52.026806, 3] smbd/process.c:1467(switch_message) switch message SMBclose (pid 3054) conn 0x7fd50c02fa20 [2012/08/30 15:27:52.026928, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/08/30 15:27:52.027047, 3] smbd/reply.c:4848(reply_close) close fd=-1 fnum=17753 (numopen=1) [2012/08/30 15:27:52.027166, 6] smbd/close.c:532(set_close_write_time) close_write_time: Sun Feb 7 01:28:15 2106 [2012/08/30 15:27:52.027300, 10] rpc_server/rpc_handles.c:307(close_policy_by_pipe) close_policy_by_pipe: deleted handle list for pipe \spoolss [2012/08/30 15:27:52.027443, 5] smbd/files.c:482(file_free) freed files structure 17753 (0 used) [2012/08/30 15:27:52.027615, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:52.027678, 5] lib/util.c:342(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=1 smb_pid=65279 smb_uid=100 smb_mid=6144 smt_wct=0 smb_bcc=0 [2012/08/30 15:27:52.028841, 10] ../lib/util/util.c:415(dump_data) [2012/08/30 15:27:52.030334, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 102 [2012/08/30 15:27:52.030490, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x66 [2012/08/30 15:27:52.030610, 3] smbd/process.c:1662(process_smb) Transaction 18 of length 106 (0 toread) [2012/08/30 15:27:52.030728, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:52.030802, 5] lib/util.c:342(show_msg) size=102 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=1080 smb_uid=100 smb_mid=6208 smt_wct=24 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 4096 (0x1000) smb_vwv[ 3]= 4096 (0x1000) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]=40704 (0x9F00) smb_vwv[ 8]= 4609 (0x1201) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 1792 (0x700) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 256 (0x100) smb_vwv[18]= 0 (0x0) smb_vwv[19]=16384 (0x4000) smb_vwv[20]=16384 (0x4000) smb_vwv[21]= 512 (0x200) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 768 (0x300) smb_bcc=19 [2012/08/30 15:27:52.033005, 10] ../lib/util/util.c:415(dump_data) [0000] 00 5C 00 73 00 70 00 6F 00 6F 00 6C 00 73 00 73 .\.s.p.o .o.l.s.s [0010] 00 00 00 ... [2012/08/30 15:27:52.033202, 3] smbd/process.c:1467(switch_message) switch message SMBntcreateX (pid 3054) conn 0x7fd50c02fa20 [2012/08/30 15:27:52.033445, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/08/30 15:27:52.033612, 10] smbd/nttrans.c:500(reply_ntcreate_and_X) reply_ntcreate_and_X: flags = 0x10, access_mask = 0x12019f file_attributes = 0x0, share_access = 0x7, create_disposition = 0x1 create_options = 0x400040 root_dir_fid = 0x0, fname = spoolss [2012/08/30 15:27:52.033739, 4] smbd/nttrans.c:288(nt_open_pipe) nt_open_pipe: Opening pipe \spoolss. [2012/08/30 15:27:52.033861, 5] smbd/files.c:140(file_new) allocated file structure 13659, fnum = 17755 (1 used) [2012/08/30 15:27:52.033984, 10] smbd/files.c:705(file_name_hash) file_name_hash: /tmp/spoolss hash 0x7d4e46e5 [2012/08/30 15:27:52.034107, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) Create pipe requested \spoolss [2012/08/30 15:27:52.034248, 10] rpc_server/rpc_handles.c:116(init_pipe_handles) init_pipe_handle_list: created handle list for pipe \spoolss [2012/08/30 15:27:52.034367, 10] rpc_server/rpc_handles.c:133(init_pipe_handles) init_pipe_handle_list: pipe_handles ref count = 1 for pipe \spoolss [2012/08/30 15:27:52.034493, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) Created internal pipe \spoolss (pipes_open=0) [2012/08/30 15:27:52.034616, 5] smbd/nttrans.c:377(do_ntcreate_pipe_open) do_ntcreate_pipe_open: open pipe = \spoolss [2012/08/30 15:27:52.035366, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 72 [2012/08/30 15:27:52.035554, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x48 [2012/08/30 15:27:52.035701, 3] smbd/process.c:1662(process_smb) Transaction 19 of length 76 (0 toread) [2012/08/30 15:27:52.035819, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:52.035880, 5] lib/util.c:342(show_msg) size=72 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=1080 smb_uid=100 smb_mid=6272 smt_wct=15 smb_vwv[ 0]= 4 (0x4) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 2 (0x2) smb_vwv[ 3]= 24 (0x18) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 4 (0x4) smb_vwv[10]= 68 (0x44) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 1 (0x1) smb_vwv[14]= 7 (0x7) smb_bcc=7 [2012/08/30 15:27:52.037804, 10] ../lib/util/util.c:415(dump_data) [0000] 00 00 00 5B 45 ED 03 ...[E.. [2012/08/30 15:27:52.037935, 3] smbd/process.c:1467(switch_message) switch message SMBtrans2 (pid 3054) conn 0x7fd50c02fa20 [2012/08/30 15:27:52.038055, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/08/30 15:27:52.038197, 9] smbd/trans2.c:935(send_trans2_replies) t2_rep: params_sent_thistime = 2, data_sent_thistime = 24, useable_space = 131010 [2012/08/30 15:27:52.038317, 9] smbd/trans2.c:937(send_trans2_replies) t2_rep: params_to_send = 2, data_to_send = 24, paramsize = 2, datasize = 24 [2012/08/30 15:27:52.038436, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:52.038507, 5] lib/util.c:342(show_msg) size=84 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=1 smb_pid=1080 smb_uid=100 smb_mid=6272 smt_wct=10 smb_vwv[ 0]= 2 (0x2) smb_vwv[ 1]= 24 (0x18) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 2 (0x2) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 24 (0x18) smb_vwv[ 7]= 60 (0x3C) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=29 [2012/08/30 15:27:52.040716, 10] ../lib/util/util.c:415(dump_data) [0000] 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 ........ ........ [0010] 00 00 00 00 00 01 00 00 00 01 00 00 00 ........ ..... [2012/08/30 15:27:52.041664, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 224 [2012/08/30 15:27:52.041801, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0xe0 [2012/08/30 15:27:52.041941, 3] smbd/process.c:1662(process_smb) Transaction 20 of length 228 (0 toread) [2012/08/30 15:27:52.042059, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:52.042121, 5] lib/util.c:342(show_msg) size=224 smb_com=0x2f smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=100 smb_mid=6336 smt_wct=14 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]=17755 (0x455B) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]=65535 (0xFFFF) smb_vwv[ 6]=65535 (0xFFFF) smb_vwv[ 7]= 8 (0x8) smb_vwv[ 8]= 160 (0xA0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 160 (0xA0) smb_vwv[11]= 64 (0x40) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_bcc=161 [2012/08/30 15:27:52.044326, 10] ../lib/util/util.c:415(dump_data) [0000] EE 05 00 0B 03 10 00 00 00 A0 00 00 00 02 00 00 ........ ........ [0010] 00 B8 10 B8 10 00 00 00 00 03 00 00 00 00 00 01 ........ ........ [0020] 00 78 56 34 12 34 12 CD AB EF 00 01 23 45 67 89 .xV4.4.. ....#Eg. [0030] AB 01 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 ......]. ........ [0040] 00 2B 10 48 60 02 00 00 00 01 00 01 00 78 56 34 .+.H`... .....xV4 [0050] 12 34 12 CD AB EF 00 01 23 45 67 89 AB 01 00 00 .4...... #Eg..... [0060] 00 33 05 71 71 BA BE 37 49 83 19 B5 DB EF 9C CC .3.qq..7 I....... [0070] 36 01 00 00 00 02 00 01 00 78 56 34 12 34 12 CD 6....... .xV4.4.. [0080] AB EF 00 01 23 45 67 89 AB 01 00 00 00 2C 1C B7 ....#Eg. .....,.. [0090] 6C 12 98 40 45 03 00 00 00 00 00 00 00 01 00 00 l..@E... ........ [00A0] 00 . [2012/08/30 15:27:52.045180, 3] smbd/process.c:1467(switch_message) switch message SMBwriteX (pid 3054) conn 0x7fd50c02fa20 [2012/08/30 15:27:52.045302, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/08/30 15:27:52.045422, 6] smbd/pipes.c:300(reply_pipe_write_and_X) reply_pipe_write_and_X: 455b name: spoolss len: 160 [2012/08/30 15:27:52.045542, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 160 [2012/08/30 15:27:52.045662, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 160 [2012/08/30 15:27:52.045783, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 160 [2012/08/30 15:27:52.045902, 10] rpc_server/srv_pipe_hnd.c:50(fill_rpc_header) fill_rpc_header: data_to_copy = 160, len_needed_to_complete_hdr = 16, receive_len = 0 [2012/08/30 15:27:52.046021, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 16 [2012/08/30 15:27:52.046138, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 144 [2012/08/30 15:27:52.046258, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 144 [2012/08/30 15:27:52.046376, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 0 [2012/08/30 15:27:52.046505, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 144 [2012/08/30 15:27:52.046621, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 144, incoming data = 144 [2012/08/30 15:27:52.046757, 10] rpc_server/srv_pipe.c:1877(process_complete_pdu) PDU is in Little Endian format! [2012/08/30 15:27:52.046882, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_BIND (11) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x00a0 (160) auth_length : 0x0000 (0) call_id : 0x00000002 (2) u : union dcerpc_payload(case 11) bind: struct dcerpc_bind max_xmit_frag : 0x10b8 (4280) max_recv_frag : 0x10b8 (4280) assoc_group_id : 0x00000000 (0) num_contexts : 0x03 (3) ctx_list: ARRAY(3) ctx_list: struct dcerpc_ctx_list context_id : 0x0000 (0) num_transfer_syntaxes : 0x01 (1) abstract_syntax: struct ndr_syntax_id uuid : 12345678-1234-abcd-ef00-0123456789ab if_version : 0x00000001 (1) transfer_syntaxes: ARRAY(1) transfer_syntaxes: struct ndr_syntax_id uuid : 8a885d04-1ceb-11c9-9fe8-08002b104860 if_version : 0x00000002 (2) ctx_list: struct dcerpc_ctx_list context_id : 0x0001 (1) num_transfer_syntaxes : 0x01 (1) abstract_syntax: struct ndr_syntax_id uuid : 12345678-1234-abcd-ef00-0123456789ab if_version : 0x00000001 (1) transfer_syntaxes: ARRAY(1) transfer_syntaxes: struct ndr_syntax_id uuid : 71710533-beba-4937-8319-b5dbef9ccc36 if_version : 0x00000001 (1) ctx_list: struct dcerpc_ctx_list context_id : 0x0002 (2) num_transfer_syntaxes : 0x01 (1) abstract_syntax: struct ndr_syntax_id uuid : 12345678-1234-abcd-ef00-0123456789ab if_version : 0x00000001 (1) transfer_syntaxes: ARRAY(1) transfer_syntaxes: struct ndr_syntax_id uuid : 6cb71c2c-9812-4540-0300-000000000000 if_version : 0x00000001 (1) auth_info : DATA_BLOB length=0 [2012/08/30 15:27:52.050193, 10] rpc_server/srv_pipe.c:1890(process_complete_pdu) Processing packet type 11 [2012/08/30 15:27:52.050317, 3] rpc_server/srv_pipe.c:889(api_pipe_bind_req) api_pipe_bind_req: \PIPE\spoolss -> \PIPE\spoolss [2012/08/30 15:27:52.050436, 5] rpc_server/srv_pipe.c:923(api_pipe_bind_req) api_pipe_bind_req: make response. 923 [2012/08/30 15:27:52.050553, 3] rpc_server/srv_pipe.c:339(check_bind_req) check_bind_req for \spoolss [2012/08/30 15:27:52.050673, 3] rpc_server/srv_pipe.c:346(check_bind_req) check_bind_req: \PIPE\spoolss -> \PIPE\spoolss [2012/08/30 15:27:52.050809, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) &r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_BIND_ACK (12) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0044 (68) auth_length : 0x0000 (0) call_id : 0x00000002 (2) u : union dcerpc_payload(case 12) bind_ack: struct dcerpc_bind_ack max_xmit_frag : 0x10b8 (4280) max_recv_frag : 0x10b8 (4280) assoc_group_id : 0x000053f0 (21488) secondary_address_size : 0x000e (14) secondary_address : '\PIPE\spoolss' _pad1 : DATA_BLOB length=0 num_results : 0x01 (1) ctx_list: ARRAY(1) ctx_list: struct dcerpc_ack_ctx result : 0x0000 (0) reason : 0x0000 (0) syntax: struct ndr_syntax_id uuid : 8a885d04-1ceb-11c9-9fe8-08002b104860 if_version : 0x00000002 (2) auth_info : DATA_BLOB length=0 [2012/08/30 15:27:52.052751, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 144 [2012/08/30 15:27:52.052880, 3] smbd/pipes.c:361(pipe_write_andx_done) writeX-IPC nwritten=160 [2012/08/30 15:27:52.053656, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 59 [2012/08/30 15:27:52.053812, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x3b [2012/08/30 15:27:52.053931, 3] smbd/process.c:1662(process_smb) Transaction 21 of length 63 (0 toread) [2012/08/30 15:27:52.054048, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:52.054110, 5] lib/util.c:342(show_msg) size=59 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=100 smb_mid=6400 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]=17755 (0x455B) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 1024 (0x400) smb_vwv[ 6]= 1024 (0x400) smb_vwv[ 7]=65535 (0xFFFF) smb_vwv[ 8]=65535 (0xFFFF) smb_vwv[ 9]= 1024 (0x400) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=0 [2012/08/30 15:27:52.055725, 10] ../lib/util/util.c:415(dump_data) [2012/08/30 15:27:52.055800, 3] smbd/process.c:1467(switch_message) switch message SMBreadX (pid 3054) conn 0x7fd50c02fa20 [2012/08/30 15:27:52.055926, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/08/30 15:27:52.056048, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) name: \spoolss len: 1024 [2012/08/30 15:27:52.056185, 10] rpc_server/srv_pipe_hnd.c:325(read_from_internal_pipe) read_from_pipe: \spoolss: current_pdu_len = 68, current_pdu_sent = 0 returning 68 bytes. [2012/08/30 15:27:52.056305, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) free_pipe_context: destroying talloc pool of size 29 [2012/08/30 15:27:52.056430, 10] rpc_server/srv_pipe_hnd.c:788(np_read_recv) Received 68 bytes. There is no more data outstanding [2012/08/30 15:27:52.056574, 3] smbd/pipes.c:485(pipe_read_andx_done) readX-IPC min=1024 max=1024 nread=68 [2012/08/30 15:27:52.057122, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 292 [2012/08/30 15:27:52.057254, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x124 [2012/08/30 15:27:52.057373, 3] smbd/process.c:1662(process_smb) Transaction 22 of length 296 (0 toread) [2012/08/30 15:27:52.057499, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:52.057564, 5] lib/util.c:342(show_msg) size=292 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=1080 smb_uid=100 smb_mid=6464 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 208 (0xD0) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 208 (0xD0) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=17755 (0x455B) smb_bcc=225 [2012/08/30 15:27:52.059289, 10] ../lib/util/util.c:415(dump_data) [0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [0010] 00 05 00 00 03 10 00 00 00 D0 00 00 00 02 00 00 ........ ........ [0020] 00 B8 00 00 00 00 00 45 00 00 00 02 00 11 00 00 .......E ........ [0030] 00 00 00 00 00 11 00 00 00 5C 00 5C 00 6F 00 72 ........ .\.\.o.r [0040] 00 61 00 6E 00 67 00 65 00 5C 00 48 00 50 00 5F .a.n.g.e .\.H.P._ [0050] 00 34 00 35 00 31 00 35 00 00 00 00 00 00 00 00 .4.5.1.5 ........ [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 ........ ........ [0070] 00 01 00 00 00 04 00 02 00 28 00 00 00 08 00 02 ........ .(...... [0080] 00 0C 00 02 00 B1 1D 00 00 03 00 00 00 00 00 00 ........ ........ [0090] 00 09 00 00 00 07 00 00 00 00 00 00 00 07 00 00 ........ ........ [00A0] 00 50 00 41 00 4E 00 41 00 4D 00 41 00 00 00 00 .P.A.N.A .M.A.... [00B0] 00 12 00 00 00 00 00 00 00 12 00 00 00 41 00 43 ........ .....A.C [00C0] 00 52 00 5C 00 61 00 64 00 6D 00 69 00 6E 00 69 .R.\.a.d .m.i.n.i [00D0] 00 73 00 74 00 72 00 61 00 74 00 6F 00 72 00 00 .s.t.r.a .t.o.r.. [00E0] 00 . [2012/08/30 15:27:52.060395, 3] smbd/process.c:1467(switch_message) switch message SMBtrans (pid 3054) conn 0x7fd50c02fa20 [2012/08/30 15:27:52.060666, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/08/30 15:27:52.060791, 3] smbd/ipc.c:560(handle_trans) trans <\PIPE\> data=208 params=0 setup=2 [2012/08/30 15:27:52.060934, 5] smbd/ipc.c:593(handle_trans) calling named_pipe [2012/08/30 15:27:52.061052, 3] smbd/ipc.c:511(named_pipe) named pipe command on <> name [2012/08/30 15:27:52.061188, 5] smbd/ipc.c:434(api_fd_reply) api_fd_reply [2012/08/30 15:27:52.061306, 3] smbd/ipc.c:475(api_fd_reply) Got API command 0x26 on pipe "spoolss" (pnum 455b) [2012/08/30 15:27:52.061425, 10] smbd/ipc.c:477(api_fd_reply) api_fd_reply: p:0x7fd50c02ba70 max_trans_reply: 1024 [2012/08/30 15:27:52.061544, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 208 [2012/08/30 15:27:52.061681, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 208 [2012/08/30 15:27:52.061798, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 208 [2012/08/30 15:27:52.061916, 10] rpc_server/srv_pipe_hnd.c:50(fill_rpc_header) fill_rpc_header: data_to_copy = 208, len_needed_to_complete_hdr = 16, receive_len = 0 [2012/08/30 15:27:52.062035, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 16 [2012/08/30 15:27:52.062169, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 192 [2012/08/30 15:27:52.062286, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 192 [2012/08/30 15:27:52.062405, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 0 [2012/08/30 15:27:52.062522, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 192 [2012/08/30 15:27:52.062642, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 192, incoming data = 192 [2012/08/30 15:27:52.062768, 10] rpc_server/srv_pipe.c:1877(process_complete_pdu) PDU is in Little Endian format! [2012/08/30 15:27:52.062890, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_REQUEST (0) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x00d0 (208) auth_length : 0x0000 (0) call_id : 0x00000002 (2) u : union dcerpc_payload(case 0) request: struct dcerpc_request alloc_hint : 0x000000b8 (184) context_id : 0x0000 (0) opnum : 0x0045 (69) object : union dcerpc_object(case 0) empty: struct dcerpc_empty _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=184 [0000] 00 00 02 00 11 00 00 00 00 00 00 00 11 00 00 00 ........ ........ [0010] 5C 00 5C 00 6F 00 72 00 61 00 6E 00 67 00 65 00 \.\.o.r. a.n.g.e. [0020] 5C 00 48 00 50 00 5F 00 34 00 35 00 31 00 35 00 \.H.P._. 4.5.1.5. [0030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0040] 00 00 00 00 01 00 00 00 01 00 00 00 04 00 02 00 ........ ........ [0050] 28 00 00 00 08 00 02 00 0C 00 02 00 B1 1D 00 00 (....... ........ [0060] 03 00 00 00 00 00 00 00 09 00 00 00 07 00 00 00 ........ ........ [0070] 00 00 00 00 07 00 00 00 50 00 41 00 4E 00 41 00 ........ P.A.N.A. [0080] 4D 00 41 00 00 00 00 00 12 00 00 00 00 00 00 00 M.A..... ........ [0090] 12 00 00 00 41 00 43 00 52 00 5C 00 61 00 64 00 ....A.C. R.\.a.d. [00A0] 6D 00 69 00 6E 00 69 00 73 00 74 00 72 00 61 00 m.i.n.i. s.t.r.a. [00B0] 74 00 6F 00 72 00 00 00 t.o.r... [2012/08/30 15:27:52.065183, 10] rpc_server/srv_pipe.c:1890(process_complete_pdu) Processing packet type 0 [2012/08/30 15:27:52.065301, 10] rpc_server/srv_pipe.c:1734(dcesrv_auth_request) Checking request auth. [2012/08/30 15:27:52.065422, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) Requested \PIPE\\spoolss [2012/08/30 15:27:52.065545, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) api_rpcTNP: \spoolss op 0x45 - api_rpcTNP: rpc command: SPOOLSS_OPENPRINTEREX [2012/08/30 15:27:52.065665, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) api_rpc_cmds[69].fn == 0x7fd50aec9b10 [2012/08/30 15:27:52.065787, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) spoolss_OpenPrinterEx: struct spoolss_OpenPrinterEx in: struct spoolss_OpenPrinterEx printername : * printername : '\\orange\HP_4515' datatype : NULL devmode_ctr: struct spoolss_DevmodeContainer _ndr_size : 0x00000000 (0) devmode : NULL access_mask : 0x00000000 (0) 0: SERVER_ACCESS_ADMINISTER 0: SERVER_ACCESS_ENUMERATE 0: PRINTER_ACCESS_ADMINISTER 0: PRINTER_ACCESS_USE 0: JOB_ACCESS_ADMINISTER 0: JOB_ACCESS_READ level : 0x00000001 (1) userlevel : union spoolss_UserLevel(case 1) level1 : * level1: struct spoolss_UserLevel1 size : 0x00000028 (40) client : * client : 'PANAMA' user : * user : 'ACR\administrator' build : 0x00001db1 (7601) major : UNKNOWN_ENUM_VALUE (3) minor : SPOOLSS_MINOR_VERSION_0 (0) processor : PROCESSOR_ARCHITECTURE_AMD64 (9) checking name: \\orange\HP_4515 [2012/08/30 15:27:52.067612, 10] rpc_server/spoolss/srv_spoolss_nt.c:752(open_printer_hnd) open_printer_hnd: name [\\orange\HP_4515] [2012/08/30 15:27:52.067736, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[1] [0000] 00 00 00 00 15 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.067949, 3] rpc_server/spoolss/srv_spoolss_nt.c:521(set_printer_hnd_printertype) Setting printer type=\\orange\HP_4515 Printer is a printer [2012/08/30 15:27:52.068122, 4] rpc_server/spoolss/srv_spoolss_nt.c:581(set_printer_hnd_name) Setting printer name=\\orange\HP_4515 (len=16) searching for [HP_4515] [2012/08/30 15:27:52.068320, 10] lib/gencache.c:183(gencache_set_data_blob) Adding cache entry with key = PRINTERNAME/HP_4515 and timeout = Thu Aug 30 15:32:52 2012 (300 seconds ahead) set_printer_hnd_name: Printer found: HP_4515 -> HP_4515 [2012/08/30 15:27:52.068598, 5] rpc_server/spoolss/srv_spoolss_nt.c:788(open_printer_hnd) 1 printer handles active [2012/08/30 15:27:52.068752, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 15 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.068964, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 15 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.069158, 4] rpc_server/spoolss/srv_spoolss_nt.c:504(get_printer_snum) short name:HP_4515 [2012/08/30 15:27:52.069282, 3] lib/access.c:338(allow_access) Allowed connection from 192.168.30.50 (192.168.30.50) [2012/08/30 15:27:52.072869, 3] ../libcli/security/dom_sid.c:208(dom_sid_parse_endp) string_to_sid: SID root is not in a valid format [2012/08/30 15:27:52.073040, 10] passdb/lookup_sid.c:76(lookup_name) lookup_name: ACR\root => domain=[ACR], name=[root] [2012/08/30 15:27:52.073160, 10] passdb/lookup_sid.c:77(lookup_name) lookup_name: flags = 0x073 [2012/08/30 15:27:52.073297, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(10000, 513) : sec_ctx_stack_ndx = 1 [2012/08/30 15:27:52.073420, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(100) : conn_ctx_stack_ndx = 0 [2012/08/30 15:27:52.073538, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2012/08/30 15:27:52.073658, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2012/08/30 15:27:52.073778, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2012/08/30 15:27:52.073979, 5] lib/smbldap.c:1439(smbldap_search_ext) smbldap_search_ext: base => [dc=acr,dc=lab], filter => [(&(uid=root)(objectclass=sambaSamAccount))], scope => [2] [2012/08/30 15:27:52.075196, 4] passdb/pdb_ldap.c:1581(ldapsam_getsampwnam) ldapsam_getsampwnam: Unable to locate user [root] count=0 [2012/08/30 15:27:52.075379, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (10000, 513) - sec_ctx_stack_ndx = 0 [2012/08/30 15:27:52.075567, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(10000, 513) : sec_ctx_stack_ndx = 1 [2012/08/30 15:27:52.075703, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(100) : conn_ctx_stack_ndx = 0 [2012/08/30 15:27:52.075821, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2012/08/30 15:27:52.075954, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2012/08/30 15:27:52.076073, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2012/08/30 15:27:52.076266, 5] lib/smbldap.c:1439(smbldap_search_ext) smbldap_search_ext: base => [dc=acr,dc=lab], filter => [(&(objectClass=sambaGroupMapping)(|(displayName=root)(cn=root)))], scope => [2] [2012/08/30 15:27:52.077978, 4] passdb/pdb_ldap.c:2543(ldapsam_getgroup) ldapsam_getgroup: Did not find group, filter was (&(objectClass=sambaGroupMapping)(|(displayName=root)(cn=root))) [2012/08/30 15:27:52.078139, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (10000, 513) - sec_ctx_stack_ndx = 0 [2012/08/30 15:27:52.078265, 10] passdb/lookup_sid.c:76(lookup_name) lookup_name: Unix User\root => domain=[Unix User], name=[root] [2012/08/30 15:27:52.078383, 10] passdb/lookup_sid.c:77(lookup_name) lookup_name: flags = 0x073 [2012/08/30 15:27:52.078510, 5] lib/username.c:171(Get_Pwnam_alloc) Finding user root [2012/08/30 15:27:52.078650, 5] lib/username.c:116(Get_Pwnam_internals) Trying _Get_Pwnam(), username as lowercase is root [2012/08/30 15:27:52.078770, 5] lib/username.c:149(Get_Pwnam_internals) Get_Pwnam_internals did find user [root]! [2012/08/30 15:27:52.078891, 10] smbd/share_access.c:241(user_ok_token) user_ok_token: share HP_4515 is ok for unix user administrator [2012/08/30 15:27:52.079012, 4] rpc_server/spoolss/srv_spoolss_nt.c:1923(_spoolss_OpenPrinterEx) Setting printer access = PRINTER_ACCESS_USE [2012/08/30 15:27:52.079150, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) Create pipe requested \winreg [2012/08/30 15:27:52.079274, 10] rpc_server/rpc_handles.c:116(init_pipe_handles) init_pipe_handle_list: created handle list for pipe \winreg [2012/08/30 15:27:52.079392, 10] rpc_server/rpc_handles.c:133(init_pipe_handles) init_pipe_handle_list: pipe_handles ref count = 1 for pipe \winreg [2012/08/30 15:27:52.079574, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) Created internal pipe \winreg (pipes_open=0) [2012/08/30 15:27:52.079715, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM in: struct winreg_OpenHKLM system_name : NULL access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2012/08/30 15:27:52.080503, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2012/08/30 15:27:52.080649, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (2->3) [2012/08/30 15:27:52.080770, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM] [2012/08/30 15:27:52.080887, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM] [2012/08/30 15:27:52.081024, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:52.081144, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM] [2012/08/30 15:27:52.081303, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM] [2012/08/30 15:27:52.081436, 10] ../libcli/security/access_check.c:178(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2012/08/30 15:27:52.081570, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[1] [0000] 00 00 00 00 16 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.081781, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM out: struct winreg_OpenHKLM handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000016-0000-0000-3f50-b8beee0b0000 result : WERR_OK [2012/08/30 15:27:52.082289, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey in: struct winreg_OpenKey parent_handle : * parent_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000016-0000-0000-3f50-b8beee0b0000 keyname: struct winreg_String name_len : 0x0088 (136) name_size : 0x0088 (136) name : * name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2012/08/30 15:27:52.083926, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 16 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.084144, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2012/08/30 15:27:52.084265, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (3->4) [2012/08/30 15:27:52.084387, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] [2012/08/30 15:27:52.084684, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE] [2012/08/30 15:27:52.084811, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:52.084929, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE] [2012/08/30 15:27:52.085113, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE] [2012/08/30 15:27:52.085247, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2012/08/30 15:27:52.085367, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (4->5) [2012/08/30 15:27:52.085487, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] [2012/08/30 15:27:52.085621, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] [2012/08/30 15:27:52.085739, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:52.085856, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE\Microsoft] [2012/08/30 15:27:52.085991, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft] [2012/08/30 15:27:52.086142, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2012/08/30 15:27:52.086273, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (5->6) [2012/08/30 15:27:52.086395, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] [2012/08/30 15:27:52.086514, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] [2012/08/30 15:27:52.086638, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:52.086756, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] [2012/08/30 15:27:52.086897, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT] [2012/08/30 15:27:52.087032, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2012/08/30 15:27:52.087175, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (6->7) [2012/08/30 15:27:52.087297, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2012/08/30 15:27:52.087416, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2012/08/30 15:27:52.087570, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:52.087702, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b776320 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2012/08/30 15:27:52.087856, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2012/08/30 15:27:52.087981, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (7->8) [2012/08/30 15:27:52.088103, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2012/08/30 15:27:52.088221, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2012/08/30 15:27:52.088342, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:52.088464, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b776320 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2012/08/30 15:27:52.088651, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2012/08/30 15:27:52.088772, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (8->9) [2012/08/30 15:27:52.088893, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2012/08/30 15:27:52.089015, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2012/08/30 15:27:52.089134, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:52.089251, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2012/08/30 15:27:52.089388, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2012/08/30 15:27:52.089526, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [HP_4515] [2012/08/30 15:27:52.089645, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (9->10) [2012/08/30 15:27:52.089765, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:52.089892, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:52.090014, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:52.090130, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:52.090268, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:52.090404, 10] ../libcli/security/access_check.c:178(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2012/08/30 15:27:52.090528, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (10->9) [2012/08/30 15:27:52.090647, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (9->8) [2012/08/30 15:27:52.090767, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (8->7) [2012/08/30 15:27:52.090886, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (7->6) [2012/08/30 15:27:52.091046, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (6->5) [2012/08/30 15:27:52.091165, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (5->4) [2012/08/30 15:27:52.091287, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[2] [0000] 00 00 00 00 17 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.091561, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey out: struct winreg_OpenKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000017-0000-0000-3f50-b8beee0b0000 result : WERR_OK [2012/08/30 15:27:52.092075, 2] rpc_client/cli_winreg_spoolss.c:898(winreg_create_printer) winreg_create_printer: Skipping, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515 already exists [2012/08/30 15:27:52.092205, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000017-0000-0000-3f50-b8beee0b0000 [2012/08/30 15:27:52.092657, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 17 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.092890, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 17 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.093089, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/08/30 15:27:52.093207, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (4->3) [2012/08/30 15:27:52.093325, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2012/08/30 15:27:52.094903, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000016-0000-0000-3f50-b8beee0b0000 [2012/08/30 15:27:52.095336, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 16 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.095710, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 16 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.095918, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/08/30 15:27:52.096036, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (3->2) [2012/08/30 15:27:52.096153, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2012/08/30 15:27:52.096783, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) spoolss_OpenPrinterEx: struct spoolss_OpenPrinterEx out: struct spoolss_OpenPrinterEx handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000015-0000-0000-3f50-b8beee0b0000 result : WERR_OK [2012/08/30 15:27:52.097259, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP) api_rpcTNP: called \spoolss successfully [2012/08/30 15:27:52.097386, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 192 [2012/08/30 15:27:52.097515, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) name: \spoolss len: 1024 [2012/08/30 15:27:52.097634, 10] rpc_server/srv_pipe_hnd.c:346(read_from_internal_pipe) read_from_pipe: \spoolss: fault_state = 0 : data_sent_length = 0, p->out_data.rdata.length = 24. [2012/08/30 15:27:52.097759, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) &r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_RESPONSE (2) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0030 (48) auth_length : 0x0000 (0) call_id : 0x00000002 (2) u : union dcerpc_payload(case 2) response: struct dcerpc_response alloc_hint : 0x00000018 (24) context_id : 0x0000 (0) cancel_count : 0x00 (0) _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=24 [0000] 00 00 00 00 15 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. [0010] EE 0B 00 00 00 00 00 00 ........ [2012/08/30 15:27:52.099160, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) free_pipe_context: destroying talloc pool of size 1460 [2012/08/30 15:27:52.099281, 10] rpc_server/rpc_handles.c:307(close_policy_by_pipe) close_policy_by_pipe: deleted handle list for pipe \winreg [2012/08/30 15:27:52.099411, 10] rpc_server/srv_pipe_hnd.c:788(np_read_recv) Received 48 bytes. There is no more data outstanding [2012/08/30 15:27:52.099557, 5] smbd/ipc.c:62(copy_trans_params_and_data) copy_trans_params_and_data: params[0..0] data[0..48] (align 0) [2012/08/30 15:27:52.099686, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:52.099748, 5] lib/util.c:342(show_msg) size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=1 smb_pid=1080 smb_uid=100 smb_mid=6464 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [2012/08/30 15:27:52.101157, 10] ../lib/util/util.c:415(dump_data) [0000] 00 05 00 02 03 10 00 00 00 30 00 00 00 02 00 00 ........ .0...... [0010] 00 18 00 00 00 00 00 00 00 00 00 00 00 15 00 00 ........ ........ [0020] 00 00 00 00 00 3F 50 B8 BE EE 0B 00 00 00 00 00 .....?P. ........ [0030] 00 . [2012/08/30 15:27:52.103317, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 140 [2012/08/30 15:27:52.103578, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x8c [2012/08/30 15:27:52.103711, 3] smbd/process.c:1662(process_smb) Transaction 23 of length 144 (0 toread) [2012/08/30 15:27:52.103830, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:52.103891, 5] lib/util.c:342(show_msg) size=140 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=1080 smb_uid=100 smb_mid=6528 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 56 (0x38) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 56 (0x38) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=17755 (0x455B) smb_bcc=73 [2012/08/30 15:27:52.105613, 10] ../lib/util/util.c:415(dump_data) [0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [0010] 00 05 00 00 03 10 00 00 00 38 00 00 00 03 00 00 ........ .8...... [0020] 00 20 00 00 00 00 00 08 00 00 00 00 00 15 00 00 . ...... ........ [0030] 00 00 00 00 00 3F 50 B8 BE EE 0B 00 00 02 00 00 .....?P. ........ [0040] 00 00 00 00 00 00 00 00 00 ........ . [2012/08/30 15:27:52.106019, 3] smbd/process.c:1467(switch_message) switch message SMBtrans (pid 3054) conn 0x7fd50c02fa20 [2012/08/30 15:27:52.106149, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/08/30 15:27:52.106280, 3] smbd/ipc.c:560(handle_trans) trans <\PIPE\> data=56 params=0 setup=2 [2012/08/30 15:27:52.106400, 5] smbd/ipc.c:593(handle_trans) calling named_pipe [2012/08/30 15:27:52.106516, 3] smbd/ipc.c:511(named_pipe) named pipe command on <> name [2012/08/30 15:27:52.106636, 5] smbd/ipc.c:434(api_fd_reply) api_fd_reply [2012/08/30 15:27:52.106756, 3] smbd/ipc.c:475(api_fd_reply) Got API command 0x26 on pipe "spoolss" (pnum 455b) [2012/08/30 15:27:52.106876, 10] smbd/ipc.c:477(api_fd_reply) api_fd_reply: p:0x7fd50c02ba70 max_trans_reply: 1024 [2012/08/30 15:27:52.106995, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 56 [2012/08/30 15:27:52.107114, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 56 [2012/08/30 15:27:52.107249, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 56 [2012/08/30 15:27:52.107367, 10] rpc_server/srv_pipe_hnd.c:50(fill_rpc_header) fill_rpc_header: data_to_copy = 56, len_needed_to_complete_hdr = 16, receive_len = 0 [2012/08/30 15:27:52.107485, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 16 [2012/08/30 15:27:52.107615, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 40 [2012/08/30 15:27:52.107732, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 40 [2012/08/30 15:27:52.107850, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 0 [2012/08/30 15:27:52.107967, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 40 [2012/08/30 15:27:52.108101, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 40, incoming data = 40 [2012/08/30 15:27:52.108366, 10] rpc_server/srv_pipe.c:1877(process_complete_pdu) PDU is in Little Endian format! [2012/08/30 15:27:52.108489, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_REQUEST (0) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0038 (56) auth_length : 0x0000 (0) call_id : 0x00000003 (3) u : union dcerpc_payload(case 0) request: struct dcerpc_request alloc_hint : 0x00000020 (32) context_id : 0x0000 (0) opnum : 0x0008 (8) object : union dcerpc_object(case 0) empty: struct dcerpc_empty _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=32 [0000] 00 00 00 00 15 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. [0010] EE 0B 00 00 02 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [2012/08/30 15:27:52.110088, 10] rpc_server/srv_pipe.c:1890(process_complete_pdu) Processing packet type 0 [2012/08/30 15:27:52.110216, 10] rpc_server/srv_pipe.c:1734(dcesrv_auth_request) Checking request auth. [2012/08/30 15:27:52.110335, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) Requested \PIPE\\spoolss [2012/08/30 15:27:52.110456, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) api_rpcTNP: \spoolss op 0x8 - api_rpcTNP: rpc command: SPOOLSS_GETPRINTER [2012/08/30 15:27:52.110576, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) api_rpc_cmds[8].fn == 0x7fd50aed3850 [2012/08/30 15:27:52.110757, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) spoolss_GetPrinter: struct spoolss_GetPrinter in: struct spoolss_GetPrinter handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000015-0000-0000-3f50-b8beee0b0000 level : 0x00000002 (2) buffer : NULL offered : 0x00000000 (0) [2012/08/30 15:27:52.111542, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 15 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.111774, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 15 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.111968, 4] rpc_server/spoolss/srv_spoolss_nt.c:504(get_printer_snum) short name:HP_4515 [2012/08/30 15:27:52.112112, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) Create pipe requested \winreg [2012/08/30 15:27:52.112247, 10] rpc_server/rpc_handles.c:116(init_pipe_handles) init_pipe_handle_list: created handle list for pipe \winreg [2012/08/30 15:27:52.112405, 10] rpc_server/rpc_handles.c:133(init_pipe_handles) init_pipe_handle_list: pipe_handles ref count = 1 for pipe \winreg [2012/08/30 15:27:52.112531, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) Created internal pipe \winreg (pipes_open=0) [2012/08/30 15:27:52.112709, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM in: struct winreg_OpenHKLM system_name : NULL access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2012/08/30 15:27:52.113490, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2012/08/30 15:27:52.113633, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (2->3) [2012/08/30 15:27:52.113756, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM] [2012/08/30 15:27:52.113873, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM] [2012/08/30 15:27:52.113992, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:52.114127, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM] [2012/08/30 15:27:52.114273, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM] [2012/08/30 15:27:52.114842, 10] ../libcli/security/access_check.c:178(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2012/08/30 15:27:52.114969, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[1] [0000] 00 00 00 00 18 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.115187, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM out: struct winreg_OpenHKLM handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000018-0000-0000-3f50-b8beee0b0000 result : WERR_OK [2012/08/30 15:27:52.115753, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey in: struct winreg_OpenKey parent_handle : * parent_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000018-0000-0000-3f50-b8beee0b0000 keyname: struct winreg_String name_len : 0x0088 (136) name_size : 0x0088 (136) name : * name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2012/08/30 15:27:52.117425, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 18 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.117639, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2012/08/30 15:27:52.117760, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (3->4) [2012/08/30 15:27:52.117883, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] [2012/08/30 15:27:52.118004, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE] [2012/08/30 15:27:52.118123, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:52.118239, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE] [2012/08/30 15:27:52.118386, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE] [2012/08/30 15:27:52.118523, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2012/08/30 15:27:52.118641, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (4->5) [2012/08/30 15:27:52.118761, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] [2012/08/30 15:27:52.118877, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] [2012/08/30 15:27:52.118998, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:52.119114, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE\Microsoft] [2012/08/30 15:27:52.119247, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft] [2012/08/30 15:27:52.119378, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2012/08/30 15:27:52.119562, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (5->6) [2012/08/30 15:27:52.119692, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] [2012/08/30 15:27:52.119808, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] [2012/08/30 15:27:52.119929, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:52.120045, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] [2012/08/30 15:27:52.120325, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT] [2012/08/30 15:27:52.120458, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2012/08/30 15:27:52.120595, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (6->7) [2012/08/30 15:27:52.120716, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2012/08/30 15:27:52.120833, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2012/08/30 15:27:52.120951, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:52.121086, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b776320 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2012/08/30 15:27:52.121228, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2012/08/30 15:27:52.121356, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (7->8) [2012/08/30 15:27:52.121494, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2012/08/30 15:27:52.121614, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2012/08/30 15:27:52.121734, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:52.121855, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b776320 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2012/08/30 15:27:52.122014, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2012/08/30 15:27:52.122134, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (8->9) [2012/08/30 15:27:52.122255, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2012/08/30 15:27:52.122372, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2012/08/30 15:27:52.122507, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:52.122624, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2012/08/30 15:27:52.122759, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2012/08/30 15:27:52.122893, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [HP_4515] [2012/08/30 15:27:52.123015, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (9->10) [2012/08/30 15:27:52.123135, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:52.123253, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:52.123371, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:52.123489, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:52.123768, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:52.123924, 10] ../libcli/security/access_check.c:178(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2012/08/30 15:27:52.124046, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (10->9) [2012/08/30 15:27:52.124198, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (9->8) [2012/08/30 15:27:52.124319, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (8->7) [2012/08/30 15:27:52.124488, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (7->6) [2012/08/30 15:27:52.124613, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (6->5) [2012/08/30 15:27:52.124731, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (5->4) [2012/08/30 15:27:52.124851, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[2] [0000] 00 00 00 00 19 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.125057, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey out: struct winreg_OpenKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000019-0000-0000-3f50-b8beee0b0000 result : WERR_OK [2012/08/30 15:27:52.125621, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_QueryInfoKey: struct winreg_QueryInfoKey in: struct winreg_QueryInfoKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000019-0000-0000-3f50-b8beee0b0000 classname : * classname: struct winreg_String name_len : 0x0000 (0) name_size : 0x0000 (0) name : NULL [2012/08/30 15:27:52.126357, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 19 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.126579, 10] registry/reg_dispatcher.c:150(fetch_reg_values) fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515' (ops 0x7fd50b775f80) [2012/08/30 15:27:52.126722, 10] registry/reg_backend_db.c:1789(regdb_fetch_values_internal) regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:52.126867, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[0]: name[Attributes] len[4] [2012/08/30 15:27:52.126989, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[1]: name[Datatype] len[8] [2012/08/30 15:27:52.127109, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[2]: name[Default Priority] len[4] [2012/08/30 15:27:52.127229, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[3]: name[Port] len[38] [2012/08/30 15:27:52.127479, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[4]: name[Name] len[16] [2012/08/30 15:27:52.127743, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[5]: name[Print Processor] len[18] [2012/08/30 15:27:52.127888, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[6]: name[Priority] len[4] [2012/08/30 15:27:52.128022, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[7]: name[Security] len[248] [2012/08/30 15:27:52.128143, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[8]: name[Share Name] len[16] [2012/08/30 15:27:52.128265, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[9]: name[StartTime] len[4] [2012/08/30 15:27:52.128384, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[10]: name[UntilTime] len[4] [2012/08/30 15:27:52.128504, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[11]: name[Description] len[26] [2012/08/30 15:27:52.128624, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[12]: name[Printer Driver] len[16] [2012/08/30 15:27:52.128761, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[13]: name[Location] len[2] [2012/08/30 15:27:52.128881, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[14]: name[Parameters] len[2] [2012/08/30 15:27:52.129003, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[15]: name[Separator File] len[2] [2012/08/30 15:27:52.129134, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[16]: name[Status] len[4] [2012/08/30 15:27:52.129259, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[17]: name[ChangeID] len[4] [2012/08/30 15:27:52.129383, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:52.129532, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_QueryInfoKey: struct winreg_QueryInfoKey out: struct winreg_QueryInfoKey classname : * classname: struct winreg_String name_len : 0x0000 (0) name_size : 0x0000 (0) name : NULL num_subkeys : * num_subkeys : 0x00000003 (3) max_subkeylen : * max_subkeylen : 0x00000022 (34) max_classlen : * max_classlen : 0x00000000 (0) num_values : * num_values : 0x00000012 (18) max_valnamelen : * max_valnamelen : 0x00000022 (34) max_valbufsize : * max_valbufsize : 0x000000f8 (248) secdescsize : * secdescsize : 0x00000078 (120) last_changed_time : * last_changed_time : NTTIME(0) result : WERR_OK [2012/08/30 15:27:52.131228, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000019-0000-0000-3f50-b8beee0b0000 enum_index : 0x00000000 (0) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2012/08/30 15:27:52.132801, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 19 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.133001, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:52.133160, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0016 (22) size : 0x0024 (36) name : * name : 'Attributes' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x48 (72) [1] : 0x10 (16) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2012/08/30 15:27:52.135563, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000019-0000-0000-3f50-b8beee0b0000 enum_index : 0x00000001 (1) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2012/08/30 15:27:52.136914, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 19 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.137111, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:52.137233, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0024 (36) name : * name : 'Datatype' type : * type : REG_SZ (1) value : * value: ARRAY(8) [0] : 0x52 (82) [1] : 0x00 (0) [2] : 0x41 (65) [3] : 0x00 (0) [4] : 0x57 (87) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) size : * size : 0x00000008 (8) length : * length : 0x00000008 (8) result : WERR_OK [2012/08/30 15:27:52.138766, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000019-0000-0000-3f50-b8beee0b0000 enum_index : 0x00000002 (2) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2012/08/30 15:27:52.140095, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 19 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.140290, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:52.140410, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0022 (34) size : 0x0024 (36) name : * name : 'Default Priority' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2012/08/30 15:27:52.141822, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000019-0000-0000-3f50-b8beee0b0000 enum_index : 0x00000003 (3) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2012/08/30 15:27:52.143114, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 19 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.143312, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:52.143456, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x000a (10) size : 0x0024 (36) name : * name : 'Port' type : * type : REG_SZ (1) value : * value: ARRAY(38) [0] : 0x53 (83) [1] : 0x00 (0) [2] : 0x61 (97) [3] : 0x00 (0) [4] : 0x6d (109) [5] : 0x00 (0) [6] : 0x62 (98) [7] : 0x00 (0) [8] : 0x61 (97) [9] : 0x00 (0) [10] : 0x20 (32) [11] : 0x00 (0) [12] : 0x50 (80) [13] : 0x00 (0) [14] : 0x72 (114) [15] : 0x00 (0) [16] : 0x69 (105) [17] : 0x00 (0) [18] : 0x6e (110) [19] : 0x00 (0) [20] : 0x74 (116) [21] : 0x00 (0) [22] : 0x65 (101) [23] : 0x00 (0) [24] : 0x72 (114) [25] : 0x00 (0) [26] : 0x20 (32) [27] : 0x00 (0) [28] : 0x50 (80) [29] : 0x00 (0) [30] : 0x6f (111) [31] : 0x00 (0) [32] : 0x72 (114) [33] : 0x00 (0) [34] : 0x74 (116) [35] : 0x00 (0) [36] : 0x00 (0) [37] : 0x00 (0) size : * size : 0x00000026 (38) length : * length : 0x00000026 (38) result : WERR_OK [2012/08/30 15:27:52.147102, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000019-0000-0000-3f50-b8beee0b0000 enum_index : 0x00000004 (4) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2012/08/30 15:27:52.148486, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 19 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.148743, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:52.148908, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x000a (10) size : 0x0024 (36) name : * name : 'Name' type : * type : REG_SZ (1) value : * value: ARRAY(16) [0] : 0x48 (72) [1] : 0x00 (0) [2] : 0x50 (80) [3] : 0x00 (0) [4] : 0x5f (95) [5] : 0x00 (0) [6] : 0x34 (52) [7] : 0x00 (0) [8] : 0x35 (53) [9] : 0x00 (0) [10] : 0x31 (49) [11] : 0x00 (0) [12] : 0x35 (53) [13] : 0x00 (0) [14] : 0x00 (0) [15] : 0x00 (0) size : * size : 0x00000010 (16) length : * length : 0x00000010 (16) result : WERR_OK [2012/08/30 15:27:52.151063, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000019-0000-0000-3f50-b8beee0b0000 enum_index : 0x00000005 (5) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2012/08/30 15:27:52.152397, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 19 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.152597, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:52.152730, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0020 (32) size : 0x0024 (36) name : * name : 'Print Processor' type : * type : REG_SZ (1) value : * value: ARRAY(18) [0] : 0x77 (119) [1] : 0x00 (0) [2] : 0x69 (105) [3] : 0x00 (0) [4] : 0x6e (110) [5] : 0x00 (0) [6] : 0x70 (112) [7] : 0x00 (0) [8] : 0x72 (114) [9] : 0x00 (0) [10] : 0x69 (105) [11] : 0x00 (0) [12] : 0x6e (110) [13] : 0x00 (0) [14] : 0x74 (116) [15] : 0x00 (0) [16] : 0x00 (0) [17] : 0x00 (0) size : * size : 0x00000012 (18) length : * length : 0x00000012 (18) result : WERR_OK [2012/08/30 15:27:52.154861, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000019-0000-0000-3f50-b8beee0b0000 enum_index : 0x00000006 (6) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2012/08/30 15:27:52.156812, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 19 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.157016, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:52.157139, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0024 (36) name : * name : 'Priority' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2012/08/30 15:27:52.158519, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000019-0000-0000-3f50-b8beee0b0000 enum_index : 0x00000007 (7) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2012/08/30 15:27:52.159910, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 19 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.160109, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:52.160234, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0024 (36) name : * name : 'Security' type : * type : REG_BINARY (3) value : * value: ARRAY(248) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x04 (4) [3] : 0x80 (128) [4] : 0x14 (20) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) [8] : 0x24 (36) [9] : 0x00 (0) [10] : 0x00 (0) [11] : 0x00 (0) [12] : 0x00 (0) [13] : 0x00 (0) [14] : 0x00 (0) [15] : 0x00 (0) [16] : 0x34 (52) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) [20] : 0x01 (1) [21] : 0x02 (2) [22] : 0x00 (0) [23] : 0x00 (0) [24] : 0x00 (0) [25] : 0x00 (0) [26] : 0x00 (0) [27] : 0x05 (5) [28] : 0x20 (32) [29] : 0x00 (0) [30] : 0x00 (0) [31] : 0x00 (0) [32] : 0x20 (32) [33] : 0x02 (2) [34] : 0x00 (0) [35] : 0x00 (0) [36] : 0x01 (1) [37] : 0x02 (2) [38] : 0x00 (0) [39] : 0x00 (0) [40] : 0x00 (0) [41] : 0x00 (0) [42] : 0x00 (0) [43] : 0x05 (5) [44] : 0x20 (32) [45] : 0x00 (0) [46] : 0x00 (0) [47] : 0x00 (0) [48] : 0x20 (32) [49] : 0x02 (2) [50] : 0x00 (0) [51] : 0x00 (0) [52] : 0x02 (2) [53] : 0x00 (0) [54] : 0xc4 (196) [55] : 0x00 (0) [56] : 0x07 (7) [57] : 0x00 (0) [58] : 0x00 (0) [59] : 0x00 (0) [60] : 0x00 (0) [61] : 0x02 (2) [62] : 0x14 (20) [63] : 0x00 (0) [64] : 0x08 (8) [65] : 0x00 (0) [66] : 0x02 (2) [67] : 0x20 (32) [68] : 0x01 (1) [69] : 0x01 (1) [70] : 0x00 (0) [71] : 0x00 (0) [72] : 0x00 (0) [73] : 0x00 (0) [74] : 0x00 (0) [75] : 0x01 (1) [76] : 0x00 (0) [77] : 0x00 (0) [78] : 0x00 (0) [79] : 0x00 (0) [80] : 0x00 (0) [81] : 0x09 (9) [82] : 0x24 (36) [83] : 0x00 (0) [84] : 0x0c (12) [85] : 0x00 (0) [86] : 0x0f (15) [87] : 0x10 (16) [88] : 0x01 (1) [89] : 0x05 (5) [90] : 0x00 (0) [91] : 0x00 (0) [92] : 0x00 (0) [93] : 0x00 (0) [94] : 0x00 (0) [95] : 0x05 (5) [96] : 0x15 (21) [97] : 0x00 (0) [98] : 0x00 (0) [99] : 0x00 (0) [100] : 0x1b (27) [101] : 0xea (234) [102] : 0xaf (175) [103] : 0xc2 (194) [104] : 0xc0 (192) [105] : 0x3c (60) [106] : 0x7d (125) [107] : 0xdd (221) [108] : 0x2c (44) [109] : 0x8f (143) [110] : 0x72 (114) [111] : 0xd3 (211) [112] : 0x00 (0) [113] : 0x02 (2) [114] : 0x00 (0) [115] : 0x00 (0) [116] : 0x00 (0) [117] : 0x02 (2) [118] : 0x24 (36) [119] : 0x00 (0) [120] : 0x0c (12) [121] : 0x00 (0) [122] : 0x0f (15) [123] : 0x10 (16) [124] : 0x01 (1) [125] : 0x05 (5) [126] : 0x00 (0) [127] : 0x00 (0) [128] : 0x00 (0) [129] : 0x00 (0) [130] : 0x00 (0) [131] : 0x05 (5) [132] : 0x15 (21) [133] : 0x00 (0) [134] : 0x00 (0) [135] : 0x00 (0) [136] : 0x1b (27) [137] : 0xea (234) [138] : 0xaf (175) [139] : 0xc2 (194) [140] : 0xc0 (192) [141] : 0x3c (60) [142] : 0x7d (125) [143] : 0xdd (221) [144] : 0x2c (44) [145] : 0x8f (143) [146] : 0x72 (114) [147] : 0xd3 (211) [148] : 0x00 (0) [149] : 0x02 (2) [150] : 0x00 (0) [151] : 0x00 (0) [152] : 0x00 (0) [153] : 0x09 (9) [154] : 0x18 (24) [155] : 0x00 (0) [156] : 0x0c (12) [157] : 0x00 (0) [158] : 0x0f (15) [159] : 0x10 (16) [160] : 0x01 (1) [161] : 0x02 (2) [162] : 0x00 (0) [163] : 0x00 (0) [164] : 0x00 (0) [165] : 0x00 (0) [166] : 0x00 (0) [167] : 0x05 (5) [168] : 0x20 (32) [169] : 0x00 (0) [170] : 0x00 (0) [171] : 0x00 (0) [172] : 0x20 (32) [173] : 0x02 (2) [174] : 0x00 (0) [175] : 0x00 (0) [176] : 0x00 (0) [177] : 0x02 (2) [178] : 0x18 (24) [179] : 0x00 (0) [180] : 0x0c (12) [181] : 0x00 (0) [182] : 0x0f (15) [183] : 0x10 (16) [184] : 0x01 (1) [185] : 0x02 (2) [186] : 0x00 (0) [187] : 0x00 (0) [188] : 0x00 (0) [189] : 0x00 (0) [190] : 0x00 (0) [191] : 0x05 (5) [192] : 0x20 (32) [193] : 0x00 (0) [194] : 0x00 (0) [195] : 0x00 (0) [196] : 0x20 (32) [197] : 0x02 (2) [198] : 0x00 (0) [199] : 0x00 (0) [200] : 0x00 (0) [201] : 0x09 (9) [202] : 0x18 (24) [203] : 0x00 (0) [204] : 0x0c (12) [205] : 0x00 (0) [206] : 0x0f (15) [207] : 0x10 (16) [208] : 0x01 (1) [209] : 0x02 (2) [210] : 0x00 (0) [211] : 0x00 (0) [212] : 0x00 (0) [213] : 0x00 (0) [214] : 0x00 (0) [215] : 0x05 (5) [216] : 0x20 (32) [217] : 0x00 (0) [218] : 0x00 (0) [219] : 0x00 (0) [220] : 0x26 (38) [221] : 0x02 (2) [222] : 0x00 (0) [223] : 0x00 (0) [224] : 0x00 (0) [225] : 0x02 (2) [226] : 0x18 (24) [227] : 0x00 (0) [228] : 0x0c (12) [229] : 0x00 (0) [230] : 0x0f (15) [231] : 0x10 (16) [232] : 0x01 (1) [233] : 0x02 (2) [234] : 0x00 (0) [235] : 0x00 (0) [236] : 0x00 (0) [237] : 0x00 (0) [238] : 0x00 (0) [239] : 0x05 (5) [240] : 0x20 (32) [241] : 0x00 (0) [242] : 0x00 (0) [243] : 0x00 (0) [244] : 0x26 (38) [245] : 0x02 (2) [246] : 0x00 (0) [247] : 0x00 (0) size : * size : 0x000000f8 (248) length : * length : 0x000000f8 (248) result : WERR_OK [2012/08/30 15:27:52.177586, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000019-0000-0000-3f50-b8beee0b0000 enum_index : 0x00000008 (8) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2012/08/30 15:27:52.178905, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 19 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.179109, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:52.179238, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0016 (22) size : 0x0024 (36) name : * name : 'Share Name' type : * type : REG_SZ (1) value : * value: ARRAY(16) [0] : 0x48 (72) [1] : 0x00 (0) [2] : 0x50 (80) [3] : 0x00 (0) [4] : 0x5f (95) [5] : 0x00 (0) [6] : 0x34 (52) [7] : 0x00 (0) [8] : 0x35 (53) [9] : 0x00 (0) [10] : 0x31 (49) [11] : 0x00 (0) [12] : 0x35 (53) [13] : 0x00 (0) [14] : 0x00 (0) [15] : 0x00 (0) size : * size : 0x00000010 (16) length : * length : 0x00000010 (16) result : WERR_OK [2012/08/30 15:27:52.181637, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000019-0000-0000-3f50-b8beee0b0000 enum_index : 0x00000009 (9) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2012/08/30 15:27:52.183001, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 19 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.183205, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:52.183334, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0014 (20) size : 0x0024 (36) name : * name : 'StartTime' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x00 (0) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2012/08/30 15:27:52.186011, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000019-0000-0000-3f50-b8beee0b0000 enum_index : 0x0000000a (10) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2012/08/30 15:27:52.187311, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 19 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.187561, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:52.187696, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0014 (20) size : 0x0024 (36) name : * name : 'UntilTime' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x00 (0) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2012/08/30 15:27:52.189063, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000019-0000-0000-3f50-b8beee0b0000 enum_index : 0x0000000b (11) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2012/08/30 15:27:52.190361, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 19 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.190566, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:52.190689, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0018 (24) size : 0x0024 (36) name : * name : 'Description' type : * type : REG_SZ (1) value : * value: ARRAY(26) [0] : 0x63 (99) [1] : 0x00 (0) [2] : 0x75 (117) [3] : 0x00 (0) [4] : 0x70 (112) [5] : 0x00 (0) [6] : 0x73 (115) [7] : 0x00 (0) [8] : 0x20 (32) [9] : 0x00 (0) [10] : 0x70 (112) [11] : 0x00 (0) [12] : 0x72 (114) [13] : 0x00 (0) [14] : 0x69 (105) [15] : 0x00 (0) [16] : 0x6e (110) [17] : 0x00 (0) [18] : 0x74 (116) [19] : 0x00 (0) [20] : 0x65 (101) [21] : 0x00 (0) [22] : 0x72 (114) [23] : 0x00 (0) [24] : 0x00 (0) [25] : 0x00 (0) size : * size : 0x0000001a (26) length : * length : 0x0000001a (26) result : WERR_OK [2012/08/30 15:27:52.193528, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000019-0000-0000-3f50-b8beee0b0000 enum_index : 0x0000000c (12) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2012/08/30 15:27:52.195455, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 19 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.195781, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:52.195989, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x001e (30) size : 0x0024 (36) name : * name : 'Printer Driver' type : * type : REG_SZ (1) value : * value: ARRAY(16) [0] : 0x48 (72) [1] : 0x00 (0) [2] : 0x50 (80) [3] : 0x00 (0) [4] : 0x5f (95) [5] : 0x00 (0) [6] : 0x34 (52) [7] : 0x00 (0) [8] : 0x35 (53) [9] : 0x00 (0) [10] : 0x31 (49) [11] : 0x00 (0) [12] : 0x35 (53) [13] : 0x00 (0) [14] : 0x00 (0) [15] : 0x00 (0) size : * size : 0x00000010 (16) length : * length : 0x00000010 (16) result : WERR_OK [2012/08/30 15:27:52.198135, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000019-0000-0000-3f50-b8beee0b0000 enum_index : 0x0000000d (13) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2012/08/30 15:27:52.199452, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 19 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.199708, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:52.199834, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0024 (36) name : * name : 'Location' type : * type : REG_SZ (1) value : * value: ARRAY(2) [0] : 0x00 (0) [1] : 0x00 (0) size : * size : 0x00000002 (2) length : * length : 0x00000002 (2) result : WERR_OK [2012/08/30 15:27:52.201038, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000019-0000-0000-3f50-b8beee0b0000 enum_index : 0x0000000e (14) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2012/08/30 15:27:52.202375, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 19 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.202574, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:52.202698, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0016 (22) size : 0x0024 (36) name : * name : 'Parameters' type : * type : REG_SZ (1) value : * value: ARRAY(2) [0] : 0x00 (0) [1] : 0x00 (0) size : * size : 0x00000002 (2) length : * length : 0x00000002 (2) result : WERR_OK [2012/08/30 15:27:52.203944, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000019-0000-0000-3f50-b8beee0b0000 enum_index : 0x0000000f (15) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2012/08/30 15:27:52.205396, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 19 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.205623, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:52.205747, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x001e (30) size : 0x0024 (36) name : * name : 'Separator File' type : * type : REG_SZ (1) value : * value: ARRAY(2) [0] : 0x00 (0) [1] : 0x00 (0) size : * size : 0x00000002 (2) length : * length : 0x00000002 (2) result : WERR_OK [2012/08/30 15:27:52.206949, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000019-0000-0000-3f50-b8beee0b0000 enum_index : 0x00000010 (16) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2012/08/30 15:27:52.208253, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 19 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.208485, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:52.208610, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x000e (14) size : 0x0024 (36) name : * name : 'Status' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x00 (0) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2012/08/30 15:27:52.209950, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000019-0000-0000-3f50-b8beee0b0000 enum_index : 0x00000011 (17) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2012/08/30 15:27:52.211397, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 19 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.211619, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:52.211744, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0024 (36) name : * name : 'ChangeID' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x09 (9) [1] : 0x7d (125) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2012/08/30 15:27:52.213312, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000019-0000-0000-3f50-b8beee0b0000 value_name : * value_name: struct winreg_String name_len : 0x0020 (32) name_size : 0x0020 (32) name : * name : 'Default DevMode' type : * type : REG_NONE (0) data : NULL data_size : * data_size : 0x00000000 (0) data_length : * data_length : 0x00000000 (0) [2012/08/30 15:27:52.216732, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 19 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.216942, 7] rpc_server/winreg/srv_winreg_nt.c:262(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:52.217088, 7] rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2012/08/30 15:27:52.217212, 10] rpc_server/winreg/srv_winreg_nt.c:315(_winreg_QueryValue) _winreg_QueryValue: reg_queryvalue failed with: WERR_BADFILE [2012/08/30 15:27:52.217366, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_NONE (0) data : NULL data_size : * data_size : 0x00000000 (0) data_length : * data_length : 0x00000000 (0) result : WERR_BADFILE [2012/08/30 15:27:52.218059, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM in: struct winreg_OpenHKLM system_name : NULL access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2012/08/30 15:27:52.218812, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2012/08/30 15:27:52.218932, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (4->5) [2012/08/30 15:27:52.219052, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM] [2012/08/30 15:27:52.219185, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM] [2012/08/30 15:27:52.219303, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:52.219418, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM] [2012/08/30 15:27:52.219556, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM] [2012/08/30 15:27:52.219699, 10] ../libcli/security/access_check.c:178(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2012/08/30 15:27:52.219822, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[3] [0000] 00 00 00 00 1A 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.220017, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM out: struct winreg_OpenHKLM handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000001a-0000-0000-3f50-b8beee0b0000 result : WERR_OK [2012/08/30 15:27:52.221178, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey in: struct winreg_OpenKey parent_handle : * parent_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000001a-0000-0000-3f50-b8beee0b0000 keyname: struct winreg_String name_len : 0x0088 (136) name_size : 0x0088 (136) name : * name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2012/08/30 15:27:52.227264, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 1A 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.227471, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2012/08/30 15:27:52.227613, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (5->6) [2012/08/30 15:27:52.227857, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] [2012/08/30 15:27:52.227983, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE] [2012/08/30 15:27:52.228104, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:52.228222, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE] [2012/08/30 15:27:52.228373, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE] [2012/08/30 15:27:52.228679, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2012/08/30 15:27:52.228801, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (6->7) [2012/08/30 15:27:52.228925, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] [2012/08/30 15:27:52.229064, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] [2012/08/30 15:27:52.229183, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:52.229300, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE\Microsoft] [2012/08/30 15:27:52.229436, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft] [2012/08/30 15:27:52.229571, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2012/08/30 15:27:52.229694, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (7->8) [2012/08/30 15:27:52.230746, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] [2012/08/30 15:27:52.230872, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] [2012/08/30 15:27:52.230994, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:52.231112, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] [2012/08/30 15:27:52.231260, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT] [2012/08/30 15:27:52.231440, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2012/08/30 15:27:52.231622, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (8->9) [2012/08/30 15:27:52.231747, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2012/08/30 15:27:52.231865, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2012/08/30 15:27:52.232005, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:52.232123, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b776320 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2012/08/30 15:27:52.232274, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2012/08/30 15:27:52.232395, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (9->10) [2012/08/30 15:27:52.232517, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2012/08/30 15:27:52.232676, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2012/08/30 15:27:52.232799, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:52.232916, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b776320 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2012/08/30 15:27:52.233057, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2012/08/30 15:27:52.233177, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (10->11) [2012/08/30 15:27:52.233298, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2012/08/30 15:27:52.233416, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2012/08/30 15:27:52.233552, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:52.233669, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2012/08/30 15:27:52.233807, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2012/08/30 15:27:52.233943, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [HP_4515] [2012/08/30 15:27:52.234062, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (11->12) [2012/08/30 15:27:52.234183, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:52.234304, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:52.234422, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:52.234539, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:52.234677, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:52.234842, 10] ../libcli/security/access_check.c:178(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2012/08/30 15:27:52.234973, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (12->11) [2012/08/30 15:27:52.235108, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (11->10) [2012/08/30 15:27:52.235227, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (10->9) [2012/08/30 15:27:52.235345, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (9->8) [2012/08/30 15:27:52.235556, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (8->7) [2012/08/30 15:27:52.235685, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (7->6) [2012/08/30 15:27:52.235824, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[4] [0000] 00 00 00 00 1B 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.236136, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey out: struct winreg_OpenKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000001b-0000-0000-3f50-b8beee0b0000 result : WERR_OK [2012/08/30 15:27:52.236737, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000001b-0000-0000-3f50-b8beee0b0000 value_name : * value_name: struct winreg_String name_len : 0x0012 (18) name_size : 0x0012 (18) name : * name : 'Security' type : * type : REG_NONE (0) data : NULL data_size : * data_size : 0x00000000 (0) data_length : * data_length : 0x00000000 (0) [2012/08/30 15:27:52.237992, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 1B 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.238194, 7] rpc_server/winreg/srv_winreg_nt.c:262(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:52.238315, 7] rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2012/08/30 15:27:52.238434, 10] registry/reg_dispatcher.c:150(fetch_reg_values) fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515' (ops 0x7fd50b775f80) [2012/08/30 15:27:52.238555, 10] registry/reg_backend_db.c:1789(regdb_fetch_values_internal) regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:52.238699, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[0]: name[Attributes] len[4] [2012/08/30 15:27:52.238823, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[1]: name[Datatype] len[8] [2012/08/30 15:27:52.238947, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[2]: name[Default Priority] len[4] [2012/08/30 15:27:52.239078, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[3]: name[Port] len[38] [2012/08/30 15:27:52.239198, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[4]: name[Name] len[16] [2012/08/30 15:27:52.239319, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[5]: name[Print Processor] len[18] [2012/08/30 15:27:52.239438, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[6]: name[Priority] len[4] [2012/08/30 15:27:52.239625, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[7]: name[Security] len[248] [2012/08/30 15:27:52.239746, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[8]: name[Share Name] len[16] [2012/08/30 15:27:52.239865, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[9]: name[StartTime] len[4] [2012/08/30 15:27:52.239984, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[10]: name[UntilTime] len[4] [2012/08/30 15:27:52.240105, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[11]: name[Description] len[26] [2012/08/30 15:27:52.240224, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[12]: name[Printer Driver] len[16] [2012/08/30 15:27:52.240344, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[13]: name[Location] len[2] [2012/08/30 15:27:52.240645, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[14]: name[Parameters] len[2] [2012/08/30 15:27:52.240765, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[15]: name[Separator File] len[2] [2012/08/30 15:27:52.240885, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[16]: name[Status] len[4] [2012/08/30 15:27:52.241004, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[17]: name[ChangeID] len[4] [2012/08/30 15:27:52.241124, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_BINARY (3) data : NULL data_size : * data_size : 0x000000f8 (248) data_length : * data_length : 0x00000000 (0) result : WERR_OK [2012/08/30 15:27:52.241802, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000001b-0000-0000-3f50-b8beee0b0000 value_name : * value_name: struct winreg_String name_len : 0x0012 (18) name_size : 0x0012 (18) name : * name : 'Security' type : * type : REG_BINARY (3) data : * data: ARRAY(0) data_size : * data_size : 0x000000f8 (248) data_length : * data_length : 0x00000000 (0) [2012/08/30 15:27:52.243064, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 1B 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.243271, 7] rpc_server/winreg/srv_winreg_nt.c:262(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:52.243392, 7] rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2012/08/30 15:27:52.243560, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_BINARY (3) data : * data: ARRAY(248) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x04 (4) [3] : 0x80 (128) [4] : 0x14 (20) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) [8] : 0x24 (36) [9] : 0x00 (0) [10] : 0x00 (0) [11] : 0x00 (0) [12] : 0x00 (0) [13] : 0x00 (0) [14] : 0x00 (0) [15] : 0x00 (0) [16] : 0x34 (52) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) [20] : 0x01 (1) [21] : 0x02 (2) [22] : 0x00 (0) [23] : 0x00 (0) [24] : 0x00 (0) [25] : 0x00 (0) [26] : 0x00 (0) [27] : 0x05 (5) [28] : 0x20 (32) [29] : 0x00 (0) [30] : 0x00 (0) [31] : 0x00 (0) [32] : 0x20 (32) [33] : 0x02 (2) [34] : 0x00 (0) [35] : 0x00 (0) [36] : 0x01 (1) [37] : 0x02 (2) [38] : 0x00 (0) [39] : 0x00 (0) [40] : 0x00 (0) [41] : 0x00 (0) [42] : 0x00 (0) [43] : 0x05 (5) [44] : 0x20 (32) [45] : 0x00 (0) [46] : 0x00 (0) [47] : 0x00 (0) [48] : 0x20 (32) [49] : 0x02 (2) [50] : 0x00 (0) [51] : 0x00 (0) [52] : 0x02 (2) [53] : 0x00 (0) [54] : 0xc4 (196) [55] : 0x00 (0) [56] : 0x07 (7) [57] : 0x00 (0) [58] : 0x00 (0) [59] : 0x00 (0) [60] : 0x00 (0) [61] : 0x02 (2) [62] : 0x14 (20) [63] : 0x00 (0) [64] : 0x08 (8) [65] : 0x00 (0) [66] : 0x02 (2) [67] : 0x20 (32) [68] : 0x01 (1) [69] : 0x01 (1) [70] : 0x00 (0) [71] : 0x00 (0) [72] : 0x00 (0) [73] : 0x00 (0) [74] : 0x00 (0) [75] : 0x01 (1) [76] : 0x00 (0) [77] : 0x00 (0) [78] : 0x00 (0) [79] : 0x00 (0) [80] : 0x00 (0) [81] : 0x09 (9) [82] : 0x24 (36) [83] : 0x00 (0) [84] : 0x0c (12) [85] : 0x00 (0) [86] : 0x0f (15) [87] : 0x10 (16) [88] : 0x01 (1) [89] : 0x05 (5) [90] : 0x00 (0) [91] : 0x00 (0) [92] : 0x00 (0) [93] : 0x00 (0) [94] : 0x00 (0) [95] : 0x05 (5) [96] : 0x15 (21) [97] : 0x00 (0) [98] : 0x00 (0) [99] : 0x00 (0) [100] : 0x1b (27) [101] : 0xea (234) [102] : 0xaf (175) [103] : 0xc2 (194) [104] : 0xc0 (192) [105] : 0x3c (60) [106] : 0x7d (125) [107] : 0xdd (221) [108] : 0x2c (44) [109] : 0x8f (143) [110] : 0x72 (114) [111] : 0xd3 (211) [112] : 0x00 (0) [113] : 0x02 (2) [114] : 0x00 (0) [115] : 0x00 (0) [116] : 0x00 (0) [117] : 0x02 (2) [118] : 0x24 (36) [119] : 0x00 (0) [120] : 0x0c (12) [121] : 0x00 (0) [122] : 0x0f (15) [123] : 0x10 (16) [124] : 0x01 (1) [125] : 0x05 (5) [126] : 0x00 (0) [127] : 0x00 (0) [128] : 0x00 (0) [129] : 0x00 (0) [130] : 0x00 (0) [131] : 0x05 (5) [132] : 0x15 (21) [133] : 0x00 (0) [134] : 0x00 (0) [135] : 0x00 (0) [136] : 0x1b (27) [137] : 0xea (234) [138] : 0xaf (175) [139] : 0xc2 (194) [140] : 0xc0 (192) [141] : 0x3c (60) [142] : 0x7d (125) [143] : 0xdd (221) [144] : 0x2c (44) [145] : 0x8f (143) [146] : 0x72 (114) [147] : 0xd3 (211) [148] : 0x00 (0) [149] : 0x02 (2) [150] : 0x00 (0) [151] : 0x00 (0) [152] : 0x00 (0) [153] : 0x09 (9) [154] : 0x18 (24) [155] : 0x00 (0) [156] : 0x0c (12) [157] : 0x00 (0) [158] : 0x0f (15) [159] : 0x10 (16) [160] : 0x01 (1) [161] : 0x02 (2) [162] : 0x00 (0) [163] : 0x00 (0) [164] : 0x00 (0) [165] : 0x00 (0) [166] : 0x00 (0) [167] : 0x05 (5) [168] : 0x20 (32) [169] : 0x00 (0) [170] : 0x00 (0) [171] : 0x00 (0) [172] : 0x20 (32) [173] : 0x02 (2) [174] : 0x00 (0) [175] : 0x00 (0) [176] : 0x00 (0) [177] : 0x02 (2) [178] : 0x18 (24) [179] : 0x00 (0) [180] : 0x0c (12) [181] : 0x00 (0) [182] : 0x0f (15) [183] : 0x10 (16) [184] : 0x01 (1) [185] : 0x02 (2) [186] : 0x00 (0) [187] : 0x00 (0) [188] : 0x00 (0) [189] : 0x00 (0) [190] : 0x00 (0) [191] : 0x05 (5) [192] : 0x20 (32) [193] : 0x00 (0) [194] : 0x00 (0) [195] : 0x00 (0) [196] : 0x20 (32) [197] : 0x02 (2) [198] : 0x00 (0) [199] : 0x00 (0) [200] : 0x00 (0) [201] : 0x09 (9) [202] : 0x18 (24) [203] : 0x00 (0) [204] : 0x0c (12) [205] : 0x00 (0) [206] : 0x0f (15) [207] : 0x10 (16) [208] : 0x01 (1) [209] : 0x02 (2) [210] : 0x00 (0) [211] : 0x00 (0) [212] : 0x00 (0) [213] : 0x00 (0) [214] : 0x00 (0) [215] : 0x05 (5) [216] : 0x20 (32) [217] : 0x00 (0) [218] : 0x00 (0) [219] : 0x00 (0) [220] : 0x26 (38) [221] : 0x02 (2) [222] : 0x00 (0) [223] : 0x00 (0) [224] : 0x00 (0) [225] : 0x02 (2) [226] : 0x18 (24) [227] : 0x00 (0) [228] : 0x0c (12) [229] : 0x00 (0) [230] : 0x0f (15) [231] : 0x10 (16) [232] : 0x01 (1) [233] : 0x02 (2) [234] : 0x00 (0) [235] : 0x00 (0) [236] : 0x00 (0) [237] : 0x00 (0) [238] : 0x00 (0) [239] : 0x05 (5) [240] : 0x20 (32) [241] : 0x00 (0) [242] : 0x00 (0) [243] : 0x00 (0) [244] : 0x26 (38) [245] : 0x02 (2) [246] : 0x00 (0) [247] : 0x00 (0) data_size : * data_size : 0x000000f8 (248) data_length : * data_length : 0x000000f8 (248) result : WERR_OK [2012/08/30 15:27:52.259952, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000001b-0000-0000-3f50-b8beee0b0000 [2012/08/30 15:27:52.260388, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 1B 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.260611, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 1B 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.260805, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/08/30 15:27:52.260936, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (6->5) [2012/08/30 15:27:52.261055, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2012/08/30 15:27:52.265435, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000001a-0000-0000-3f50-b8beee0b0000 [2012/08/30 15:27:52.265858, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 1A 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.266055, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 1A 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.266250, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/08/30 15:27:52.266370, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (5->4) [2012/08/30 15:27:52.266490, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2012/08/30 15:27:52.267003, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000019-0000-0000-3f50-b8beee0b0000 [2012/08/30 15:27:52.267425, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 19 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.267625, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 19 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.267822, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/08/30 15:27:52.267947, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (4->3) [2012/08/30 15:27:52.268067, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2012/08/30 15:27:52.268614, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000018-0000-0000-3f50-b8beee0b0000 [2012/08/30 15:27:52.269085, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 18 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.269283, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 18 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.269478, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/08/30 15:27:52.269597, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (3->2) [2012/08/30 15:27:52.269760, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2012/08/30 15:27:52.270365, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(10000, 513) : sec_ctx_stack_ndx = 1 [2012/08/30 15:27:52.270523, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(100) : conn_ctx_stack_ndx = 0 [2012/08/30 15:27:52.270642, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2012/08/30 15:27:52.270760, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2012/08/30 15:27:52.270913, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2012/08/30 15:27:52.271174, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (10000, 513) - sec_ctx_stack_ndx = 0 [2012/08/30 15:27:52.271447, 4] printing/printing.c:1316(print_cache_expired) print_cache_expired: cache expired for queue HP_4515 (last_qscan_time = 1346354404, time now = 1346354872, qcachetime = 30) [2012/08/30 15:27:52.271712, 10] printing/printing.c:1844(print_queue_update) print_queue_update: Sending message -> printer = HP_4515, type = 8, lpq command = [HP_4515] lprm command = [] [2012/08/30 15:27:52.271956, 10] lib/messages_local.c:255(messaging_tdb_store) messaging_tdb_store: [2012/08/30 15:27:52.272084, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) array: struct messaging_array num_messages : 0x00000001 (1) messages: ARRAY(1) messages: struct messaging_rec msg_version : 0x00000002 (2) msg_type : MSG_PRINTER_UPDATE (517) dest: struct server_id pid : 0x00000ba3 (2979) vnn : 0xffffffff (4294967295) unique_id : 0xbe39e3eedeacd900 (13707237555956406528) src: struct server_id pid : 0x00000bee (3054) vnn : 0xffffffff (4294967295) unique_id : 0xbe39e3eedeacd900 (13707237555956406528) buf : DATA_BLOB length=21 [0000] 48 50 5F 34 35 31 35 00 08 00 00 00 48 50 5F 34 HP_4515. ....HP_4 [0010] 35 31 35 00 00 515.. [2012/08/30 15:27:52.278031, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) spoolss_GetPrinter: struct spoolss_GetPrinter out: struct spoolss_GetPrinter info : NULL needed : * needed : 0x00000308 (776) result : WERR_INSUFFICIENT_BUFFER [2012/08/30 15:27:52.278535, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP) api_rpcTNP: called \spoolss successfully [2012/08/30 15:27:52.278672, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 40 [2012/08/30 15:27:52.278833, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) name: \spoolss len: 1024 [2012/08/30 15:27:52.278957, 10] rpc_server/srv_pipe_hnd.c:346(read_from_internal_pipe) read_from_pipe: \spoolss: fault_state = 0 : data_sent_length = 0, p->out_data.rdata.length = 12. [2012/08/30 15:27:52.279081, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) &r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_RESPONSE (2) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0024 (36) auth_length : 0x0000 (0) call_id : 0x00000003 (3) u : union dcerpc_payload(case 2) response: struct dcerpc_response alloc_hint : 0x0000000c (12) context_id : 0x0000 (0) cancel_count : 0x00 (0) _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=12 [0000] 00 00 00 00 08 03 00 00 7A 00 00 00 ........ z... [2012/08/30 15:27:52.280446, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) free_pipe_context: destroying talloc pool of size 4526 [2012/08/30 15:27:52.280580, 10] rpc_server/rpc_handles.c:307(close_policy_by_pipe) close_policy_by_pipe: deleted handle list for pipe \winreg [2012/08/30 15:27:52.280714, 10] rpc_server/srv_pipe_hnd.c:788(np_read_recv) Received 36 bytes. There is no more data outstanding [2012/08/30 15:27:52.280837, 5] smbd/ipc.c:62(copy_trans_params_and_data) copy_trans_params_and_data: params[0..0] data[0..36] (align 0) [2012/08/30 15:27:52.280957, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:52.281019, 5] lib/util.c:342(show_msg) size=92 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=1 smb_pid=1080 smb_uid=100 smb_mid=6528 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 36 (0x24) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 36 (0x24) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=37 [2012/08/30 15:27:52.282396, 10] ../lib/util/util.c:415(dump_data) [0000] 00 05 00 02 03 10 00 00 00 24 00 00 00 03 00 00 ........ .$...... [0010] 00 0C 00 00 00 00 00 00 00 00 00 00 00 08 03 00 ........ ........ [0020] 00 7A 00 00 00 .z... [2012/08/30 15:27:52.302997, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 1392 [2012/08/30 15:27:52.303202, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x570 [2012/08/30 15:27:52.303322, 3] smbd/process.c:1662(process_smb) Transaction 24 of length 1396 (0 toread) [2012/08/30 15:27:52.303455, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:52.303560, 5] lib/util.c:342(show_msg) size=1392 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=1080 smb_uid=100 smb_mid=6592 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 1308 (0x51C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 1308 (0x51C) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=17755 (0x455B) smb_bcc=1325 [2012/08/30 15:27:52.305303, 10] ../lib/util/util.c:415(dump_data) [0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [0010] 00 05 00 00 03 10 00 00 00 1C 05 00 00 04 00 00 ........ ........ [0020] 00 04 05 00 00 00 00 08 00 00 00 00 00 15 00 00 ........ ........ [0030] 00 00 00 00 00 3F 50 B8 BE EE 0B 00 00 02 00 00 .....?P. ........ [0040] 00 00 00 02 00 E0 04 00 00 00 00 00 00 00 00 00 ........ ........ [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [2012/08/30 15:27:52.307626, 3] smbd/process.c:1467(switch_message) switch message SMBtrans (pid 3054) conn 0x7fd50c02fa20 [2012/08/30 15:27:52.307752, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/08/30 15:27:52.307880, 3] smbd/ipc.c:560(handle_trans) trans <\PIPE\> data=1308 params=0 setup=2 [2012/08/30 15:27:52.308002, 5] smbd/ipc.c:593(handle_trans) calling named_pipe [2012/08/30 15:27:52.308138, 3] smbd/ipc.c:511(named_pipe) named pipe command on <> name [2012/08/30 15:27:52.308256, 5] smbd/ipc.c:434(api_fd_reply) api_fd_reply [2012/08/30 15:27:52.308373, 3] smbd/ipc.c:475(api_fd_reply) Got API command 0x26 on pipe "spoolss" (pnum 455b) [2012/08/30 15:27:52.308516, 10] smbd/ipc.c:477(api_fd_reply) api_fd_reply: p:0x7fd50c02ba70 max_trans_reply: 1024 [2012/08/30 15:27:52.308636, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 1308 [2012/08/30 15:27:52.308755, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 1308 [2012/08/30 15:27:52.309044, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 1308 [2012/08/30 15:27:52.309171, 10] rpc_server/srv_pipe_hnd.c:50(fill_rpc_header) fill_rpc_header: data_to_copy = 1308, len_needed_to_complete_hdr = 16, receive_len = 0 [2012/08/30 15:27:52.309290, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 16 [2012/08/30 15:27:52.309417, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 1292 [2012/08/30 15:27:52.309584, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 1292 [2012/08/30 15:27:52.309741, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 0 [2012/08/30 15:27:52.309929, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 1292 [2012/08/30 15:27:52.310055, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 1292, incoming data = 1292 [2012/08/30 15:27:52.310193, 10] rpc_server/srv_pipe.c:1877(process_complete_pdu) PDU is in Little Endian format! [2012/08/30 15:27:52.310320, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_REQUEST (0) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x051c (1308) auth_length : 0x0000 (0) call_id : 0x00000004 (4) u : union dcerpc_payload(case 0) request: struct dcerpc_request alloc_hint : 0x00000504 (1284) context_id : 0x0000 (0) opnum : 0x0008 (8) object : union dcerpc_object(case 0) empty: struct dcerpc_empty _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=1284 [0000] 00 00 00 00 15 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. [0010] EE 0B 00 00 02 00 00 00 00 00 02 00 E0 04 00 00 ........ ........ [0020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0040] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0200] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0210] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0220] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0230] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0240] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0250] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0260] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0270] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0280] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0290] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0300] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0310] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0320] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0330] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0340] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0350] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0360] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0370] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0380] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0390] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0400] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0410] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0420] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0430] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0440] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0450] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0460] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0470] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0480] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0490] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0500] E0 04 00 00 .... [2012/08/30 15:27:52.319201, 10] rpc_server/srv_pipe.c:1890(process_complete_pdu) Processing packet type 0 [2012/08/30 15:27:52.319350, 10] rpc_server/srv_pipe.c:1734(dcesrv_auth_request) Checking request auth. [2012/08/30 15:27:52.319472, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) Requested \PIPE\\spoolss [2012/08/30 15:27:52.319617, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) api_rpcTNP: \spoolss op 0x8 - api_rpcTNP: rpc command: SPOOLSS_GETPRINTER [2012/08/30 15:27:52.319754, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) api_rpc_cmds[8].fn == 0x7fd50aed3850 [2012/08/30 15:27:52.319876, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) spoolss_GetPrinter: struct spoolss_GetPrinter in: struct spoolss_GetPrinter handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000015-0000-0000-3f50-b8beee0b0000 level : 0x00000002 (2) buffer : * buffer : DATA_BLOB length=1248 [0000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0010] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0040] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0200] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0210] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0220] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0230] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0240] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0250] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0260] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0270] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0280] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0290] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0300] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0310] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0320] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0330] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0340] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0350] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0360] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0370] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0380] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0390] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0400] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0410] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0420] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0430] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0440] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0450] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0460] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0470] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0480] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0490] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ offered : 0x000004e0 (1248) [2012/08/30 15:27:52.328678, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 15 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.328906, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 15 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.329101, 4] rpc_server/spoolss/srv_spoolss_nt.c:504(get_printer_snum) short name:HP_4515 [2012/08/30 15:27:52.329275, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) Create pipe requested \winreg [2012/08/30 15:27:52.329402, 10] rpc_server/rpc_handles.c:116(init_pipe_handles) init_pipe_handle_list: created handle list for pipe \winreg [2012/08/30 15:27:52.329646, 10] rpc_server/rpc_handles.c:133(init_pipe_handles) init_pipe_handle_list: pipe_handles ref count = 1 for pipe \winreg [2012/08/30 15:27:52.329802, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) Created internal pipe \winreg (pipes_open=0) [2012/08/30 15:27:52.329944, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM in: struct winreg_OpenHKLM system_name : NULL access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2012/08/30 15:27:52.330757, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2012/08/30 15:27:52.330881, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (2->3) [2012/08/30 15:27:52.331001, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM] [2012/08/30 15:27:52.331122, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM] [2012/08/30 15:27:52.331241, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:52.331358, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM] [2012/08/30 15:27:52.331510, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM] [2012/08/30 15:27:52.331656, 10] ../libcli/security/access_check.c:178(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2012/08/30 15:27:52.331778, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[1] [0000] 00 00 00 00 1C 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.331994, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM out: struct winreg_OpenHKLM handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000001c-0000-0000-3f50-b8beee0b0000 result : WERR_OK [2012/08/30 15:27:52.332538, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey in: struct winreg_OpenKey parent_handle : * parent_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000001c-0000-0000-3f50-b8beee0b0000 keyname: struct winreg_String name_len : 0x0088 (136) name_size : 0x0088 (136) name : * name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2012/08/30 15:27:52.334114, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 1C 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.334336, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2012/08/30 15:27:52.334457, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (3->4) [2012/08/30 15:27:52.334578, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] [2012/08/30 15:27:52.334695, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE] [2012/08/30 15:27:52.334814, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:52.334933, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE] [2012/08/30 15:27:52.335079, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE] [2012/08/30 15:27:52.335212, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2012/08/30 15:27:52.335330, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (4->5) [2012/08/30 15:27:52.335452, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] [2012/08/30 15:27:52.335618, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] [2012/08/30 15:27:52.335736, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:52.335863, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE\Microsoft] [2012/08/30 15:27:52.336148, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft] [2012/08/30 15:27:52.336280, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2012/08/30 15:27:52.336397, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (5->6) [2012/08/30 15:27:52.336519, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] [2012/08/30 15:27:52.336635, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] [2012/08/30 15:27:52.336753, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:52.336868, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] [2012/08/30 15:27:52.337003, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT] [2012/08/30 15:27:52.337134, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2012/08/30 15:27:52.337252, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (6->7) [2012/08/30 15:27:52.337364, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2012/08/30 15:27:52.337565, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2012/08/30 15:27:52.337682, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:52.337797, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b776320 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2012/08/30 15:27:52.337965, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2012/08/30 15:27:52.338085, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (7->8) [2012/08/30 15:27:52.338205, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2012/08/30 15:27:52.338322, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2012/08/30 15:27:52.338443, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:52.338559, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b776320 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2012/08/30 15:27:52.338694, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2012/08/30 15:27:52.338812, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (8->9) [2012/08/30 15:27:52.338936, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2012/08/30 15:27:52.339053, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2012/08/30 15:27:52.339170, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:52.339286, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2012/08/30 15:27:52.339423, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2012/08/30 15:27:52.340776, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [HP_4515] [2012/08/30 15:27:52.340913, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (9->10) [2012/08/30 15:27:52.341060, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:52.341177, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:52.341296, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:52.341413, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:52.341572, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:52.341741, 10] ../libcli/security/access_check.c:178(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2012/08/30 15:27:52.341865, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (10->9) [2012/08/30 15:27:52.342005, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (9->8) [2012/08/30 15:27:52.342125, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (8->7) [2012/08/30 15:27:52.342244, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (7->6) [2012/08/30 15:27:52.342390, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (6->5) [2012/08/30 15:27:52.342534, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (5->4) [2012/08/30 15:27:52.342654, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[2] [0000] 00 00 00 00 1D 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.342862, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey out: struct winreg_OpenKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000001d-0000-0000-3f50-b8beee0b0000 result : WERR_OK [2012/08/30 15:27:52.343363, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_QueryInfoKey: struct winreg_QueryInfoKey in: struct winreg_QueryInfoKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000001d-0000-0000-3f50-b8beee0b0000 classname : * classname: struct winreg_String name_len : 0x0000 (0) name_size : 0x0000 (0) name : NULL [2012/08/30 15:27:52.344158, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 1D 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.344359, 10] registry/reg_dispatcher.c:150(fetch_reg_values) fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515' (ops 0x7fd50b775f80) [2012/08/30 15:27:52.344615, 10] registry/reg_backend_db.c:1789(regdb_fetch_values_internal) regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:52.344760, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[0]: name[Attributes] len[4] [2012/08/30 15:27:52.344883, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[1]: name[Datatype] len[8] [2012/08/30 15:27:52.345002, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[2]: name[Default Priority] len[4] [2012/08/30 15:27:52.345121, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[3]: name[Port] len[38] [2012/08/30 15:27:52.345240, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[4]: name[Name] len[16] [2012/08/30 15:27:52.345361, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[5]: name[Print Processor] len[18] [2012/08/30 15:27:52.345480, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[6]: name[Priority] len[4] [2012/08/30 15:27:52.345599, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[7]: name[Security] len[248] [2012/08/30 15:27:52.345719, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[8]: name[Share Name] len[16] [2012/08/30 15:27:52.345855, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[9]: name[StartTime] len[4] [2012/08/30 15:27:52.345974, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[10]: name[UntilTime] len[4] [2012/08/30 15:27:52.346093, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[11]: name[Description] len[26] [2012/08/30 15:27:52.346212, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[12]: name[Printer Driver] len[16] [2012/08/30 15:27:52.346335, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[13]: name[Location] len[2] [2012/08/30 15:27:52.346454, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[14]: name[Parameters] len[2] [2012/08/30 15:27:52.346581, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[15]: name[Separator File] len[2] [2012/08/30 15:27:52.346701, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[16]: name[Status] len[4] [2012/08/30 15:27:52.346824, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[17]: name[ChangeID] len[4] [2012/08/30 15:27:52.346948, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:52.347088, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_QueryInfoKey: struct winreg_QueryInfoKey out: struct winreg_QueryInfoKey classname : * classname: struct winreg_String name_len : 0x0000 (0) name_size : 0x0000 (0) name : NULL num_subkeys : * num_subkeys : 0x00000003 (3) max_subkeylen : * max_subkeylen : 0x00000022 (34) max_classlen : * max_classlen : 0x00000000 (0) num_values : * num_values : 0x00000012 (18) max_valnamelen : * max_valnamelen : 0x00000022 (34) max_valbufsize : * max_valbufsize : 0x000000f8 (248) secdescsize : * secdescsize : 0x00000078 (120) last_changed_time : * last_changed_time : NTTIME(0) result : WERR_OK [2012/08/30 15:27:52.348783, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000001d-0000-0000-3f50-b8beee0b0000 enum_index : 0x00000000 (0) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2012/08/30 15:27:52.350570, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 1D 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.350818, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:52.350982, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0016 (22) size : 0x0024 (36) name : * name : 'Attributes' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x48 (72) [1] : 0x10 (16) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2012/08/30 15:27:52.352382, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000001d-0000-0000-3f50-b8beee0b0000 enum_index : 0x00000001 (1) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2012/08/30 15:27:52.353776, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 1D 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.353974, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:52.354114, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0024 (36) name : * name : 'Datatype' type : * type : REG_SZ (1) value : * value: ARRAY(8) [0] : 0x52 (82) [1] : 0x00 (0) [2] : 0x41 (65) [3] : 0x00 (0) [4] : 0x57 (87) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) size : * size : 0x00000008 (8) length : * length : 0x00000008 (8) result : WERR_OK [2012/08/30 15:27:52.355705, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000001d-0000-0000-3f50-b8beee0b0000 enum_index : 0x00000002 (2) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2012/08/30 15:27:52.357063, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 1D 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.357258, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:52.357382, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0022 (34) size : 0x0024 (36) name : * name : 'Default Priority' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2012/08/30 15:27:52.358772, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000001d-0000-0000-3f50-b8beee0b0000 enum_index : 0x00000003 (3) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2012/08/30 15:27:52.360090, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 1D 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.360450, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:52.360583, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x000a (10) size : 0x0024 (36) name : * name : 'Port' type : * type : REG_SZ (1) value : * value: ARRAY(38) [0] : 0x53 (83) [1] : 0x00 (0) [2] : 0x61 (97) [3] : 0x00 (0) [4] : 0x6d (109) [5] : 0x00 (0) [6] : 0x62 (98) [7] : 0x00 (0) [8] : 0x61 (97) [9] : 0x00 (0) [10] : 0x20 (32) [11] : 0x00 (0) [12] : 0x50 (80) [13] : 0x00 (0) [14] : 0x72 (114) [15] : 0x00 (0) [16] : 0x69 (105) [17] : 0x00 (0) [18] : 0x6e (110) [19] : 0x00 (0) [20] : 0x74 (116) [21] : 0x00 (0) [22] : 0x65 (101) [23] : 0x00 (0) [24] : 0x72 (114) [25] : 0x00 (0) [26] : 0x20 (32) [27] : 0x00 (0) [28] : 0x50 (80) [29] : 0x00 (0) [30] : 0x6f (111) [31] : 0x00 (0) [32] : 0x72 (114) [33] : 0x00 (0) [34] : 0x74 (116) [35] : 0x00 (0) [36] : 0x00 (0) [37] : 0x00 (0) size : * size : 0x00000026 (38) length : * length : 0x00000026 (38) result : WERR_OK [2012/08/30 15:27:52.363974, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000001d-0000-0000-3f50-b8beee0b0000 enum_index : 0x00000004 (4) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2012/08/30 15:27:52.365353, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 1D 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.365613, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:52.365737, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x000a (10) size : 0x0024 (36) name : * name : 'Name' type : * type : REG_SZ (1) value : * value: ARRAY(16) [0] : 0x48 (72) [1] : 0x00 (0) [2] : 0x50 (80) [3] : 0x00 (0) [4] : 0x5f (95) [5] : 0x00 (0) [6] : 0x34 (52) [7] : 0x00 (0) [8] : 0x35 (53) [9] : 0x00 (0) [10] : 0x31 (49) [11] : 0x00 (0) [12] : 0x35 (53) [13] : 0x00 (0) [14] : 0x00 (0) [15] : 0x00 (0) size : * size : 0x00000010 (16) length : * length : 0x00000010 (16) result : WERR_OK [2012/08/30 15:27:52.367822, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000001d-0000-0000-3f50-b8beee0b0000 enum_index : 0x00000005 (5) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2012/08/30 15:27:52.369158, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 1D 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.369387, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:52.369518, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0020 (32) size : 0x0024 (36) name : * name : 'Print Processor' type : * type : REG_SZ (1) value : * value: ARRAY(18) [0] : 0x77 (119) [1] : 0x00 (0) [2] : 0x69 (105) [3] : 0x00 (0) [4] : 0x6e (110) [5] : 0x00 (0) [6] : 0x70 (112) [7] : 0x00 (0) [8] : 0x72 (114) [9] : 0x00 (0) [10] : 0x69 (105) [11] : 0x00 (0) [12] : 0x6e (110) [13] : 0x00 (0) [14] : 0x74 (116) [15] : 0x00 (0) [16] : 0x00 (0) [17] : 0x00 (0) size : * size : 0x00000012 (18) length : * length : 0x00000012 (18) result : WERR_OK [2012/08/30 15:27:52.371927, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000001d-0000-0000-3f50-b8beee0b0000 enum_index : 0x00000006 (6) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2012/08/30 15:27:52.373502, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 1D 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.373709, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:52.373837, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0024 (36) name : * name : 'Priority' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2012/08/30 15:27:52.375162, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000001d-0000-0000-3f50-b8beee0b0000 enum_index : 0x00000007 (7) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2012/08/30 15:27:52.376517, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 1D 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.376714, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:52.376837, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0024 (36) name : * name : 'Security' type : * type : REG_BINARY (3) value : * value: ARRAY(248) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x04 (4) [3] : 0x80 (128) [4] : 0x14 (20) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) [8] : 0x24 (36) [9] : 0x00 (0) [10] : 0x00 (0) [11] : 0x00 (0) [12] : 0x00 (0) [13] : 0x00 (0) [14] : 0x00 (0) [15] : 0x00 (0) [16] : 0x34 (52) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) [20] : 0x01 (1) [21] : 0x02 (2) [22] : 0x00 (0) [23] : 0x00 (0) [24] : 0x00 (0) [25] : 0x00 (0) [26] : 0x00 (0) [27] : 0x05 (5) [28] : 0x20 (32) [29] : 0x00 (0) [30] : 0x00 (0) [31] : 0x00 (0) [32] : 0x20 (32) [33] : 0x02 (2) [34] : 0x00 (0) [35] : 0x00 (0) [36] : 0x01 (1) [37] : 0x02 (2) [38] : 0x00 (0) [39] : 0x00 (0) [40] : 0x00 (0) [41] : 0x00 (0) [42] : 0x00 (0) [43] : 0x05 (5) [44] : 0x20 (32) [45] : 0x00 (0) [46] : 0x00 (0) [47] : 0x00 (0) [48] : 0x20 (32) [49] : 0x02 (2) [50] : 0x00 (0) [51] : 0x00 (0) [52] : 0x02 (2) [53] : 0x00 (0) [54] : 0xc4 (196) [55] : 0x00 (0) [56] : 0x07 (7) [57] : 0x00 (0) [58] : 0x00 (0) [59] : 0x00 (0) [60] : 0x00 (0) [61] : 0x02 (2) [62] : 0x14 (20) [63] : 0x00 (0) [64] : 0x08 (8) [65] : 0x00 (0) [66] : 0x02 (2) [67] : 0x20 (32) [68] : 0x01 (1) [69] : 0x01 (1) [70] : 0x00 (0) [71] : 0x00 (0) [72] : 0x00 (0) [73] : 0x00 (0) [74] : 0x00 (0) [75] : 0x01 (1) [76] : 0x00 (0) [77] : 0x00 (0) [78] : 0x00 (0) [79] : 0x00 (0) [80] : 0x00 (0) [81] : 0x09 (9) [82] : 0x24 (36) [83] : 0x00 (0) [84] : 0x0c (12) [85] : 0x00 (0) [86] : 0x0f (15) [87] : 0x10 (16) [88] : 0x01 (1) [89] : 0x05 (5) [90] : 0x00 (0) [91] : 0x00 (0) [92] : 0x00 (0) [93] : 0x00 (0) [94] : 0x00 (0) [95] : 0x05 (5) [96] : 0x15 (21) [97] : 0x00 (0) [98] : 0x00 (0) [99] : 0x00 (0) [100] : 0x1b (27) [101] : 0xea (234) [102] : 0xaf (175) [103] : 0xc2 (194) [104] : 0xc0 (192) [105] : 0x3c (60) [106] : 0x7d (125) [107] : 0xdd (221) [108] : 0x2c (44) [109] : 0x8f (143) [110] : 0x72 (114) [111] : 0xd3 (211) [112] : 0x00 (0) [113] : 0x02 (2) [114] : 0x00 (0) [115] : 0x00 (0) [116] : 0x00 (0) [117] : 0x02 (2) [118] : 0x24 (36) [119] : 0x00 (0) [120] : 0x0c (12) [121] : 0x00 (0) [122] : 0x0f (15) [123] : 0x10 (16) [124] : 0x01 (1) [125] : 0x05 (5) [126] : 0x00 (0) [127] : 0x00 (0) [128] : 0x00 (0) [129] : 0x00 (0) [130] : 0x00 (0) [131] : 0x05 (5) [132] : 0x15 (21) [133] : 0x00 (0) [134] : 0x00 (0) [135] : 0x00 (0) [136] : 0x1b (27) [137] : 0xea (234) [138] : 0xaf (175) [139] : 0xc2 (194) [140] : 0xc0 (192) [141] : 0x3c (60) [142] : 0x7d (125) [143] : 0xdd (221) [144] : 0x2c (44) [145] : 0x8f (143) [146] : 0x72 (114) [147] : 0xd3 (211) [148] : 0x00 (0) [149] : 0x02 (2) [150] : 0x00 (0) [151] : 0x00 (0) [152] : 0x00 (0) [153] : 0x09 (9) [154] : 0x18 (24) [155] : 0x00 (0) [156] : 0x0c (12) [157] : 0x00 (0) [158] : 0x0f (15) [159] : 0x10 (16) [160] : 0x01 (1) [161] : 0x02 (2) [162] : 0x00 (0) [163] : 0x00 (0) [164] : 0x00 (0) [165] : 0x00 (0) [166] : 0x00 (0) [167] : 0x05 (5) [168] : 0x20 (32) [169] : 0x00 (0) [170] : 0x00 (0) [171] : 0x00 (0) [172] : 0x20 (32) [173] : 0x02 (2) [174] : 0x00 (0) [175] : 0x00 (0) [176] : 0x00 (0) [177] : 0x02 (2) [178] : 0x18 (24) [179] : 0x00 (0) [180] : 0x0c (12) [181] : 0x00 (0) [182] : 0x0f (15) [183] : 0x10 (16) [184] : 0x01 (1) [185] : 0x02 (2) [186] : 0x00 (0) [187] : 0x00 (0) [188] : 0x00 (0) [189] : 0x00 (0) [190] : 0x00 (0) [191] : 0x05 (5) [192] : 0x20 (32) [193] : 0x00 (0) [194] : 0x00 (0) [195] : 0x00 (0) [196] : 0x20 (32) [197] : 0x02 (2) [198] : 0x00 (0) [199] : 0x00 (0) [200] : 0x00 (0) [201] : 0x09 (9) [202] : 0x18 (24) [203] : 0x00 (0) [204] : 0x0c (12) [205] : 0x00 (0) [206] : 0x0f (15) [207] : 0x10 (16) [208] : 0x01 (1) [209] : 0x02 (2) [210] : 0x00 (0) [211] : 0x00 (0) [212] : 0x00 (0) [213] : 0x00 (0) [214] : 0x00 (0) [215] : 0x05 (5) [216] : 0x20 (32) [217] : 0x00 (0) [218] : 0x00 (0) [219] : 0x00 (0) [220] : 0x26 (38) [221] : 0x02 (2) [222] : 0x00 (0) [223] : 0x00 (0) [224] : 0x00 (0) [225] : 0x02 (2) [226] : 0x18 (24) [227] : 0x00 (0) [228] : 0x0c (12) [229] : 0x00 (0) [230] : 0x0f (15) [231] : 0x10 (16) [232] : 0x01 (1) [233] : 0x02 (2) [234] : 0x00 (0) [235] : 0x00 (0) [236] : 0x00 (0) [237] : 0x00 (0) [238] : 0x00 (0) [239] : 0x05 (5) [240] : 0x20 (32) [241] : 0x00 (0) [242] : 0x00 (0) [243] : 0x00 (0) [244] : 0x26 (38) [245] : 0x02 (2) [246] : 0x00 (0) [247] : 0x00 (0) size : * size : 0x000000f8 (248) length : * length : 0x000000f8 (248) result : WERR_OK [2012/08/30 15:27:52.394201, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000001d-0000-0000-3f50-b8beee0b0000 enum_index : 0x00000008 (8) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2012/08/30 15:27:52.395629, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 1D 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.396017, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:52.396145, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0016 (22) size : 0x0024 (36) name : * name : 'Share Name' type : * type : REG_SZ (1) value : * value: ARRAY(16) [0] : 0x48 (72) [1] : 0x00 (0) [2] : 0x50 (80) [3] : 0x00 (0) [4] : 0x5f (95) [5] : 0x00 (0) [6] : 0x34 (52) [7] : 0x00 (0) [8] : 0x35 (53) [9] : 0x00 (0) [10] : 0x31 (49) [11] : 0x00 (0) [12] : 0x35 (53) [13] : 0x00 (0) [14] : 0x00 (0) [15] : 0x00 (0) size : * size : 0x00000010 (16) length : * length : 0x00000010 (16) result : WERR_OK [2012/08/30 15:27:52.398261, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000001d-0000-0000-3f50-b8beee0b0000 enum_index : 0x00000009 (9) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2012/08/30 15:27:52.400387, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 1D 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.400615, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:52.400746, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0014 (20) size : 0x0024 (36) name : * name : 'StartTime' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x00 (0) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2012/08/30 15:27:52.402051, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000001d-0000-0000-3f50-b8beee0b0000 enum_index : 0x0000000a (10) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2012/08/30 15:27:52.403312, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 1D 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.403553, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:52.403683, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0014 (20) size : 0x0024 (36) name : * name : 'UntilTime' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x00 (0) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2012/08/30 15:27:52.405052, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000001d-0000-0000-3f50-b8beee0b0000 enum_index : 0x0000000b (11) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2012/08/30 15:27:52.406351, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 1D 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.406544, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:52.406667, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0018 (24) size : 0x0024 (36) name : * name : 'Description' type : * type : REG_SZ (1) value : * value: ARRAY(26) [0] : 0x63 (99) [1] : 0x00 (0) [2] : 0x75 (117) [3] : 0x00 (0) [4] : 0x70 (112) [5] : 0x00 (0) [6] : 0x73 (115) [7] : 0x00 (0) [8] : 0x20 (32) [9] : 0x00 (0) [10] : 0x70 (112) [11] : 0x00 (0) [12] : 0x72 (114) [13] : 0x00 (0) [14] : 0x69 (105) [15] : 0x00 (0) [16] : 0x6e (110) [17] : 0x00 (0) [18] : 0x74 (116) [19] : 0x00 (0) [20] : 0x65 (101) [21] : 0x00 (0) [22] : 0x72 (114) [23] : 0x00 (0) [24] : 0x00 (0) [25] : 0x00 (0) size : * size : 0x0000001a (26) length : * length : 0x0000001a (26) result : WERR_OK [2012/08/30 15:27:52.409606, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000001d-0000-0000-3f50-b8beee0b0000 enum_index : 0x0000000c (12) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2012/08/30 15:27:52.410913, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 1D 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.411216, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:52.411348, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x001e (30) size : 0x0024 (36) name : * name : 'Printer Driver' type : * type : REG_SZ (1) value : * value: ARRAY(16) [0] : 0x48 (72) [1] : 0x00 (0) [2] : 0x50 (80) [3] : 0x00 (0) [4] : 0x5f (95) [5] : 0x00 (0) [6] : 0x34 (52) [7] : 0x00 (0) [8] : 0x35 (53) [9] : 0x00 (0) [10] : 0x31 (49) [11] : 0x00 (0) [12] : 0x35 (53) [13] : 0x00 (0) [14] : 0x00 (0) [15] : 0x00 (0) size : * size : 0x00000010 (16) length : * length : 0x00000010 (16) result : WERR_OK [2012/08/30 15:27:52.413458, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000001d-0000-0000-3f50-b8beee0b0000 enum_index : 0x0000000d (13) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2012/08/30 15:27:52.414748, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 1D 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.414958, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:52.415080, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0024 (36) name : * name : 'Location' type : * type : REG_SZ (1) value : * value: ARRAY(2) [0] : 0x00 (0) [1] : 0x00 (0) size : * size : 0x00000002 (2) length : * length : 0x00000002 (2) result : WERR_OK [2012/08/30 15:27:52.416360, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000001d-0000-0000-3f50-b8beee0b0000 enum_index : 0x0000000e (14) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2012/08/30 15:27:52.417650, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 1D 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.417848, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:52.417970, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0016 (22) size : 0x0024 (36) name : * name : 'Parameters' type : * type : REG_SZ (1) value : * value: ARRAY(2) [0] : 0x00 (0) [1] : 0x00 (0) size : * size : 0x00000002 (2) length : * length : 0x00000002 (2) result : WERR_OK [2012/08/30 15:27:52.419173, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000001d-0000-0000-3f50-b8beee0b0000 enum_index : 0x0000000f (15) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2012/08/30 15:27:52.420669, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 1D 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.420873, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:52.420995, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x001e (30) size : 0x0024 (36) name : * name : 'Separator File' type : * type : REG_SZ (1) value : * value: ARRAY(2) [0] : 0x00 (0) [1] : 0x00 (0) size : * size : 0x00000002 (2) length : * length : 0x00000002 (2) result : WERR_OK [2012/08/30 15:27:52.422186, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000001d-0000-0000-3f50-b8beee0b0000 enum_index : 0x00000010 (16) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2012/08/30 15:27:52.423476, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 1D 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.423683, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:52.423805, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x000e (14) size : 0x0024 (36) name : * name : 'Status' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x00 (0) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2012/08/30 15:27:52.425132, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000001d-0000-0000-3f50-b8beee0b0000 enum_index : 0x00000011 (17) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2012/08/30 15:27:52.426435, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 1D 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.426629, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:52.426750, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0024 (36) name : * name : 'ChangeID' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x09 (9) [1] : 0x7d (125) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2012/08/30 15:27:52.428114, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000001d-0000-0000-3f50-b8beee0b0000 value_name : * value_name: struct winreg_String name_len : 0x0020 (32) name_size : 0x0020 (32) name : * name : 'Default DevMode' type : * type : REG_NONE (0) data : NULL data_size : * data_size : 0x00000000 (0) data_length : * data_length : 0x00000000 (0) [2012/08/30 15:27:52.429546, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 1D 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.429760, 7] rpc_server/winreg/srv_winreg_nt.c:262(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:52.429879, 7] rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2012/08/30 15:27:52.429999, 10] rpc_server/winreg/srv_winreg_nt.c:315(_winreg_QueryValue) _winreg_QueryValue: reg_queryvalue failed with: WERR_BADFILE [2012/08/30 15:27:52.430117, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_NONE (0) data : NULL data_size : * data_size : 0x00000000 (0) data_length : * data_length : 0x00000000 (0) result : WERR_BADFILE [2012/08/30 15:27:52.430819, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM in: struct winreg_OpenHKLM system_name : NULL access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2012/08/30 15:27:52.431672, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2012/08/30 15:27:52.431792, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (4->5) [2012/08/30 15:27:52.431913, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM] [2012/08/30 15:27:52.432029, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM] [2012/08/30 15:27:52.432298, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:52.432413, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM] [2012/08/30 15:27:52.432555, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM] [2012/08/30 15:27:52.432687, 10] ../libcli/security/access_check.c:178(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2012/08/30 15:27:52.432826, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[3] [0000] 00 00 00 00 1E 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.433020, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM out: struct winreg_OpenHKLM handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000001e-0000-0000-3f50-b8beee0b0000 result : WERR_OK [2012/08/30 15:27:52.433517, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey in: struct winreg_OpenKey parent_handle : * parent_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000001e-0000-0000-3f50-b8beee0b0000 keyname: struct winreg_String name_len : 0x0088 (136) name_size : 0x0088 (136) name : * name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2012/08/30 15:27:52.435049, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 1E 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.435262, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2012/08/30 15:27:52.435380, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (5->6) [2012/08/30 15:27:52.435559, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] [2012/08/30 15:27:52.435697, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE] [2012/08/30 15:27:52.435814, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:52.435930, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE] [2012/08/30 15:27:52.436084, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE] [2012/08/30 15:27:52.436252, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2012/08/30 15:27:52.436370, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (6->7) [2012/08/30 15:27:52.436508, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] [2012/08/30 15:27:52.436628, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] [2012/08/30 15:27:52.436746, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:52.436862, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE\Microsoft] [2012/08/30 15:27:52.436996, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft] [2012/08/30 15:27:52.437145, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2012/08/30 15:27:52.437263, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (7->8) [2012/08/30 15:27:52.437383, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] [2012/08/30 15:27:52.437502, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] [2012/08/30 15:27:52.437620, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:52.437800, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] [2012/08/30 15:27:52.437962, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT] [2012/08/30 15:27:52.438094, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2012/08/30 15:27:52.438214, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (8->9) [2012/08/30 15:27:52.438334, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2012/08/30 15:27:52.438454, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2012/08/30 15:27:52.438572, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:52.438688, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b776320 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2012/08/30 15:27:52.438830, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2012/08/30 15:27:52.438967, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (9->10) [2012/08/30 15:27:52.439088, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2012/08/30 15:27:52.439205, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2012/08/30 15:27:52.439324, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:52.439444, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b776320 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2012/08/30 15:27:52.439632, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2012/08/30 15:27:52.439752, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (10->11) [2012/08/30 15:27:52.439876, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2012/08/30 15:27:52.439994, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2012/08/30 15:27:52.440139, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:52.440255, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2012/08/30 15:27:52.440395, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2012/08/30 15:27:52.440531, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [HP_4515] [2012/08/30 15:27:52.440650, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (11->12) [2012/08/30 15:27:52.440771, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:52.440891, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:52.441010, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:52.441126, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:52.441265, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:52.441410, 10] ../libcli/security/access_check.c:178(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2012/08/30 15:27:52.441531, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (12->11) [2012/08/30 15:27:52.441650, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (11->10) [2012/08/30 15:27:52.441771, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (10->9) [2012/08/30 15:27:52.441889, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (9->8) [2012/08/30 15:27:52.442007, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (8->7) [2012/08/30 15:27:52.442125, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (7->6) [2012/08/30 15:27:52.442246, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[4] [0000] 00 00 00 00 1F 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.442441, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey out: struct winreg_OpenKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000001f-0000-0000-3f50-b8beee0b0000 result : WERR_OK [2012/08/30 15:27:52.442933, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000001f-0000-0000-3f50-b8beee0b0000 value_name : * value_name: struct winreg_String name_len : 0x0012 (18) name_size : 0x0012 (18) name : * name : 'Security' type : * type : REG_NONE (0) data : NULL data_size : * data_size : 0x00000000 (0) data_length : * data_length : 0x00000000 (0) [2012/08/30 15:27:52.444327, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 1F 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.444555, 7] rpc_server/winreg/srv_winreg_nt.c:262(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:52.444674, 7] rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2012/08/30 15:27:52.444809, 10] registry/reg_dispatcher.c:150(fetch_reg_values) fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515' (ops 0x7fd50b775f80) [2012/08/30 15:27:52.444929, 10] registry/reg_backend_db.c:1789(regdb_fetch_values_internal) regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:52.445067, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[0]: name[Attributes] len[4] [2012/08/30 15:27:52.445189, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[1]: name[Datatype] len[8] [2012/08/30 15:27:52.445329, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[2]: name[Default Priority] len[4] [2012/08/30 15:27:52.445458, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[3]: name[Port] len[38] [2012/08/30 15:27:52.445579, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[4]: name[Name] len[16] [2012/08/30 15:27:52.445719, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[5]: name[Print Processor] len[18] [2012/08/30 15:27:52.445842, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[6]: name[Priority] len[4] [2012/08/30 15:27:52.445964, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[7]: name[Security] len[248] [2012/08/30 15:27:52.446085, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[8]: name[Share Name] len[16] [2012/08/30 15:27:52.446209, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[9]: name[StartTime] len[4] [2012/08/30 15:27:52.446330, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[10]: name[UntilTime] len[4] [2012/08/30 15:27:52.446452, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[11]: name[Description] len[26] [2012/08/30 15:27:52.446573, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[12]: name[Printer Driver] len[16] [2012/08/30 15:27:52.446697, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[13]: name[Location] len[2] [2012/08/30 15:27:52.446817, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[14]: name[Parameters] len[2] [2012/08/30 15:27:52.446939, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[15]: name[Separator File] len[2] [2012/08/30 15:27:52.447060, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[16]: name[Status] len[4] [2012/08/30 15:27:52.447184, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[17]: name[ChangeID] len[4] [2012/08/30 15:27:52.447309, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_BINARY (3) data : NULL data_size : * data_size : 0x000000f8 (248) data_length : * data_length : 0x00000000 (0) result : WERR_OK [2012/08/30 15:27:52.448056, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000001f-0000-0000-3f50-b8beee0b0000 value_name : * value_name: struct winreg_String name_len : 0x0012 (18) name_size : 0x0012 (18) name : * name : 'Security' type : * type : REG_BINARY (3) data : * data: ARRAY(0) data_size : * data_size : 0x000000f8 (248) data_length : * data_length : 0x00000000 (0) [2012/08/30 15:27:52.449579, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 1F 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.449790, 7] rpc_server/winreg/srv_winreg_nt.c:262(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:52.449911, 7] rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2012/08/30 15:27:52.450052, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_BINARY (3) data : * data: ARRAY(248) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x04 (4) [3] : 0x80 (128) [4] : 0x14 (20) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) [8] : 0x24 (36) [9] : 0x00 (0) [10] : 0x00 (0) [11] : 0x00 (0) [12] : 0x00 (0) [13] : 0x00 (0) [14] : 0x00 (0) [15] : 0x00 (0) [16] : 0x34 (52) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) [20] : 0x01 (1) [21] : 0x02 (2) [22] : 0x00 (0) [23] : 0x00 (0) [24] : 0x00 (0) [25] : 0x00 (0) [26] : 0x00 (0) [27] : 0x05 (5) [28] : 0x20 (32) [29] : 0x00 (0) [30] : 0x00 (0) [31] : 0x00 (0) [32] : 0x20 (32) [33] : 0x02 (2) [34] : 0x00 (0) [35] : 0x00 (0) [36] : 0x01 (1) [37] : 0x02 (2) [38] : 0x00 (0) [39] : 0x00 (0) [40] : 0x00 (0) [41] : 0x00 (0) [42] : 0x00 (0) [43] : 0x05 (5) [44] : 0x20 (32) [45] : 0x00 (0) [46] : 0x00 (0) [47] : 0x00 (0) [48] : 0x20 (32) [49] : 0x02 (2) [50] : 0x00 (0) [51] : 0x00 (0) [52] : 0x02 (2) [53] : 0x00 (0) [54] : 0xc4 (196) [55] : 0x00 (0) [56] : 0x07 (7) [57] : 0x00 (0) [58] : 0x00 (0) [59] : 0x00 (0) [60] : 0x00 (0) [61] : 0x02 (2) [62] : 0x14 (20) [63] : 0x00 (0) [64] : 0x08 (8) [65] : 0x00 (0) [66] : 0x02 (2) [67] : 0x20 (32) [68] : 0x01 (1) [69] : 0x01 (1) [70] : 0x00 (0) [71] : 0x00 (0) [72] : 0x00 (0) [73] : 0x00 (0) [74] : 0x00 (0) [75] : 0x01 (1) [76] : 0x00 (0) [77] : 0x00 (0) [78] : 0x00 (0) [79] : 0x00 (0) [80] : 0x00 (0) [81] : 0x09 (9) [82] : 0x24 (36) [83] : 0x00 (0) [84] : 0x0c (12) [85] : 0x00 (0) [86] : 0x0f (15) [87] : 0x10 (16) [88] : 0x01 (1) [89] : 0x05 (5) [90] : 0x00 (0) [91] : 0x00 (0) [92] : 0x00 (0) [93] : 0x00 (0) [94] : 0x00 (0) [95] : 0x05 (5) [96] : 0x15 (21) [97] : 0x00 (0) [98] : 0x00 (0) [99] : 0x00 (0) [100] : 0x1b (27) [101] : 0xea (234) [102] : 0xaf (175) [103] : 0xc2 (194) [104] : 0xc0 (192) [105] : 0x3c (60) [106] : 0x7d (125) [107] : 0xdd (221) [108] : 0x2c (44) [109] : 0x8f (143) [110] : 0x72 (114) [111] : 0xd3 (211) [112] : 0x00 (0) [113] : 0x02 (2) [114] : 0x00 (0) [115] : 0x00 (0) [116] : 0x00 (0) [117] : 0x02 (2) [118] : 0x24 (36) [119] : 0x00 (0) [120] : 0x0c (12) [121] : 0x00 (0) [122] : 0x0f (15) [123] : 0x10 (16) [124] : 0x01 (1) [125] : 0x05 (5) [126] : 0x00 (0) [127] : 0x00 (0) [128] : 0x00 (0) [129] : 0x00 (0) [130] : 0x00 (0) [131] : 0x05 (5) [132] : 0x15 (21) [133] : 0x00 (0) [134] : 0x00 (0) [135] : 0x00 (0) [136] : 0x1b (27) [137] : 0xea (234) [138] : 0xaf (175) [139] : 0xc2 (194) [140] : 0xc0 (192) [141] : 0x3c (60) [142] : 0x7d (125) [143] : 0xdd (221) [144] : 0x2c (44) [145] : 0x8f (143) [146] : 0x72 (114) [147] : 0xd3 (211) [148] : 0x00 (0) [149] : 0x02 (2) [150] : 0x00 (0) [151] : 0x00 (0) [152] : 0x00 (0) [153] : 0x09 (9) [154] : 0x18 (24) [155] : 0x00 (0) [156] : 0x0c (12) [157] : 0x00 (0) [158] : 0x0f (15) [159] : 0x10 (16) [160] : 0x01 (1) [161] : 0x02 (2) [162] : 0x00 (0) [163] : 0x00 (0) [164] : 0x00 (0) [165] : 0x00 (0) [166] : 0x00 (0) [167] : 0x05 (5) [168] : 0x20 (32) [169] : 0x00 (0) [170] : 0x00 (0) [171] : 0x00 (0) [172] : 0x20 (32) [173] : 0x02 (2) [174] : 0x00 (0) [175] : 0x00 (0) [176] : 0x00 (0) [177] : 0x02 (2) [178] : 0x18 (24) [179] : 0x00 (0) [180] : 0x0c (12) [181] : 0x00 (0) [182] : 0x0f (15) [183] : 0x10 (16) [184] : 0x01 (1) [185] : 0x02 (2) [186] : 0x00 (0) [187] : 0x00 (0) [188] : 0x00 (0) [189] : 0x00 (0) [190] : 0x00 (0) [191] : 0x05 (5) [192] : 0x20 (32) [193] : 0x00 (0) [194] : 0x00 (0) [195] : 0x00 (0) [196] : 0x20 (32) [197] : 0x02 (2) [198] : 0x00 (0) [199] : 0x00 (0) [200] : 0x00 (0) [201] : 0x09 (9) [202] : 0x18 (24) [203] : 0x00 (0) [204] : 0x0c (12) [205] : 0x00 (0) [206] : 0x0f (15) [207] : 0x10 (16) [208] : 0x01 (1) [209] : 0x02 (2) [210] : 0x00 (0) [211] : 0x00 (0) [212] : 0x00 (0) [213] : 0x00 (0) [214] : 0x00 (0) [215] : 0x05 (5) [216] : 0x20 (32) [217] : 0x00 (0) [218] : 0x00 (0) [219] : 0x00 (0) [220] : 0x26 (38) [221] : 0x02 (2) [222] : 0x00 (0) [223] : 0x00 (0) [224] : 0x00 (0) [225] : 0x02 (2) [226] : 0x18 (24) [227] : 0x00 (0) [228] : 0x0c (12) [229] : 0x00 (0) [230] : 0x0f (15) [231] : 0x10 (16) [232] : 0x01 (1) [233] : 0x02 (2) [234] : 0x00 (0) [235] : 0x00 (0) [236] : 0x00 (0) [237] : 0x00 (0) [238] : 0x00 (0) [239] : 0x05 (5) [240] : 0x20 (32) [241] : 0x00 (0) [242] : 0x00 (0) [243] : 0x00 (0) [244] : 0x26 (38) [245] : 0x02 (2) [246] : 0x00 (0) [247] : 0x00 (0) data_size : * data_size : 0x000000f8 (248) data_length : * data_length : 0x000000f8 (248) result : WERR_OK [2012/08/30 15:27:52.466917, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000001f-0000-0000-3f50-b8beee0b0000 [2012/08/30 15:27:52.467347, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 1F 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.467581, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 1F 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.467809, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/08/30 15:27:52.467932, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (6->5) [2012/08/30 15:27:52.468053, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2012/08/30 15:27:52.468721, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000001e-0000-0000-3f50-b8beee0b0000 [2012/08/30 15:27:52.469169, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 1E 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.469364, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 1E 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.469575, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/08/30 15:27:52.469699, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (5->4) [2012/08/30 15:27:52.469937, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2012/08/30 15:27:52.470521, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000001d-0000-0000-3f50-b8beee0b0000 [2012/08/30 15:27:52.470999, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 1D 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.471201, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 1D 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.471395, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/08/30 15:27:52.471635, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (4->3) [2012/08/30 15:27:52.471756, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2012/08/30 15:27:52.472251, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000001c-0000-0000-3f50-b8beee0b0000 [2012/08/30 15:27:52.472710, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 1C 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.472942, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 1C 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.473137, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/08/30 15:27:52.473256, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (3->2) [2012/08/30 15:27:52.473377, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2012/08/30 15:27:52.473921, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) spoolss_GetPrinter: struct spoolss_GetPrinter out: struct spoolss_GetPrinter info : * info : union spoolss_PrinterInfo(case 2) info2: struct spoolss_PrinterInfo2 servername : * servername : '\\orange' printername : * printername : '\\orange\HP_4515' sharename : * sharename : 'HP_4515' portname : * portname : 'Samba Printer Port' drivername : * drivername : 'HP_4515' comment : * comment : 'cups printer' location : * location : '' devmode : * devmode: struct spoolss_DeviceMode devicename : '\\orange\HP_4515' specversion : DMSPEC_NT4_AND_ABOVE (1025) driverversion : 0x0400 (1024) size : 0x00dc (220) __driverextra_length : 0x0000 (0) fields : 0x00014713 (83731) 1: DEVMODE_ORIENTATION 1: DEVMODE_PAPERSIZE 0: DEVMODE_PAPERLENGTH 0: DEVMODE_PAPERWIDTH 1: DEVMODE_SCALE 0: DEVMODE_POSITION 0: DEVMODE_NUP 1: DEVMODE_COPIES 1: DEVMODE_DEFAULTSOURCE 1: DEVMODE_PRINTQUALITY 0: DEVMODE_COLOR 0: DEVMODE_DUPLEX 0: DEVMODE_YRESOLUTION 1: DEVMODE_TTOPTION 0: DEVMODE_COLLATE 1: DEVMODE_FORMNAME 0: DEVMODE_LOGPIXELS 0: DEVMODE_BITSPERPEL 0: DEVMODE_PELSWIDTH 0: DEVMODE_PELSHEIGHT 0: DEVMODE_DISPLAYFLAGS 0: DEVMODE_DISPLAYFREQUENCY 0: DEVMODE_ICMMETHOD 0: DEVMODE_ICMINTENT 0: DEVMODE_MEDIATYPE 0: DEVMODE_DITHERTYPE 0: DEVMODE_PANNINGWIDTH 0: DEVMODE_PANNINGHEIGHT orientation : DMORIENT_PORTRAIT (1) papersize : DMPAPER_LETTER (1) paperlength : 0x0000 (0) paperwidth : 0x0000 (0) scale : 0x0064 (100) copies : 0x0001 (1) defaultsource : DMBIN_FORMSOURCE (15) printquality : DMRES_HIGH (65532) color : DMRES_MONOCHROME (1) duplex : DMDUP_SIMPLEX (1) yresolution : 0x0000 (0) ttoption : DMTT_SUBDEV (3) collate : DMCOLLATE_FALSE (0) formname : 'Letter' logpixels : 0x0000 (0) bitsperpel : 0x00000000 (0) pelswidth : 0x00000000 (0) pelsheight : 0x00000000 (0) displayflags : UNKNOWN_ENUM_VALUE (0) displayfrequency : 0x00000000 (0) icmmethod : UNKNOWN_ENUM_VALUE (0) icmintent : UNKNOWN_ENUM_VALUE (0) mediatype : UNKNOWN_ENUM_VALUE (0) dithertype : UNKNOWN_ENUM_VALUE (0) reserved1 : 0x00000000 (0) reserved2 : 0x00000000 (0) panningwidth : 0x00000000 (0) panningheight : 0x00000000 (0) driverextra_data : DATA_BLOB length=0 sepfile : * sepfile : '' printprocessor : * printprocessor : 'winprint' datatype : * datatype : 'RAW' parameters : * parameters : '' secdesc : * secdesc: struct security_descriptor revision : SECURITY_DESCRIPTOR_REVISION_1 (1) type : 0x8004 (32772) 0: SEC_DESC_OWNER_DEFAULTED 0: SEC_DESC_GROUP_DEFAULTED 1: SEC_DESC_DACL_PRESENT 0: SEC_DESC_DACL_DEFAULTED 0: SEC_DESC_SACL_PRESENT 0: SEC_DESC_SACL_DEFAULTED 0: SEC_DESC_DACL_TRUSTED 0: SEC_DESC_SERVER_SECURITY 0: SEC_DESC_DACL_AUTO_INHERIT_REQ 0: SEC_DESC_SACL_AUTO_INHERIT_REQ 0: SEC_DESC_DACL_AUTO_INHERITED 0: SEC_DESC_SACL_AUTO_INHERITED 0: SEC_DESC_DACL_PROTECTED 0: SEC_DESC_SACL_PROTECTED 0: SEC_DESC_RM_CONTROL_VALID 1: SEC_DESC_SELF_RELATIVE owner_sid : * owner_sid : S-1-5-32-544 group_sid : * group_sid : S-1-5-32-544 sacl : NULL dacl : * dacl: struct security_acl revision : SECURITY_ACL_REVISION_NT4 (2) size : 0x00c4 (196) num_aces : 0x00000007 (7) aces: ARRAY(7) aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x02 (2) 0: SEC_ACE_FLAG_OBJECT_INHERIT 1: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 0: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0014 (20) access_mask : 0x20020008 (537001992) object : union security_ace_object_ctr(case 0) trustee : S-1-1-0 aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x09 (9) 1: SEC_ACE_FLAG_OBJECT_INHERIT 0: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 1: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x09: SEC_ACE_FLAG_VALID_INHERIT (9) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0024 (36) access_mask : 0x100f000c (269418508) object : union security_ace_object_ctr(case 0) trustee : S-1-5-21-3266308635-3715972288-3547500332-512 aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x02 (2) 0: SEC_ACE_FLAG_OBJECT_INHERIT 1: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 0: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0024 (36) access_mask : 0x100f000c (269418508) object : union security_ace_object_ctr(case 0) trustee : S-1-5-21-3266308635-3715972288-3547500332-512 aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x09 (9) 1: SEC_ACE_FLAG_OBJECT_INHERIT 0: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 1: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x09: SEC_ACE_FLAG_VALID_INHERIT (9) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0018 (24) access_mask : 0x100f000c (269418508) object : union security_ace_object_ctr(case 0) trustee : S-1-5-32-544 aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x02 (2) 0: SEC_ACE_FLAG_OBJECT_INHERIT 1: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 0: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0018 (24) access_mask : 0x100f000c (269418508) object : union security_ace_object_ctr(case 0) trustee : S-1-5-32-544 aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x09 (9) 1: SEC_ACE_FLAG_OBJECT_INHERIT 0: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 1: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x09: SEC_ACE_FLAG_VALID_INHERIT (9) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0018 (24) access_mask : 0x100f000c (269418508) object : union security_ace_object_ctr(case 0) trustee : S-1-5-32-550 aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x02 (2) 0: SEC_ACE_FLAG_OBJECT_INHERIT 1: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 0: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0018 (24) access_mask : 0x100f000c (269418508) object : union security_ace_object_ctr(case 0) trustee : S-1-5-32-550 attributes : 0x00001048 (4168) 0: PRINTER_ATTRIBUTE_QUEUED 0: PRINTER_ATTRIBUTE_DIRECT 0: PRINTER_ATTRIBUTE_DEFAULT 1: PRINTER_ATTRIBUTE_SHARED 0: PRINTER_ATTRIBUTE_NETWORK 0: PRINTER_ATTRIBUTE_HIDDEN 1: PRINTER_ATTRIBUTE_LOCAL 0: PRINTER_ATTRIBUTE_ENABLE_DEVQ 0: PRINTER_ATTRIBUTE_KEEPPRINTEDJOBS 0: PRINTER_ATTRIBUTE_DO_COMPLETE_FIRST 0: PRINTER_ATTRIBUTE_WORK_OFFLINE 0: PRINTER_ATTRIBUTE_ENABLE_BIDI 1: PRINTER_ATTRIBUTE_RAW_ONLY 0: PRINTER_ATTRIBUTE_PUBLISHED 0: PRINTER_ATTRIBUTE_FAX 0: PRINTER_ATTRIBUTE_TS priority : 0x00000001 (1) defaultpriority : 0x00000001 (1) starttime : 0x00000000 (0) untiltime : 0x00000000 (0) status : 0x00000000 (0) 0: PRINTER_STATUS_PAUSED 0: PRINTER_STATUS_ERROR 0: PRINTER_STATUS_PENDING_DELETION 0: PRINTER_STATUS_PAPER_JAM 0: PRINTER_STATUS_PAPER_OUT 0: PRINTER_STATUS_MANUAL_FEED 0: PRINTER_STATUS_PAPER_PROBLEM 0: PRINTER_STATUS_OFFLINE 0: PRINTER_STATUS_IO_ACTIVE 0: PRINTER_STATUS_BUSY 0: PRINTER_STATUS_PRINTING 0: PRINTER_STATUS_OUTPUT_BIN_FULL 0: PRINTER_STATUS_NOT_AVAILABLE 0: PRINTER_STATUS_WAITING 0: PRINTER_STATUS_PROCESSING 0: PRINTER_STATUS_INITIALIZING 0: PRINTER_STATUS_WARMING_UP 0: PRINTER_STATUS_TONER_LOW 0: PRINTER_STATUS_NO_TONER 0: PRINTER_STATUS_PAGE_PUNT 0: PRINTER_STATUS_USER_INTERVENTION 0: PRINTER_STATUS_OUT_OF_MEMORY 0: PRINTER_STATUS_DOOR_OPEN 0: PRINTER_STATUS_SERVER_UNKNOWN 0: PRINTER_STATUS_POWER_SAVE cjobs : 0x00000000 (0) averageppm : 0x00000000 (0) needed : * needed : 0x00000308 (776) result : WERR_OK [2012/08/30 15:27:52.491717, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP) api_rpcTNP: called \spoolss successfully [2012/08/30 15:27:52.491855, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 1292 [2012/08/30 15:27:52.492174, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) name: \spoolss len: 1024 [2012/08/30 15:27:52.492298, 10] rpc_server/srv_pipe_hnd.c:346(read_from_internal_pipe) read_from_pipe: \spoolss: fault_state = 0 : data_sent_length = 0, p->out_data.rdata.length = 1264. [2012/08/30 15:27:52.492423, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) &r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_RESPONSE (2) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0508 (1288) auth_length : 0x0000 (0) call_id : 0x00000004 (4) u : union dcerpc_payload(case 2) response: struct dcerpc_response alloc_hint : 0x000004f0 (1264) context_id : 0x0000 (0) cancel_count : 0x00 (0) _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=1264 [0000] 04 00 02 00 E0 04 00 00 CE 04 00 00 AC 04 00 00 ........ ........ [0010] 9C 04 00 00 76 04 00 00 66 04 00 00 4C 04 00 00 ....v... f...L... [0020] 4A 04 00 00 50 03 00 00 48 04 00 00 36 04 00 00 J...P... H...6... [0030] 2E 04 00 00 2C 04 00 00 58 02 00 00 48 10 00 00 ....,... X...H... [0040] 01 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0200] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0210] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0220] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0230] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0240] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0250] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0260] 01 00 04 80 D8 00 00 00 E8 00 00 00 00 00 00 00 ........ ........ [0270] 14 00 00 00 02 00 C4 00 07 00 00 00 00 02 14 00 ........ ........ [0280] 08 00 02 20 01 01 00 00 00 00 00 01 00 00 00 00 ... .... ........ [0290] 00 09 24 00 0C 00 0F 10 01 05 00 00 00 00 00 05 ..$..... ........ [02A0] 15 00 00 00 1B EA AF C2 C0 3C 7D DD 2C 8F 72 D3 ........ .<}.,.r. [02B0] 00 02 00 00 00 02 24 00 0C 00 0F 10 01 05 00 00 ......$. ........ [02C0] 00 00 00 05 15 00 00 00 1B EA AF C2 C0 3C 7D DD ........ .....<}. [02D0] 2C 8F 72 D3 00 02 00 00 00 09 18 00 0C 00 0F 10 ,.r..... ........ [02E0] 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 ........ ... ... [02F0] 00 02 18 00 0C 00 0F 10 01 02 00 00 00 00 00 05 ........ ........ [0300] 20 00 00 00 20 02 00 00 00 09 18 00 0C 00 0F 10 ... ... ........ [0310] 01 02 00 00 00 00 00 05 20 00 00 00 26 02 00 00 ........ ...&... [0320] 00 02 18 00 0C 00 0F 10 01 02 00 00 00 00 00 05 ........ ........ [0330] 20 00 00 00 26 02 00 00 01 02 00 00 00 00 00 05 ...&... ........ [0340] 20 00 00 00 20 02 00 00 01 02 00 00 00 00 00 05 ... ... ........ [0350] 20 00 00 00 20 02 00 00 5C 00 5C 00 6F 00 72 00 ... ... \.\.o.r. [0360] 61 00 6E 00 67 00 65 00 5C 00 48 00 50 00 5F 00 a.n.g.e. \.H.P._. [0370] 34 00 35 00 31 00 35 00 00 00 00 00 00 00 00 00 4.5.1.5. ........ [0380] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0390] 00 00 00 00 00 00 00 00 01 04 00 04 DC 00 00 00 ........ ........ [03A0] 13 47 01 00 01 00 01 00 00 00 00 00 64 00 01 00 .G...... ....d... [03B0] 0F 00 FC FF 01 00 01 00 00 00 03 00 00 00 4C 00 ........ ......L. [03C0] 65 00 74 00 74 00 65 00 72 00 00 00 00 00 00 00 e.t.t.e. r....... [03D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0400] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0410] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0420] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0430] 00 00 00 00 00 00 52 00 41 00 57 00 00 00 77 00 ......R. A.W...w. [0440] 69 00 6E 00 70 00 72 00 69 00 6E 00 74 00 00 00 i.n.p.r. i.n.t... [0450] 00 00 00 00 63 00 75 00 70 00 73 00 20 00 70 00 ....c.u. p.s. .p. [0460] 72 00 69 00 6E 00 74 00 65 00 72 00 00 00 48 00 r.i.n.t. e.r...H. [0470] 50 00 5F 00 34 00 35 00 31 00 35 00 00 00 53 00 P._.4.5. 1.5...S. [0480] 61 00 6D 00 62 00 61 00 20 00 50 00 72 00 69 00 a.m.b.a. .P.r.i. [0490] 6E 00 74 00 65 00 72 00 20 00 50 00 6F 00 72 00 n.t.e.r. .P.o.r. [04A0] 74 00 00 00 48 00 50 00 5F 00 34 00 35 00 31 00 t...H.P. _.4.5.1. [04B0] 35 00 00 00 5C 00 5C 00 6F 00 72 00 61 00 6E 00 5...\.\. o.r.a.n. [04C0] 67 00 65 00 5C 00 48 00 50 00 5F 00 34 00 35 00 g.e.\.H. P._.4.5. [04D0] 31 00 35 00 00 00 5C 00 5C 00 6F 00 72 00 61 00 1.5...\. \.o.r.a. [04E0] 6E 00 67 00 65 00 00 00 08 03 00 00 00 00 00 00 n.g.e... ........ [2012/08/30 15:27:52.499785, 10] rpc_server/srv_pipe_hnd.c:788(np_read_recv) Received 1024 bytes. There is more data outstanding [2012/08/30 15:27:52.499925, 5] smbd/ipc.c:103(send_trans_reply) send_trans_reply: buffer 1024 too large [2012/08/30 15:27:52.500052, 5] smbd/ipc.c:62(copy_trans_params_and_data) copy_trans_params_and_data: params[0..0] data[0..1024] (align 0) [2012/08/30 15:27:52.500171, 3] smbd/error.c:81(error_packet_set) error packet at smbd/ipc.c(137) cmd=37 (SMBtrans) STATUS_BUFFER_OVERFLOW [2012/08/30 15:27:52.500364, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:52.500427, 5] lib/util.c:342(show_msg) size=1080 smb_com=0x25 smb_rcls=5 smb_reh=0 smb_err=32768 smb_flg=136 smb_flg2=51203 smb_tid=1 smb_pid=1080 smb_uid=100 smb_mid=6592 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 1024 (0x400) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 1024 (0x400) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=1025 [2012/08/30 15:27:52.501785, 10] ../lib/util/util.c:415(dump_data) [0000] 00 05 00 02 03 10 00 00 00 08 05 00 00 04 00 00 ........ ........ [0010] 00 F0 04 00 00 00 00 00 00 04 00 02 00 E0 04 00 ........ ........ [0020] 00 CE 04 00 00 AC 04 00 00 9C 04 00 00 76 04 00 ........ .....v.. [0030] 00 66 04 00 00 4C 04 00 00 4A 04 00 00 50 03 00 .f...L.. .J...P.. [0040] 00 48 04 00 00 36 04 00 00 2E 04 00 00 2C 04 00 .H...6.. .....,.. [0050] 00 58 02 00 00 48 10 00 00 01 00 00 00 01 00 00 .X...H.. ........ [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [2012/08/30 15:27:52.506085, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 59 [2012/08/30 15:27:52.506374, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x3b [2012/08/30 15:27:52.506504, 3] smbd/process.c:1662(process_smb) Transaction 25 of length 63 (0 toread) [2012/08/30 15:27:52.506627, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:52.506689, 5] lib/util.c:342(show_msg) size=59 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=100 smb_mid=6656 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]=17755 (0x455B) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 264 (0x108) smb_vwv[ 6]= 264 (0x108) smb_vwv[ 7]=65535 (0xFFFF) smb_vwv[ 8]=65535 (0xFFFF) smb_vwv[ 9]= 264 (0x108) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=0 [2012/08/30 15:27:52.508853, 10] ../lib/util/util.c:415(dump_data) [2012/08/30 15:27:52.508936, 3] smbd/process.c:1467(switch_message) switch message SMBreadX (pid 3054) conn 0x7fd50c02fa20 [2012/08/30 15:27:52.509063, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/08/30 15:27:52.509187, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) name: \spoolss len: 264 [2012/08/30 15:27:52.509309, 10] rpc_server/srv_pipe_hnd.c:325(read_from_internal_pipe) read_from_pipe: \spoolss: current_pdu_len = 1288, current_pdu_sent = 1024 returning 264 bytes. [2012/08/30 15:27:52.509456, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) free_pipe_context: destroying talloc pool of size 4526 [2012/08/30 15:27:52.509587, 10] rpc_server/rpc_handles.c:307(close_policy_by_pipe) close_policy_by_pipe: deleted handle list for pipe \winreg [2012/08/30 15:27:52.509844, 10] rpc_server/srv_pipe_hnd.c:788(np_read_recv) Received 264 bytes. There is more data outstanding [2012/08/30 15:27:52.510060, 3] smbd/pipes.c:485(pipe_read_andx_done) readX-IPC min=264 max=264 nread=264 [2012/08/30 15:27:52.520165, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 128 [2012/08/30 15:27:52.520374, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x80 [2012/08/30 15:27:52.520493, 3] smbd/process.c:1662(process_smb) Transaction 26 of length 132 (0 toread) [2012/08/30 15:27:52.520610, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:52.520674, 5] lib/util.c:342(show_msg) size=128 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=1080 smb_uid=100 smb_mid=6720 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 44 (0x2C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1288 (0x508) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 44 (0x2C) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=17755 (0x455B) smb_bcc=61 [2012/08/30 15:27:52.522372, 10] ../lib/util/util.c:415(dump_data) [0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [0010] 00 05 00 00 03 10 00 00 00 2C 00 00 00 05 00 00 ........ .,...... [0020] 00 14 00 00 00 00 00 1D 00 00 00 00 00 15 00 00 ........ ........ [0030] 00 00 00 00 00 3F 50 B8 BE EE 0B 00 00 .....?P. ..... [2012/08/30 15:27:52.522753, 3] smbd/process.c:1467(switch_message) switch message SMBtrans (pid 3054) conn 0x7fd50c02fa20 [2012/08/30 15:27:52.522872, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/08/30 15:27:52.522997, 3] smbd/ipc.c:560(handle_trans) trans <\PIPE\> data=44 params=0 setup=2 [2012/08/30 15:27:52.523134, 5] smbd/ipc.c:593(handle_trans) calling named_pipe [2012/08/30 15:27:52.523249, 3] smbd/ipc.c:511(named_pipe) named pipe command on <> name [2012/08/30 15:27:52.523365, 5] smbd/ipc.c:434(api_fd_reply) api_fd_reply [2012/08/30 15:27:52.523482, 3] smbd/ipc.c:475(api_fd_reply) Got API command 0x26 on pipe "spoolss" (pnum 455b) [2012/08/30 15:27:52.523647, 10] smbd/ipc.c:477(api_fd_reply) api_fd_reply: p:0x7fd50c02ba70 max_trans_reply: 1288 [2012/08/30 15:27:52.523765, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 44 [2012/08/30 15:27:52.523896, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 44 [2012/08/30 15:27:52.524031, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 44 [2012/08/30 15:27:52.524184, 10] rpc_server/srv_pipe_hnd.c:50(fill_rpc_header) fill_rpc_header: data_to_copy = 44, len_needed_to_complete_hdr = 16, receive_len = 0 [2012/08/30 15:27:52.524302, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 16 [2012/08/30 15:27:52.524419, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 28 [2012/08/30 15:27:52.524537, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 28 [2012/08/30 15:27:52.524655, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 0 [2012/08/30 15:27:52.524771, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 28 [2012/08/30 15:27:52.524887, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 28, incoming data = 28 [2012/08/30 15:27:52.525022, 10] rpc_server/srv_pipe.c:1877(process_complete_pdu) PDU is in Little Endian format! [2012/08/30 15:27:52.525151, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_REQUEST (0) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x002c (44) auth_length : 0x0000 (0) call_id : 0x00000005 (5) u : union dcerpc_payload(case 0) request: struct dcerpc_request alloc_hint : 0x00000014 (20) context_id : 0x0000 (0) opnum : 0x001d (29) object : union dcerpc_object(case 0) empty: struct dcerpc_empty _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=20 [0000] 00 00 00 00 15 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.526669, 10] rpc_server/srv_pipe.c:1890(process_complete_pdu) Processing packet type 0 [2012/08/30 15:27:52.526793, 10] rpc_server/srv_pipe.c:1734(dcesrv_auth_request) Checking request auth. [2012/08/30 15:27:52.527063, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) Requested \PIPE\\spoolss [2012/08/30 15:27:52.527187, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) api_rpcTNP: \spoolss op 0x1d - api_rpcTNP: rpc command: SPOOLSS_CLOSEPRINTER [2012/08/30 15:27:52.527307, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) api_rpc_cmds[29].fn == 0x7fd50aed00b0 [2012/08/30 15:27:52.527431, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) spoolss_ClosePrinter: struct spoolss_ClosePrinter in: struct spoolss_ClosePrinter handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000015-0000-0000-3f50-b8beee0b0000 [2012/08/30 15:27:52.528916, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 15 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.529116, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 15 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.529316, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 15 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.529509, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/08/30 15:27:52.529649, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) spoolss_ClosePrinter: struct spoolss_ClosePrinter out: struct spoolss_ClosePrinter handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2012/08/30 15:27:52.530142, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP) api_rpcTNP: called \spoolss successfully [2012/08/30 15:27:52.530272, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 28 [2012/08/30 15:27:52.530404, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) name: \spoolss len: 1288 [2012/08/30 15:27:52.530524, 10] rpc_server/srv_pipe_hnd.c:346(read_from_internal_pipe) read_from_pipe: \spoolss: fault_state = 0 : data_sent_length = 0, p->out_data.rdata.length = 24. [2012/08/30 15:27:52.530776, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) &r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_RESPONSE (2) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0030 (48) auth_length : 0x0000 (0) call_id : 0x00000005 (5) u : union dcerpc_payload(case 2) response: struct dcerpc_response alloc_hint : 0x00000018 (24) context_id : 0x0000 (0) cancel_count : 0x00 (0) _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=24 [0000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0010] 00 00 00 00 00 00 00 00 ........ [2012/08/30 15:27:52.532386, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) free_pipe_context: destroying talloc pool of size 29 [2012/08/30 15:27:52.532573, 10] rpc_server/srv_pipe_hnd.c:788(np_read_recv) Received 48 bytes. There is no more data outstanding [2012/08/30 15:27:52.532703, 5] smbd/ipc.c:62(copy_trans_params_and_data) copy_trans_params_and_data: params[0..0] data[0..48] (align 0) [2012/08/30 15:27:52.532844, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:52.532906, 5] lib/util.c:342(show_msg) size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=1 smb_pid=1080 smb_uid=100 smb_mid=6720 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [2012/08/30 15:27:52.534270, 10] ../lib/util/util.c:415(dump_data) [0000] 00 05 00 02 03 10 00 00 00 30 00 00 00 05 00 00 ........ .0...... [0010] 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0030] 00 . [2012/08/30 15:27:52.534726, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 102 [2012/08/30 15:27:52.534851, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x66 [2012/08/30 15:27:52.534997, 3] smbd/process.c:1662(process_smb) Transaction 27 of length 106 (0 toread) [2012/08/30 15:27:52.535115, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:52.535175, 5] lib/util.c:342(show_msg) size=102 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=1080 smb_uid=100 smb_mid=6785 smt_wct=24 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 4096 (0x1000) smb_vwv[ 3]= 4096 (0x1000) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]=40704 (0x9F00) smb_vwv[ 8]= 4609 (0x1201) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 1792 (0x700) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 256 (0x100) smb_vwv[18]= 0 (0x0) smb_vwv[19]=16384 (0x4000) smb_vwv[20]=16384 (0x4000) smb_vwv[21]= 512 (0x200) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 768 (0x300) smb_bcc=19 [2012/08/30 15:27:52.537388, 10] ../lib/util/util.c:415(dump_data) [0000] 00 5C 00 73 00 70 00 6F 00 6F 00 6C 00 73 00 73 .\.s.p.o .o.l.s.s [0010] 00 00 00 ... [2012/08/30 15:27:52.537584, 3] smbd/process.c:1467(switch_message) switch message SMBntcreateX (pid 3054) conn 0x7fd50c02fa20 [2012/08/30 15:27:52.537702, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/08/30 15:27:52.537842, 10] smbd/nttrans.c:500(reply_ntcreate_and_X) reply_ntcreate_and_X: flags = 0x10, access_mask = 0x12019f file_attributes = 0x0, share_access = 0x7, create_disposition = 0x1 create_options = 0x400040 root_dir_fid = 0x0, fname = spoolss [2012/08/30 15:27:52.537958, 4] smbd/nttrans.c:288(nt_open_pipe) nt_open_pipe: Opening pipe \spoolss. [2012/08/30 15:27:52.538140, 5] smbd/files.c:140(file_new) allocated file structure 13660, fnum = 17756 (2 used) [2012/08/30 15:27:52.538280, 10] smbd/files.c:705(file_name_hash) file_name_hash: /tmp/spoolss hash 0x7d4e46e5 [2012/08/30 15:27:52.538403, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) Create pipe requested \spoolss [2012/08/30 15:27:52.538527, 10] rpc_server/rpc_handles.c:133(init_pipe_handles) init_pipe_handle_list: pipe_handles ref count = 2 for pipe \spoolss [2012/08/30 15:27:52.538687, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) Created internal pipe \spoolss (pipes_open=0) [2012/08/30 15:27:52.538808, 5] smbd/nttrans.c:377(do_ntcreate_pipe_open) do_ntcreate_pipe_open: open pipe = \spoolss [2012/08/30 15:27:52.539585, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 41 [2012/08/30 15:27:52.539741, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x29 [2012/08/30 15:27:52.539868, 3] smbd/process.c:1662(process_smb) Transaction 28 of length 45 (0 toread) [2012/08/30 15:27:52.539985, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:52.540046, 5] lib/util.c:342(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=100 smb_mid=6849 smt_wct=3 smb_vwv[ 0]=17755 (0x455B) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2012/08/30 15:27:52.541197, 10] ../lib/util/util.c:415(dump_data) [2012/08/30 15:27:52.541267, 3] smbd/process.c:1467(switch_message) switch message SMBclose (pid 3054) conn 0x7fd50c02fa20 [2012/08/30 15:27:52.541385, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/08/30 15:27:52.541503, 3] smbd/reply.c:4848(reply_close) close fd=-1 fnum=17755 (numopen=2) [2012/08/30 15:27:52.541621, 6] smbd/close.c:532(set_close_write_time) close_write_time: Sun Feb 7 01:28:15 2106 [2012/08/30 15:27:52.541762, 5] smbd/files.c:482(file_free) freed files structure 17755 (1 used) [2012/08/30 15:27:52.541881, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:52.541944, 5] lib/util.c:342(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=1 smb_pid=65279 smb_uid=100 smb_mid=6849 smt_wct=0 smb_bcc=0 [2012/08/30 15:27:52.542730, 10] ../lib/util/util.c:415(dump_data) [2012/08/30 15:27:52.543297, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 224 [2012/08/30 15:27:52.543428, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0xe0 [2012/08/30 15:27:52.543618, 3] smbd/process.c:1662(process_smb) Transaction 29 of length 228 (0 toread) [2012/08/30 15:27:52.543738, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:52.543802, 5] lib/util.c:342(show_msg) size=224 smb_com=0x2f smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=100 smb_mid=6913 smt_wct=14 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]=17756 (0x455C) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]=65535 (0xFFFF) smb_vwv[ 6]=65535 (0xFFFF) smb_vwv[ 7]= 8 (0x8) smb_vwv[ 8]= 160 (0xA0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 160 (0xA0) smb_vwv[11]= 64 (0x40) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_bcc=161 [2012/08/30 15:27:52.545402, 10] ../lib/util/util.c:415(dump_data) [0000] EE 05 00 0B 03 10 00 00 00 A0 00 00 00 02 00 00 ........ ........ [0010] 00 B8 10 B8 10 00 00 00 00 03 00 00 00 00 00 01 ........ ........ [0020] 00 78 56 34 12 34 12 CD AB EF 00 01 23 45 67 89 .xV4.4.. ....#Eg. [0030] AB 01 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 ......]. ........ [0040] 00 2B 10 48 60 02 00 00 00 01 00 01 00 78 56 34 .+.H`... .....xV4 [0050] 12 34 12 CD AB EF 00 01 23 45 67 89 AB 01 00 00 .4...... #Eg..... [0060] 00 33 05 71 71 BA BE 37 49 83 19 B5 DB EF 9C CC .3.qq..7 I....... [0070] 36 01 00 00 00 02 00 01 00 78 56 34 12 34 12 CD 6....... .xV4.4.. [0080] AB EF 00 01 23 45 67 89 AB 01 00 00 00 2C 1C B7 ....#Eg. .....,.. [0090] 6C 12 98 40 45 03 00 00 00 00 00 00 00 01 00 00 l..@E... ........ [00A0] 00 . [2012/08/30 15:27:52.546229, 3] smbd/process.c:1467(switch_message) switch message SMBwriteX (pid 3054) conn 0x7fd50c02fa20 [2012/08/30 15:27:52.546350, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/08/30 15:27:52.546469, 6] smbd/pipes.c:300(reply_pipe_write_and_X) reply_pipe_write_and_X: 455c name: spoolss len: 160 [2012/08/30 15:27:52.546606, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 160 [2012/08/30 15:27:52.546724, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 160 [2012/08/30 15:27:52.546841, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 160 [2012/08/30 15:27:52.546970, 10] rpc_server/srv_pipe_hnd.c:50(fill_rpc_header) fill_rpc_header: data_to_copy = 160, len_needed_to_complete_hdr = 16, receive_len = 0 [2012/08/30 15:27:52.547104, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 16 [2012/08/30 15:27:52.547221, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 144 [2012/08/30 15:27:52.547337, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 144 [2012/08/30 15:27:52.547457, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 0 [2012/08/30 15:27:52.547612, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 144 [2012/08/30 15:27:52.547729, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 144, incoming data = 144 [2012/08/30 15:27:52.547847, 10] rpc_server/srv_pipe.c:1877(process_complete_pdu) PDU is in Little Endian format! [2012/08/30 15:27:52.547971, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_BIND (11) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x00a0 (160) auth_length : 0x0000 (0) call_id : 0x00000002 (2) u : union dcerpc_payload(case 11) bind: struct dcerpc_bind max_xmit_frag : 0x10b8 (4280) max_recv_frag : 0x10b8 (4280) assoc_group_id : 0x00000000 (0) num_contexts : 0x03 (3) ctx_list: ARRAY(3) ctx_list: struct dcerpc_ctx_list context_id : 0x0000 (0) num_transfer_syntaxes : 0x01 (1) abstract_syntax: struct ndr_syntax_id uuid : 12345678-1234-abcd-ef00-0123456789ab if_version : 0x00000001 (1) transfer_syntaxes: ARRAY(1) transfer_syntaxes: struct ndr_syntax_id uuid : 8a885d04-1ceb-11c9-9fe8-08002b104860 if_version : 0x00000002 (2) ctx_list: struct dcerpc_ctx_list context_id : 0x0001 (1) num_transfer_syntaxes : 0x01 (1) abstract_syntax: struct ndr_syntax_id uuid : 12345678-1234-abcd-ef00-0123456789ab if_version : 0x00000001 (1) transfer_syntaxes: ARRAY(1) transfer_syntaxes: struct ndr_syntax_id uuid : 71710533-beba-4937-8319-b5dbef9ccc36 if_version : 0x00000001 (1) ctx_list: struct dcerpc_ctx_list context_id : 0x0002 (2) num_transfer_syntaxes : 0x01 (1) abstract_syntax: struct ndr_syntax_id uuid : 12345678-1234-abcd-ef00-0123456789ab if_version : 0x00000001 (1) transfer_syntaxes: ARRAY(1) transfer_syntaxes: struct ndr_syntax_id uuid : 6cb71c2c-9812-4540-0300-000000000000 if_version : 0x00000001 (1) auth_info : DATA_BLOB length=0 [2012/08/30 15:27:52.551355, 10] rpc_server/srv_pipe.c:1890(process_complete_pdu) Processing packet type 11 [2012/08/30 15:27:52.551523, 3] rpc_server/srv_pipe.c:889(api_pipe_bind_req) api_pipe_bind_req: \PIPE\spoolss -> \PIPE\spoolss [2012/08/30 15:27:52.551651, 5] rpc_server/srv_pipe.c:923(api_pipe_bind_req) api_pipe_bind_req: make response. 923 [2012/08/30 15:27:52.551768, 3] rpc_server/srv_pipe.c:339(check_bind_req) check_bind_req for \spoolss [2012/08/30 15:27:52.551888, 3] rpc_server/srv_pipe.c:346(check_bind_req) check_bind_req: \PIPE\spoolss -> \PIPE\spoolss [2012/08/30 15:27:52.552018, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) &r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_BIND_ACK (12) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0044 (68) auth_length : 0x0000 (0) call_id : 0x00000002 (2) u : union dcerpc_payload(case 12) bind_ack: struct dcerpc_bind_ack max_xmit_frag : 0x10b8 (4280) max_recv_frag : 0x10b8 (4280) assoc_group_id : 0x000053f0 (21488) secondary_address_size : 0x000e (14) secondary_address : '\PIPE\spoolss' _pad1 : DATA_BLOB length=0 num_results : 0x01 (1) ctx_list: ARRAY(1) ctx_list: struct dcerpc_ack_ctx result : 0x0000 (0) reason : 0x0000 (0) syntax: struct ndr_syntax_id uuid : 8a885d04-1ceb-11c9-9fe8-08002b104860 if_version : 0x00000002 (2) auth_info : DATA_BLOB length=0 [2012/08/30 15:27:52.553979, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 144 [2012/08/30 15:27:52.554108, 3] smbd/pipes.c:361(pipe_write_andx_done) writeX-IPC nwritten=160 [2012/08/30 15:27:52.555024, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 59 [2012/08/30 15:27:52.555166, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x3b [2012/08/30 15:27:52.555284, 3] smbd/process.c:1662(process_smb) Transaction 30 of length 63 (0 toread) [2012/08/30 15:27:52.555401, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:52.555466, 5] lib/util.c:342(show_msg) size=59 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=100 smb_mid=6977 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]=17756 (0x455C) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 1024 (0x400) smb_vwv[ 6]= 1024 (0x400) smb_vwv[ 7]=65535 (0xFFFF) smb_vwv[ 8]=65535 (0xFFFF) smb_vwv[ 9]= 1024 (0x400) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=0 [2012/08/30 15:27:52.557073, 10] ../lib/util/util.c:415(dump_data) [2012/08/30 15:27:52.557140, 3] smbd/process.c:1467(switch_message) switch message SMBreadX (pid 3054) conn 0x7fd50c02fa20 [2012/08/30 15:27:52.557259, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/08/30 15:27:52.557382, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) name: \spoolss len: 1024 [2012/08/30 15:27:52.557503, 10] rpc_server/srv_pipe_hnd.c:325(read_from_internal_pipe) read_from_pipe: \spoolss: current_pdu_len = 68, current_pdu_sent = 0 returning 68 bytes. [2012/08/30 15:27:52.557635, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) free_pipe_context: destroying talloc pool of size 29 [2012/08/30 15:27:52.557759, 10] rpc_server/srv_pipe_hnd.c:788(np_read_recv) Received 68 bytes. There is no more data outstanding [2012/08/30 15:27:52.557877, 3] smbd/pipes.c:485(pipe_read_andx_done) readX-IPC min=1024 max=1024 nread=68 [2012/08/30 15:27:52.558662, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 292 [2012/08/30 15:27:52.558798, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x124 [2012/08/30 15:27:52.558916, 3] smbd/process.c:1662(process_smb) Transaction 31 of length 296 (0 toread) [2012/08/30 15:27:52.559033, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:52.559094, 5] lib/util.c:342(show_msg) size=292 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=1080 smb_uid=100 smb_mid=7041 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 208 (0xD0) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 208 (0xD0) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=17756 (0x455C) smb_bcc=225 [2012/08/30 15:27:52.560816, 10] ../lib/util/util.c:415(dump_data) [0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [0010] 00 05 00 00 03 10 00 00 00 D0 00 00 00 02 00 00 ........ ........ [0020] 00 B8 00 00 00 00 00 45 00 00 00 02 00 11 00 00 .......E ........ [0030] 00 00 00 00 00 11 00 00 00 5C 00 5C 00 6F 00 72 ........ .\.\.o.r [0040] 00 61 00 6E 00 67 00 65 00 5C 00 48 00 50 00 5F .a.n.g.e .\.H.P._ [0050] 00 34 00 35 00 31 00 35 00 00 00 00 00 00 00 00 .4.5.1.5 ........ [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 ........ ........ [0070] 00 01 00 00 00 04 00 02 00 28 00 00 00 08 00 02 ........ .(...... [0080] 00 0C 00 02 00 B1 1D 00 00 03 00 00 00 00 00 00 ........ ........ [0090] 00 09 00 00 00 07 00 00 00 00 00 00 00 07 00 00 ........ ........ [00A0] 00 50 00 41 00 4E 00 41 00 4D 00 41 00 00 00 00 .P.A.N.A .M.A.... [00B0] 00 12 00 00 00 00 00 00 00 12 00 00 00 41 00 43 ........ .....A.C [00C0] 00 52 00 5C 00 61 00 64 00 6D 00 69 00 6E 00 69 .R.\.a.d .m.i.n.i [00D0] 00 73 00 74 00 72 00 61 00 74 00 6F 00 72 00 00 .s.t.r.a .t.o.r.. [00E0] 00 . [2012/08/30 15:27:52.561904, 3] smbd/process.c:1467(switch_message) switch message SMBtrans (pid 3054) conn 0x7fd50c02fa20 [2012/08/30 15:27:52.562022, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/08/30 15:27:52.562144, 3] smbd/ipc.c:560(handle_trans) trans <\PIPE\> data=208 params=0 setup=2 [2012/08/30 15:27:52.562264, 5] smbd/ipc.c:593(handle_trans) calling named_pipe [2012/08/30 15:27:52.562380, 3] smbd/ipc.c:511(named_pipe) named pipe command on <> name [2012/08/30 15:27:52.562496, 5] smbd/ipc.c:434(api_fd_reply) api_fd_reply [2012/08/30 15:27:52.562612, 3] smbd/ipc.c:475(api_fd_reply) Got API command 0x26 on pipe "spoolss" (pnum 455c) [2012/08/30 15:27:52.562746, 10] smbd/ipc.c:477(api_fd_reply) api_fd_reply: p:0x7fd50c026d50 max_trans_reply: 1024 [2012/08/30 15:27:52.562864, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 208 [2012/08/30 15:27:52.562981, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 208 [2012/08/30 15:27:52.563098, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 208 [2012/08/30 15:27:52.563215, 10] rpc_server/srv_pipe_hnd.c:50(fill_rpc_header) fill_rpc_header: data_to_copy = 208, len_needed_to_complete_hdr = 16, receive_len = 0 [2012/08/30 15:27:52.563338, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 16 [2012/08/30 15:27:52.563455, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 192 [2012/08/30 15:27:52.563607, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 192 [2012/08/30 15:27:52.563728, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 0 [2012/08/30 15:27:52.563844, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 192 [2012/08/30 15:27:52.563960, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 192, incoming data = 192 [2012/08/30 15:27:52.564230, 10] rpc_server/srv_pipe.c:1877(process_complete_pdu) PDU is in Little Endian format! [2012/08/30 15:27:52.564354, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_REQUEST (0) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x00d0 (208) auth_length : 0x0000 (0) call_id : 0x00000002 (2) u : union dcerpc_payload(case 0) request: struct dcerpc_request alloc_hint : 0x000000b8 (184) context_id : 0x0000 (0) opnum : 0x0045 (69) object : union dcerpc_object(case 0) empty: struct dcerpc_empty _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=184 [0000] 00 00 02 00 11 00 00 00 00 00 00 00 11 00 00 00 ........ ........ [0010] 5C 00 5C 00 6F 00 72 00 61 00 6E 00 67 00 65 00 \.\.o.r. a.n.g.e. [0020] 5C 00 48 00 50 00 5F 00 34 00 35 00 31 00 35 00 \.H.P._. 4.5.1.5. [0030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0040] 00 00 00 00 01 00 00 00 01 00 00 00 04 00 02 00 ........ ........ [0050] 28 00 00 00 08 00 02 00 0C 00 02 00 B1 1D 00 00 (....... ........ [0060] 03 00 00 00 00 00 00 00 09 00 00 00 07 00 00 00 ........ ........ [0070] 00 00 00 00 07 00 00 00 50 00 41 00 4E 00 41 00 ........ P.A.N.A. [0080] 4D 00 41 00 00 00 00 00 12 00 00 00 00 00 00 00 M.A..... ........ [0090] 12 00 00 00 41 00 43 00 52 00 5C 00 61 00 64 00 ....A.C. R.\.a.d. [00A0] 6D 00 69 00 6E 00 69 00 73 00 74 00 72 00 61 00 m.i.n.i. s.t.r.a. [00B0] 74 00 6F 00 72 00 00 00 t.o.r... [2012/08/30 15:27:52.566621, 10] rpc_server/srv_pipe.c:1890(process_complete_pdu) Processing packet type 0 [2012/08/30 15:27:52.566741, 10] rpc_server/srv_pipe.c:1734(dcesrv_auth_request) Checking request auth. [2012/08/30 15:27:52.566875, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) Requested \PIPE\\spoolss [2012/08/30 15:27:52.566995, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) api_rpcTNP: \spoolss op 0x45 - api_rpcTNP: rpc command: SPOOLSS_OPENPRINTEREX [2012/08/30 15:27:52.567114, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) api_rpc_cmds[69].fn == 0x7fd50aec9b10 [2012/08/30 15:27:52.567236, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) spoolss_OpenPrinterEx: struct spoolss_OpenPrinterEx in: struct spoolss_OpenPrinterEx printername : * printername : '\\orange\HP_4515' datatype : NULL devmode_ctr: struct spoolss_DevmodeContainer _ndr_size : 0x00000000 (0) devmode : NULL access_mask : 0x00000000 (0) 0: SERVER_ACCESS_ADMINISTER 0: SERVER_ACCESS_ENUMERATE 0: PRINTER_ACCESS_ADMINISTER 0: PRINTER_ACCESS_USE 0: JOB_ACCESS_ADMINISTER 0: JOB_ACCESS_READ level : 0x00000001 (1) userlevel : union spoolss_UserLevel(case 1) level1 : * level1: struct spoolss_UserLevel1 size : 0x00000028 (40) client : * client : 'PANAMA' user : * user : 'ACR\administrator' build : 0x00001db1 (7601) major : UNKNOWN_ENUM_VALUE (3) minor : SPOOLSS_MINOR_VERSION_0 (0) processor : PROCESSOR_ARCHITECTURE_AMD64 (9) checking name: \\orange\HP_4515 [2012/08/30 15:27:52.569045, 10] rpc_server/spoolss/srv_spoolss_nt.c:752(open_printer_hnd) open_printer_hnd: name [\\orange\HP_4515] [2012/08/30 15:27:52.569167, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[1] [0000] 00 00 00 00 20 00 00 00 00 00 00 00 3F 50 B8 BE .... ... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.569361, 3] rpc_server/spoolss/srv_spoolss_nt.c:521(set_printer_hnd_printertype) Setting printer type=\\orange\HP_4515 Printer is a printer [2012/08/30 15:27:52.569557, 4] rpc_server/spoolss/srv_spoolss_nt.c:581(set_printer_hnd_name) Setting printer name=\\orange\HP_4515 (len=16) searching for [HP_4515] [2012/08/30 15:27:52.569753, 10] lib/gencache.c:183(gencache_set_data_blob) Adding cache entry with key = PRINTERNAME/HP_4515 and timeout = Thu Aug 30 15:32:52 2012 (300 seconds ahead) set_printer_hnd_name: Printer found: HP_4515 -> HP_4515 [2012/08/30 15:27:52.570001, 5] rpc_server/spoolss/srv_spoolss_nt.c:788(open_printer_hnd) 1 printer handles active [2012/08/30 15:27:52.570118, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 20 00 00 00 00 00 00 00 3F 50 B8 BE .... ... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.570312, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 20 00 00 00 00 00 00 00 3F 50 B8 BE .... ... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.570532, 4] rpc_server/spoolss/srv_spoolss_nt.c:504(get_printer_snum) short name:HP_4515 [2012/08/30 15:27:52.570657, 3] lib/access.c:338(allow_access) Allowed connection from 192.168.30.50 (192.168.30.50) [2012/08/30 15:27:52.573851, 3] ../libcli/security/dom_sid.c:208(dom_sid_parse_endp) string_to_sid: SID root is not in a valid format [2012/08/30 15:27:52.574037, 10] passdb/lookup_sid.c:76(lookup_name) lookup_name: ACR\root => domain=[ACR], name=[root] [2012/08/30 15:27:52.574159, 10] passdb/lookup_sid.c:77(lookup_name) lookup_name: flags = 0x073 [2012/08/30 15:27:52.574281, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(10000, 513) : sec_ctx_stack_ndx = 1 [2012/08/30 15:27:52.574405, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(100) : conn_ctx_stack_ndx = 0 [2012/08/30 15:27:52.574523, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2012/08/30 15:27:52.574641, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2012/08/30 15:27:52.574758, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2012/08/30 15:27:52.574993, 5] lib/smbldap.c:1439(smbldap_search_ext) smbldap_search_ext: base => [dc=acr,dc=lab], filter => [(&(uid=root)(objectclass=sambaSamAccount))], scope => [2] [2012/08/30 15:27:52.576464, 4] passdb/pdb_ldap.c:1581(ldapsam_getsampwnam) ldapsam_getsampwnam: Unable to locate user [root] count=0 [2012/08/30 15:27:52.576661, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (10000, 513) - sec_ctx_stack_ndx = 0 [2012/08/30 15:27:52.576809, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(10000, 513) : sec_ctx_stack_ndx = 1 [2012/08/30 15:27:52.576977, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(100) : conn_ctx_stack_ndx = 0 [2012/08/30 15:27:52.577120, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2012/08/30 15:27:52.577260, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2012/08/30 15:27:52.577416, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2012/08/30 15:27:52.577631, 5] lib/smbldap.c:1439(smbldap_search_ext) smbldap_search_ext: base => [dc=acr,dc=lab], filter => [(&(objectClass=sambaGroupMapping)(|(displayName=root)(cn=root)))], scope => [2] [2012/08/30 15:27:52.579616, 4] passdb/pdb_ldap.c:2543(ldapsam_getgroup) ldapsam_getgroup: Did not find group, filter was (&(objectClass=sambaGroupMapping)(|(displayName=root)(cn=root))) [2012/08/30 15:27:52.579796, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (10000, 513) - sec_ctx_stack_ndx = 0 [2012/08/30 15:27:52.579941, 10] passdb/lookup_sid.c:76(lookup_name) lookup_name: Unix User\root => domain=[Unix User], name=[root] [2012/08/30 15:27:52.580060, 10] passdb/lookup_sid.c:77(lookup_name) lookup_name: flags = 0x073 [2012/08/30 15:27:52.580189, 5] lib/username.c:171(Get_Pwnam_alloc) Finding user root [2012/08/30 15:27:52.580306, 5] lib/username.c:116(Get_Pwnam_internals) Trying _Get_Pwnam(), username as lowercase is root [2012/08/30 15:27:52.580480, 5] lib/username.c:149(Get_Pwnam_internals) Get_Pwnam_internals did find user [root]! [2012/08/30 15:27:52.580603, 10] smbd/share_access.c:241(user_ok_token) user_ok_token: share HP_4515 is ok for unix user administrator [2012/08/30 15:27:52.580752, 4] rpc_server/spoolss/srv_spoolss_nt.c:1923(_spoolss_OpenPrinterEx) Setting printer access = PRINTER_ACCESS_USE [2012/08/30 15:27:52.580875, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) Create pipe requested \winreg [2012/08/30 15:27:52.581002, 10] rpc_server/rpc_handles.c:116(init_pipe_handles) init_pipe_handle_list: created handle list for pipe \winreg [2012/08/30 15:27:52.581121, 10] rpc_server/rpc_handles.c:133(init_pipe_handles) init_pipe_handle_list: pipe_handles ref count = 1 for pipe \winreg [2012/08/30 15:27:52.581244, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) Created internal pipe \winreg (pipes_open=0) [2012/08/30 15:27:52.581379, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM in: struct winreg_OpenHKLM system_name : NULL access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2012/08/30 15:27:52.582144, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2012/08/30 15:27:52.582265, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (2->3) [2012/08/30 15:27:52.582387, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM] [2012/08/30 15:27:52.582507, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM] [2012/08/30 15:27:52.582637, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:52.582754, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM] [2012/08/30 15:27:52.582901, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM] [2012/08/30 15:27:52.583036, 10] ../libcli/security/access_check.c:178(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2012/08/30 15:27:52.583158, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[1] [0000] 00 00 00 00 21 00 00 00 00 00 00 00 3F 50 B8 BE ....!... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.583356, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM out: struct winreg_OpenHKLM handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000021-0000-0000-3f50-b8beee0b0000 result : WERR_OK [2012/08/30 15:27:52.583901, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey in: struct winreg_OpenKey parent_handle : * parent_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000021-0000-0000-3f50-b8beee0b0000 keyname: struct winreg_String name_len : 0x0088 (136) name_size : 0x0088 (136) name : * name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2012/08/30 15:27:52.585473, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 21 00 00 00 00 00 00 00 3F 50 B8 BE ....!... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.585696, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2012/08/30 15:27:52.585818, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (3->4) [2012/08/30 15:27:52.585940, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] [2012/08/30 15:27:52.586062, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE] [2012/08/30 15:27:52.586182, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:52.586298, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE] [2012/08/30 15:27:52.586450, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE] [2012/08/30 15:27:52.586591, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2012/08/30 15:27:52.586713, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (4->5) [2012/08/30 15:27:52.586845, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] [2012/08/30 15:27:52.586963, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] [2012/08/30 15:27:52.587105, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:52.587221, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE\Microsoft] [2012/08/30 15:27:52.587361, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft] [2012/08/30 15:27:52.587550, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2012/08/30 15:27:52.587680, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (5->6) [2012/08/30 15:27:52.587802, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] [2012/08/30 15:27:52.587920, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] [2012/08/30 15:27:52.588038, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:52.588414, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] [2012/08/30 15:27:52.588551, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT] [2012/08/30 15:27:52.588717, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2012/08/30 15:27:52.588838, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (6->7) [2012/08/30 15:27:52.588960, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2012/08/30 15:27:52.589099, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2012/08/30 15:27:52.589224, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:52.589341, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b776320 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2012/08/30 15:27:52.589491, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2012/08/30 15:27:52.589613, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (7->8) [2012/08/30 15:27:52.589765, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2012/08/30 15:27:52.589884, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2012/08/30 15:27:52.590004, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:52.590120, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b776320 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2012/08/30 15:27:52.590277, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2012/08/30 15:27:52.590398, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (8->9) [2012/08/30 15:27:52.590519, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2012/08/30 15:27:52.590638, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2012/08/30 15:27:52.590761, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:52.590878, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2012/08/30 15:27:52.591468, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2012/08/30 15:27:52.591657, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [HP_4515] [2012/08/30 15:27:52.591782, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (9->10) [2012/08/30 15:27:52.591905, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:52.592025, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:52.592146, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:52.592306, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:52.592452, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:52.592589, 10] ../libcli/security/access_check.c:178(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2012/08/30 15:27:52.592711, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (10->9) [2012/08/30 15:27:52.592834, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (9->8) [2012/08/30 15:27:52.592955, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (8->7) [2012/08/30 15:27:52.593074, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (7->6) [2012/08/30 15:27:52.593193, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (6->5) [2012/08/30 15:27:52.593331, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (5->4) [2012/08/30 15:27:52.593453, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[2] [0000] 00 00 00 00 22 00 00 00 00 00 00 00 3F 50 B8 BE ...."... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.593652, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey out: struct winreg_OpenKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000022-0000-0000-3f50-b8beee0b0000 result : WERR_OK [2012/08/30 15:27:52.594147, 2] rpc_client/cli_winreg_spoolss.c:898(winreg_create_printer) winreg_create_printer: Skipping, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515 already exists [2012/08/30 15:27:52.594279, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000022-0000-0000-3f50-b8beee0b0000 [2012/08/30 15:27:52.594711, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 22 00 00 00 00 00 00 00 3F 50 B8 BE ...."... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.594925, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 22 00 00 00 00 00 00 00 3F 50 B8 BE ...."... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.595130, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/08/30 15:27:52.595250, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (4->3) [2012/08/30 15:27:52.595388, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2012/08/30 15:27:52.596100, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000021-0000-0000-3f50-b8beee0b0000 [2012/08/30 15:27:52.596567, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 21 00 00 00 00 00 00 00 3F 50 B8 BE ....!... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.596764, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 21 00 00 00 00 00 00 00 3F 50 B8 BE ....!... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.596975, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/08/30 15:27:52.597095, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (3->2) [2012/08/30 15:27:52.597213, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2012/08/30 15:27:52.597695, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) spoolss_OpenPrinterEx: struct spoolss_OpenPrinterEx out: struct spoolss_OpenPrinterEx handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000020-0000-0000-3f50-b8beee0b0000 result : WERR_OK [2012/08/30 15:27:52.598174, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP) api_rpcTNP: called \spoolss successfully [2012/08/30 15:27:52.598301, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 192 [2012/08/30 15:27:52.598434, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) name: \spoolss len: 1024 [2012/08/30 15:27:52.598554, 10] rpc_server/srv_pipe_hnd.c:346(read_from_internal_pipe) read_from_pipe: \spoolss: fault_state = 0 : data_sent_length = 0, p->out_data.rdata.length = 24. [2012/08/30 15:27:52.598680, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) &r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_RESPONSE (2) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0030 (48) auth_length : 0x0000 (0) call_id : 0x00000002 (2) u : union dcerpc_payload(case 2) response: struct dcerpc_response alloc_hint : 0x00000018 (24) context_id : 0x0000 (0) cancel_count : 0x00 (0) _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=24 [0000] 00 00 00 00 20 00 00 00 00 00 00 00 3F 50 B8 BE .... ... ....?P.. [0010] EE 0B 00 00 00 00 00 00 ........ [2012/08/30 15:27:52.600287, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) free_pipe_context: destroying talloc pool of size 1460 [2012/08/30 15:27:52.600410, 10] rpc_server/rpc_handles.c:307(close_policy_by_pipe) close_policy_by_pipe: deleted handle list for pipe \winreg [2012/08/30 15:27:52.600555, 10] rpc_server/srv_pipe_hnd.c:788(np_read_recv) Received 48 bytes. There is no more data outstanding [2012/08/30 15:27:52.600675, 5] smbd/ipc.c:62(copy_trans_params_and_data) copy_trans_params_and_data: params[0..0] data[0..48] (align 0) [2012/08/30 15:27:52.600793, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:52.600855, 5] lib/util.c:342(show_msg) size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=1 smb_pid=1080 smb_uid=100 smb_mid=7041 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [2012/08/30 15:27:52.602236, 10] ../lib/util/util.c:415(dump_data) [0000] 00 05 00 02 03 10 00 00 00 30 00 00 00 02 00 00 ........ .0...... [0010] 00 18 00 00 00 00 00 00 00 00 00 00 00 20 00 00 ........ ..... .. [0020] 00 00 00 00 00 3F 50 B8 BE EE 0B 00 00 00 00 00 .....?P. ........ [0030] 00 . [2012/08/30 15:27:52.605310, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 140 [2012/08/30 15:27:52.605592, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x8c [2012/08/30 15:27:52.605725, 3] smbd/process.c:1662(process_smb) Transaction 32 of length 144 (0 toread) [2012/08/30 15:27:52.605844, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:52.605905, 5] lib/util.c:342(show_msg) size=140 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=1080 smb_uid=100 smb_mid=7105 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 56 (0x38) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 56 (0x38) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=17756 (0x455C) smb_bcc=73 [2012/08/30 15:27:52.607688, 10] ../lib/util/util.c:415(dump_data) [0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [0010] 00 05 00 00 03 10 00 00 00 38 00 00 00 03 00 00 ........ .8...... [0020] 00 20 00 00 00 00 00 08 00 00 00 00 00 20 00 00 . ...... ..... .. [0030] 00 00 00 00 00 3F 50 B8 BE EE 0B 00 00 02 00 00 .....?P. ........ [0040] 00 00 00 00 00 00 00 00 00 ........ . [2012/08/30 15:27:52.608169, 3] smbd/process.c:1467(switch_message) switch message SMBtrans (pid 3054) conn 0x7fd50c02fa20 [2012/08/30 15:27:52.608307, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/08/30 15:27:52.608449, 3] smbd/ipc.c:560(handle_trans) trans <\PIPE\> data=56 params=0 setup=2 [2012/08/30 15:27:52.608586, 5] smbd/ipc.c:593(handle_trans) calling named_pipe [2012/08/30 15:27:52.608705, 3] smbd/ipc.c:511(named_pipe) named pipe command on <> name [2012/08/30 15:27:52.608833, 5] smbd/ipc.c:434(api_fd_reply) api_fd_reply [2012/08/30 15:27:52.608959, 3] smbd/ipc.c:475(api_fd_reply) Got API command 0x26 on pipe "spoolss" (pnum 455c) [2012/08/30 15:27:52.609089, 10] smbd/ipc.c:477(api_fd_reply) api_fd_reply: p:0x7fd50c026d50 max_trans_reply: 1024 [2012/08/30 15:27:52.609208, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 56 [2012/08/30 15:27:52.609352, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 56 [2012/08/30 15:27:52.609486, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 56 [2012/08/30 15:27:52.609620, 10] rpc_server/srv_pipe_hnd.c:50(fill_rpc_header) fill_rpc_header: data_to_copy = 56, len_needed_to_complete_hdr = 16, receive_len = 0 [2012/08/30 15:27:52.609754, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 16 [2012/08/30 15:27:52.609873, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 40 [2012/08/30 15:27:52.609991, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 40 [2012/08/30 15:27:52.610121, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 0 [2012/08/30 15:27:52.610246, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 40 [2012/08/30 15:27:52.610365, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 40, incoming data = 40 [2012/08/30 15:27:52.610623, 10] rpc_server/srv_pipe.c:1877(process_complete_pdu) PDU is in Little Endian format! [2012/08/30 15:27:52.610752, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_REQUEST (0) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0038 (56) auth_length : 0x0000 (0) call_id : 0x00000003 (3) u : union dcerpc_payload(case 0) request: struct dcerpc_request alloc_hint : 0x00000020 (32) context_id : 0x0000 (0) opnum : 0x0008 (8) object : union dcerpc_object(case 0) empty: struct dcerpc_empty _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=32 [0000] 00 00 00 00 20 00 00 00 00 00 00 00 3F 50 B8 BE .... ... ....?P.. [0010] EE 0B 00 00 02 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [2012/08/30 15:27:52.612678, 10] rpc_server/srv_pipe.c:1890(process_complete_pdu) Processing packet type 0 [2012/08/30 15:27:52.612823, 10] rpc_server/srv_pipe.c:1734(dcesrv_auth_request) Checking request auth. [2012/08/30 15:27:52.612990, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) Requested \PIPE\\spoolss [2012/08/30 15:27:52.613132, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) api_rpcTNP: \spoolss op 0x8 - api_rpcTNP: rpc command: SPOOLSS_GETPRINTER [2012/08/30 15:27:52.613270, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) api_rpc_cmds[8].fn == 0x7fd50aed3850 [2012/08/30 15:27:52.613395, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) spoolss_GetPrinter: struct spoolss_GetPrinter in: struct spoolss_GetPrinter handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000020-0000-0000-3f50-b8beee0b0000 level : 0x00000002 (2) buffer : NULL offered : 0x00000000 (0) [2012/08/30 15:27:52.614037, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 20 00 00 00 00 00 00 00 3F 50 B8 BE .... ... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.614270, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 20 00 00 00 00 00 00 00 3F 50 B8 BE .... ... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.614482, 4] rpc_server/spoolss/srv_spoolss_nt.c:504(get_printer_snum) short name:HP_4515 [2012/08/30 15:27:52.614644, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) Create pipe requested \winreg [2012/08/30 15:27:52.614785, 10] rpc_server/rpc_handles.c:116(init_pipe_handles) init_pipe_handle_list: created handle list for pipe \winreg [2012/08/30 15:27:52.614904, 10] rpc_server/rpc_handles.c:133(init_pipe_handles) init_pipe_handle_list: pipe_handles ref count = 1 for pipe \winreg [2012/08/30 15:27:52.615045, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) Created internal pipe \winreg (pipes_open=0) [2012/08/30 15:27:52.615196, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM in: struct winreg_OpenHKLM system_name : NULL access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2012/08/30 15:27:52.616100, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2012/08/30 15:27:52.616224, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (2->3) [2012/08/30 15:27:52.616346, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM] [2012/08/30 15:27:52.616463, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM] [2012/08/30 15:27:52.616597, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:52.616716, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM] [2012/08/30 15:27:52.616862, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM] [2012/08/30 15:27:52.616996, 10] ../libcli/security/access_check.c:178(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2012/08/30 15:27:52.617135, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[1] [0000] 00 00 00 00 23 00 00 00 00 00 00 00 3F 50 B8 BE ....#... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.617332, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM out: struct winreg_OpenHKLM handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000023-0000-0000-3f50-b8beee0b0000 result : WERR_OK [2012/08/30 15:27:52.617857, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey in: struct winreg_OpenKey parent_handle : * parent_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000023-0000-0000-3f50-b8beee0b0000 keyname: struct winreg_String name_len : 0x0088 (136) name_size : 0x0088 (136) name : * name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2012/08/30 15:27:52.619529, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 23 00 00 00 00 00 00 00 3F 50 B8 BE ....#... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.619751, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2012/08/30 15:27:52.619887, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (3->4) [2012/08/30 15:27:52.620032, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] [2012/08/30 15:27:52.620152, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE] [2012/08/30 15:27:52.620287, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:52.620428, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE] [2012/08/30 15:27:52.620572, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE] [2012/08/30 15:27:52.620708, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2012/08/30 15:27:52.620844, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (4->5) [2012/08/30 15:27:52.620967, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] [2012/08/30 15:27:52.621086, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] [2012/08/30 15:27:52.621206, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:52.621322, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE\Microsoft] [2012/08/30 15:27:52.621471, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft] [2012/08/30 15:27:52.621640, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2012/08/30 15:27:52.621758, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (5->6) [2012/08/30 15:27:52.621895, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] [2012/08/30 15:27:52.622028, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] [2012/08/30 15:27:52.622162, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:52.622295, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] [2012/08/30 15:27:52.622444, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT] [2012/08/30 15:27:52.622578, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2012/08/30 15:27:52.622721, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (6->7) [2012/08/30 15:27:52.622872, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2012/08/30 15:27:52.622992, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2012/08/30 15:27:52.623112, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:52.623231, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b776320 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2012/08/30 15:27:52.623376, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2012/08/30 15:27:52.623552, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (7->8) [2012/08/30 15:27:52.623702, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2012/08/30 15:27:52.623836, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2012/08/30 15:27:52.624103, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:52.624223, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b776320 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2012/08/30 15:27:52.624363, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2012/08/30 15:27:52.624484, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (8->9) [2012/08/30 15:27:52.624622, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2012/08/30 15:27:52.624750, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2012/08/30 15:27:52.624874, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:52.625007, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2012/08/30 15:27:52.625146, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2012/08/30 15:27:52.625299, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [HP_4515] [2012/08/30 15:27:52.625435, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (9->10) [2012/08/30 15:27:52.625559, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:52.625693, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:52.625814, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:52.625946, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:52.626100, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:52.626252, 10] ../libcli/security/access_check.c:178(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2012/08/30 15:27:52.626375, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (10->9) [2012/08/30 15:27:52.626510, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (9->8) [2012/08/30 15:27:52.626662, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (8->7) [2012/08/30 15:27:52.626803, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (7->6) [2012/08/30 15:27:52.626937, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (6->5) [2012/08/30 15:27:52.627071, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (5->4) [2012/08/30 15:27:52.627293, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[2] [0000] 00 00 00 00 24 00 00 00 00 00 00 00 3F 50 B8 BE ....$... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.627562, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey out: struct winreg_OpenKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000024-0000-0000-3f50-b8beee0b0000 result : WERR_OK [2012/08/30 15:27:52.628121, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_QueryInfoKey: struct winreg_QueryInfoKey in: struct winreg_QueryInfoKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000024-0000-0000-3f50-b8beee0b0000 classname : * classname: struct winreg_String name_len : 0x0000 (0) name_size : 0x0000 (0) name : NULL [2012/08/30 15:27:52.628915, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 24 00 00 00 00 00 00 00 3F 50 B8 BE ....$... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.629129, 10] registry/reg_dispatcher.c:150(fetch_reg_values) fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515' (ops 0x7fd50b775f80) [2012/08/30 15:27:52.629285, 10] registry/reg_backend_db.c:1789(regdb_fetch_values_internal) regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:52.629448, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[0]: name[Attributes] len[4] [2012/08/30 15:27:52.629572, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[1]: name[Datatype] len[8] [2012/08/30 15:27:52.629691, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[2]: name[Default Priority] len[4] [2012/08/30 15:27:52.629813, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[3]: name[Port] len[38] [2012/08/30 15:27:52.629948, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[4]: name[Name] len[16] [2012/08/30 15:27:52.630086, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[5]: name[Print Processor] len[18] [2012/08/30 15:27:52.630207, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[6]: name[Priority] len[4] [2012/08/30 15:27:52.630345, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[7]: name[Security] len[248] [2012/08/30 15:27:52.630480, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[8]: name[Share Name] len[16] [2012/08/30 15:27:52.630602, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[9]: name[StartTime] len[4] [2012/08/30 15:27:52.630724, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[10]: name[UntilTime] len[4] [2012/08/30 15:27:52.630853, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[11]: name[Description] len[26] [2012/08/30 15:27:52.630972, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[12]: name[Printer Driver] len[16] [2012/08/30 15:27:52.631219, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[13]: name[Location] len[2] [2012/08/30 15:27:52.631364, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[14]: name[Parameters] len[2] [2012/08/30 15:27:52.631598, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[15]: name[Separator File] len[2] [2012/08/30 15:27:52.631722, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[16]: name[Status] len[4] [2012/08/30 15:27:52.631858, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[17]: name[ChangeID] len[4] [2012/08/30 15:27:52.631990, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:52.632146, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_QueryInfoKey: struct winreg_QueryInfoKey out: struct winreg_QueryInfoKey classname : * classname: struct winreg_String name_len : 0x0000 (0) name_size : 0x0000 (0) name : NULL num_subkeys : * num_subkeys : 0x00000003 (3) max_subkeylen : * max_subkeylen : 0x00000022 (34) max_classlen : * max_classlen : 0x00000000 (0) num_values : * num_values : 0x00000012 (18) max_valnamelen : * max_valnamelen : 0x00000022 (34) max_valbufsize : * max_valbufsize : 0x000000f8 (248) secdescsize : * secdescsize : 0x00000078 (120) last_changed_time : * last_changed_time : NTTIME(0) result : WERR_OK [2012/08/30 15:27:52.633732, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000024-0000-0000-3f50-b8beee0b0000 enum_index : 0x00000000 (0) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2012/08/30 15:27:52.635065, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 24 00 00 00 00 00 00 00 3F 50 B8 BE ....$... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.635279, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:52.635424, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0016 (22) size : 0x0024 (36) name : * name : 'Attributes' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x48 (72) [1] : 0x10 (16) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2012/08/30 15:27:52.636990, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000024-0000-0000-3f50-b8beee0b0000 enum_index : 0x00000001 (1) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2012/08/30 15:27:52.638412, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 24 00 00 00 00 00 00 00 3F 50 B8 BE ....$... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.638641, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:52.638783, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0024 (36) name : * name : 'Datatype' type : * type : REG_SZ (1) value : * value: ARRAY(8) [0] : 0x52 (82) [1] : 0x00 (0) [2] : 0x41 (65) [3] : 0x00 (0) [4] : 0x57 (87) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) size : * size : 0x00000008 (8) length : * length : 0x00000008 (8) result : WERR_OK [2012/08/30 15:27:52.640497, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000024-0000-0000-3f50-b8beee0b0000 enum_index : 0x00000002 (2) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2012/08/30 15:27:52.641863, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 24 00 00 00 00 00 00 00 3F 50 B8 BE ....$... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.642062, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:52.642185, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0022 (34) size : 0x0024 (36) name : * name : 'Default Priority' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2012/08/30 15:27:52.643564, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000024-0000-0000-3f50-b8beee0b0000 enum_index : 0x00000003 (3) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2012/08/30 15:27:52.644947, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 24 00 00 00 00 00 00 00 3F 50 B8 BE ....$... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.645160, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:52.645297, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x000a (10) size : 0x0024 (36) name : * name : 'Port' type : * type : REG_SZ (1) value : * value: ARRAY(38) [0] : 0x53 (83) [1] : 0x00 (0) [2] : 0x61 (97) [3] : 0x00 (0) [4] : 0x6d (109) [5] : 0x00 (0) [6] : 0x62 (98) [7] : 0x00 (0) [8] : 0x61 (97) [9] : 0x00 (0) [10] : 0x20 (32) [11] : 0x00 (0) [12] : 0x50 (80) [13] : 0x00 (0) [14] : 0x72 (114) [15] : 0x00 (0) [16] : 0x69 (105) [17] : 0x00 (0) [18] : 0x6e (110) [19] : 0x00 (0) [20] : 0x74 (116) [21] : 0x00 (0) [22] : 0x65 (101) [23] : 0x00 (0) [24] : 0x72 (114) [25] : 0x00 (0) [26] : 0x20 (32) [27] : 0x00 (0) [28] : 0x50 (80) [29] : 0x00 (0) [30] : 0x6f (111) [31] : 0x00 (0) [32] : 0x72 (114) [33] : 0x00 (0) [34] : 0x74 (116) [35] : 0x00 (0) [36] : 0x00 (0) [37] : 0x00 (0) size : * size : 0x00000026 (38) length : * length : 0x00000026 (38) result : WERR_OK [2012/08/30 15:27:52.648971, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000024-0000-0000-3f50-b8beee0b0000 enum_index : 0x00000004 (4) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2012/08/30 15:27:52.650390, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 24 00 00 00 00 00 00 00 3F 50 B8 BE ....$... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.650613, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:52.650740, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x000a (10) size : 0x0024 (36) name : * name : 'Name' type : * type : REG_SZ (1) value : * value: ARRAY(16) [0] : 0x48 (72) [1] : 0x00 (0) [2] : 0x50 (80) [3] : 0x00 (0) [4] : 0x5f (95) [5] : 0x00 (0) [6] : 0x34 (52) [7] : 0x00 (0) [8] : 0x35 (53) [9] : 0x00 (0) [10] : 0x31 (49) [11] : 0x00 (0) [12] : 0x35 (53) [13] : 0x00 (0) [14] : 0x00 (0) [15] : 0x00 (0) size : * size : 0x00000010 (16) length : * length : 0x00000010 (16) result : WERR_OK [2012/08/30 15:27:52.653853, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000024-0000-0000-3f50-b8beee0b0000 enum_index : 0x00000005 (5) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2012/08/30 15:27:52.655245, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 24 00 00 00 00 00 00 00 3F 50 B8 BE ....$... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.655449, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:52.655622, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0020 (32) size : 0x0024 (36) name : * name : 'Print Processor' type : * type : REG_SZ (1) value : * value: ARRAY(18) [0] : 0x77 (119) [1] : 0x00 (0) [2] : 0x69 (105) [3] : 0x00 (0) [4] : 0x6e (110) [5] : 0x00 (0) [6] : 0x70 (112) [7] : 0x00 (0) [8] : 0x72 (114) [9] : 0x00 (0) [10] : 0x69 (105) [11] : 0x00 (0) [12] : 0x6e (110) [13] : 0x00 (0) [14] : 0x74 (116) [15] : 0x00 (0) [16] : 0x00 (0) [17] : 0x00 (0) size : * size : 0x00000012 (18) length : * length : 0x00000012 (18) result : WERR_OK [2012/08/30 15:27:52.657941, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000024-0000-0000-3f50-b8beee0b0000 enum_index : 0x00000006 (6) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2012/08/30 15:27:52.659348, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 24 00 00 00 00 00 00 00 3F 50 B8 BE ....$... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.659585, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:52.659725, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0024 (36) name : * name : 'Priority' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2012/08/30 15:27:52.661342, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000024-0000-0000-3f50-b8beee0b0000 enum_index : 0x00000007 (7) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2012/08/30 15:27:52.662708, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 24 00 00 00 00 00 00 00 3F 50 B8 BE ....$... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.662925, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:52.663063, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0024 (36) name : * name : 'Security' type : * type : REG_BINARY (3) value : * value: ARRAY(248) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x04 (4) [3] : 0x80 (128) [4] : 0x14 (20) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) [8] : 0x24 (36) [9] : 0x00 (0) [10] : 0x00 (0) [11] : 0x00 (0) [12] : 0x00 (0) [13] : 0x00 (0) [14] : 0x00 (0) [15] : 0x00 (0) [16] : 0x34 (52) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) [20] : 0x01 (1) [21] : 0x02 (2) [22] : 0x00 (0) [23] : 0x00 (0) [24] : 0x00 (0) [25] : 0x00 (0) [26] : 0x00 (0) [27] : 0x05 (5) [28] : 0x20 (32) [29] : 0x00 (0) [30] : 0x00 (0) [31] : 0x00 (0) [32] : 0x20 (32) [33] : 0x02 (2) [34] : 0x00 (0) [35] : 0x00 (0) [36] : 0x01 (1) [37] : 0x02 (2) [38] : 0x00 (0) [39] : 0x00 (0) [40] : 0x00 (0) [41] : 0x00 (0) [42] : 0x00 (0) [43] : 0x05 (5) [44] : 0x20 (32) [45] : 0x00 (0) [46] : 0x00 (0) [47] : 0x00 (0) [48] : 0x20 (32) [49] : 0x02 (2) [50] : 0x00 (0) [51] : 0x00 (0) [52] : 0x02 (2) [53] : 0x00 (0) [54] : 0xc4 (196) [55] : 0x00 (0) [56] : 0x07 (7) [57] : 0x00 (0) [58] : 0x00 (0) [59] : 0x00 (0) [60] : 0x00 (0) [61] : 0x02 (2) [62] : 0x14 (20) [63] : 0x00 (0) [64] : 0x08 (8) [65] : 0x00 (0) [66] : 0x02 (2) [67] : 0x20 (32) [68] : 0x01 (1) [69] : 0x01 (1) [70] : 0x00 (0) [71] : 0x00 (0) [72] : 0x00 (0) [73] : 0x00 (0) [74] : 0x00 (0) [75] : 0x01 (1) [76] : 0x00 (0) [77] : 0x00 (0) [78] : 0x00 (0) [79] : 0x00 (0) [80] : 0x00 (0) [81] : 0x09 (9) [82] : 0x24 (36) [83] : 0x00 (0) [84] : 0x0c (12) [85] : 0x00 (0) [86] : 0x0f (15) [87] : 0x10 (16) [88] : 0x01 (1) [89] : 0x05 (5) [90] : 0x00 (0) [91] : 0x00 (0) [92] : 0x00 (0) [93] : 0x00 (0) [94] : 0x00 (0) [95] : 0x05 (5) [96] : 0x15 (21) [97] : 0x00 (0) [98] : 0x00 (0) [99] : 0x00 (0) [100] : 0x1b (27) [101] : 0xea (234) [102] : 0xaf (175) [103] : 0xc2 (194) [104] : 0xc0 (192) [105] : 0x3c (60) [106] : 0x7d (125) [107] : 0xdd (221) [108] : 0x2c (44) [109] : 0x8f (143) [110] : 0x72 (114) [111] : 0xd3 (211) [112] : 0x00 (0) [113] : 0x02 (2) [114] : 0x00 (0) [115] : 0x00 (0) [116] : 0x00 (0) [117] : 0x02 (2) [118] : 0x24 (36) [119] : 0x00 (0) [120] : 0x0c (12) [121] : 0x00 (0) [122] : 0x0f (15) [123] : 0x10 (16) [124] : 0x01 (1) [125] : 0x05 (5) [126] : 0x00 (0) [127] : 0x00 (0) [128] : 0x00 (0) [129] : 0x00 (0) [130] : 0x00 (0) [131] : 0x05 (5) [132] : 0x15 (21) [133] : 0x00 (0) [134] : 0x00 (0) [135] : 0x00 (0) [136] : 0x1b (27) [137] : 0xea (234) [138] : 0xaf (175) [139] : 0xc2 (194) [140] : 0xc0 (192) [141] : 0x3c (60) [142] : 0x7d (125) [143] : 0xdd (221) [144] : 0x2c (44) [145] : 0x8f (143) [146] : 0x72 (114) [147] : 0xd3 (211) [148] : 0x00 (0) [149] : 0x02 (2) [150] : 0x00 (0) [151] : 0x00 (0) [152] : 0x00 (0) [153] : 0x09 (9) [154] : 0x18 (24) [155] : 0x00 (0) [156] : 0x0c (12) [157] : 0x00 (0) [158] : 0x0f (15) [159] : 0x10 (16) [160] : 0x01 (1) [161] : 0x02 (2) [162] : 0x00 (0) [163] : 0x00 (0) [164] : 0x00 (0) [165] : 0x00 (0) [166] : 0x00 (0) [167] : 0x05 (5) [168] : 0x20 (32) [169] : 0x00 (0) [170] : 0x00 (0) [171] : 0x00 (0) [172] : 0x20 (32) [173] : 0x02 (2) [174] : 0x00 (0) [175] : 0x00 (0) [176] : 0x00 (0) [177] : 0x02 (2) [178] : 0x18 (24) [179] : 0x00 (0) [180] : 0x0c (12) [181] : 0x00 (0) [182] : 0x0f (15) [183] : 0x10 (16) [184] : 0x01 (1) [185] : 0x02 (2) [186] : 0x00 (0) [187] : 0x00 (0) [188] : 0x00 (0) [189] : 0x00 (0) [190] : 0x00 (0) [191] : 0x05 (5) [192] : 0x20 (32) [193] : 0x00 (0) [194] : 0x00 (0) [195] : 0x00 (0) [196] : 0x20 (32) [197] : 0x02 (2) [198] : 0x00 (0) [199] : 0x00 (0) [200] : 0x00 (0) [201] : 0x09 (9) [202] : 0x18 (24) [203] : 0x00 (0) [204] : 0x0c (12) [205] : 0x00 (0) [206] : 0x0f (15) [207] : 0x10 (16) [208] : 0x01 (1) [209] : 0x02 (2) [210] : 0x00 (0) [211] : 0x00 (0) [212] : 0x00 (0) [213] : 0x00 (0) [214] : 0x00 (0) [215] : 0x05 (5) [216] : 0x20 (32) [217] : 0x00 (0) [218] : 0x00 (0) [219] : 0x00 (0) [220] : 0x26 (38) [221] : 0x02 (2) [222] : 0x00 (0) [223] : 0x00 (0) [224] : 0x00 (0) [225] : 0x02 (2) [226] : 0x18 (24) [227] : 0x00 (0) [228] : 0x0c (12) [229] : 0x00 (0) [230] : 0x0f (15) [231] : 0x10 (16) [232] : 0x01 (1) [233] : 0x02 (2) [234] : 0x00 (0) [235] : 0x00 (0) [236] : 0x00 (0) [237] : 0x00 (0) [238] : 0x00 (0) [239] : 0x05 (5) [240] : 0x20 (32) [241] : 0x00 (0) [242] : 0x00 (0) [243] : 0x00 (0) [244] : 0x26 (38) [245] : 0x02 (2) [246] : 0x00 (0) [247] : 0x00 (0) size : * size : 0x000000f8 (248) length : * length : 0x000000f8 (248) result : WERR_OK [2012/08/30 15:27:52.680558, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000024-0000-0000-3f50-b8beee0b0000 enum_index : 0x00000008 (8) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2012/08/30 15:27:52.681950, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 24 00 00 00 00 00 00 00 3F 50 B8 BE ....$... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.682164, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:52.682290, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0016 (22) size : 0x0024 (36) name : * name : 'Share Name' type : * type : REG_SZ (1) value : * value: ARRAY(16) [0] : 0x48 (72) [1] : 0x00 (0) [2] : 0x50 (80) [3] : 0x00 (0) [4] : 0x5f (95) [5] : 0x00 (0) [6] : 0x34 (52) [7] : 0x00 (0) [8] : 0x35 (53) [9] : 0x00 (0) [10] : 0x31 (49) [11] : 0x00 (0) [12] : 0x35 (53) [13] : 0x00 (0) [14] : 0x00 (0) [15] : 0x00 (0) size : * size : 0x00000010 (16) length : * length : 0x00000010 (16) result : WERR_OK [2012/08/30 15:27:52.684633, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000024-0000-0000-3f50-b8beee0b0000 enum_index : 0x00000009 (9) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2012/08/30 15:27:52.685995, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 24 00 00 00 00 00 00 00 3F 50 B8 BE ....$... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.686195, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:52.686316, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0014 (20) size : 0x0024 (36) name : * name : 'StartTime' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x00 (0) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2012/08/30 15:27:52.687762, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000024-0000-0000-3f50-b8beee0b0000 enum_index : 0x0000000a (10) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2012/08/30 15:27:52.689216, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 24 00 00 00 00 00 00 00 3F 50 B8 BE ....$... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.689416, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:52.689541, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0014 (20) size : 0x0024 (36) name : * name : 'UntilTime' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x00 (0) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2012/08/30 15:27:52.690892, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000024-0000-0000-3f50-b8beee0b0000 enum_index : 0x0000000b (11) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2012/08/30 15:27:52.692493, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 24 00 00 00 00 00 00 00 3F 50 B8 BE ....$... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.692698, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:52.692852, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0018 (24) size : 0x0024 (36) name : * name : 'Description' type : * type : REG_SZ (1) value : * value: ARRAY(26) [0] : 0x63 (99) [1] : 0x00 (0) [2] : 0x75 (117) [3] : 0x00 (0) [4] : 0x70 (112) [5] : 0x00 (0) [6] : 0x73 (115) [7] : 0x00 (0) [8] : 0x20 (32) [9] : 0x00 (0) [10] : 0x70 (112) [11] : 0x00 (0) [12] : 0x72 (114) [13] : 0x00 (0) [14] : 0x69 (105) [15] : 0x00 (0) [16] : 0x6e (110) [17] : 0x00 (0) [18] : 0x74 (116) [19] : 0x00 (0) [20] : 0x65 (101) [21] : 0x00 (0) [22] : 0x72 (114) [23] : 0x00 (0) [24] : 0x00 (0) [25] : 0x00 (0) size : * size : 0x0000001a (26) length : * length : 0x0000001a (26) result : WERR_OK [2012/08/30 15:27:52.696299, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000024-0000-0000-3f50-b8beee0b0000 enum_index : 0x0000000c (12) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2012/08/30 15:27:52.697772, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 24 00 00 00 00 00 00 00 3F 50 B8 BE ....$... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.697987, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:52.698117, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x001e (30) size : 0x0024 (36) name : * name : 'Printer Driver' type : * type : REG_SZ (1) value : * value: ARRAY(16) [0] : 0x48 (72) [1] : 0x00 (0) [2] : 0x50 (80) [3] : 0x00 (0) [4] : 0x5f (95) [5] : 0x00 (0) [6] : 0x34 (52) [7] : 0x00 (0) [8] : 0x35 (53) [9] : 0x00 (0) [10] : 0x31 (49) [11] : 0x00 (0) [12] : 0x35 (53) [13] : 0x00 (0) [14] : 0x00 (0) [15] : 0x00 (0) size : * size : 0x00000010 (16) length : * length : 0x00000010 (16) result : WERR_OK [2012/08/30 15:27:52.700504, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000024-0000-0000-3f50-b8beee0b0000 enum_index : 0x0000000d (13) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2012/08/30 15:27:52.701879, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 24 00 00 00 00 00 00 00 3F 50 B8 BE ....$... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.702103, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:52.702244, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0024 (36) name : * name : 'Location' type : * type : REG_SZ (1) value : * value: ARRAY(2) [0] : 0x00 (0) [1] : 0x00 (0) size : * size : 0x00000002 (2) length : * length : 0x00000002 (2) result : WERR_OK [2012/08/30 15:27:52.703472, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000024-0000-0000-3f50-b8beee0b0000 enum_index : 0x0000000e (14) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2012/08/30 15:27:52.705752, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 24 00 00 00 00 00 00 00 3F 50 B8 BE ....$... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.705969, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:52.706099, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0016 (22) size : 0x0024 (36) name : * name : 'Parameters' type : * type : REG_SZ (1) value : * value: ARRAY(2) [0] : 0x00 (0) [1] : 0x00 (0) size : * size : 0x00000002 (2) length : * length : 0x00000002 (2) result : WERR_OK [2012/08/30 15:27:52.707374, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000024-0000-0000-3f50-b8beee0b0000 enum_index : 0x0000000f (15) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2012/08/30 15:27:52.709719, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 24 00 00 00 00 00 00 00 3F 50 B8 BE ....$... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.709976, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:52.710104, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x001e (30) size : 0x0024 (36) name : * name : 'Separator File' type : * type : REG_SZ (1) value : * value: ARRAY(2) [0] : 0x00 (0) [1] : 0x00 (0) size : * size : 0x00000002 (2) length : * length : 0x00000002 (2) result : WERR_OK [2012/08/30 15:27:52.711427, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000024-0000-0000-3f50-b8beee0b0000 enum_index : 0x00000010 (16) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2012/08/30 15:27:52.713404, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 24 00 00 00 00 00 00 00 3F 50 B8 BE ....$... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.713614, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:52.713758, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x000e (14) size : 0x0024 (36) name : * name : 'Status' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x00 (0) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2012/08/30 15:27:52.715128, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000024-0000-0000-3f50-b8beee0b0000 enum_index : 0x00000011 (17) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2012/08/30 15:27:52.716597, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 24 00 00 00 00 00 00 00 3F 50 B8 BE ....$... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.717661, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:52.717829, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0024 (36) name : * name : 'ChangeID' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x09 (9) [1] : 0x7d (125) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2012/08/30 15:27:52.719259, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000024-0000-0000-3f50-b8beee0b0000 value_name : * value_name: struct winreg_String name_len : 0x0020 (32) name_size : 0x0020 (32) name : * name : 'Default DevMode' type : * type : REG_NONE (0) data : NULL data_size : * data_size : 0x00000000 (0) data_length : * data_length : 0x00000000 (0) [2012/08/30 15:27:52.720739, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 24 00 00 00 00 00 00 00 3F 50 B8 BE ....$... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.720943, 7] rpc_server/winreg/srv_winreg_nt.c:262(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:52.721079, 7] rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2012/08/30 15:27:52.721203, 10] rpc_server/winreg/srv_winreg_nt.c:315(_winreg_QueryValue) _winreg_QueryValue: reg_queryvalue failed with: WERR_BADFILE [2012/08/30 15:27:52.721323, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_NONE (0) data : NULL data_size : * data_size : 0x00000000 (0) data_length : * data_length : 0x00000000 (0) result : WERR_BADFILE [2012/08/30 15:27:52.722025, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM in: struct winreg_OpenHKLM system_name : NULL access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2012/08/30 15:27:52.722853, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2012/08/30 15:27:52.722995, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (4->5) [2012/08/30 15:27:52.723119, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM] [2012/08/30 15:27:52.723238, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM] [2012/08/30 15:27:52.723359, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:52.723478, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM] [2012/08/30 15:27:52.724508, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM] [2012/08/30 15:27:52.724646, 10] ../libcli/security/access_check.c:178(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2012/08/30 15:27:52.724771, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[3] [0000] 00 00 00 00 25 00 00 00 00 00 00 00 3F 50 B8 BE ....%... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.725032, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM out: struct winreg_OpenHKLM handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000025-0000-0000-3f50-b8beee0b0000 result : WERR_OK [2012/08/30 15:27:52.725590, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey in: struct winreg_OpenKey parent_handle : * parent_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000025-0000-0000-3f50-b8beee0b0000 keyname: struct winreg_String name_len : 0x0088 (136) name_size : 0x0088 (136) name : * name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2012/08/30 15:27:52.727250, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 25 00 00 00 00 00 00 00 3F 50 B8 BE ....%... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.727469, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2012/08/30 15:27:52.727643, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (5->6) [2012/08/30 15:27:52.727783, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] [2012/08/30 15:27:52.727917, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE] [2012/08/30 15:27:52.728038, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:52.728156, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE] [2012/08/30 15:27:52.728329, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE] [2012/08/30 15:27:52.728480, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2012/08/30 15:27:52.728615, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (6->7) [2012/08/30 15:27:52.728773, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] [2012/08/30 15:27:52.729029, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] [2012/08/30 15:27:52.729151, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:52.729270, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE\Microsoft] [2012/08/30 15:27:52.729432, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft] [2012/08/30 15:27:52.729582, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2012/08/30 15:27:52.729726, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (7->8) [2012/08/30 15:27:52.729850, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] [2012/08/30 15:27:52.729977, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] [2012/08/30 15:27:52.730102, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:52.730236, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] [2012/08/30 15:27:52.730386, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT] [2012/08/30 15:27:52.730520, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2012/08/30 15:27:52.730642, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (8->9) [2012/08/30 15:27:52.730780, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2012/08/30 15:27:52.730900, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2012/08/30 15:27:52.731037, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:52.731156, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b776320 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2012/08/30 15:27:52.731301, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2012/08/30 15:27:52.731439, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (9->10) [2012/08/30 15:27:52.731597, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2012/08/30 15:27:52.731732, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2012/08/30 15:27:52.731853, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:52.731980, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b776320 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2012/08/30 15:27:52.732128, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2012/08/30 15:27:52.732426, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (10->11) [2012/08/30 15:27:52.732550, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2012/08/30 15:27:52.732692, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2012/08/30 15:27:52.732813, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:52.733058, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2012/08/30 15:27:52.733216, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2012/08/30 15:27:52.733419, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [HP_4515] [2012/08/30 15:27:52.733544, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (11->12) [2012/08/30 15:27:52.733670, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:52.733800, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:52.733922, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:52.734042, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:52.734202, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:52.734375, 10] ../libcli/security/access_check.c:178(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2012/08/30 15:27:52.734517, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (12->11) [2012/08/30 15:27:52.734642, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (11->10) [2012/08/30 15:27:52.734780, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (10->9) [2012/08/30 15:27:52.734916, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (9->8) [2012/08/30 15:27:52.735051, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (8->7) [2012/08/30 15:27:52.735172, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (7->6) [2012/08/30 15:27:52.735295, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[4] [0000] 00 00 00 00 26 00 00 00 00 00 00 00 3F 50 B8 BE ....&... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.735564, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey out: struct winreg_OpenKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000026-0000-0000-3f50-b8beee0b0000 result : WERR_OK [2012/08/30 15:27:52.736148, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000026-0000-0000-3f50-b8beee0b0000 value_name : * value_name: struct winreg_String name_len : 0x0012 (18) name_size : 0x0012 (18) name : * name : 'Security' type : * type : REG_NONE (0) data : NULL data_size : * data_size : 0x00000000 (0) data_length : * data_length : 0x00000000 (0) [2012/08/30 15:27:52.737458, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 26 00 00 00 00 00 00 00 3F 50 B8 BE ....&... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.737683, 7] rpc_server/winreg/srv_winreg_nt.c:262(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:52.737805, 7] rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2012/08/30 15:27:52.737937, 10] registry/reg_dispatcher.c:150(fetch_reg_values) fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515' (ops 0x7fd50b775f80) [2012/08/30 15:27:52.738078, 10] registry/reg_backend_db.c:1789(regdb_fetch_values_internal) regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:52.738229, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[0]: name[Attributes] len[4] [2012/08/30 15:27:52.738370, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[1]: name[Datatype] len[8] [2012/08/30 15:27:52.738486, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[2]: name[Default Priority] len[4] [2012/08/30 15:27:52.738704, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[3]: name[Port] len[38] [2012/08/30 15:27:52.738842, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[4]: name[Name] len[16] [2012/08/30 15:27:52.738965, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[5]: name[Print Processor] len[18] [2012/08/30 15:27:52.739101, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[6]: name[Priority] len[4] [2012/08/30 15:27:52.739223, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[7]: name[Security] len[248] [2012/08/30 15:27:52.739359, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[8]: name[Share Name] len[16] [2012/08/30 15:27:52.739481, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[9]: name[StartTime] len[4] [2012/08/30 15:27:52.739626, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[10]: name[UntilTime] len[4] [2012/08/30 15:27:52.739748, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[11]: name[Description] len[26] [2012/08/30 15:27:52.739870, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[12]: name[Printer Driver] len[16] [2012/08/30 15:27:52.740006, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[13]: name[Location] len[2] [2012/08/30 15:27:52.740161, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[14]: name[Parameters] len[2] [2012/08/30 15:27:52.740283, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[15]: name[Separator File] len[2] [2012/08/30 15:27:52.740444, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[16]: name[Status] len[4] [2012/08/30 15:27:52.740580, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[17]: name[ChangeID] len[4] [2012/08/30 15:27:52.740725, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_BINARY (3) data : NULL data_size : * data_size : 0x000000f8 (248) data_length : * data_length : 0x00000000 (0) result : WERR_OK [2012/08/30 15:27:52.741499, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000026-0000-0000-3f50-b8beee0b0000 value_name : * value_name: struct winreg_String name_len : 0x0012 (18) name_size : 0x0012 (18) name : * name : 'Security' type : * type : REG_BINARY (3) data : * data: ARRAY(0) data_size : * data_size : 0x000000f8 (248) data_length : * data_length : 0x00000000 (0) [2012/08/30 15:27:52.742830, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 26 00 00 00 00 00 00 00 3F 50 B8 BE ....&... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.743029, 7] rpc_server/winreg/srv_winreg_nt.c:262(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:52.743151, 7] rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2012/08/30 15:27:52.743291, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_BINARY (3) data : * data: ARRAY(248) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x04 (4) [3] : 0x80 (128) [4] : 0x14 (20) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) [8] : 0x24 (36) [9] : 0x00 (0) [10] : 0x00 (0) [11] : 0x00 (0) [12] : 0x00 (0) [13] : 0x00 (0) [14] : 0x00 (0) [15] : 0x00 (0) [16] : 0x34 (52) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) [20] : 0x01 (1) [21] : 0x02 (2) [22] : 0x00 (0) [23] : 0x00 (0) [24] : 0x00 (0) [25] : 0x00 (0) [26] : 0x00 (0) [27] : 0x05 (5) [28] : 0x20 (32) [29] : 0x00 (0) [30] : 0x00 (0) [31] : 0x00 (0) [32] : 0x20 (32) [33] : 0x02 (2) [34] : 0x00 (0) [35] : 0x00 (0) [36] : 0x01 (1) [37] : 0x02 (2) [38] : 0x00 (0) [39] : 0x00 (0) [40] : 0x00 (0) [41] : 0x00 (0) [42] : 0x00 (0) [43] : 0x05 (5) [44] : 0x20 (32) [45] : 0x00 (0) [46] : 0x00 (0) [47] : 0x00 (0) [48] : 0x20 (32) [49] : 0x02 (2) [50] : 0x00 (0) [51] : 0x00 (0) [52] : 0x02 (2) [53] : 0x00 (0) [54] : 0xc4 (196) [55] : 0x00 (0) [56] : 0x07 (7) [57] : 0x00 (0) [58] : 0x00 (0) [59] : 0x00 (0) [60] : 0x00 (0) [61] : 0x02 (2) [62] : 0x14 (20) [63] : 0x00 (0) [64] : 0x08 (8) [65] : 0x00 (0) [66] : 0x02 (2) [67] : 0x20 (32) [68] : 0x01 (1) [69] : 0x01 (1) [70] : 0x00 (0) [71] : 0x00 (0) [72] : 0x00 (0) [73] : 0x00 (0) [74] : 0x00 (0) [75] : 0x01 (1) [76] : 0x00 (0) [77] : 0x00 (0) [78] : 0x00 (0) [79] : 0x00 (0) [80] : 0x00 (0) [81] : 0x09 (9) [82] : 0x24 (36) [83] : 0x00 (0) [84] : 0x0c (12) [85] : 0x00 (0) [86] : 0x0f (15) [87] : 0x10 (16) [88] : 0x01 (1) [89] : 0x05 (5) [90] : 0x00 (0) [91] : 0x00 (0) [92] : 0x00 (0) [93] : 0x00 (0) [94] : 0x00 (0) [95] : 0x05 (5) [96] : 0x15 (21) [97] : 0x00 (0) [98] : 0x00 (0) [99] : 0x00 (0) [100] : 0x1b (27) [101] : 0xea (234) [102] : 0xaf (175) [103] : 0xc2 (194) [104] : 0xc0 (192) [105] : 0x3c (60) [106] : 0x7d (125) [107] : 0xdd (221) [108] : 0x2c (44) [109] : 0x8f (143) [110] : 0x72 (114) [111] : 0xd3 (211) [112] : 0x00 (0) [113] : 0x02 (2) [114] : 0x00 (0) [115] : 0x00 (0) [116] : 0x00 (0) [117] : 0x02 (2) [118] : 0x24 (36) [119] : 0x00 (0) [120] : 0x0c (12) [121] : 0x00 (0) [122] : 0x0f (15) [123] : 0x10 (16) [124] : 0x01 (1) [125] : 0x05 (5) [126] : 0x00 (0) [127] : 0x00 (0) [128] : 0x00 (0) [129] : 0x00 (0) [130] : 0x00 (0) [131] : 0x05 (5) [132] : 0x15 (21) [133] : 0x00 (0) [134] : 0x00 (0) [135] : 0x00 (0) [136] : 0x1b (27) [137] : 0xea (234) [138] : 0xaf (175) [139] : 0xc2 (194) [140] : 0xc0 (192) [141] : 0x3c (60) [142] : 0x7d (125) [143] : 0xdd (221) [144] : 0x2c (44) [145] : 0x8f (143) [146] : 0x72 (114) [147] : 0xd3 (211) [148] : 0x00 (0) [149] : 0x02 (2) [150] : 0x00 (0) [151] : 0x00 (0) [152] : 0x00 (0) [153] : 0x09 (9) [154] : 0x18 (24) [155] : 0x00 (0) [156] : 0x0c (12) [157] : 0x00 (0) [158] : 0x0f (15) [159] : 0x10 (16) [160] : 0x01 (1) [161] : 0x02 (2) [162] : 0x00 (0) [163] : 0x00 (0) [164] : 0x00 (0) [165] : 0x00 (0) [166] : 0x00 (0) [167] : 0x05 (5) [168] : 0x20 (32) [169] : 0x00 (0) [170] : 0x00 (0) [171] : 0x00 (0) [172] : 0x20 (32) [173] : 0x02 (2) [174] : 0x00 (0) [175] : 0x00 (0) [176] : 0x00 (0) [177] : 0x02 (2) [178] : 0x18 (24) [179] : 0x00 (0) [180] : 0x0c (12) [181] : 0x00 (0) [182] : 0x0f (15) [183] : 0x10 (16) [184] : 0x01 (1) [185] : 0x02 (2) [186] : 0x00 (0) [187] : 0x00 (0) [188] : 0x00 (0) [189] : 0x00 (0) [190] : 0x00 (0) [191] : 0x05 (5) [192] : 0x20 (32) [193] : 0x00 (0) [194] : 0x00 (0) [195] : 0x00 (0) [196] : 0x20 (32) [197] : 0x02 (2) [198] : 0x00 (0) [199] : 0x00 (0) [200] : 0x00 (0) [201] : 0x09 (9) [202] : 0x18 (24) [203] : 0x00 (0) [204] : 0x0c (12) [205] : 0x00 (0) [206] : 0x0f (15) [207] : 0x10 (16) [208] : 0x01 (1) [209] : 0x02 (2) [210] : 0x00 (0) [211] : 0x00 (0) [212] : 0x00 (0) [213] : 0x00 (0) [214] : 0x00 (0) [215] : 0x05 (5) [216] : 0x20 (32) [217] : 0x00 (0) [218] : 0x00 (0) [219] : 0x00 (0) [220] : 0x26 (38) [221] : 0x02 (2) [222] : 0x00 (0) [223] : 0x00 (0) [224] : 0x00 (0) [225] : 0x02 (2) [226] : 0x18 (24) [227] : 0x00 (0) [228] : 0x0c (12) [229] : 0x00 (0) [230] : 0x0f (15) [231] : 0x10 (16) [232] : 0x01 (1) [233] : 0x02 (2) [234] : 0x00 (0) [235] : 0x00 (0) [236] : 0x00 (0) [237] : 0x00 (0) [238] : 0x00 (0) [239] : 0x05 (5) [240] : 0x20 (32) [241] : 0x00 (0) [242] : 0x00 (0) [243] : 0x00 (0) [244] : 0x26 (38) [245] : 0x02 (2) [246] : 0x00 (0) [247] : 0x00 (0) data_size : * data_size : 0x000000f8 (248) data_length : * data_length : 0x000000f8 (248) result : WERR_OK [2012/08/30 15:27:52.760598, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000026-0000-0000-3f50-b8beee0b0000 [2012/08/30 15:27:52.761074, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 26 00 00 00 00 00 00 00 3F 50 B8 BE ....&... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.761273, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 26 00 00 00 00 00 00 00 3F 50 B8 BE ....&... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.761472, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/08/30 15:27:52.761610, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (6->5) [2012/08/30 15:27:52.761736, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2012/08/30 15:27:52.762262, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000025-0000-0000-3f50-b8beee0b0000 [2012/08/30 15:27:52.762706, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 25 00 00 00 00 00 00 00 3F 50 B8 BE ....%... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.762925, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 25 00 00 00 00 00 00 00 3F 50 B8 BE ....%... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.763123, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/08/30 15:27:52.763247, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (5->4) [2012/08/30 15:27:52.763385, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2012/08/30 15:27:52.763964, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000024-0000-0000-3f50-b8beee0b0000 [2012/08/30 15:27:52.764432, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 24 00 00 00 00 00 00 00 3F 50 B8 BE ....$... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.764633, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 24 00 00 00 00 00 00 00 3F 50 B8 BE ....$... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.764844, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/08/30 15:27:52.764986, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (4->3) [2012/08/30 15:27:52.765146, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2012/08/30 15:27:52.765654, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000023-0000-0000-3f50-b8beee0b0000 [2012/08/30 15:27:52.766087, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 23 00 00 00 00 00 00 00 3F 50 B8 BE ....#... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.766286, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 23 00 00 00 00 00 00 00 3F 50 B8 BE ....#... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.766496, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/08/30 15:27:52.766630, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (3->2) [2012/08/30 15:27:52.766764, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2012/08/30 15:27:52.767348, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) spoolss_GetPrinter: struct spoolss_GetPrinter out: struct spoolss_GetPrinter info : NULL needed : * needed : 0x00000308 (776) result : WERR_INSUFFICIENT_BUFFER [2012/08/30 15:27:52.767997, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP) api_rpcTNP: called \spoolss successfully [2012/08/30 15:27:52.768136, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 40 [2012/08/30 15:27:52.768281, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) name: \spoolss len: 1024 [2012/08/30 15:27:52.768417, 10] rpc_server/srv_pipe_hnd.c:346(read_from_internal_pipe) read_from_pipe: \spoolss: fault_state = 0 : data_sent_length = 0, p->out_data.rdata.length = 12. [2012/08/30 15:27:52.768543, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) &r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_RESPONSE (2) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0024 (36) auth_length : 0x0000 (0) call_id : 0x00000003 (3) u : union dcerpc_payload(case 2) response: struct dcerpc_response alloc_hint : 0x0000000c (12) context_id : 0x0000 (0) cancel_count : 0x00 (0) _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=12 [0000] 00 00 00 00 08 03 00 00 7A 00 00 00 ........ z... [2012/08/30 15:27:52.769927, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) free_pipe_context: destroying talloc pool of size 4526 [2012/08/30 15:27:52.770056, 10] rpc_server/rpc_handles.c:307(close_policy_by_pipe) close_policy_by_pipe: deleted handle list for pipe \winreg [2012/08/30 15:27:52.770221, 10] rpc_server/srv_pipe_hnd.c:788(np_read_recv) Received 36 bytes. There is no more data outstanding [2012/08/30 15:27:52.770341, 5] smbd/ipc.c:62(copy_trans_params_and_data) copy_trans_params_and_data: params[0..0] data[0..36] (align 0) [2012/08/30 15:27:52.770477, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:52.770541, 5] lib/util.c:342(show_msg) size=92 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=1 smb_pid=1080 smb_uid=100 smb_mid=7105 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 36 (0x24) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 36 (0x24) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=37 [2012/08/30 15:27:52.772061, 10] ../lib/util/util.c:415(dump_data) [0000] 00 05 00 02 03 10 00 00 00 24 00 00 00 03 00 00 ........ .$...... [0010] 00 0C 00 00 00 00 00 00 00 00 00 00 00 08 03 00 ........ ........ [0020] 00 7A 00 00 00 .z... [2012/08/30 15:27:52.774980, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 1392 [2012/08/30 15:27:52.775193, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x570 [2012/08/30 15:27:52.775316, 3] smbd/process.c:1662(process_smb) Transaction 33 of length 1396 (0 toread) [2012/08/30 15:27:52.775436, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:52.775558, 5] lib/util.c:342(show_msg) size=1392 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=1080 smb_uid=100 smb_mid=7169 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 1308 (0x51C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 1308 (0x51C) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=17756 (0x455C) smb_bcc=1325 [2012/08/30 15:27:52.777333, 10] ../lib/util/util.c:415(dump_data) [0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [0010] 00 05 00 00 03 10 00 00 00 1C 05 00 00 04 00 00 ........ ........ [0020] 00 04 05 00 00 00 00 08 00 00 00 00 00 20 00 00 ........ ..... .. [0030] 00 00 00 00 00 3F 50 B8 BE EE 0B 00 00 02 00 00 .....?P. ........ [0040] 00 00 00 02 00 E0 04 00 00 00 00 00 00 00 00 00 ........ ........ [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [2012/08/30 15:27:52.780139, 3] smbd/process.c:1467(switch_message) switch message SMBtrans (pid 3054) conn 0x7fd50c02fa20 [2012/08/30 15:27:52.780425, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/08/30 15:27:52.780560, 3] smbd/ipc.c:560(handle_trans) trans <\PIPE\> data=1308 params=0 setup=2 [2012/08/30 15:27:52.780686, 5] smbd/ipc.c:593(handle_trans) calling named_pipe [2012/08/30 15:27:52.780849, 3] smbd/ipc.c:511(named_pipe) named pipe command on <> name [2012/08/30 15:27:52.780971, 5] smbd/ipc.c:434(api_fd_reply) api_fd_reply [2012/08/30 15:27:52.781107, 3] smbd/ipc.c:475(api_fd_reply) Got API command 0x26 on pipe "spoolss" (pnum 455c) [2012/08/30 15:27:52.781245, 10] smbd/ipc.c:477(api_fd_reply) api_fd_reply: p:0x7fd50c026d50 max_trans_reply: 1024 [2012/08/30 15:27:52.781384, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 1308 [2012/08/30 15:27:52.781546, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 1308 [2012/08/30 15:27:52.781668, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 1308 [2012/08/30 15:27:52.781805, 10] rpc_server/srv_pipe_hnd.c:50(fill_rpc_header) fill_rpc_header: data_to_copy = 1308, len_needed_to_complete_hdr = 16, receive_len = 0 [2012/08/30 15:27:52.781940, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 16 [2012/08/30 15:27:52.782062, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 1292 [2012/08/30 15:27:52.782182, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 1292 [2012/08/30 15:27:52.782303, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 0 [2012/08/30 15:27:52.782439, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 1292 [2012/08/30 15:27:52.782574, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 1292, incoming data = 1292 [2012/08/30 15:27:52.782711, 10] rpc_server/srv_pipe.c:1877(process_complete_pdu) PDU is in Little Endian format! [2012/08/30 15:27:52.782839, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_REQUEST (0) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x051c (1308) auth_length : 0x0000 (0) call_id : 0x00000004 (4) u : union dcerpc_payload(case 0) request: struct dcerpc_request alloc_hint : 0x00000504 (1284) context_id : 0x0000 (0) opnum : 0x0008 (8) object : union dcerpc_object(case 0) empty: struct dcerpc_empty _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=1284 [0000] 00 00 00 00 20 00 00 00 00 00 00 00 3F 50 B8 BE .... ... ....?P.. [0010] EE 0B 00 00 02 00 00 00 00 00 02 00 E0 04 00 00 ........ ........ [0020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0040] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0200] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0210] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0220] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0230] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0240] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0250] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0260] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0270] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0280] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0290] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0300] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0310] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0320] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0330] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0340] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0350] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0360] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0370] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0380] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0390] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0400] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0410] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0420] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0430] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0440] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0450] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0460] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0470] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0480] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0490] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0500] E0 04 00 00 .... [2012/08/30 15:27:52.791104, 10] rpc_server/srv_pipe.c:1890(process_complete_pdu) Processing packet type 0 [2012/08/30 15:27:52.791247, 10] rpc_server/srv_pipe.c:1734(dcesrv_auth_request) Checking request auth. [2012/08/30 15:27:52.791542, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) Requested \PIPE\\spoolss [2012/08/30 15:27:52.791682, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) api_rpcTNP: \spoolss op 0x8 - api_rpcTNP: rpc command: SPOOLSS_GETPRINTER [2012/08/30 15:27:52.791819, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) api_rpc_cmds[8].fn == 0x7fd50aed3850 [2012/08/30 15:27:52.791949, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) spoolss_GetPrinter: struct spoolss_GetPrinter in: struct spoolss_GetPrinter handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000020-0000-0000-3f50-b8beee0b0000 level : 0x00000002 (2) buffer : * buffer : DATA_BLOB length=1248 [0000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0010] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0040] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0200] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0210] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0220] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0230] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0240] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0250] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0260] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0270] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0280] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0290] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0300] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0310] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0320] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0330] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0340] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0350] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0360] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0370] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0380] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0390] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0400] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0410] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0420] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0430] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0440] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0450] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0460] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0470] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0480] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0490] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ offered : 0x000004e0 (1248) [2012/08/30 15:27:52.799928, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 20 00 00 00 00 00 00 00 3F 50 B8 BE .... ... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.800164, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 20 00 00 00 00 00 00 00 3F 50 B8 BE .... ... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.800375, 4] rpc_server/spoolss/srv_spoolss_nt.c:504(get_printer_snum) short name:HP_4515 [2012/08/30 15:27:52.800524, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) Create pipe requested \winreg [2012/08/30 15:27:52.800666, 10] rpc_server/rpc_handles.c:116(init_pipe_handles) init_pipe_handle_list: created handle list for pipe \winreg [2012/08/30 15:27:52.800800, 10] rpc_server/rpc_handles.c:133(init_pipe_handles) init_pipe_handle_list: pipe_handles ref count = 1 for pipe \winreg [2012/08/30 15:27:52.800928, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) Created internal pipe \winreg (pipes_open=0) [2012/08/30 15:27:52.801069, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM in: struct winreg_OpenHKLM system_name : NULL access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2012/08/30 15:27:52.801904, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2012/08/30 15:27:52.802039, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (2->3) [2012/08/30 15:27:52.802175, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM] [2012/08/30 15:27:52.802320, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM] [2012/08/30 15:27:52.802456, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:52.802574, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM] [2012/08/30 15:27:52.802738, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM] [2012/08/30 15:27:52.802874, 10] ../libcli/security/access_check.c:178(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2012/08/30 15:27:52.803006, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[1] [0000] 00 00 00 00 27 00 00 00 00 00 00 00 3F 50 B8 BE ....'... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.803210, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM out: struct winreg_OpenHKLM handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000027-0000-0000-3f50-b8beee0b0000 result : WERR_OK [2012/08/30 15:27:52.803761, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey in: struct winreg_OpenKey parent_handle : * parent_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000027-0000-0000-3f50-b8beee0b0000 keyname: struct winreg_String name_len : 0x0088 (136) name_size : 0x0088 (136) name : * name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2012/08/30 15:27:52.805569, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 27 00 00 00 00 00 00 00 3F 50 B8 BE ....'... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.805790, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2012/08/30 15:27:52.805911, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (3->4) [2012/08/30 15:27:52.806049, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] [2012/08/30 15:27:52.806182, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE] [2012/08/30 15:27:52.806303, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:52.806422, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE] [2012/08/30 15:27:52.806569, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE] [2012/08/30 15:27:52.806722, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2012/08/30 15:27:52.806857, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (4->5) [2012/08/30 15:27:52.806995, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] [2012/08/30 15:27:52.807114, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] [2012/08/30 15:27:52.807249, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:52.807385, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE\Microsoft] [2012/08/30 15:27:52.807560, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft] [2012/08/30 15:27:52.807719, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2012/08/30 15:27:52.807855, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (5->6) [2012/08/30 15:27:52.808021, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] [2012/08/30 15:27:52.808138, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] [2012/08/30 15:27:52.808275, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:52.808394, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] [2012/08/30 15:27:52.808531, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT] [2012/08/30 15:27:52.808666, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2012/08/30 15:27:52.808802, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (6->7) [2012/08/30 15:27:52.808925, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2012/08/30 15:27:52.809044, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2012/08/30 15:27:52.809185, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:52.809305, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b776320 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2012/08/30 15:27:52.809466, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2012/08/30 15:27:52.809601, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (7->8) [2012/08/30 15:27:52.809723, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2012/08/30 15:27:52.809857, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2012/08/30 15:27:52.809978, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:52.810111, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b776320 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2012/08/30 15:27:52.810382, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2012/08/30 15:27:52.810509, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (8->9) [2012/08/30 15:27:52.810650, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2012/08/30 15:27:52.810771, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2012/08/30 15:27:52.810893, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:52.811019, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2012/08/30 15:27:52.811175, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2012/08/30 15:27:52.811327, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [HP_4515] [2012/08/30 15:27:52.811449, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (9->10) [2012/08/30 15:27:52.811767, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:52.811902, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:52.812040, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:52.812184, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:52.812353, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:52.812512, 10] ../libcli/security/access_check.c:178(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2012/08/30 15:27:52.812653, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (10->9) [2012/08/30 15:27:52.812791, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (9->8) [2012/08/30 15:27:52.814654, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (8->7) [2012/08/30 15:27:52.814813, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (7->6) [2012/08/30 15:27:52.814936, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (6->5) [2012/08/30 15:27:52.815074, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (5->4) [2012/08/30 15:27:52.815198, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[2] [0000] 00 00 00 00 28 00 00 00 00 00 00 00 3F 50 B8 BE ....(... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.815414, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey out: struct winreg_OpenKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000028-0000-0000-3f50-b8beee0b0000 result : WERR_OK [2012/08/30 15:27:52.816155, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_QueryInfoKey: struct winreg_QueryInfoKey in: struct winreg_QueryInfoKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000028-0000-0000-3f50-b8beee0b0000 classname : * classname: struct winreg_String name_len : 0x0000 (0) name_size : 0x0000 (0) name : NULL [2012/08/30 15:27:52.816920, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 28 00 00 00 00 00 00 00 3F 50 B8 BE ....(... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.817125, 10] registry/reg_dispatcher.c:150(fetch_reg_values) fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515' (ops 0x7fd50b775f80) [2012/08/30 15:27:52.817259, 10] registry/reg_backend_db.c:1789(regdb_fetch_values_internal) regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:52.817405, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[0]: name[Attributes] len[4] [2012/08/30 15:27:52.817543, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[1]: name[Datatype] len[8] [2012/08/30 15:27:52.817665, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[2]: name[Default Priority] len[4] [2012/08/30 15:27:52.817787, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[3]: name[Port] len[38] [2012/08/30 15:27:52.817906, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[4]: name[Name] len[16] [2012/08/30 15:27:52.818042, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[5]: name[Print Processor] len[18] [2012/08/30 15:27:52.818178, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[6]: name[Priority] len[4] [2012/08/30 15:27:52.818315, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[7]: name[Security] len[248] [2012/08/30 15:27:52.818437, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[8]: name[Share Name] len[16] [2012/08/30 15:27:52.818558, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[9]: name[StartTime] len[4] [2012/08/30 15:27:52.818694, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[10]: name[UntilTime] len[4] [2012/08/30 15:27:52.818816, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[11]: name[Description] len[26] [2012/08/30 15:27:52.818952, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[12]: name[Printer Driver] len[16] [2012/08/30 15:27:52.819074, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[13]: name[Location] len[2] [2012/08/30 15:27:52.819209, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[14]: name[Parameters] len[2] [2012/08/30 15:27:52.819329, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[15]: name[Separator File] len[2] [2012/08/30 15:27:52.819464, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[16]: name[Status] len[4] [2012/08/30 15:27:52.819648, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[17]: name[ChangeID] len[4] [2012/08/30 15:27:52.819771, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:52.826429, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_QueryInfoKey: struct winreg_QueryInfoKey out: struct winreg_QueryInfoKey classname : * classname: struct winreg_String name_len : 0x0000 (0) name_size : 0x0000 (0) name : NULL num_subkeys : * num_subkeys : 0x00000003 (3) max_subkeylen : * max_subkeylen : 0x00000022 (34) max_classlen : * max_classlen : 0x00000000 (0) num_values : * num_values : 0x00000012 (18) max_valnamelen : * max_valnamelen : 0x00000022 (34) max_valbufsize : * max_valbufsize : 0x000000f8 (248) secdescsize : * secdescsize : 0x00000078 (120) last_changed_time : * last_changed_time : NTTIME(0) result : WERR_OK [2012/08/30 15:27:52.828244, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000028-0000-0000-3f50-b8beee0b0000 enum_index : 0x00000000 (0) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2012/08/30 15:27:52.829843, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 28 00 00 00 00 00 00 00 3F 50 B8 BE ....(... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.830065, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:52.830209, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0016 (22) size : 0x0024 (36) name : * name : 'Attributes' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x48 (72) [1] : 0x10 (16) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2012/08/30 15:27:52.831704, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000028-0000-0000-3f50-b8beee0b0000 enum_index : 0x00000001 (1) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2012/08/30 15:27:52.833147, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 28 00 00 00 00 00 00 00 3F 50 B8 BE ....(... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.833370, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:52.833511, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0024 (36) name : * name : 'Datatype' type : * type : REG_SZ (1) value : * value: ARRAY(8) [0] : 0x52 (82) [1] : 0x00 (0) [2] : 0x41 (65) [3] : 0x00 (0) [4] : 0x57 (87) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) size : * size : 0x00000008 (8) length : * length : 0x00000008 (8) result : WERR_OK [2012/08/30 15:27:52.835568, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000028-0000-0000-3f50-b8beee0b0000 enum_index : 0x00000002 (2) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2012/08/30 15:27:52.836981, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 28 00 00 00 00 00 00 00 3F 50 B8 BE ....(... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.837180, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:52.837354, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0022 (34) size : 0x0024 (36) name : * name : 'Default Priority' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2012/08/30 15:27:52.838767, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000028-0000-0000-3f50-b8beee0b0000 enum_index : 0x00000003 (3) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2012/08/30 15:27:52.840379, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 28 00 00 00 00 00 00 00 3F 50 B8 BE ....(... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.840590, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:52.840722, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x000a (10) size : 0x0024 (36) name : * name : 'Port' type : * type : REG_SZ (1) value : * value: ARRAY(38) [0] : 0x53 (83) [1] : 0x00 (0) [2] : 0x61 (97) [3] : 0x00 (0) [4] : 0x6d (109) [5] : 0x00 (0) [6] : 0x62 (98) [7] : 0x00 (0) [8] : 0x61 (97) [9] : 0x00 (0) [10] : 0x20 (32) [11] : 0x00 (0) [12] : 0x50 (80) [13] : 0x00 (0) [14] : 0x72 (114) [15] : 0x00 (0) [16] : 0x69 (105) [17] : 0x00 (0) [18] : 0x6e (110) [19] : 0x00 (0) [20] : 0x74 (116) [21] : 0x00 (0) [22] : 0x65 (101) [23] : 0x00 (0) [24] : 0x72 (114) [25] : 0x00 (0) [26] : 0x20 (32) [27] : 0x00 (0) [28] : 0x50 (80) [29] : 0x00 (0) [30] : 0x6f (111) [31] : 0x00 (0) [32] : 0x72 (114) [33] : 0x00 (0) [34] : 0x74 (116) [35] : 0x00 (0) [36] : 0x00 (0) [37] : 0x00 (0) size : * size : 0x00000026 (38) length : * length : 0x00000026 (38) result : WERR_OK [2012/08/30 15:27:52.844422, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000028-0000-0000-3f50-b8beee0b0000 enum_index : 0x00000004 (4) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2012/08/30 15:27:52.845860, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 28 00 00 00 00 00 00 00 3F 50 B8 BE ....(... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.846078, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:52.846219, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x000a (10) size : 0x0024 (36) name : * name : 'Name' type : * type : REG_SZ (1) value : * value: ARRAY(16) [0] : 0x48 (72) [1] : 0x00 (0) [2] : 0x50 (80) [3] : 0x00 (0) [4] : 0x5f (95) [5] : 0x00 (0) [6] : 0x34 (52) [7] : 0x00 (0) [8] : 0x35 (53) [9] : 0x00 (0) [10] : 0x31 (49) [11] : 0x00 (0) [12] : 0x35 (53) [13] : 0x00 (0) [14] : 0x00 (0) [15] : 0x00 (0) size : * size : 0x00000010 (16) length : * length : 0x00000010 (16) result : WERR_OK [2012/08/30 15:27:52.848331, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000028-0000-0000-3f50-b8beee0b0000 enum_index : 0x00000005 (5) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2012/08/30 15:27:52.849618, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 28 00 00 00 00 00 00 00 3F 50 B8 BE ....(... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.849853, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:52.849977, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0020 (32) size : 0x0024 (36) name : * name : 'Print Processor' type : * type : REG_SZ (1) value : * value: ARRAY(18) [0] : 0x77 (119) [1] : 0x00 (0) [2] : 0x69 (105) [3] : 0x00 (0) [4] : 0x6e (110) [5] : 0x00 (0) [6] : 0x70 (112) [7] : 0x00 (0) [8] : 0x72 (114) [9] : 0x00 (0) [10] : 0x69 (105) [11] : 0x00 (0) [12] : 0x6e (110) [13] : 0x00 (0) [14] : 0x74 (116) [15] : 0x00 (0) [16] : 0x00 (0) [17] : 0x00 (0) size : * size : 0x00000012 (18) length : * length : 0x00000012 (18) result : WERR_OK [2012/08/30 15:27:52.852266, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000028-0000-0000-3f50-b8beee0b0000 enum_index : 0x00000006 (6) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2012/08/30 15:27:52.853576, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 28 00 00 00 00 00 00 00 3F 50 B8 BE ....(... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.853770, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:52.853890, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0024 (36) name : * name : 'Priority' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2012/08/30 15:27:52.855426, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000028-0000-0000-3f50-b8beee0b0000 enum_index : 0x00000007 (7) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2012/08/30 15:27:52.856784, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 28 00 00 00 00 00 00 00 3F 50 B8 BE ....(... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.856982, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:52.857103, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0024 (36) name : * name : 'Security' type : * type : REG_BINARY (3) value : * value: ARRAY(248) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x04 (4) [3] : 0x80 (128) [4] : 0x14 (20) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) [8] : 0x24 (36) [9] : 0x00 (0) [10] : 0x00 (0) [11] : 0x00 (0) [12] : 0x00 (0) [13] : 0x00 (0) [14] : 0x00 (0) [15] : 0x00 (0) [16] : 0x34 (52) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) [20] : 0x01 (1) [21] : 0x02 (2) [22] : 0x00 (0) [23] : 0x00 (0) [24] : 0x00 (0) [25] : 0x00 (0) [26] : 0x00 (0) [27] : 0x05 (5) [28] : 0x20 (32) [29] : 0x00 (0) [30] : 0x00 (0) [31] : 0x00 (0) [32] : 0x20 (32) [33] : 0x02 (2) [34] : 0x00 (0) [35] : 0x00 (0) [36] : 0x01 (1) [37] : 0x02 (2) [38] : 0x00 (0) [39] : 0x00 (0) [40] : 0x00 (0) [41] : 0x00 (0) [42] : 0x00 (0) [43] : 0x05 (5) [44] : 0x20 (32) [45] : 0x00 (0) [46] : 0x00 (0) [47] : 0x00 (0) [48] : 0x20 (32) [49] : 0x02 (2) [50] : 0x00 (0) [51] : 0x00 (0) [52] : 0x02 (2) [53] : 0x00 (0) [54] : 0xc4 (196) [55] : 0x00 (0) [56] : 0x07 (7) [57] : 0x00 (0) [58] : 0x00 (0) [59] : 0x00 (0) [60] : 0x00 (0) [61] : 0x02 (2) [62] : 0x14 (20) [63] : 0x00 (0) [64] : 0x08 (8) [65] : 0x00 (0) [66] : 0x02 (2) [67] : 0x20 (32) [68] : 0x01 (1) [69] : 0x01 (1) [70] : 0x00 (0) [71] : 0x00 (0) [72] : 0x00 (0) [73] : 0x00 (0) [74] : 0x00 (0) [75] : 0x01 (1) [76] : 0x00 (0) [77] : 0x00 (0) [78] : 0x00 (0) [79] : 0x00 (0) [80] : 0x00 (0) [81] : 0x09 (9) [82] : 0x24 (36) [83] : 0x00 (0) [84] : 0x0c (12) [85] : 0x00 (0) [86] : 0x0f (15) [87] : 0x10 (16) [88] : 0x01 (1) [89] : 0x05 (5) [90] : 0x00 (0) [91] : 0x00 (0) [92] : 0x00 (0) [93] : 0x00 (0) [94] : 0x00 (0) [95] : 0x05 (5) [96] : 0x15 (21) [97] : 0x00 (0) [98] : 0x00 (0) [99] : 0x00 (0) [100] : 0x1b (27) [101] : 0xea (234) [102] : 0xaf (175) [103] : 0xc2 (194) [104] : 0xc0 (192) [105] : 0x3c (60) [106] : 0x7d (125) [107] : 0xdd (221) [108] : 0x2c (44) [109] : 0x8f (143) [110] : 0x72 (114) [111] : 0xd3 (211) [112] : 0x00 (0) [113] : 0x02 (2) [114] : 0x00 (0) [115] : 0x00 (0) [116] : 0x00 (0) [117] : 0x02 (2) [118] : 0x24 (36) [119] : 0x00 (0) [120] : 0x0c (12) [121] : 0x00 (0) [122] : 0x0f (15) [123] : 0x10 (16) [124] : 0x01 (1) [125] : 0x05 (5) [126] : 0x00 (0) [127] : 0x00 (0) [128] : 0x00 (0) [129] : 0x00 (0) [130] : 0x00 (0) [131] : 0x05 (5) [132] : 0x15 (21) [133] : 0x00 (0) [134] : 0x00 (0) [135] : 0x00 (0) [136] : 0x1b (27) [137] : 0xea (234) [138] : 0xaf (175) [139] : 0xc2 (194) [140] : 0xc0 (192) [141] : 0x3c (60) [142] : 0x7d (125) [143] : 0xdd (221) [144] : 0x2c (44) [145] : 0x8f (143) [146] : 0x72 (114) [147] : 0xd3 (211) [148] : 0x00 (0) [149] : 0x02 (2) [150] : 0x00 (0) [151] : 0x00 (0) [152] : 0x00 (0) [153] : 0x09 (9) [154] : 0x18 (24) [155] : 0x00 (0) [156] : 0x0c (12) [157] : 0x00 (0) [158] : 0x0f (15) [159] : 0x10 (16) [160] : 0x01 (1) [161] : 0x02 (2) [162] : 0x00 (0) [163] : 0x00 (0) [164] : 0x00 (0) [165] : 0x00 (0) [166] : 0x00 (0) [167] : 0x05 (5) [168] : 0x20 (32) [169] : 0x00 (0) [170] : 0x00 (0) [171] : 0x00 (0) [172] : 0x20 (32) [173] : 0x02 (2) [174] : 0x00 (0) [175] : 0x00 (0) [176] : 0x00 (0) [177] : 0x02 (2) [178] : 0x18 (24) [179] : 0x00 (0) [180] : 0x0c (12) [181] : 0x00 (0) [182] : 0x0f (15) [183] : 0x10 (16) [184] : 0x01 (1) [185] : 0x02 (2) [186] : 0x00 (0) [187] : 0x00 (0) [188] : 0x00 (0) [189] : 0x00 (0) [190] : 0x00 (0) [191] : 0x05 (5) [192] : 0x20 (32) [193] : 0x00 (0) [194] : 0x00 (0) [195] : 0x00 (0) [196] : 0x20 (32) [197] : 0x02 (2) [198] : 0x00 (0) [199] : 0x00 (0) [200] : 0x00 (0) [201] : 0x09 (9) [202] : 0x18 (24) [203] : 0x00 (0) [204] : 0x0c (12) [205] : 0x00 (0) [206] : 0x0f (15) [207] : 0x10 (16) [208] : 0x01 (1) [209] : 0x02 (2) [210] : 0x00 (0) [211] : 0x00 (0) [212] : 0x00 (0) [213] : 0x00 (0) [214] : 0x00 (0) [215] : 0x05 (5) [216] : 0x20 (32) [217] : 0x00 (0) [218] : 0x00 (0) [219] : 0x00 (0) [220] : 0x26 (38) [221] : 0x02 (2) [222] : 0x00 (0) [223] : 0x00 (0) [224] : 0x00 (0) [225] : 0x02 (2) [226] : 0x18 (24) [227] : 0x00 (0) [228] : 0x0c (12) [229] : 0x00 (0) [230] : 0x0f (15) [231] : 0x10 (16) [232] : 0x01 (1) [233] : 0x02 (2) [234] : 0x00 (0) [235] : 0x00 (0) [236] : 0x00 (0) [237] : 0x00 (0) [238] : 0x00 (0) [239] : 0x05 (5) [240] : 0x20 (32) [241] : 0x00 (0) [242] : 0x00 (0) [243] : 0x00 (0) [244] : 0x26 (38) [245] : 0x02 (2) [246] : 0x00 (0) [247] : 0x00 (0) size : * size : 0x000000f8 (248) length : * length : 0x000000f8 (248) result : WERR_OK [2012/08/30 15:27:52.873534, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000028-0000-0000-3f50-b8beee0b0000 enum_index : 0x00000008 (8) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2012/08/30 15:27:52.875348, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 28 00 00 00 00 00 00 00 3F 50 B8 BE ....(... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.876533, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:52.876662, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0016 (22) size : 0x0024 (36) name : * name : 'Share Name' type : * type : REG_SZ (1) value : * value: ARRAY(16) [0] : 0x48 (72) [1] : 0x00 (0) [2] : 0x50 (80) [3] : 0x00 (0) [4] : 0x5f (95) [5] : 0x00 (0) [6] : 0x34 (52) [7] : 0x00 (0) [8] : 0x35 (53) [9] : 0x00 (0) [10] : 0x31 (49) [11] : 0x00 (0) [12] : 0x35 (53) [13] : 0x00 (0) [14] : 0x00 (0) [15] : 0x00 (0) size : * size : 0x00000010 (16) length : * length : 0x00000010 (16) result : WERR_OK [2012/08/30 15:27:52.878769, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000028-0000-0000-3f50-b8beee0b0000 enum_index : 0x00000009 (9) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2012/08/30 15:27:52.880076, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 28 00 00 00 00 00 00 00 3F 50 B8 BE ....(... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.880274, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:52.880438, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0014 (20) size : 0x0024 (36) name : * name : 'StartTime' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x00 (0) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2012/08/30 15:27:52.881769, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000028-0000-0000-3f50-b8beee0b0000 enum_index : 0x0000000a (10) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2012/08/30 15:27:52.883045, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 28 00 00 00 00 00 00 00 3F 50 B8 BE ....(... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.883240, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:52.883361, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0014 (20) size : 0x0024 (36) name : * name : 'UntilTime' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x00 (0) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2012/08/30 15:27:52.884768, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000028-0000-0000-3f50-b8beee0b0000 enum_index : 0x0000000b (11) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2012/08/30 15:27:52.886129, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 28 00 00 00 00 00 00 00 3F 50 B8 BE ....(... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.886329, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:52.886458, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0018 (24) size : 0x0024 (36) name : * name : 'Description' type : * type : REG_SZ (1) value : * value: ARRAY(26) [0] : 0x63 (99) [1] : 0x00 (0) [2] : 0x75 (117) [3] : 0x00 (0) [4] : 0x70 (112) [5] : 0x00 (0) [6] : 0x73 (115) [7] : 0x00 (0) [8] : 0x20 (32) [9] : 0x00 (0) [10] : 0x70 (112) [11] : 0x00 (0) [12] : 0x72 (114) [13] : 0x00 (0) [14] : 0x69 (105) [15] : 0x00 (0) [16] : 0x6e (110) [17] : 0x00 (0) [18] : 0x74 (116) [19] : 0x00 (0) [20] : 0x65 (101) [21] : 0x00 (0) [22] : 0x72 (114) [23] : 0x00 (0) [24] : 0x00 (0) [25] : 0x00 (0) size : * size : 0x0000001a (26) length : * length : 0x0000001a (26) result : WERR_OK [2012/08/30 15:27:52.889346, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000028-0000-0000-3f50-b8beee0b0000 enum_index : 0x0000000c (12) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2012/08/30 15:27:52.890649, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 28 00 00 00 00 00 00 00 3F 50 B8 BE ....(... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.890845, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:52.890967, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x001e (30) size : 0x0024 (36) name : * name : 'Printer Driver' type : * type : REG_SZ (1) value : * value: ARRAY(16) [0] : 0x48 (72) [1] : 0x00 (0) [2] : 0x50 (80) [3] : 0x00 (0) [4] : 0x5f (95) [5] : 0x00 (0) [6] : 0x34 (52) [7] : 0x00 (0) [8] : 0x35 (53) [9] : 0x00 (0) [10] : 0x31 (49) [11] : 0x00 (0) [12] : 0x35 (53) [13] : 0x00 (0) [14] : 0x00 (0) [15] : 0x00 (0) size : * size : 0x00000010 (16) length : * length : 0x00000010 (16) result : WERR_OK [2012/08/30 15:27:52.893077, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000028-0000-0000-3f50-b8beee0b0000 enum_index : 0x0000000d (13) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2012/08/30 15:27:52.894717, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 28 00 00 00 00 00 00 00 3F 50 B8 BE ....(... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.894936, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:52.895063, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0024 (36) name : * name : 'Location' type : * type : REG_SZ (1) value : * value: ARRAY(2) [0] : 0x00 (0) [1] : 0x00 (0) size : * size : 0x00000002 (2) length : * length : 0x00000002 (2) result : WERR_OK [2012/08/30 15:27:52.896321, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000028-0000-0000-3f50-b8beee0b0000 enum_index : 0x0000000e (14) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2012/08/30 15:27:52.897662, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 28 00 00 00 00 00 00 00 3F 50 B8 BE ....(... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.897870, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:52.897997, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0016 (22) size : 0x0024 (36) name : * name : 'Parameters' type : * type : REG_SZ (1) value : * value: ARRAY(2) [0] : 0x00 (0) [1] : 0x00 (0) size : * size : 0x00000002 (2) length : * length : 0x00000002 (2) result : WERR_OK [2012/08/30 15:27:52.899219, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000028-0000-0000-3f50-b8beee0b0000 enum_index : 0x0000000f (15) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2012/08/30 15:27:52.900757, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 28 00 00 00 00 00 00 00 3F 50 B8 BE ....(... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.900955, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:52.901077, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x001e (30) size : 0x0024 (36) name : * name : 'Separator File' type : * type : REG_SZ (1) value : * value: ARRAY(2) [0] : 0x00 (0) [1] : 0x00 (0) size : * size : 0x00000002 (2) length : * length : 0x00000002 (2) result : WERR_OK [2012/08/30 15:27:52.902323, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000028-0000-0000-3f50-b8beee0b0000 enum_index : 0x00000010 (16) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2012/08/30 15:27:52.903671, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 28 00 00 00 00 00 00 00 3F 50 B8 BE ....(... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.903870, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:52.904029, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x000e (14) size : 0x0024 (36) name : * name : 'Status' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x00 (0) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2012/08/30 15:27:52.905339, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000028-0000-0000-3f50-b8beee0b0000 enum_index : 0x00000011 (17) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2012/08/30 15:27:52.906651, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 28 00 00 00 00 00 00 00 3F 50 B8 BE ....(... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.906862, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:52.906983, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0024 (36) name : * name : 'ChangeID' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x09 (9) [1] : 0x7d (125) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2012/08/30 15:27:52.908418, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000028-0000-0000-3f50-b8beee0b0000 value_name : * value_name: struct winreg_String name_len : 0x0020 (32) name_size : 0x0020 (32) name : * name : 'Default DevMode' type : * type : REG_NONE (0) data : NULL data_size : * data_size : 0x00000000 (0) data_length : * data_length : 0x00000000 (0) [2012/08/30 15:27:52.909679, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 28 00 00 00 00 00 00 00 3F 50 B8 BE ....(... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.909879, 7] rpc_server/winreg/srv_winreg_nt.c:262(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:52.910001, 7] rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2012/08/30 15:27:52.910122, 10] rpc_server/winreg/srv_winreg_nt.c:315(_winreg_QueryValue) _winreg_QueryValue: reg_queryvalue failed with: WERR_BADFILE [2012/08/30 15:27:52.910338, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_NONE (0) data : NULL data_size : * data_size : 0x00000000 (0) data_length : * data_length : 0x00000000 (0) result : WERR_BADFILE [2012/08/30 15:27:52.911039, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM in: struct winreg_OpenHKLM system_name : NULL access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2012/08/30 15:27:52.912021, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2012/08/30 15:27:52.912146, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (4->5) [2012/08/30 15:27:52.912268, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM] [2012/08/30 15:27:52.912385, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM] [2012/08/30 15:27:52.912519, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:52.912635, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM] [2012/08/30 15:27:52.912781, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM] [2012/08/30 15:27:52.912919, 10] ../libcli/security/access_check.c:178(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2012/08/30 15:27:52.913042, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[3] [0000] 00 00 00 00 29 00 00 00 00 00 00 00 3F 50 B8 BE ....)... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.913240, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM out: struct winreg_OpenHKLM handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000029-0000-0000-3f50-b8beee0b0000 result : WERR_OK [2012/08/30 15:27:52.913747, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey in: struct winreg_OpenKey parent_handle : * parent_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000029-0000-0000-3f50-b8beee0b0000 keyname: struct winreg_String name_len : 0x0088 (136) name_size : 0x0088 (136) name : * name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2012/08/30 15:27:52.915741, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 29 00 00 00 00 00 00 00 3F 50 B8 BE ....)... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.915993, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2012/08/30 15:27:52.916132, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (5->6) [2012/08/30 15:27:52.916277, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] [2012/08/30 15:27:52.916394, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE] [2012/08/30 15:27:52.916515, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:52.916631, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE] [2012/08/30 15:27:52.916778, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE] [2012/08/30 15:27:52.916979, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2012/08/30 15:27:52.917099, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (6->7) [2012/08/30 15:27:52.917220, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] [2012/08/30 15:27:52.917341, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] [2012/08/30 15:27:52.917461, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:52.917578, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE\Microsoft] [2012/08/30 15:27:52.917718, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft] [2012/08/30 15:27:52.917853, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2012/08/30 15:27:52.917971, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (7->8) [2012/08/30 15:27:52.918095, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] [2012/08/30 15:27:52.918211, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] [2012/08/30 15:27:52.918329, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:52.918446, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] [2012/08/30 15:27:52.918598, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT] [2012/08/30 15:27:52.918732, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2012/08/30 15:27:52.918852, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (8->9) [2012/08/30 15:27:52.918976, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2012/08/30 15:27:52.919092, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2012/08/30 15:27:52.919210, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:52.919343, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b776320 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2012/08/30 15:27:52.919487, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2012/08/30 15:27:52.919637, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (9->10) [2012/08/30 15:27:52.919785, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2012/08/30 15:27:52.919903, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2012/08/30 15:27:52.920050, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:52.920167, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b776320 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2012/08/30 15:27:52.920310, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2012/08/30 15:27:52.920433, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (10->11) [2012/08/30 15:27:52.920554, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2012/08/30 15:27:52.920671, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2012/08/30 15:27:52.920789, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:52.920907, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2012/08/30 15:27:52.921044, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2012/08/30 15:27:52.921180, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [HP_4515] [2012/08/30 15:27:52.921301, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (11->12) [2012/08/30 15:27:52.921422, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:52.921539, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:52.921660, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:52.921775, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:52.921913, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:52.922066, 10] ../libcli/security/access_check.c:178(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2012/08/30 15:27:52.922187, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (12->11) [2012/08/30 15:27:52.922305, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (11->10) [2012/08/30 15:27:52.922434, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (10->9) [2012/08/30 15:27:52.922558, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (9->8) [2012/08/30 15:27:52.922677, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (8->7) [2012/08/30 15:27:52.922794, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (7->6) [2012/08/30 15:27:52.922916, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[4] [0000] 00 00 00 00 2A 00 00 00 00 00 00 00 3F 50 B8 BE ....*... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.923111, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey out: struct winreg_OpenKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000002a-0000-0000-3f50-b8beee0b0000 result : WERR_OK [2012/08/30 15:27:52.923805, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000002a-0000-0000-3f50-b8beee0b0000 value_name : * value_name: struct winreg_String name_len : 0x0012 (18) name_size : 0x0012 (18) name : * name : 'Security' type : * type : REG_NONE (0) data : NULL data_size : * data_size : 0x00000000 (0) data_length : * data_length : 0x00000000 (0) [2012/08/30 15:27:52.925048, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 2A 00 00 00 00 00 00 00 3F 50 B8 BE ....*... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.925247, 7] rpc_server/winreg/srv_winreg_nt.c:262(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:52.925385, 7] rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2012/08/30 15:27:52.925504, 10] registry/reg_dispatcher.c:150(fetch_reg_values) fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515' (ops 0x7fd50b775f80) [2012/08/30 15:27:52.925625, 10] registry/reg_backend_db.c:1789(regdb_fetch_values_internal) regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:52.925782, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[0]: name[Attributes] len[4] [2012/08/30 15:27:52.925903, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[1]: name[Datatype] len[8] [2012/08/30 15:27:52.926023, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[2]: name[Default Priority] len[4] [2012/08/30 15:27:52.926145, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[3]: name[Port] len[38] [2012/08/30 15:27:52.926265, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[4]: name[Name] len[16] [2012/08/30 15:27:52.926385, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[5]: name[Print Processor] len[18] [2012/08/30 15:27:52.926505, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[6]: name[Priority] len[4] [2012/08/30 15:27:52.926630, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[7]: name[Security] len[248] [2012/08/30 15:27:52.926878, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[8]: name[Share Name] len[16] [2012/08/30 15:27:52.927003, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[9]: name[StartTime] len[4] [2012/08/30 15:27:52.927123, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[10]: name[UntilTime] len[4] [2012/08/30 15:27:52.927243, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[11]: name[Description] len[26] [2012/08/30 15:27:52.927365, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[12]: name[Printer Driver] len[16] [2012/08/30 15:27:52.927484, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[13]: name[Location] len[2] [2012/08/30 15:27:52.928445, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[14]: name[Parameters] len[2] [2012/08/30 15:27:52.928568, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[15]: name[Separator File] len[2] [2012/08/30 15:27:52.928688, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[16]: name[Status] len[4] [2012/08/30 15:27:52.928807, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[17]: name[ChangeID] len[4] [2012/08/30 15:27:52.928933, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_BINARY (3) data : NULL data_size : * data_size : 0x000000f8 (248) data_length : * data_length : 0x00000000 (0) result : WERR_OK [2012/08/30 15:27:52.929719, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000002a-0000-0000-3f50-b8beee0b0000 value_name : * value_name: struct winreg_String name_len : 0x0012 (18) name_size : 0x0012 (18) name : * name : 'Security' type : * type : REG_BINARY (3) data : * data: ARRAY(0) data_size : * data_size : 0x000000f8 (248) data_length : * data_length : 0x00000000 (0) [2012/08/30 15:27:52.930970, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 2A 00 00 00 00 00 00 00 3F 50 B8 BE ....*... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.931170, 7] rpc_server/winreg/srv_winreg_nt.c:262(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:52.931295, 7] rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2012/08/30 15:27:52.931422, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_BINARY (3) data : * data: ARRAY(248) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x04 (4) [3] : 0x80 (128) [4] : 0x14 (20) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) [8] : 0x24 (36) [9] : 0x00 (0) [10] : 0x00 (0) [11] : 0x00 (0) [12] : 0x00 (0) [13] : 0x00 (0) [14] : 0x00 (0) [15] : 0x00 (0) [16] : 0x34 (52) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) [20] : 0x01 (1) [21] : 0x02 (2) [22] : 0x00 (0) [23] : 0x00 (0) [24] : 0x00 (0) [25] : 0x00 (0) [26] : 0x00 (0) [27] : 0x05 (5) [28] : 0x20 (32) [29] : 0x00 (0) [30] : 0x00 (0) [31] : 0x00 (0) [32] : 0x20 (32) [33] : 0x02 (2) [34] : 0x00 (0) [35] : 0x00 (0) [36] : 0x01 (1) [37] : 0x02 (2) [38] : 0x00 (0) [39] : 0x00 (0) [40] : 0x00 (0) [41] : 0x00 (0) [42] : 0x00 (0) [43] : 0x05 (5) [44] : 0x20 (32) [45] : 0x00 (0) [46] : 0x00 (0) [47] : 0x00 (0) [48] : 0x20 (32) [49] : 0x02 (2) [50] : 0x00 (0) [51] : 0x00 (0) [52] : 0x02 (2) [53] : 0x00 (0) [54] : 0xc4 (196) [55] : 0x00 (0) [56] : 0x07 (7) [57] : 0x00 (0) [58] : 0x00 (0) [59] : 0x00 (0) [60] : 0x00 (0) [61] : 0x02 (2) [62] : 0x14 (20) [63] : 0x00 (0) [64] : 0x08 (8) [65] : 0x00 (0) [66] : 0x02 (2) [67] : 0x20 (32) [68] : 0x01 (1) [69] : 0x01 (1) [70] : 0x00 (0) [71] : 0x00 (0) [72] : 0x00 (0) [73] : 0x00 (0) [74] : 0x00 (0) [75] : 0x01 (1) [76] : 0x00 (0) [77] : 0x00 (0) [78] : 0x00 (0) [79] : 0x00 (0) [80] : 0x00 (0) [81] : 0x09 (9) [82] : 0x24 (36) [83] : 0x00 (0) [84] : 0x0c (12) [85] : 0x00 (0) [86] : 0x0f (15) [87] : 0x10 (16) [88] : 0x01 (1) [89] : 0x05 (5) [90] : 0x00 (0) [91] : 0x00 (0) [92] : 0x00 (0) [93] : 0x00 (0) [94] : 0x00 (0) [95] : 0x05 (5) [96] : 0x15 (21) [97] : 0x00 (0) [98] : 0x00 (0) [99] : 0x00 (0) [100] : 0x1b (27) [101] : 0xea (234) [102] : 0xaf (175) [103] : 0xc2 (194) [104] : 0xc0 (192) [105] : 0x3c (60) [106] : 0x7d (125) [107] : 0xdd (221) [108] : 0x2c (44) [109] : 0x8f (143) [110] : 0x72 (114) [111] : 0xd3 (211) [112] : 0x00 (0) [113] : 0x02 (2) [114] : 0x00 (0) [115] : 0x00 (0) [116] : 0x00 (0) [117] : 0x02 (2) [118] : 0x24 (36) [119] : 0x00 (0) [120] : 0x0c (12) [121] : 0x00 (0) [122] : 0x0f (15) [123] : 0x10 (16) [124] : 0x01 (1) [125] : 0x05 (5) [126] : 0x00 (0) [127] : 0x00 (0) [128] : 0x00 (0) [129] : 0x00 (0) [130] : 0x00 (0) [131] : 0x05 (5) [132] : 0x15 (21) [133] : 0x00 (0) [134] : 0x00 (0) [135] : 0x00 (0) [136] : 0x1b (27) [137] : 0xea (234) [138] : 0xaf (175) [139] : 0xc2 (194) [140] : 0xc0 (192) [141] : 0x3c (60) [142] : 0x7d (125) [143] : 0xdd (221) [144] : 0x2c (44) [145] : 0x8f (143) [146] : 0x72 (114) [147] : 0xd3 (211) [148] : 0x00 (0) [149] : 0x02 (2) [150] : 0x00 (0) [151] : 0x00 (0) [152] : 0x00 (0) [153] : 0x09 (9) [154] : 0x18 (24) [155] : 0x00 (0) [156] : 0x0c (12) [157] : 0x00 (0) [158] : 0x0f (15) [159] : 0x10 (16) [160] : 0x01 (1) [161] : 0x02 (2) [162] : 0x00 (0) [163] : 0x00 (0) [164] : 0x00 (0) [165] : 0x00 (0) [166] : 0x00 (0) [167] : 0x05 (5) [168] : 0x20 (32) [169] : 0x00 (0) [170] : 0x00 (0) [171] : 0x00 (0) [172] : 0x20 (32) [173] : 0x02 (2) [174] : 0x00 (0) [175] : 0x00 (0) [176] : 0x00 (0) [177] : 0x02 (2) [178] : 0x18 (24) [179] : 0x00 (0) [180] : 0x0c (12) [181] : 0x00 (0) [182] : 0x0f (15) [183] : 0x10 (16) [184] : 0x01 (1) [185] : 0x02 (2) [186] : 0x00 (0) [187] : 0x00 (0) [188] : 0x00 (0) [189] : 0x00 (0) [190] : 0x00 (0) [191] : 0x05 (5) [192] : 0x20 (32) [193] : 0x00 (0) [194] : 0x00 (0) [195] : 0x00 (0) [196] : 0x20 (32) [197] : 0x02 (2) [198] : 0x00 (0) [199] : 0x00 (0) [200] : 0x00 (0) [201] : 0x09 (9) [202] : 0x18 (24) [203] : 0x00 (0) [204] : 0x0c (12) [205] : 0x00 (0) [206] : 0x0f (15) [207] : 0x10 (16) [208] : 0x01 (1) [209] : 0x02 (2) [210] : 0x00 (0) [211] : 0x00 (0) [212] : 0x00 (0) [213] : 0x00 (0) [214] : 0x00 (0) [215] : 0x05 (5) [216] : 0x20 (32) [217] : 0x00 (0) [218] : 0x00 (0) [219] : 0x00 (0) [220] : 0x26 (38) [221] : 0x02 (2) [222] : 0x00 (0) [223] : 0x00 (0) [224] : 0x00 (0) [225] : 0x02 (2) [226] : 0x18 (24) [227] : 0x00 (0) [228] : 0x0c (12) [229] : 0x00 (0) [230] : 0x0f (15) [231] : 0x10 (16) [232] : 0x01 (1) [233] : 0x02 (2) [234] : 0x00 (0) [235] : 0x00 (0) [236] : 0x00 (0) [237] : 0x00 (0) [238] : 0x00 (0) [239] : 0x05 (5) [240] : 0x20 (32) [241] : 0x00 (0) [242] : 0x00 (0) [243] : 0x00 (0) [244] : 0x26 (38) [245] : 0x02 (2) [246] : 0x00 (0) [247] : 0x00 (0) data_size : * data_size : 0x000000f8 (248) data_length : * data_length : 0x000000f8 (248) result : WERR_OK [2012/08/30 15:27:52.947832, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000002a-0000-0000-3f50-b8beee0b0000 [2012/08/30 15:27:52.948409, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 2A 00 00 00 00 00 00 00 3F 50 B8 BE ....*... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.948643, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 2A 00 00 00 00 00 00 00 3F 50 B8 BE ....*... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.948837, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/08/30 15:27:52.948963, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (6->5) [2012/08/30 15:27:52.949082, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2012/08/30 15:27:52.949602, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000029-0000-0000-3f50-b8beee0b0000 [2012/08/30 15:27:52.950045, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 29 00 00 00 00 00 00 00 3F 50 B8 BE ....)... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.950260, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 29 00 00 00 00 00 00 00 3F 50 B8 BE ....)... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.950464, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/08/30 15:27:52.950589, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (5->4) [2012/08/30 15:27:52.950708, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2012/08/30 15:27:52.951215, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000028-0000-0000-3f50-b8beee0b0000 [2012/08/30 15:27:52.951704, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 28 00 00 00 00 00 00 00 3F 50 B8 BE ....(... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.951906, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 28 00 00 00 00 00 00 00 3F 50 B8 BE ....(... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.952139, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/08/30 15:27:52.952262, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (4->3) [2012/08/30 15:27:52.952380, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2012/08/30 15:27:52.952887, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000027-0000-0000-3f50-b8beee0b0000 [2012/08/30 15:27:52.953320, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 27 00 00 00 00 00 00 00 3F 50 B8 BE ....'... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.953526, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 27 00 00 00 00 00 00 00 3F 50 B8 BE ....'... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.953726, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/08/30 15:27:52.953845, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (3->2) [2012/08/30 15:27:52.953964, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2012/08/30 15:27:52.954550, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) spoolss_GetPrinter: struct spoolss_GetPrinter out: struct spoolss_GetPrinter info : * info : union spoolss_PrinterInfo(case 2) info2: struct spoolss_PrinterInfo2 servername : * servername : '\\orange' printername : * printername : '\\orange\HP_4515' sharename : * sharename : 'HP_4515' portname : * portname : 'Samba Printer Port' drivername : * drivername : 'HP_4515' comment : * comment : 'cups printer' location : * location : '' devmode : * devmode: struct spoolss_DeviceMode devicename : '\\orange\HP_4515' specversion : DMSPEC_NT4_AND_ABOVE (1025) driverversion : 0x0400 (1024) size : 0x00dc (220) __driverextra_length : 0x0000 (0) fields : 0x00014713 (83731) 1: DEVMODE_ORIENTATION 1: DEVMODE_PAPERSIZE 0: DEVMODE_PAPERLENGTH 0: DEVMODE_PAPERWIDTH 1: DEVMODE_SCALE 0: DEVMODE_POSITION 0: DEVMODE_NUP 1: DEVMODE_COPIES 1: DEVMODE_DEFAULTSOURCE 1: DEVMODE_PRINTQUALITY 0: DEVMODE_COLOR 0: DEVMODE_DUPLEX 0: DEVMODE_YRESOLUTION 1: DEVMODE_TTOPTION 0: DEVMODE_COLLATE 1: DEVMODE_FORMNAME 0: DEVMODE_LOGPIXELS 0: DEVMODE_BITSPERPEL 0: DEVMODE_PELSWIDTH 0: DEVMODE_PELSHEIGHT 0: DEVMODE_DISPLAYFLAGS 0: DEVMODE_DISPLAYFREQUENCY 0: DEVMODE_ICMMETHOD 0: DEVMODE_ICMINTENT 0: DEVMODE_MEDIATYPE 0: DEVMODE_DITHERTYPE 0: DEVMODE_PANNINGWIDTH 0: DEVMODE_PANNINGHEIGHT orientation : DMORIENT_PORTRAIT (1) papersize : DMPAPER_LETTER (1) paperlength : 0x0000 (0) paperwidth : 0x0000 (0) scale : 0x0064 (100) copies : 0x0001 (1) defaultsource : DMBIN_FORMSOURCE (15) printquality : DMRES_HIGH (65532) color : DMRES_MONOCHROME (1) duplex : DMDUP_SIMPLEX (1) yresolution : 0x0000 (0) ttoption : DMTT_SUBDEV (3) collate : DMCOLLATE_FALSE (0) formname : 'Letter' logpixels : 0x0000 (0) bitsperpel : 0x00000000 (0) pelswidth : 0x00000000 (0) pelsheight : 0x00000000 (0) displayflags : UNKNOWN_ENUM_VALUE (0) displayfrequency : 0x00000000 (0) icmmethod : UNKNOWN_ENUM_VALUE (0) icmintent : UNKNOWN_ENUM_VALUE (0) mediatype : UNKNOWN_ENUM_VALUE (0) dithertype : UNKNOWN_ENUM_VALUE (0) reserved1 : 0x00000000 (0) reserved2 : 0x00000000 (0) panningwidth : 0x00000000 (0) panningheight : 0x00000000 (0) driverextra_data : DATA_BLOB length=0 sepfile : * sepfile : '' printprocessor : * printprocessor : 'winprint' datatype : * datatype : 'RAW' parameters : * parameters : '' secdesc : * secdesc: struct security_descriptor revision : SECURITY_DESCRIPTOR_REVISION_1 (1) type : 0x8004 (32772) 0: SEC_DESC_OWNER_DEFAULTED 0: SEC_DESC_GROUP_DEFAULTED 1: SEC_DESC_DACL_PRESENT 0: SEC_DESC_DACL_DEFAULTED 0: SEC_DESC_SACL_PRESENT 0: SEC_DESC_SACL_DEFAULTED 0: SEC_DESC_DACL_TRUSTED 0: SEC_DESC_SERVER_SECURITY 0: SEC_DESC_DACL_AUTO_INHERIT_REQ 0: SEC_DESC_SACL_AUTO_INHERIT_REQ 0: SEC_DESC_DACL_AUTO_INHERITED 0: SEC_DESC_SACL_AUTO_INHERITED 0: SEC_DESC_DACL_PROTECTED 0: SEC_DESC_SACL_PROTECTED 0: SEC_DESC_RM_CONTROL_VALID 1: SEC_DESC_SELF_RELATIVE owner_sid : * owner_sid : S-1-5-32-544 group_sid : * group_sid : S-1-5-32-544 sacl : NULL dacl : * dacl: struct security_acl revision : SECURITY_ACL_REVISION_NT4 (2) size : 0x00c4 (196) num_aces : 0x00000007 (7) aces: ARRAY(7) aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x02 (2) 0: SEC_ACE_FLAG_OBJECT_INHERIT 1: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 0: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0014 (20) access_mask : 0x20020008 (537001992) object : union security_ace_object_ctr(case 0) trustee : S-1-1-0 aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x09 (9) 1: SEC_ACE_FLAG_OBJECT_INHERIT 0: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 1: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x09: SEC_ACE_FLAG_VALID_INHERIT (9) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0024 (36) access_mask : 0x100f000c (269418508) object : union security_ace_object_ctr(case 0) trustee : S-1-5-21-3266308635-3715972288-3547500332-512 aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x02 (2) 0: SEC_ACE_FLAG_OBJECT_INHERIT 1: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 0: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0024 (36) access_mask : 0x100f000c (269418508) object : union security_ace_object_ctr(case 0) trustee : S-1-5-21-3266308635-3715972288-3547500332-512 aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x09 (9) 1: SEC_ACE_FLAG_OBJECT_INHERIT 0: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 1: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x09: SEC_ACE_FLAG_VALID_INHERIT (9) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0018 (24) access_mask : 0x100f000c (269418508) object : union security_ace_object_ctr(case 0) trustee : S-1-5-32-544 aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x02 (2) 0: SEC_ACE_FLAG_OBJECT_INHERIT 1: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 0: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0018 (24) access_mask : 0x100f000c (269418508) object : union security_ace_object_ctr(case 0) trustee : S-1-5-32-544 aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x09 (9) 1: SEC_ACE_FLAG_OBJECT_INHERIT 0: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 1: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x09: SEC_ACE_FLAG_VALID_INHERIT (9) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0018 (24) access_mask : 0x100f000c (269418508) object : union security_ace_object_ctr(case 0) trustee : S-1-5-32-550 aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x02 (2) 0: SEC_ACE_FLAG_OBJECT_INHERIT 1: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 0: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0018 (24) access_mask : 0x100f000c (269418508) object : union security_ace_object_ctr(case 0) trustee : S-1-5-32-550 attributes : 0x00001048 (4168) 0: PRINTER_ATTRIBUTE_QUEUED 0: PRINTER_ATTRIBUTE_DIRECT 0: PRINTER_ATTRIBUTE_DEFAULT 1: PRINTER_ATTRIBUTE_SHARED 0: PRINTER_ATTRIBUTE_NETWORK 0: PRINTER_ATTRIBUTE_HIDDEN 1: PRINTER_ATTRIBUTE_LOCAL 0: PRINTER_ATTRIBUTE_ENABLE_DEVQ 0: PRINTER_ATTRIBUTE_KEEPPRINTEDJOBS 0: PRINTER_ATTRIBUTE_DO_COMPLETE_FIRST 0: PRINTER_ATTRIBUTE_WORK_OFFLINE 0: PRINTER_ATTRIBUTE_ENABLE_BIDI 1: PRINTER_ATTRIBUTE_RAW_ONLY 0: PRINTER_ATTRIBUTE_PUBLISHED 0: PRINTER_ATTRIBUTE_FAX 0: PRINTER_ATTRIBUTE_TS priority : 0x00000001 (1) defaultpriority : 0x00000001 (1) starttime : 0x00000000 (0) untiltime : 0x00000000 (0) status : 0x00000000 (0) 0: PRINTER_STATUS_PAUSED 0: PRINTER_STATUS_ERROR 0: PRINTER_STATUS_PENDING_DELETION 0: PRINTER_STATUS_PAPER_JAM 0: PRINTER_STATUS_PAPER_OUT 0: PRINTER_STATUS_MANUAL_FEED 0: PRINTER_STATUS_PAPER_PROBLEM 0: PRINTER_STATUS_OFFLINE 0: PRINTER_STATUS_IO_ACTIVE 0: PRINTER_STATUS_BUSY 0: PRINTER_STATUS_PRINTING 0: PRINTER_STATUS_OUTPUT_BIN_FULL 0: PRINTER_STATUS_NOT_AVAILABLE 0: PRINTER_STATUS_WAITING 0: PRINTER_STATUS_PROCESSING 0: PRINTER_STATUS_INITIALIZING 0: PRINTER_STATUS_WARMING_UP 0: PRINTER_STATUS_TONER_LOW 0: PRINTER_STATUS_NO_TONER 0: PRINTER_STATUS_PAGE_PUNT 0: PRINTER_STATUS_USER_INTERVENTION 0: PRINTER_STATUS_OUT_OF_MEMORY 0: PRINTER_STATUS_DOOR_OPEN 0: PRINTER_STATUS_SERVER_UNKNOWN 0: PRINTER_STATUS_POWER_SAVE cjobs : 0x00000000 (0) averageppm : 0x00000000 (0) needed : * needed : 0x00000308 (776) result : WERR_OK [2012/08/30 15:27:52.972656, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP) api_rpcTNP: called \spoolss successfully [2012/08/30 15:27:52.972795, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 1292 [2012/08/30 15:27:52.972956, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) name: \spoolss len: 1024 [2012/08/30 15:27:52.973183, 10] rpc_server/srv_pipe_hnd.c:346(read_from_internal_pipe) read_from_pipe: \spoolss: fault_state = 0 : data_sent_length = 0, p->out_data.rdata.length = 1264. [2012/08/30 15:27:52.973310, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) &r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_RESPONSE (2) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0508 (1288) auth_length : 0x0000 (0) call_id : 0x00000004 (4) u : union dcerpc_payload(case 2) response: struct dcerpc_response alloc_hint : 0x000004f0 (1264) context_id : 0x0000 (0) cancel_count : 0x00 (0) _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=1264 [0000] 04 00 02 00 E0 04 00 00 CE 04 00 00 AC 04 00 00 ........ ........ [0010] 9C 04 00 00 76 04 00 00 66 04 00 00 4C 04 00 00 ....v... f...L... [0020] 4A 04 00 00 50 03 00 00 48 04 00 00 36 04 00 00 J...P... H...6... [0030] 2E 04 00 00 2C 04 00 00 58 02 00 00 48 10 00 00 ....,... X...H... [0040] 01 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0200] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0210] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0220] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0230] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0240] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0250] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0260] 01 00 04 80 D8 00 00 00 E8 00 00 00 00 00 00 00 ........ ........ [0270] 14 00 00 00 02 00 C4 00 07 00 00 00 00 02 14 00 ........ ........ [0280] 08 00 02 20 01 01 00 00 00 00 00 01 00 00 00 00 ... .... ........ [0290] 00 09 24 00 0C 00 0F 10 01 05 00 00 00 00 00 05 ..$..... ........ [02A0] 15 00 00 00 1B EA AF C2 C0 3C 7D DD 2C 8F 72 D3 ........ .<}.,.r. [02B0] 00 02 00 00 00 02 24 00 0C 00 0F 10 01 05 00 00 ......$. ........ [02C0] 00 00 00 05 15 00 00 00 1B EA AF C2 C0 3C 7D DD ........ .....<}. [02D0] 2C 8F 72 D3 00 02 00 00 00 09 18 00 0C 00 0F 10 ,.r..... ........ [02E0] 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 ........ ... ... [02F0] 00 02 18 00 0C 00 0F 10 01 02 00 00 00 00 00 05 ........ ........ [0300] 20 00 00 00 20 02 00 00 00 09 18 00 0C 00 0F 10 ... ... ........ [0310] 01 02 00 00 00 00 00 05 20 00 00 00 26 02 00 00 ........ ...&... [0320] 00 02 18 00 0C 00 0F 10 01 02 00 00 00 00 00 05 ........ ........ [0330] 20 00 00 00 26 02 00 00 01 02 00 00 00 00 00 05 ...&... ........ [0340] 20 00 00 00 20 02 00 00 01 02 00 00 00 00 00 05 ... ... ........ [0350] 20 00 00 00 20 02 00 00 5C 00 5C 00 6F 00 72 00 ... ... \.\.o.r. [0360] 61 00 6E 00 67 00 65 00 5C 00 48 00 50 00 5F 00 a.n.g.e. \.H.P._. [0370] 34 00 35 00 31 00 35 00 00 00 00 00 00 00 00 00 4.5.1.5. ........ [0380] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0390] 00 00 00 00 00 00 00 00 01 04 00 04 DC 00 00 00 ........ ........ [03A0] 13 47 01 00 01 00 01 00 00 00 00 00 64 00 01 00 .G...... ....d... [03B0] 0F 00 FC FF 01 00 01 00 00 00 03 00 00 00 4C 00 ........ ......L. [03C0] 65 00 74 00 74 00 65 00 72 00 00 00 00 00 00 00 e.t.t.e. r....... [03D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0400] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0410] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0420] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0430] 00 00 00 00 00 00 52 00 41 00 57 00 00 00 77 00 ......R. A.W...w. [0440] 69 00 6E 00 70 00 72 00 69 00 6E 00 74 00 00 00 i.n.p.r. i.n.t... [0450] 00 00 00 00 63 00 75 00 70 00 73 00 20 00 70 00 ....c.u. p.s. .p. [0460] 72 00 69 00 6E 00 74 00 65 00 72 00 00 00 48 00 r.i.n.t. e.r...H. [0470] 50 00 5F 00 34 00 35 00 31 00 35 00 00 00 53 00 P._.4.5. 1.5...S. [0480] 61 00 6D 00 62 00 61 00 20 00 50 00 72 00 69 00 a.m.b.a. .P.r.i. [0490] 6E 00 74 00 65 00 72 00 20 00 50 00 6F 00 72 00 n.t.e.r. .P.o.r. [04A0] 74 00 00 00 48 00 50 00 5F 00 34 00 35 00 31 00 t...H.P. _.4.5.1. [04B0] 35 00 00 00 5C 00 5C 00 6F 00 72 00 61 00 6E 00 5...\.\. o.r.a.n. [04C0] 67 00 65 00 5C 00 48 00 50 00 5F 00 34 00 35 00 g.e.\.H. P._.4.5. [04D0] 31 00 35 00 00 00 5C 00 5C 00 6F 00 72 00 61 00 1.5...\. \.o.r.a. [04E0] 6E 00 67 00 65 00 00 00 08 03 00 00 00 00 00 00 n.g.e... ........ [2012/08/30 15:27:52.981784, 10] rpc_server/srv_pipe_hnd.c:788(np_read_recv) Received 1024 bytes. There is more data outstanding [2012/08/30 15:27:52.981915, 5] smbd/ipc.c:103(send_trans_reply) send_trans_reply: buffer 1024 too large [2012/08/30 15:27:52.982036, 5] smbd/ipc.c:62(copy_trans_params_and_data) copy_trans_params_and_data: params[0..0] data[0..1024] (align 0) [2012/08/30 15:27:52.982188, 3] smbd/error.c:81(error_packet_set) error packet at smbd/ipc.c(137) cmd=37 (SMBtrans) STATUS_BUFFER_OVERFLOW [2012/08/30 15:27:52.982308, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:52.982370, 5] lib/util.c:342(show_msg) size=1080 smb_com=0x25 smb_rcls=5 smb_reh=0 smb_err=32768 smb_flg=136 smb_flg2=51203 smb_tid=1 smb_pid=1080 smb_uid=100 smb_mid=7169 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 1024 (0x400) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 1024 (0x400) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=1025 [2012/08/30 15:27:52.983770, 10] ../lib/util/util.c:415(dump_data) [0000] 00 05 00 02 03 10 00 00 00 08 05 00 00 04 00 00 ........ ........ [0010] 00 F0 04 00 00 00 00 00 00 04 00 02 00 E0 04 00 ........ ........ [0020] 00 CE 04 00 00 AC 04 00 00 9C 04 00 00 76 04 00 ........ .....v.. [0030] 00 66 04 00 00 4C 04 00 00 4A 04 00 00 50 03 00 .f...L.. .J...P.. [0040] 00 48 04 00 00 36 04 00 00 2E 04 00 00 2C 04 00 .H...6.. .....,.. [0050] 00 58 02 00 00 48 10 00 00 01 00 00 00 01 00 00 .X...H.. ........ [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [2012/08/30 15:27:52.987275, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 59 [2012/08/30 15:27:52.987521, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x3b [2012/08/30 15:27:52.987669, 3] smbd/process.c:1662(process_smb) Transaction 34 of length 63 (0 toread) [2012/08/30 15:27:52.987790, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:52.987852, 5] lib/util.c:342(show_msg) size=59 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=100 smb_mid=7233 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]=17756 (0x455C) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 264 (0x108) smb_vwv[ 6]= 264 (0x108) smb_vwv[ 7]=65535 (0xFFFF) smb_vwv[ 8]=65535 (0xFFFF) smb_vwv[ 9]= 264 (0x108) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=0 [2012/08/30 15:27:52.989647, 10] ../lib/util/util.c:415(dump_data) [2012/08/30 15:27:52.989713, 3] smbd/process.c:1467(switch_message) switch message SMBreadX (pid 3054) conn 0x7fd50c02fa20 [2012/08/30 15:27:52.989851, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/08/30 15:27:52.989974, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) name: \spoolss len: 264 [2012/08/30 15:27:52.990095, 10] rpc_server/srv_pipe_hnd.c:325(read_from_internal_pipe) read_from_pipe: \spoolss: current_pdu_len = 1288, current_pdu_sent = 1024 returning 264 bytes. [2012/08/30 15:27:52.990218, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) free_pipe_context: destroying talloc pool of size 4526 [2012/08/30 15:27:52.990350, 10] rpc_server/rpc_handles.c:307(close_policy_by_pipe) close_policy_by_pipe: deleted handle list for pipe \winreg [2012/08/30 15:27:52.990667, 10] rpc_server/srv_pipe_hnd.c:788(np_read_recv) Received 264 bytes. There is more data outstanding [2012/08/30 15:27:52.990956, 3] smbd/pipes.c:485(pipe_read_andx_done) readX-IPC min=264 max=264 nread=264 [2012/08/30 15:27:52.991691, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 128 [2012/08/30 15:27:52.991866, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x80 [2012/08/30 15:27:52.992024, 3] smbd/process.c:1662(process_smb) Transaction 35 of length 132 (0 toread) [2012/08/30 15:27:52.992154, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:52.992222, 5] lib/util.c:342(show_msg) size=128 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=1080 smb_uid=100 smb_mid=7297 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 44 (0x2C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1288 (0x508) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 44 (0x2C) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=17756 (0x455C) smb_bcc=61 [2012/08/30 15:27:52.994990, 10] ../lib/util/util.c:415(dump_data) [0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [0010] 00 05 00 00 03 10 00 00 00 2C 00 00 00 05 00 00 ........ .,...... [0020] 00 14 00 00 00 00 00 1D 00 00 00 00 00 20 00 00 ........ ..... .. [0030] 00 00 00 00 00 3F 50 B8 BE EE 0B 00 00 .....?P. ..... [2012/08/30 15:27:52.995364, 3] smbd/process.c:1467(switch_message) switch message SMBtrans (pid 3054) conn 0x7fd50c02fa20 [2012/08/30 15:27:52.995488, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/08/30 15:27:52.996590, 3] smbd/ipc.c:560(handle_trans) trans <\PIPE\> data=44 params=0 setup=2 [2012/08/30 15:27:52.996713, 5] smbd/ipc.c:593(handle_trans) calling named_pipe [2012/08/30 15:27:52.996831, 3] smbd/ipc.c:511(named_pipe) named pipe command on <> name [2012/08/30 15:27:52.996948, 5] smbd/ipc.c:434(api_fd_reply) api_fd_reply [2012/08/30 15:27:52.997067, 3] smbd/ipc.c:475(api_fd_reply) Got API command 0x26 on pipe "spoolss" (pnum 455c) [2012/08/30 15:27:52.997186, 10] smbd/ipc.c:477(api_fd_reply) api_fd_reply: p:0x7fd50c026d50 max_trans_reply: 1288 [2012/08/30 15:27:52.997307, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 44 [2012/08/30 15:27:52.997426, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 44 [2012/08/30 15:27:52.997544, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 44 [2012/08/30 15:27:52.997662, 10] rpc_server/srv_pipe_hnd.c:50(fill_rpc_header) fill_rpc_header: data_to_copy = 44, len_needed_to_complete_hdr = 16, receive_len = 0 [2012/08/30 15:27:52.997791, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 16 [2012/08/30 15:27:52.997909, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 28 [2012/08/30 15:27:52.998026, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 28 [2012/08/30 15:27:52.998146, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 0 [2012/08/30 15:27:52.999075, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 28 [2012/08/30 15:27:52.999201, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 28, incoming data = 28 [2012/08/30 15:27:52.999322, 10] rpc_server/srv_pipe.c:1877(process_complete_pdu) PDU is in Little Endian format! [2012/08/30 15:27:52.999447, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_REQUEST (0) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x002c (44) auth_length : 0x0000 (0) call_id : 0x00000005 (5) u : union dcerpc_payload(case 0) request: struct dcerpc_request alloc_hint : 0x00000014 (20) context_id : 0x0000 (0) opnum : 0x001d (29) object : union dcerpc_object(case 0) empty: struct dcerpc_empty _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=20 [0000] 00 00 00 00 20 00 00 00 00 00 00 00 3F 50 B8 BE .... ... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:53.007793, 10] rpc_server/srv_pipe.c:1890(process_complete_pdu) Processing packet type 0 [2012/08/30 15:27:53.010742, 10] rpc_server/srv_pipe.c:1734(dcesrv_auth_request) Checking request auth. [2012/08/30 15:27:53.010895, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) Requested \PIPE\\spoolss [2012/08/30 15:27:53.011039, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) api_rpcTNP: \spoolss op 0x1d - api_rpcTNP: rpc command: SPOOLSS_CLOSEPRINTER [2012/08/30 15:27:53.011177, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) api_rpc_cmds[29].fn == 0x7fd50aed00b0 [2012/08/30 15:27:53.011315, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) spoolss_ClosePrinter: struct spoolss_ClosePrinter in: struct spoolss_ClosePrinter handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000020-0000-0000-3f50-b8beee0b0000 [2012/08/30 15:27:53.011754, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 20 00 00 00 00 00 00 00 3F 50 B8 BE .... ... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:53.012001, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 20 00 00 00 00 00 00 00 3F 50 B8 BE .... ... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:53.012418, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 20 00 00 00 00 00 00 00 3F 50 B8 BE .... ... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:53.012616, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/08/30 15:27:53.012779, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) spoolss_ClosePrinter: struct spoolss_ClosePrinter out: struct spoolss_ClosePrinter handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2012/08/30 15:27:53.013256, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP) api_rpcTNP: called \spoolss successfully [2012/08/30 15:27:53.013398, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 28 [2012/08/30 15:27:53.013535, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) name: \spoolss len: 1288 [2012/08/30 15:27:53.013656, 10] rpc_server/srv_pipe_hnd.c:346(read_from_internal_pipe) read_from_pipe: \spoolss: fault_state = 0 : data_sent_length = 0, p->out_data.rdata.length = 24. [2012/08/30 15:27:53.013781, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) &r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_RESPONSE (2) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0030 (48) auth_length : 0x0000 (0) call_id : 0x00000005 (5) u : union dcerpc_payload(case 2) response: struct dcerpc_response alloc_hint : 0x00000018 (24) context_id : 0x0000 (0) cancel_count : 0x00 (0) _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=24 [0000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0010] 00 00 00 00 00 00 00 00 ........ [2012/08/30 15:27:53.015362, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) free_pipe_context: destroying talloc pool of size 29 [2012/08/30 15:27:53.015496, 10] rpc_server/srv_pipe_hnd.c:788(np_read_recv) Received 48 bytes. There is no more data outstanding [2012/08/30 15:27:53.015618, 5] smbd/ipc.c:62(copy_trans_params_and_data) copy_trans_params_and_data: params[0..0] data[0..48] (align 0) [2012/08/30 15:27:53.015748, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:53.015811, 5] lib/util.c:342(show_msg) size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=1 smb_pid=1080 smb_uid=100 smb_mid=7297 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [2012/08/30 15:27:53.017261, 10] ../lib/util/util.c:415(dump_data) [0000] 00 05 00 02 03 10 00 00 00 30 00 00 00 05 00 00 ........ .0...... [0010] 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0030] 00 . [2012/08/30 15:27:53.018646, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 41 [2012/08/30 15:27:53.018827, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x29 [2012/08/30 15:27:53.018951, 3] smbd/process.c:1662(process_smb) Transaction 36 of length 45 (0 toread) [2012/08/30 15:27:53.019228, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:53.019292, 5] lib/util.c:342(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=100 smb_mid=7361 smt_wct=3 smb_vwv[ 0]=17756 (0x455C) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2012/08/30 15:27:53.020594, 10] ../lib/util/util.c:415(dump_data) [2012/08/30 15:27:53.020673, 3] smbd/process.c:1467(switch_message) switch message SMBclose (pid 3054) conn 0x7fd50c02fa20 [2012/08/30 15:27:53.020800, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/08/30 15:27:53.020925, 3] smbd/reply.c:4848(reply_close) close fd=-1 fnum=17756 (numopen=1) [2012/08/30 15:27:53.021047, 6] smbd/close.c:532(set_close_write_time) close_write_time: Sun Feb 7 01:28:15 2106 [2012/08/30 15:27:53.021227, 10] rpc_server/rpc_handles.c:307(close_policy_by_pipe) close_policy_by_pipe: deleted handle list for pipe \spoolss [2012/08/30 15:27:53.021355, 5] smbd/files.c:482(file_free) freed files structure 17756 (0 used) [2012/08/30 15:27:53.021476, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:53.021538, 5] lib/util.c:342(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=1 smb_pid=65279 smb_uid=100 smb_mid=7361 smt_wct=0 smb_bcc=0 [2012/08/30 15:27:53.022316, 10] ../lib/util/util.c:415(dump_data) [2012/08/30 15:27:53.054530, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 102 [2012/08/30 15:27:53.054740, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x66 [2012/08/30 15:27:53.054863, 3] smbd/process.c:1662(process_smb) Transaction 37 of length 106 (0 toread) [2012/08/30 15:27:53.054981, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:53.055074, 5] lib/util.c:342(show_msg) size=102 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=1080 smb_uid=100 smb_mid=7425 smt_wct=24 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 4096 (0x1000) smb_vwv[ 3]= 4096 (0x1000) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]=40704 (0x9F00) smb_vwv[ 8]= 4609 (0x1201) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 1792 (0x700) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 256 (0x100) smb_vwv[18]= 0 (0x0) smb_vwv[19]=16384 (0x4000) smb_vwv[20]=16384 (0x4000) smb_vwv[21]= 512 (0x200) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 768 (0x300) smb_bcc=19 [2012/08/30 15:27:53.057458, 10] ../lib/util/util.c:415(dump_data) [0000] FF 5C 00 73 00 70 00 6F 00 6F 00 6C 00 73 00 73 .\.s.p.o .o.l.s.s [0010] 00 00 00 ... [2012/08/30 15:27:53.057657, 3] smbd/process.c:1467(switch_message) switch message SMBntcreateX (pid 3054) conn 0x7fd50c02fa20 [2012/08/30 15:27:53.057794, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/08/30 15:27:53.057920, 10] smbd/nttrans.c:500(reply_ntcreate_and_X) reply_ntcreate_and_X: flags = 0x10, access_mask = 0x12019f file_attributes = 0x0, share_access = 0x7, create_disposition = 0x1 create_options = 0x400040 root_dir_fid = 0x0, fname = spoolss [2012/08/30 15:27:53.058042, 4] smbd/nttrans.c:288(nt_open_pipe) nt_open_pipe: Opening pipe \spoolss. [2012/08/30 15:27:53.058167, 5] smbd/files.c:140(file_new) allocated file structure 13661, fnum = 17757 (1 used) [2012/08/30 15:27:53.058290, 10] smbd/files.c:705(file_name_hash) file_name_hash: /tmp/spoolss hash 0x7d4e46e5 [2012/08/30 15:27:53.058430, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) Create pipe requested \spoolss [2012/08/30 15:27:53.058572, 10] rpc_server/rpc_handles.c:116(init_pipe_handles) init_pipe_handle_list: created handle list for pipe \spoolss [2012/08/30 15:27:53.058689, 10] rpc_server/rpc_handles.c:133(init_pipe_handles) init_pipe_handle_list: pipe_handles ref count = 1 for pipe \spoolss [2012/08/30 15:27:53.058820, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) Created internal pipe \spoolss (pipes_open=0) [2012/08/30 15:27:53.058956, 5] smbd/nttrans.c:377(do_ntcreate_pipe_open) do_ntcreate_pipe_open: open pipe = \spoolss [2012/08/30 15:27:53.062128, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 72 [2012/08/30 15:27:53.062460, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x48 [2012/08/30 15:27:53.062583, 3] smbd/process.c:1662(process_smb) Transaction 38 of length 76 (0 toread) [2012/08/30 15:27:53.062702, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:53.062764, 5] lib/util.c:342(show_msg) size=72 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=1080 smb_uid=100 smb_mid=7489 smt_wct=15 smb_vwv[ 0]= 4 (0x4) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 2 (0x2) smb_vwv[ 3]= 24 (0x18) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 4 (0x4) smb_vwv[10]= 68 (0x44) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 1 (0x1) smb_vwv[14]= 7 (0x7) smb_bcc=7 [2012/08/30 15:27:53.065224, 10] ../lib/util/util.c:415(dump_data) [0000] 00 00 00 5D 45 ED 03 ...]E.. [2012/08/30 15:27:53.065364, 3] smbd/process.c:1467(switch_message) switch message SMBtrans2 (pid 3054) conn 0x7fd50c02fa20 [2012/08/30 15:27:53.065501, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/08/30 15:27:53.065739, 9] smbd/trans2.c:935(send_trans2_replies) t2_rep: params_sent_thistime = 2, data_sent_thistime = 24, useable_space = 131010 [2012/08/30 15:27:53.065863, 9] smbd/trans2.c:937(send_trans2_replies) t2_rep: params_to_send = 2, data_to_send = 24, paramsize = 2, datasize = 24 [2012/08/30 15:27:53.065981, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:53.066043, 5] lib/util.c:342(show_msg) size=84 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=1 smb_pid=1080 smb_uid=100 smb_mid=7489 smt_wct=10 smb_vwv[ 0]= 2 (0x2) smb_vwv[ 1]= 24 (0x18) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 2 (0x2) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 24 (0x18) smb_vwv[ 7]= 60 (0x3C) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=29 [2012/08/30 15:27:53.067480, 10] ../lib/util/util.c:415(dump_data) [0000] 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 ........ ........ [0010] 00 00 00 00 00 01 00 00 00 01 00 00 00 ........ ..... [2012/08/30 15:27:53.069332, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 224 [2012/08/30 15:27:53.069591, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0xe0 [2012/08/30 15:27:53.069710, 3] smbd/process.c:1662(process_smb) Transaction 39 of length 228 (0 toread) [2012/08/30 15:27:53.069827, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:53.069888, 5] lib/util.c:342(show_msg) size=224 smb_com=0x2f smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=100 smb_mid=7553 smt_wct=14 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]=17757 (0x455D) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]=65535 (0xFFFF) smb_vwv[ 6]=65535 (0xFFFF) smb_vwv[ 7]= 8 (0x8) smb_vwv[ 8]= 160 (0xA0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 160 (0xA0) smb_vwv[11]= 64 (0x40) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_bcc=161 [2012/08/30 15:27:53.072100, 10] ../lib/util/util.c:415(dump_data) [0000] EE 05 00 0B 03 10 00 00 00 A0 00 00 00 02 00 00 ........ ........ [0010] 00 B8 10 B8 10 00 00 00 00 03 00 00 00 00 00 01 ........ ........ [0020] 00 78 56 34 12 34 12 CD AB EF 00 01 23 45 67 89 .xV4.4.. ....#Eg. [0030] AB 01 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 ......]. ........ [0040] 00 2B 10 48 60 02 00 00 00 01 00 01 00 78 56 34 .+.H`... .....xV4 [0050] 12 34 12 CD AB EF 00 01 23 45 67 89 AB 01 00 00 .4...... #Eg..... [0060] 00 33 05 71 71 BA BE 37 49 83 19 B5 DB EF 9C CC .3.qq..7 I....... [0070] 36 01 00 00 00 02 00 01 00 78 56 34 12 34 12 CD 6....... .xV4.4.. [0080] AB EF 00 01 23 45 67 89 AB 01 00 00 00 2C 1C B7 ....#Eg. .....,.. [0090] 6C 12 98 40 45 03 00 00 00 00 00 00 00 01 00 00 l..@E... ........ [00A0] 00 . [2012/08/30 15:27:53.073391, 3] smbd/process.c:1467(switch_message) switch message SMBwriteX (pid 3054) conn 0x7fd50c02fa20 [2012/08/30 15:27:53.073636, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/08/30 15:27:53.073892, 6] smbd/pipes.c:300(reply_pipe_write_and_X) reply_pipe_write_and_X: 455d name: spoolss len: 160 [2012/08/30 15:27:53.074015, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 160 [2012/08/30 15:27:53.074134, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 160 [2012/08/30 15:27:53.074251, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 160 [2012/08/30 15:27:53.074368, 10] rpc_server/srv_pipe_hnd.c:50(fill_rpc_header) fill_rpc_header: data_to_copy = 160, len_needed_to_complete_hdr = 16, receive_len = 0 [2012/08/30 15:27:53.074485, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 16 [2012/08/30 15:27:53.074602, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 144 [2012/08/30 15:27:53.074718, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 144 [2012/08/30 15:27:53.074854, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 0 [2012/08/30 15:27:53.074970, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 144 [2012/08/30 15:27:53.075086, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 144, incoming data = 144 [2012/08/30 15:27:53.075204, 10] rpc_server/srv_pipe.c:1877(process_complete_pdu) PDU is in Little Endian format! [2012/08/30 15:27:53.075361, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_BIND (11) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x00a0 (160) auth_length : 0x0000 (0) call_id : 0x00000002 (2) u : union dcerpc_payload(case 11) bind: struct dcerpc_bind max_xmit_frag : 0x10b8 (4280) max_recv_frag : 0x10b8 (4280) assoc_group_id : 0x00000000 (0) num_contexts : 0x03 (3) ctx_list: ARRAY(3) ctx_list: struct dcerpc_ctx_list context_id : 0x0000 (0) num_transfer_syntaxes : 0x01 (1) abstract_syntax: struct ndr_syntax_id uuid : 12345678-1234-abcd-ef00-0123456789ab if_version : 0x00000001 (1) transfer_syntaxes: ARRAY(1) transfer_syntaxes: struct ndr_syntax_id uuid : 8a885d04-1ceb-11c9-9fe8-08002b104860 if_version : 0x00000002 (2) ctx_list: struct dcerpc_ctx_list context_id : 0x0001 (1) num_transfer_syntaxes : 0x01 (1) abstract_syntax: struct ndr_syntax_id uuid : 12345678-1234-abcd-ef00-0123456789ab if_version : 0x00000001 (1) transfer_syntaxes: ARRAY(1) transfer_syntaxes: struct ndr_syntax_id uuid : 71710533-beba-4937-8319-b5dbef9ccc36 if_version : 0x00000001 (1) ctx_list: struct dcerpc_ctx_list context_id : 0x0002 (2) num_transfer_syntaxes : 0x01 (1) abstract_syntax: struct ndr_syntax_id uuid : 12345678-1234-abcd-ef00-0123456789ab if_version : 0x00000001 (1) transfer_syntaxes: ARRAY(1) transfer_syntaxes: struct ndr_syntax_id uuid : 6cb71c2c-9812-4540-0300-000000000000 if_version : 0x00000001 (1) auth_info : DATA_BLOB length=0 [2012/08/30 15:27:53.078634, 10] rpc_server/srv_pipe.c:1890(process_complete_pdu) Processing packet type 11 [2012/08/30 15:27:53.078757, 3] rpc_server/srv_pipe.c:889(api_pipe_bind_req) api_pipe_bind_req: \PIPE\spoolss -> \PIPE\spoolss [2012/08/30 15:27:53.078875, 5] rpc_server/srv_pipe.c:923(api_pipe_bind_req) api_pipe_bind_req: make response. 923 [2012/08/30 15:27:53.078992, 3] rpc_server/srv_pipe.c:339(check_bind_req) check_bind_req for \spoolss [2012/08/30 15:27:53.079112, 3] rpc_server/srv_pipe.c:346(check_bind_req) check_bind_req: \PIPE\spoolss -> \PIPE\spoolss [2012/08/30 15:27:53.079239, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) &r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_BIND_ACK (12) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0044 (68) auth_length : 0x0000 (0) call_id : 0x00000002 (2) u : union dcerpc_payload(case 12) bind_ack: struct dcerpc_bind_ack max_xmit_frag : 0x10b8 (4280) max_recv_frag : 0x10b8 (4280) assoc_group_id : 0x000053f0 (21488) secondary_address_size : 0x000e (14) secondary_address : '\PIPE\spoolss' _pad1 : DATA_BLOB length=0 num_results : 0x01 (1) ctx_list: ARRAY(1) ctx_list: struct dcerpc_ack_ctx result : 0x0000 (0) reason : 0x0000 (0) syntax: struct ndr_syntax_id uuid : 8a885d04-1ceb-11c9-9fe8-08002b104860 if_version : 0x00000002 (2) auth_info : DATA_BLOB length=0 [2012/08/30 15:27:53.081473, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 144 [2012/08/30 15:27:53.081619, 3] smbd/pipes.c:361(pipe_write_andx_done) writeX-IPC nwritten=160 [2012/08/30 15:27:53.082724, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 59 [2012/08/30 15:27:53.082899, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x3b [2012/08/30 15:27:53.083018, 3] smbd/process.c:1662(process_smb) Transaction 40 of length 63 (0 toread) [2012/08/30 15:27:53.083145, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:53.083207, 5] lib/util.c:342(show_msg) size=59 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=100 smb_mid=7617 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]=17757 (0x455D) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 1024 (0x400) smb_vwv[ 6]= 1024 (0x400) smb_vwv[ 7]=65535 (0xFFFF) smb_vwv[ 8]=65535 (0xFFFF) smb_vwv[ 9]= 1024 (0x400) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=0 [2012/08/30 15:27:53.084782, 10] ../lib/util/util.c:415(dump_data) [2012/08/30 15:27:53.084858, 3] smbd/process.c:1467(switch_message) switch message SMBreadX (pid 3054) conn 0x7fd50c02fa20 [2012/08/30 15:27:53.085022, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/08/30 15:27:53.085147, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) name: \spoolss len: 1024 [2012/08/30 15:27:53.085271, 10] rpc_server/srv_pipe_hnd.c:325(read_from_internal_pipe) read_from_pipe: \spoolss: current_pdu_len = 68, current_pdu_sent = 0 returning 68 bytes. [2012/08/30 15:27:53.085479, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) free_pipe_context: destroying talloc pool of size 29 [2012/08/30 15:27:53.085615, 10] rpc_server/srv_pipe_hnd.c:788(np_read_recv) Received 68 bytes. There is no more data outstanding [2012/08/30 15:27:53.085738, 3] smbd/pipes.c:485(pipe_read_andx_done) readX-IPC min=1024 max=1024 nread=68 [2012/08/30 15:27:53.086609, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 292 [2012/08/30 15:27:53.086823, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x124 [2012/08/30 15:27:53.086943, 3] smbd/process.c:1662(process_smb) Transaction 41 of length 296 (0 toread) [2012/08/30 15:27:53.087060, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:53.087122, 5] lib/util.c:342(show_msg) size=292 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=1080 smb_uid=100 smb_mid=7681 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 208 (0xD0) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 208 (0xD0) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=17757 (0x455D) smb_bcc=225 [2012/08/30 15:27:53.089874, 10] ../lib/util/util.c:415(dump_data) [0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [0010] 00 05 00 00 03 10 00 00 00 D0 00 00 00 02 00 00 ........ ........ [0020] 00 B8 00 00 00 00 00 45 00 00 00 02 00 11 00 00 .......E ........ [0030] 00 00 00 00 00 11 00 00 00 5C 00 5C 00 6F 00 72 ........ .\.\.o.r [0040] 00 61 00 6E 00 67 00 65 00 5C 00 48 00 50 00 5F .a.n.g.e .\.H.P._ [0050] 00 34 00 35 00 31 00 35 00 00 00 00 00 00 00 00 .4.5.1.5 ........ [0060] 00 00 00 00 00 00 00 00 00 08 00 00 00 01 00 00 ........ ........ [0070] 00 01 00 00 00 04 00 02 00 28 00 00 00 08 00 02 ........ .(...... [0080] 00 0C 00 02 00 B1 1D 00 00 03 00 00 00 00 00 00 ........ ........ [0090] 00 09 00 00 00 07 00 00 00 00 00 00 00 07 00 00 ........ ........ [00A0] 00 50 00 41 00 4E 00 41 00 4D 00 41 00 00 00 00 .P.A.N.A .M.A.... [00B0] 00 12 00 00 00 00 00 00 00 12 00 00 00 41 00 43 ........ .....A.C [00C0] 00 52 00 5C 00 61 00 64 00 6D 00 69 00 6E 00 69 .R.\.a.d .m.i.n.i [00D0] 00 73 00 74 00 72 00 61 00 74 00 6F 00 72 00 00 .s.t.r.a .t.o.r.. [00E0] 00 . [2012/08/30 15:27:53.091038, 3] smbd/process.c:1467(switch_message) switch message SMBtrans (pid 3054) conn 0x7fd50c02fa20 [2012/08/30 15:27:53.091158, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/08/30 15:27:53.091293, 3] smbd/ipc.c:560(handle_trans) trans <\PIPE\> data=208 params=0 setup=2 [2012/08/30 15:27:53.091414, 5] smbd/ipc.c:593(handle_trans) calling named_pipe [2012/08/30 15:27:53.091729, 3] smbd/ipc.c:511(named_pipe) named pipe command on <> name [2012/08/30 15:27:53.091854, 5] smbd/ipc.c:434(api_fd_reply) api_fd_reply [2012/08/30 15:27:53.091970, 3] smbd/ipc.c:475(api_fd_reply) Got API command 0x26 on pipe "spoolss" (pnum 455d) [2012/08/30 15:27:53.092089, 10] smbd/ipc.c:477(api_fd_reply) api_fd_reply: p:0x7fd50c02ba70 max_trans_reply: 1024 [2012/08/30 15:27:53.092207, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 208 [2012/08/30 15:27:53.092326, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 208 [2012/08/30 15:27:53.092461, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 208 [2012/08/30 15:27:53.092579, 10] rpc_server/srv_pipe_hnd.c:50(fill_rpc_header) fill_rpc_header: data_to_copy = 208, len_needed_to_complete_hdr = 16, receive_len = 0 [2012/08/30 15:27:53.092696, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 16 [2012/08/30 15:27:53.092812, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 192 [2012/08/30 15:27:53.092928, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 192 [2012/08/30 15:27:53.093616, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 0 [2012/08/30 15:27:53.093734, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 192 [2012/08/30 15:27:53.093850, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 192, incoming data = 192 [2012/08/30 15:27:53.093985, 10] rpc_server/srv_pipe.c:1877(process_complete_pdu) PDU is in Little Endian format! [2012/08/30 15:27:53.094109, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_REQUEST (0) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x00d0 (208) auth_length : 0x0000 (0) call_id : 0x00000002 (2) u : union dcerpc_payload(case 0) request: struct dcerpc_request alloc_hint : 0x000000b8 (184) context_id : 0x0000 (0) opnum : 0x0045 (69) object : union dcerpc_object(case 0) empty: struct dcerpc_empty _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=184 [0000] 00 00 02 00 11 00 00 00 00 00 00 00 11 00 00 00 ........ ........ [0010] 5C 00 5C 00 6F 00 72 00 61 00 6E 00 67 00 65 00 \.\.o.r. a.n.g.e. [0020] 5C 00 48 00 50 00 5F 00 34 00 35 00 31 00 35 00 \.H.P._. 4.5.1.5. [0030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0040] 08 00 00 00 01 00 00 00 01 00 00 00 04 00 02 00 ........ ........ [0050] 28 00 00 00 08 00 02 00 0C 00 02 00 B1 1D 00 00 (....... ........ [0060] 03 00 00 00 00 00 00 00 09 00 00 00 07 00 00 00 ........ ........ [0070] 00 00 00 00 07 00 00 00 50 00 41 00 4E 00 41 00 ........ P.A.N.A. [0080] 4D 00 41 00 00 00 00 00 12 00 00 00 00 00 00 00 M.A..... ........ [0090] 12 00 00 00 41 00 43 00 52 00 5C 00 61 00 64 00 ....A.C. R.\.a.d. [00A0] 6D 00 69 00 6E 00 69 00 73 00 74 00 72 00 61 00 m.i.n.i. s.t.r.a. [00B0] 74 00 6F 00 72 00 00 00 t.o.r... [2012/08/30 15:27:53.096618, 10] rpc_server/srv_pipe.c:1890(process_complete_pdu) Processing packet type 0 [2012/08/30 15:27:53.096742, 10] rpc_server/srv_pipe.c:1734(dcesrv_auth_request) Checking request auth. [2012/08/30 15:27:53.096892, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) Requested \PIPE\\spoolss [2012/08/30 15:27:53.097019, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) api_rpcTNP: \spoolss op 0x45 - api_rpcTNP: rpc command: SPOOLSS_OPENPRINTEREX [2012/08/30 15:27:53.097156, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) api_rpc_cmds[69].fn == 0x7fd50aec9b10 [2012/08/30 15:27:53.097303, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) spoolss_OpenPrinterEx: struct spoolss_OpenPrinterEx in: struct spoolss_OpenPrinterEx printername : * printername : '\\orange\HP_4515' datatype : NULL devmode_ctr: struct spoolss_DevmodeContainer _ndr_size : 0x00000000 (0) devmode : NULL access_mask : 0x00000008 (8) 0: SERVER_ACCESS_ADMINISTER 0: SERVER_ACCESS_ENUMERATE 0: PRINTER_ACCESS_ADMINISTER 1: PRINTER_ACCESS_USE 0: JOB_ACCESS_ADMINISTER 0: JOB_ACCESS_READ level : 0x00000001 (1) userlevel : union spoolss_UserLevel(case 1) level1 : * level1: struct spoolss_UserLevel1 size : 0x00000028 (40) client : * client : 'PANAMA' user : * user : 'ACR\administrator' build : 0x00001db1 (7601) major : UNKNOWN_ENUM_VALUE (3) minor : SPOOLSS_MINOR_VERSION_0 (0) processor : PROCESSOR_ARCHITECTURE_AMD64 (9) checking name: \\orange\HP_4515 [2012/08/30 15:27:53.099315, 10] rpc_server/spoolss/srv_spoolss_nt.c:752(open_printer_hnd) open_printer_hnd: name [\\orange\HP_4515] [2012/08/30 15:27:53.099529, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[1] [0000] 00 00 00 00 2B 00 00 00 00 00 00 00 3F 50 B9 BE ....+... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:53.099789, 3] rpc_server/spoolss/srv_spoolss_nt.c:521(set_printer_hnd_printertype) Setting printer type=\\orange\HP_4515 Printer is a printer [2012/08/30 15:27:53.099990, 4] rpc_server/spoolss/srv_spoolss_nt.c:581(set_printer_hnd_name) Setting printer name=\\orange\HP_4515 (len=16) searching for [HP_4515] [2012/08/30 15:27:53.100229, 10] lib/gencache.c:183(gencache_set_data_blob) Adding cache entry with key = PRINTERNAME/HP_4515 and timeout = Thu Aug 30 15:32:53 2012 (300 seconds ahead) set_printer_hnd_name: Printer found: HP_4515 -> HP_4515 [2012/08/30 15:27:53.100557, 5] rpc_server/spoolss/srv_spoolss_nt.c:788(open_printer_hnd) 1 printer handles active [2012/08/30 15:27:53.100720, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 2B 00 00 00 00 00 00 00 3F 50 B9 BE ....+... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:53.100947, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 2B 00 00 00 00 00 00 00 3F 50 B9 BE ....+... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:53.101192, 4] rpc_server/spoolss/srv_spoolss_nt.c:504(get_printer_snum) short name:HP_4515 [2012/08/30 15:27:53.101358, 3] lib/access.c:338(allow_access) Allowed connection from 192.168.30.50 (192.168.30.50) [2012/08/30 15:27:53.105633, 3] ../libcli/security/dom_sid.c:208(dom_sid_parse_endp) string_to_sid: SID root is not in a valid format [2012/08/30 15:27:53.105834, 10] passdb/lookup_sid.c:76(lookup_name) lookup_name: ACR\root => domain=[ACR], name=[root] [2012/08/30 15:27:53.105985, 10] passdb/lookup_sid.c:77(lookup_name) lookup_name: flags = 0x073 [2012/08/30 15:27:53.106125, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(10000, 513) : sec_ctx_stack_ndx = 1 [2012/08/30 15:27:53.106252, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(100) : conn_ctx_stack_ndx = 0 [2012/08/30 15:27:53.106392, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2012/08/30 15:27:53.106522, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2012/08/30 15:27:53.106658, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2012/08/30 15:27:53.106920, 5] lib/smbldap.c:1439(smbldap_search_ext) smbldap_search_ext: base => [dc=acr,dc=lab], filter => [(&(uid=root)(objectclass=sambaSamAccount))], scope => [2] [2012/08/30 15:27:53.108625, 4] passdb/pdb_ldap.c:1581(ldapsam_getsampwnam) ldapsam_getsampwnam: Unable to locate user [root] count=0 [2012/08/30 15:27:53.108829, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (10000, 513) - sec_ctx_stack_ndx = 0 [2012/08/30 15:27:53.108973, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(10000, 513) : sec_ctx_stack_ndx = 1 [2012/08/30 15:27:53.109133, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(100) : conn_ctx_stack_ndx = 0 [2012/08/30 15:27:53.109273, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2012/08/30 15:27:53.109417, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2012/08/30 15:27:53.109561, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2012/08/30 15:27:53.109789, 5] lib/smbldap.c:1439(smbldap_search_ext) smbldap_search_ext: base => [dc=acr,dc=lab], filter => [(&(objectClass=sambaGroupMapping)(|(displayName=root)(cn=root)))], scope => [2] [2012/08/30 15:27:53.112183, 4] passdb/pdb_ldap.c:2543(ldapsam_getgroup) ldapsam_getgroup: Did not find group, filter was (&(objectClass=sambaGroupMapping)(|(displayName=root)(cn=root))) [2012/08/30 15:27:53.112455, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (10000, 513) - sec_ctx_stack_ndx = 0 [2012/08/30 15:27:53.112595, 10] passdb/lookup_sid.c:76(lookup_name) lookup_name: Unix User\root => domain=[Unix User], name=[root] [2012/08/30 15:27:53.112720, 10] passdb/lookup_sid.c:77(lookup_name) lookup_name: flags = 0x073 [2012/08/30 15:27:53.112873, 5] lib/username.c:171(Get_Pwnam_alloc) Finding user root [2012/08/30 15:27:53.113006, 5] lib/username.c:116(Get_Pwnam_internals) Trying _Get_Pwnam(), username as lowercase is root [2012/08/30 15:27:53.113167, 5] lib/username.c:149(Get_Pwnam_internals) Get_Pwnam_internals did find user [root]! [2012/08/30 15:27:53.113295, 10] smbd/share_access.c:241(user_ok_token) user_ok_token: share HP_4515 is ok for unix user administrator [2012/08/30 15:27:53.113432, 4] rpc_server/spoolss/srv_spoolss_nt.c:1923(_spoolss_OpenPrinterEx) Setting printer access = PRINTER_ACCESS_USE [2012/08/30 15:27:53.113565, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) Create pipe requested \winreg [2012/08/30 15:27:53.113709, 10] rpc_server/rpc_handles.c:116(init_pipe_handles) init_pipe_handle_list: created handle list for pipe \winreg [2012/08/30 15:27:53.113835, 10] rpc_server/rpc_handles.c:133(init_pipe_handles) init_pipe_handle_list: pipe_handles ref count = 1 for pipe \winreg [2012/08/30 15:27:53.113994, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) Created internal pipe \winreg (pipes_open=0) [2012/08/30 15:27:53.114165, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM in: struct winreg_OpenHKLM system_name : NULL access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2012/08/30 15:27:53.115045, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2012/08/30 15:27:53.115188, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (2->3) [2012/08/30 15:27:53.115315, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM] [2012/08/30 15:27:53.115435, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM] [2012/08/30 15:27:53.115642, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:53.115780, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM] [2012/08/30 15:27:53.115965, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM] [2012/08/30 15:27:53.116105, 10] ../libcli/security/access_check.c:178(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2012/08/30 15:27:53.116436, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[1] [0000] 00 00 00 00 2C 00 00 00 00 00 00 00 3F 50 B9 BE ....,... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:53.116661, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM out: struct winreg_OpenHKLM handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000002c-0000-0000-3f50-b9beee0b0000 result : WERR_OK [2012/08/30 15:27:53.117230, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey in: struct winreg_OpenKey parent_handle : * parent_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000002c-0000-0000-3f50-b9beee0b0000 keyname: struct winreg_String name_len : 0x0088 (136) name_size : 0x0088 (136) name : * name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2012/08/30 15:27:53.118959, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 2C 00 00 00 00 00 00 00 3F 50 B9 BE ....,... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:53.119199, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2012/08/30 15:27:53.119324, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (3->4) [2012/08/30 15:27:53.119463, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] [2012/08/30 15:27:53.119647, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE] [2012/08/30 15:27:53.119786, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:53.119922, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE] [2012/08/30 15:27:53.120080, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE] [2012/08/30 15:27:53.120252, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2012/08/30 15:27:53.120377, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (4->5) [2012/08/30 15:27:53.120500, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] [2012/08/30 15:27:53.120637, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] [2012/08/30 15:27:53.120775, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:53.120911, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE\Microsoft] [2012/08/30 15:27:53.121085, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft] [2012/08/30 15:27:53.121251, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2012/08/30 15:27:53.121401, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (5->6) [2012/08/30 15:27:53.121545, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] [2012/08/30 15:27:53.121681, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] [2012/08/30 15:27:53.121817, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:53.121946, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] [2012/08/30 15:27:53.122104, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT] [2012/08/30 15:27:53.122256, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2012/08/30 15:27:53.122381, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (6->7) [2012/08/30 15:27:53.122520, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2012/08/30 15:27:53.122668, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2012/08/30 15:27:53.122793, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:53.122914, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b776320 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2012/08/30 15:27:53.123076, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2012/08/30 15:27:53.123201, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (7->8) [2012/08/30 15:27:53.123341, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2012/08/30 15:27:53.123472, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2012/08/30 15:27:53.124092, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:53.124234, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b776320 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2012/08/30 15:27:53.124416, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2012/08/30 15:27:53.124557, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (8->9) [2012/08/30 15:27:53.124699, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2012/08/30 15:27:53.124830, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2012/08/30 15:27:53.124974, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:53.125103, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2012/08/30 15:27:53.125266, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2012/08/30 15:27:53.125451, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [HP_4515] [2012/08/30 15:27:53.125594, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (9->10) [2012/08/30 15:27:53.125720, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:53.125856, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:53.125993, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:53.126128, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:53.126285, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:53.126427, 10] ../libcli/security/access_check.c:178(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2012/08/30 15:27:53.126568, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (10->9) [2012/08/30 15:27:53.126731, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (9->8) [2012/08/30 15:27:53.126869, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (8->7) [2012/08/30 15:27:53.127022, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (7->6) [2012/08/30 15:27:53.127152, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (6->5) [2012/08/30 15:27:53.127289, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (5->4) [2012/08/30 15:27:53.127428, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[2] [0000] 00 00 00 00 2D 00 00 00 00 00 00 00 3F 50 B9 BE ....-... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:53.127654, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey out: struct winreg_OpenKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000002d-0000-0000-3f50-b9beee0b0000 result : WERR_OK [2012/08/30 15:27:53.128373, 2] rpc_client/cli_winreg_spoolss.c:898(winreg_create_printer) winreg_create_printer: Skipping, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515 already exists [2012/08/30 15:27:53.128532, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000002d-0000-0000-3f50-b9beee0b0000 [2012/08/30 15:27:53.129008, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 2D 00 00 00 00 00 00 00 3F 50 B9 BE ....-... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:53.129355, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 2D 00 00 00 00 00 00 00 3F 50 B9 BE ....-... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:53.129606, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/08/30 15:27:53.129728, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (4->3) [2012/08/30 15:27:53.129866, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2012/08/30 15:27:53.130444, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000002c-0000-0000-3f50-b9beee0b0000 [2012/08/30 15:27:53.130901, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 2C 00 00 00 00 00 00 00 3F 50 B9 BE ....,... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:53.131117, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 2C 00 00 00 00 00 00 00 3F 50 B9 BE ....,... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:53.131345, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/08/30 15:27:53.131475, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (3->2) [2012/08/30 15:27:53.131622, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2012/08/30 15:27:53.132208, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) spoolss_OpenPrinterEx: struct spoolss_OpenPrinterEx out: struct spoolss_OpenPrinterEx handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000002b-0000-0000-3f50-b9beee0b0000 result : WERR_OK [2012/08/30 15:27:53.132797, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP) api_rpcTNP: called \spoolss successfully [2012/08/30 15:27:53.132951, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 192 [2012/08/30 15:27:53.133097, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) name: \spoolss len: 1024 [2012/08/30 15:27:53.133230, 10] rpc_server/srv_pipe_hnd.c:346(read_from_internal_pipe) read_from_pipe: \spoolss: fault_state = 0 : data_sent_length = 0, p->out_data.rdata.length = 24. [2012/08/30 15:27:53.133365, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) &r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_RESPONSE (2) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0030 (48) auth_length : 0x0000 (0) call_id : 0x00000002 (2) u : union dcerpc_payload(case 2) response: struct dcerpc_response alloc_hint : 0x00000018 (24) context_id : 0x0000 (0) cancel_count : 0x00 (0) _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=24 [0000] 00 00 00 00 2B 00 00 00 00 00 00 00 3F 50 B9 BE ....+... ....?P.. [0010] EE 0B 00 00 00 00 00 00 ........ [2012/08/30 15:27:53.134972, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) free_pipe_context: destroying talloc pool of size 1460 [2012/08/30 15:27:53.135137, 10] rpc_server/rpc_handles.c:307(close_policy_by_pipe) close_policy_by_pipe: deleted handle list for pipe \winreg [2012/08/30 15:27:53.135303, 10] rpc_server/srv_pipe_hnd.c:788(np_read_recv) Received 48 bytes. There is no more data outstanding [2012/08/30 15:27:53.135442, 5] smbd/ipc.c:62(copy_trans_params_and_data) copy_trans_params_and_data: params[0..0] data[0..48] (align 0) [2012/08/30 15:27:53.135621, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:53.135701, 5] lib/util.c:342(show_msg) size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=1 smb_pid=1080 smb_uid=100 smb_mid=7681 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [2012/08/30 15:27:53.137281, 10] ../lib/util/util.c:415(dump_data) [0000] 00 05 00 02 03 10 00 00 00 30 00 00 00 02 00 00 ........ .0...... [0010] 00 18 00 00 00 00 00 00 00 00 00 00 00 2B 00 00 ........ .....+.. [0020] 00 00 00 00 00 3F 50 B9 BE EE 0B 00 00 00 00 00 .....?P. ........ [0030] 00 . [2012/08/30 15:27:53.140284, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 4240 [2012/08/30 15:27:53.140517, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x1090 [2012/08/30 15:27:53.140651, 3] smbd/process.c:1662(process_smb) Transaction 42 of length 4244 (0 toread) [2012/08/30 15:27:53.140798, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:53.140878, 5] lib/util.c:342(show_msg) size=4240 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=1080 smb_uid=100 smb_mid=7745 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 4156 (0x103C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 4156 (0x103C) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=17757 (0x455D) smb_bcc=4173 [2012/08/30 15:27:53.142728, 10] ../lib/util/util.c:415(dump_data) [0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [0010] 00 05 00 00 03 10 00 00 00 3C 10 00 00 03 00 00 ........ .<...... [0020] 00 24 10 00 00 00 00 08 00 00 00 00 00 2B 00 00 .$...... .....+.. [0030] 00 00 00 00 00 3F 50 B9 BE EE 0B 00 00 02 00 00 .....?P. ........ [0040] 00 00 00 02 00 00 10 00 00 00 00 00 00 00 00 00 ........ ........ [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [2012/08/30 15:27:53.145629, 3] smbd/process.c:1467(switch_message) switch message SMBtrans (pid 3054) conn 0x7fd50c02fa20 [2012/08/30 15:27:53.145782, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/08/30 15:27:53.145930, 3] smbd/ipc.c:560(handle_trans) trans <\PIPE\> data=4156 params=0 setup=2 [2012/08/30 15:27:53.146086, 5] smbd/ipc.c:593(handle_trans) calling named_pipe [2012/08/30 15:27:53.146221, 3] smbd/ipc.c:511(named_pipe) named pipe command on <> name [2012/08/30 15:27:53.146352, 5] smbd/ipc.c:434(api_fd_reply) api_fd_reply [2012/08/30 15:27:53.146488, 3] smbd/ipc.c:475(api_fd_reply) Got API command 0x26 on pipe "spoolss" (pnum 455d) [2012/08/30 15:27:53.146631, 10] smbd/ipc.c:477(api_fd_reply) api_fd_reply: p:0x7fd50c02ba70 max_trans_reply: 1024 [2012/08/30 15:27:53.146772, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 4156 [2012/08/30 15:27:53.146896, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 4156 [2012/08/30 15:27:53.147031, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 4156 [2012/08/30 15:27:53.147168, 10] rpc_server/srv_pipe_hnd.c:50(fill_rpc_header) fill_rpc_header: data_to_copy = 4156, len_needed_to_complete_hdr = 16, receive_len = 0 [2012/08/30 15:27:53.147304, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 16 [2012/08/30 15:27:53.147450, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 4140 [2012/08/30 15:27:53.147623, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 4140 [2012/08/30 15:27:53.147787, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 0 [2012/08/30 15:27:53.147925, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 4140 [2012/08/30 15:27:53.148044, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 4140, incoming data = 4140 [2012/08/30 15:27:53.148183, 10] rpc_server/srv_pipe.c:1877(process_complete_pdu) PDU is in Little Endian format! [2012/08/30 15:27:53.148343, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_REQUEST (0) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x103c (4156) auth_length : 0x0000 (0) call_id : 0x00000003 (3) u : union dcerpc_payload(case 0) request: struct dcerpc_request alloc_hint : 0x00001024 (4132) context_id : 0x0000 (0) opnum : 0x0008 (8) object : union dcerpc_object(case 0) empty: struct dcerpc_empty _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=4132 [0000] 00 00 00 00 2B 00 00 00 00 00 00 00 3F 50 B9 BE ....+... ....?P.. [0010] EE 0B 00 00 02 00 00 00 00 00 02 00 00 10 00 00 ........ ........ [0020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0040] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0200] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0210] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0220] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0230] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0240] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0250] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0260] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0270] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0280] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0290] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0300] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0310] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0320] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0330] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0340] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0350] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0360] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0370] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0380] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0390] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0400] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0410] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0420] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0430] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0440] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0450] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0460] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0470] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0480] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0490] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0500] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0510] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0520] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0530] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0540] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0550] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0560] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0570] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0580] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0590] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0600] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0610] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0620] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0630] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0640] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0650] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0660] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0670] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0680] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0690] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0700] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0710] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0720] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0730] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0740] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0750] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0760] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0770] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0780] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0790] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0800] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0810] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0820] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0830] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0840] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0850] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0860] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0870] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0880] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0890] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0900] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0910] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0920] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0930] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0940] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0950] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0960] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0970] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0980] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0990] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0ED0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1010] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1020] 00 10 00 00 .... [2012/08/30 15:27:53.173836, 10] rpc_server/srv_pipe.c:1890(process_complete_pdu) Processing packet type 0 [2012/08/30 15:27:53.173987, 10] rpc_server/srv_pipe.c:1734(dcesrv_auth_request) Checking request auth. [2012/08/30 15:27:53.174135, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) Requested \PIPE\\spoolss [2012/08/30 15:27:53.174278, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) api_rpcTNP: \spoolss op 0x8 - api_rpcTNP: rpc command: SPOOLSS_GETPRINTER [2012/08/30 15:27:53.174440, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) api_rpc_cmds[8].fn == 0x7fd50aed3850 [2012/08/30 15:27:53.174588, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) spoolss_GetPrinter: struct spoolss_GetPrinter in: struct spoolss_GetPrinter handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000002b-0000-0000-3f50-b9beee0b0000 level : 0x00000002 (2) buffer : * buffer : DATA_BLOB length=4096 [0000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0010] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0040] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0200] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0210] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0220] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0230] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0240] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0250] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0260] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0270] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0280] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0290] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0300] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0310] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0320] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0330] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0340] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0350] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0360] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0370] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0380] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0390] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0400] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0410] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0420] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0430] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0440] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0450] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0460] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0470] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0480] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0490] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0500] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0510] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0520] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0530] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0540] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0550] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0560] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0570] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0580] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0590] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0600] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0610] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0620] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0630] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0640] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0650] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0660] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0670] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0680] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0690] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0700] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0710] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0720] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0730] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0740] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0750] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0760] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0770] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0780] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0790] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0800] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0810] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0820] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0830] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0840] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0850] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0860] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0870] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0880] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0890] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0900] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0910] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0920] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0930] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0940] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0950] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0960] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0970] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0980] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0990] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0ED0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ offered : 0x00001000 (4096) [2012/08/30 15:27:53.198856, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 2B 00 00 00 00 00 00 00 3F 50 B9 BE ....+... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:53.199116, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 2B 00 00 00 00 00 00 00 3F 50 B9 BE ....+... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:53.199340, 4] rpc_server/spoolss/srv_spoolss_nt.c:504(get_printer_snum) short name:HP_4515 [2012/08/30 15:27:53.199495, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) Create pipe requested \winreg [2012/08/30 15:27:53.199706, 10] rpc_server/rpc_handles.c:116(init_pipe_handles) init_pipe_handle_list: created handle list for pipe \winreg [2012/08/30 15:27:53.199992, 10] rpc_server/rpc_handles.c:133(init_pipe_handles) init_pipe_handle_list: pipe_handles ref count = 1 for pipe \winreg [2012/08/30 15:27:53.200153, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) Created internal pipe \winreg (pipes_open=0) [2012/08/30 15:27:53.200313, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM in: struct winreg_OpenHKLM system_name : NULL access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2012/08/30 15:27:53.201204, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2012/08/30 15:27:53.201344, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (2->3) [2012/08/30 15:27:53.201471, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM] [2012/08/30 15:27:53.201594, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM] [2012/08/30 15:27:53.201753, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:53.201889, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM] [2012/08/30 15:27:53.202056, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM] [2012/08/30 15:27:53.202195, 10] ../libcli/security/access_check.c:178(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2012/08/30 15:27:53.202346, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[1] [0000] 00 00 00 00 2E 00 00 00 00 00 00 00 3F 50 B9 BE ........ ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:53.202575, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM out: struct winreg_OpenHKLM handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000002e-0000-0000-3f50-b9beee0b0000 result : WERR_OK [2012/08/30 15:27:53.203164, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey in: struct winreg_OpenKey parent_handle : * parent_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000002e-0000-0000-3f50-b9beee0b0000 keyname: struct winreg_String name_len : 0x0088 (136) name_size : 0x0088 (136) name : * name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2012/08/30 15:27:53.205061, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 2E 00 00 00 00 00 00 00 3F 50 B9 BE ........ ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:53.205351, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2012/08/30 15:27:53.205503, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (3->4) [2012/08/30 15:27:53.205642, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] [2012/08/30 15:27:53.205794, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE] [2012/08/30 15:27:53.205932, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:53.206067, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE] [2012/08/30 15:27:53.206246, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE] [2012/08/30 15:27:53.206411, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2012/08/30 15:27:53.206579, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (4->5) [2012/08/30 15:27:53.206734, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] [2012/08/30 15:27:53.206856, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] [2012/08/30 15:27:53.207007, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:53.207130, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE\Microsoft] [2012/08/30 15:27:53.207284, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft] [2012/08/30 15:27:53.207435, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2012/08/30 15:27:53.207632, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (5->6) [2012/08/30 15:27:53.207823, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] [2012/08/30 15:27:53.207954, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] [2012/08/30 15:27:53.208097, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:53.208235, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] [2012/08/30 15:27:53.208394, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT] [2012/08/30 15:27:53.208548, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2012/08/30 15:27:53.208673, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (6->7) [2012/08/30 15:27:53.208799, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2012/08/30 15:27:53.208989, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2012/08/30 15:27:53.209149, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:53.209284, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b776320 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2012/08/30 15:27:53.209466, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2012/08/30 15:27:53.209606, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (7->8) [2012/08/30 15:27:53.209733, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2012/08/30 15:27:53.209877, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2012/08/30 15:27:53.210030, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:53.210171, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b776320 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2012/08/30 15:27:53.210369, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2012/08/30 15:27:53.210511, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (8->9) [2012/08/30 15:27:53.210654, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2012/08/30 15:27:53.210777, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2012/08/30 15:27:53.210916, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:53.211051, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2012/08/30 15:27:53.211211, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2012/08/30 15:27:53.211387, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [HP_4515] [2012/08/30 15:27:53.211599, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (9->10) [2012/08/30 15:27:53.211900, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:53.212033, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:53.212180, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:53.212302, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:53.212471, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:53.212632, 10] ../libcli/security/access_check.c:178(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2012/08/30 15:27:53.212799, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (10->9) [2012/08/30 15:27:53.212944, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (9->8) [2012/08/30 15:27:53.213084, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (8->7) [2012/08/30 15:27:53.213219, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (7->6) [2012/08/30 15:27:53.213365, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (6->5) [2012/08/30 15:27:53.213490, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (5->4) [2012/08/30 15:27:53.213630, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[2] [0000] 00 00 00 00 2F 00 00 00 00 00 00 00 3F 50 B9 BE ..../... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:53.213839, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey out: struct winreg_OpenKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000002f-0000-0000-3f50-b9beee0b0000 result : WERR_OK [2012/08/30 15:27:53.214430, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_QueryInfoKey: struct winreg_QueryInfoKey in: struct winreg_QueryInfoKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000002f-0000-0000-3f50-b9beee0b0000 classname : * classname: struct winreg_String name_len : 0x0000 (0) name_size : 0x0000 (0) name : NULL [2012/08/30 15:27:53.215243, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 2F 00 00 00 00 00 00 00 3F 50 B9 BE ..../... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:53.215460, 10] registry/reg_dispatcher.c:150(fetch_reg_values) fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515' (ops 0x7fd50b775f80) [2012/08/30 15:27:53.215680, 10] registry/reg_backend_db.c:1789(regdb_fetch_values_internal) regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:53.215883, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[0]: name[Attributes] len[4] [2012/08/30 15:27:53.216042, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[1]: name[Datatype] len[8] [2012/08/30 15:27:53.216170, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[2]: name[Default Priority] len[4] [2012/08/30 15:27:53.216292, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[3]: name[Port] len[38] [2012/08/30 15:27:53.216431, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[4]: name[Name] len[16] [2012/08/30 15:27:53.216586, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[5]: name[Print Processor] len[18] [2012/08/30 15:27:53.216724, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[6]: name[Priority] len[4] [2012/08/30 15:27:53.216864, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[7]: name[Security] len[248] [2012/08/30 15:27:53.217231, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[8]: name[Share Name] len[16] [2012/08/30 15:27:53.217373, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[9]: name[StartTime] len[4] [2012/08/30 15:27:53.217498, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[10]: name[UntilTime] len[4] [2012/08/30 15:27:53.217651, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[11]: name[Description] len[26] [2012/08/30 15:27:53.217804, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[12]: name[Printer Driver] len[16] [2012/08/30 15:27:53.217929, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[13]: name[Location] len[2] [2012/08/30 15:27:53.218067, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[14]: name[Parameters] len[2] [2012/08/30 15:27:53.218205, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[15]: name[Separator File] len[2] [2012/08/30 15:27:53.218330, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[16]: name[Status] len[4] [2012/08/30 15:27:53.218496, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[17]: name[ChangeID] len[4] [2012/08/30 15:27:53.218625, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:53.218793, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_QueryInfoKey: struct winreg_QueryInfoKey out: struct winreg_QueryInfoKey classname : * classname: struct winreg_String name_len : 0x0000 (0) name_size : 0x0000 (0) name : NULL num_subkeys : * num_subkeys : 0x00000003 (3) max_subkeylen : * max_subkeylen : 0x00000022 (34) max_classlen : * max_classlen : 0x00000000 (0) num_values : * num_values : 0x00000012 (18) max_valnamelen : * max_valnamelen : 0x00000022 (34) max_valbufsize : * max_valbufsize : 0x000000f8 (248) secdescsize : * secdescsize : 0x00000078 (120) last_changed_time : * last_changed_time : NTTIME(0) result : WERR_OK [2012/08/30 15:27:53.220612, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000002f-0000-0000-3f50-b9beee0b0000 enum_index : 0x00000000 (0) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2012/08/30 15:27:53.222164, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 2F 00 00 00 00 00 00 00 3F 50 B9 BE ..../... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:53.222384, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:53.222528, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0016 (22) size : 0x0024 (36) name : * name : 'Attributes' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x48 (72) [1] : 0x10 (16) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2012/08/30 15:27:53.224226, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000002f-0000-0000-3f50-b9beee0b0000 enum_index : 0x00000001 (1) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2012/08/30 15:27:53.225750, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 2F 00 00 00 00 00 00 00 3F 50 B9 BE ..../... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:53.225958, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:53.226084, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0024 (36) name : * name : 'Datatype' type : * type : REG_SZ (1) value : * value: ARRAY(8) [0] : 0x52 (82) [1] : 0x00 (0) [2] : 0x41 (65) [3] : 0x00 (0) [4] : 0x57 (87) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) size : * size : 0x00000008 (8) length : * length : 0x00000008 (8) result : WERR_OK [2012/08/30 15:27:53.227955, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000002f-0000-0000-3f50-b9beee0b0000 enum_index : 0x00000002 (2) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2012/08/30 15:27:53.229498, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 2F 00 00 00 00 00 00 00 3F 50 B9 BE ..../... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:53.229769, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:53.229935, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0022 (34) size : 0x0024 (36) name : * name : 'Default Priority' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2012/08/30 15:27:53.231489, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000002f-0000-0000-3f50-b9beee0b0000 enum_index : 0x00000003 (3) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2012/08/30 15:27:53.233750, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 2F 00 00 00 00 00 00 00 3F 50 B9 BE ..../... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:53.233982, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:53.234124, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x000a (10) size : 0x0024 (36) name : * name : 'Port' type : * type : REG_SZ (1) value : * value: ARRAY(38) [0] : 0x53 (83) [1] : 0x00 (0) [2] : 0x61 (97) [3] : 0x00 (0) [4] : 0x6d (109) [5] : 0x00 (0) [6] : 0x62 (98) [7] : 0x00 (0) [8] : 0x61 (97) [9] : 0x00 (0) [10] : 0x20 (32) [11] : 0x00 (0) [12] : 0x50 (80) [13] : 0x00 (0) [14] : 0x72 (114) [15] : 0x00 (0) [16] : 0x69 (105) [17] : 0x00 (0) [18] : 0x6e (110) [19] : 0x00 (0) [20] : 0x74 (116) [21] : 0x00 (0) [22] : 0x65 (101) [23] : 0x00 (0) [24] : 0x72 (114) [25] : 0x00 (0) [26] : 0x20 (32) [27] : 0x00 (0) [28] : 0x50 (80) [29] : 0x00 (0) [30] : 0x6f (111) [31] : 0x00 (0) [32] : 0x72 (114) [33] : 0x00 (0) [34] : 0x74 (116) [35] : 0x00 (0) [36] : 0x00 (0) [37] : 0x00 (0) size : * size : 0x00000026 (38) length : * length : 0x00000026 (38) result : WERR_OK [2012/08/30 15:27:53.238108, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000002f-0000-0000-3f50-b9beee0b0000 enum_index : 0x00000004 (4) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2012/08/30 15:27:53.239697, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 2F 00 00 00 00 00 00 00 3F 50 B9 BE ..../... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:53.240022, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:53.240186, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x000a (10) size : 0x0024 (36) name : * name : 'Name' type : * type : REG_SZ (1) value : * value: ARRAY(16) [0] : 0x48 (72) [1] : 0x00 (0) [2] : 0x50 (80) [3] : 0x00 (0) [4] : 0x5f (95) [5] : 0x00 (0) [6] : 0x34 (52) [7] : 0x00 (0) [8] : 0x35 (53) [9] : 0x00 (0) [10] : 0x31 (49) [11] : 0x00 (0) [12] : 0x35 (53) [13] : 0x00 (0) [14] : 0x00 (0) [15] : 0x00 (0) size : * size : 0x00000010 (16) length : * length : 0x00000010 (16) result : WERR_OK [2012/08/30 15:27:53.242579, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000002f-0000-0000-3f50-b9beee0b0000 enum_index : 0x00000005 (5) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2012/08/30 15:27:53.244025, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 2F 00 00 00 00 00 00 00 3F 50 B9 BE ..../... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:53.244282, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:53.244410, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0020 (32) size : 0x0024 (36) name : * name : 'Print Processor' type : * type : REG_SZ (1) value : * value: ARRAY(18) [0] : 0x77 (119) [1] : 0x00 (0) [2] : 0x69 (105) [3] : 0x00 (0) [4] : 0x6e (110) [5] : 0x00 (0) [6] : 0x70 (112) [7] : 0x00 (0) [8] : 0x72 (114) [9] : 0x00 (0) [10] : 0x69 (105) [11] : 0x00 (0) [12] : 0x6e (110) [13] : 0x00 (0) [14] : 0x74 (116) [15] : 0x00 (0) [16] : 0x00 (0) [17] : 0x00 (0) size : * size : 0x00000012 (18) length : * length : 0x00000012 (18) result : WERR_OK [2012/08/30 15:27:53.246883, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000002f-0000-0000-3f50-b9beee0b0000 enum_index : 0x00000006 (6) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2012/08/30 15:27:53.248589, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 2F 00 00 00 00 00 00 00 3F 50 B9 BE ..../... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:53.248850, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:53.249010, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0024 (36) name : * name : 'Priority' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2012/08/30 15:27:53.250516, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000002f-0000-0000-3f50-b9beee0b0000 enum_index : 0x00000007 (7) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2012/08/30 15:27:53.252017, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 2F 00 00 00 00 00 00 00 3F 50 B9 BE ..../... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:53.252293, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:53.252455, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0024 (36) name : * name : 'Security' type : * type : REG_BINARY (3) value : * value: ARRAY(248) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x04 (4) [3] : 0x80 (128) [4] : 0x14 (20) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) [8] : 0x24 (36) [9] : 0x00 (0) [10] : 0x00 (0) [11] : 0x00 (0) [12] : 0x00 (0) [13] : 0x00 (0) [14] : 0x00 (0) [15] : 0x00 (0) [16] : 0x34 (52) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) [20] : 0x01 (1) [21] : 0x02 (2) [22] : 0x00 (0) [23] : 0x00 (0) [24] : 0x00 (0) [25] : 0x00 (0) [26] : 0x00 (0) [27] : 0x05 (5) [28] : 0x20 (32) [29] : 0x00 (0) [30] : 0x00 (0) [31] : 0x00 (0) [32] : 0x20 (32) [33] : 0x02 (2) [34] : 0x00 (0) [35] : 0x00 (0) [36] : 0x01 (1) [37] : 0x02 (2) [38] : 0x00 (0) [39] : 0x00 (0) [40] : 0x00 (0) [41] : 0x00 (0) [42] : 0x00 (0) [43] : 0x05 (5) [44] : 0x20 (32) [45] : 0x00 (0) [46] : 0x00 (0) [47] : 0x00 (0) [48] : 0x20 (32) [49] : 0x02 (2) [50] : 0x00 (0) [51] : 0x00 (0) [52] : 0x02 (2) [53] : 0x00 (0) [54] : 0xc4 (196) [55] : 0x00 (0) [56] : 0x07 (7) [57] : 0x00 (0) [58] : 0x00 (0) [59] : 0x00 (0) [60] : 0x00 (0) [61] : 0x02 (2) [62] : 0x14 (20) [63] : 0x00 (0) [64] : 0x08 (8) [65] : 0x00 (0) [66] : 0x02 (2) [67] : 0x20 (32) [68] : 0x01 (1) [69] : 0x01 (1) [70] : 0x00 (0) [71] : 0x00 (0) [72] : 0x00 (0) [73] : 0x00 (0) [74] : 0x00 (0) [75] : 0x01 (1) [76] : 0x00 (0) [77] : 0x00 (0) [78] : 0x00 (0) [79] : 0x00 (0) [80] : 0x00 (0) [81] : 0x09 (9) [82] : 0x24 (36) [83] : 0x00 (0) [84] : 0x0c (12) [85] : 0x00 (0) [86] : 0x0f (15) [87] : 0x10 (16) [88] : 0x01 (1) [89] : 0x05 (5) [90] : 0x00 (0) [91] : 0x00 (0) [92] : 0x00 (0) [93] : 0x00 (0) [94] : 0x00 (0) [95] : 0x05 (5) [96] : 0x15 (21) [97] : 0x00 (0) [98] : 0x00 (0) [99] : 0x00 (0) [100] : 0x1b (27) [101] : 0xea (234) [102] : 0xaf (175) [103] : 0xc2 (194) [104] : 0xc0 (192) [105] : 0x3c (60) [106] : 0x7d (125) [107] : 0xdd (221) [108] : 0x2c (44) [109] : 0x8f (143) [110] : 0x72 (114) [111] : 0xd3 (211) [112] : 0x00 (0) [113] : 0x02 (2) [114] : 0x00 (0) [115] : 0x00 (0) [116] : 0x00 (0) [117] : 0x02 (2) [118] : 0x24 (36) [119] : 0x00 (0) [120] : 0x0c (12) [121] : 0x00 (0) [122] : 0x0f (15) [123] : 0x10 (16) [124] : 0x01 (1) [125] : 0x05 (5) [126] : 0x00 (0) [127] : 0x00 (0) [128] : 0x00 (0) [129] : 0x00 (0) [130] : 0x00 (0) [131] : 0x05 (5) [132] : 0x15 (21) [133] : 0x00 (0) [134] : 0x00 (0) [135] : 0x00 (0) [136] : 0x1b (27) [137] : 0xea (234) [138] : 0xaf (175) [139] : 0xc2 (194) [140] : 0xc0 (192) [141] : 0x3c (60) [142] : 0x7d (125) [143] : 0xdd (221) [144] : 0x2c (44) [145] : 0x8f (143) [146] : 0x72 (114) [147] : 0xd3 (211) [148] : 0x00 (0) [149] : 0x02 (2) [150] : 0x00 (0) [151] : 0x00 (0) [152] : 0x00 (0) [153] : 0x09 (9) [154] : 0x18 (24) [155] : 0x00 (0) [156] : 0x0c (12) [157] : 0x00 (0) [158] : 0x0f (15) [159] : 0x10 (16) [160] : 0x01 (1) [161] : 0x02 (2) [162] : 0x00 (0) [163] : 0x00 (0) [164] : 0x00 (0) [165] : 0x00 (0) [166] : 0x00 (0) [167] : 0x05 (5) [168] : 0x20 (32) [169] : 0x00 (0) [170] : 0x00 (0) [171] : 0x00 (0) [172] : 0x20 (32) [173] : 0x02 (2) [174] : 0x00 (0) [175] : 0x00 (0) [176] : 0x00 (0) [177] : 0x02 (2) [178] : 0x18 (24) [179] : 0x00 (0) [180] : 0x0c (12) [181] : 0x00 (0) [182] : 0x0f (15) [183] : 0x10 (16) [184] : 0x01 (1) [185] : 0x02 (2) [186] : 0x00 (0) [187] : 0x00 (0) [188] : 0x00 (0) [189] : 0x00 (0) [190] : 0x00 (0) [191] : 0x05 (5) [192] : 0x20 (32) [193] : 0x00 (0) [194] : 0x00 (0) [195] : 0x00 (0) [196] : 0x20 (32) [197] : 0x02 (2) [198] : 0x00 (0) [199] : 0x00 (0) [200] : 0x00 (0) [201] : 0x09 (9) [202] : 0x18 (24) [203] : 0x00 (0) [204] : 0x0c (12) [205] : 0x00 (0) [206] : 0x0f (15) [207] : 0x10 (16) [208] : 0x01 (1) [209] : 0x02 (2) [210] : 0x00 (0) [211] : 0x00 (0) [212] : 0x00 (0) [213] : 0x00 (0) [214] : 0x00 (0) [215] : 0x05 (5) [216] : 0x20 (32) [217] : 0x00 (0) [218] : 0x00 (0) [219] : 0x00 (0) [220] : 0x26 (38) [221] : 0x02 (2) [222] : 0x00 (0) [223] : 0x00 (0) [224] : 0x00 (0) [225] : 0x02 (2) [226] : 0x18 (24) [227] : 0x00 (0) [228] : 0x0c (12) [229] : 0x00 (0) [230] : 0x0f (15) [231] : 0x10 (16) [232] : 0x01 (1) [233] : 0x02 (2) [234] : 0x00 (0) [235] : 0x00 (0) [236] : 0x00 (0) [237] : 0x00 (0) [238] : 0x00 (0) [239] : 0x05 (5) [240] : 0x20 (32) [241] : 0x00 (0) [242] : 0x00 (0) [243] : 0x00 (0) [244] : 0x26 (38) [245] : 0x02 (2) [246] : 0x00 (0) [247] : 0x00 (0) size : * size : 0x000000f8 (248) length : * length : 0x000000f8 (248) result : WERR_OK [2012/08/30 15:27:53.270973, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000002f-0000-0000-3f50-b9beee0b0000 enum_index : 0x00000008 (8) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2012/08/30 15:27:53.273064, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 2F 00 00 00 00 00 00 00 3F 50 B9 BE ..../... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:53.273273, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:53.273414, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0016 (22) size : 0x0024 (36) name : * name : 'Share Name' type : * type : REG_SZ (1) value : * value: ARRAY(16) [0] : 0x48 (72) [1] : 0x00 (0) [2] : 0x50 (80) [3] : 0x00 (0) [4] : 0x5f (95) [5] : 0x00 (0) [6] : 0x34 (52) [7] : 0x00 (0) [8] : 0x35 (53) [9] : 0x00 (0) [10] : 0x31 (49) [11] : 0x00 (0) [12] : 0x35 (53) [13] : 0x00 (0) [14] : 0x00 (0) [15] : 0x00 (0) size : * size : 0x00000010 (16) length : * length : 0x00000010 (16) result : WERR_OK [2012/08/30 15:27:53.275965, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000002f-0000-0000-3f50-b9beee0b0000 enum_index : 0x00000009 (9) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2012/08/30 15:27:53.277488, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 2F 00 00 00 00 00 00 00 3F 50 B9 BE ..../... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:53.277714, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:53.277863, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0014 (20) size : 0x0024 (36) name : * name : 'StartTime' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x00 (0) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2012/08/30 15:27:53.279433, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000002f-0000-0000-3f50-b9beee0b0000 enum_index : 0x0000000a (10) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2012/08/30 15:27:53.281060, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 2F 00 00 00 00 00 00 00 3F 50 B9 BE ..../... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:53.281306, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:53.281450, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0014 (20) size : 0x0024 (36) name : * name : 'UntilTime' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x00 (0) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2012/08/30 15:27:53.282980, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000002f-0000-0000-3f50-b9beee0b0000 enum_index : 0x0000000b (11) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2012/08/30 15:27:53.284640, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 2F 00 00 00 00 00 00 00 3F 50 B9 BE ..../... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:53.284858, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:53.285010, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0018 (24) size : 0x0024 (36) name : * name : 'Description' type : * type : REG_SZ (1) value : * value: ARRAY(26) [0] : 0x63 (99) [1] : 0x00 (0) [2] : 0x75 (117) [3] : 0x00 (0) [4] : 0x70 (112) [5] : 0x00 (0) [6] : 0x73 (115) [7] : 0x00 (0) [8] : 0x20 (32) [9] : 0x00 (0) [10] : 0x70 (112) [11] : 0x00 (0) [12] : 0x72 (114) [13] : 0x00 (0) [14] : 0x69 (105) [15] : 0x00 (0) [16] : 0x6e (110) [17] : 0x00 (0) [18] : 0x74 (116) [19] : 0x00 (0) [20] : 0x65 (101) [21] : 0x00 (0) [22] : 0x72 (114) [23] : 0x00 (0) [24] : 0x00 (0) [25] : 0x00 (0) size : * size : 0x0000001a (26) length : * length : 0x0000001a (26) result : WERR_OK [2012/08/30 15:27:53.288183, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000002f-0000-0000-3f50-b9beee0b0000 enum_index : 0x0000000c (12) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2012/08/30 15:27:53.289749, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 2F 00 00 00 00 00 00 00 3F 50 B9 BE ..../... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:53.289980, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:53.290233, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x001e (30) size : 0x0024 (36) name : * name : 'Printer Driver' type : * type : REG_SZ (1) value : * value: ARRAY(16) [0] : 0x48 (72) [1] : 0x00 (0) [2] : 0x50 (80) [3] : 0x00 (0) [4] : 0x5f (95) [5] : 0x00 (0) [6] : 0x34 (52) [7] : 0x00 (0) [8] : 0x35 (53) [9] : 0x00 (0) [10] : 0x31 (49) [11] : 0x00 (0) [12] : 0x35 (53) [13] : 0x00 (0) [14] : 0x00 (0) [15] : 0x00 (0) size : * size : 0x00000010 (16) length : * length : 0x00000010 (16) result : WERR_OK [2012/08/30 15:27:53.293992, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000002f-0000-0000-3f50-b9beee0b0000 enum_index : 0x0000000d (13) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2012/08/30 15:27:53.295714, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 2F 00 00 00 00 00 00 00 3F 50 B9 BE ..../... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:53.295955, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:53.296090, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0024 (36) name : * name : 'Location' type : * type : REG_SZ (1) value : * value: ARRAY(2) [0] : 0x00 (0) [1] : 0x00 (0) size : * size : 0x00000002 (2) length : * length : 0x00000002 (2) result : WERR_OK [2012/08/30 15:27:53.297475, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000002f-0000-0000-3f50-b9beee0b0000 enum_index : 0x0000000e (14) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2012/08/30 15:27:53.299026, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 2F 00 00 00 00 00 00 00 3F 50 B9 BE ..../... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:53.299255, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:53.299442, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0016 (22) size : 0x0024 (36) name : * name : 'Parameters' type : * type : REG_SZ (1) value : * value: ARRAY(2) [0] : 0x00 (0) [1] : 0x00 (0) size : * size : 0x00000002 (2) length : * length : 0x00000002 (2) result : WERR_OK [2012/08/30 15:27:53.300874, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000002f-0000-0000-3f50-b9beee0b0000 enum_index : 0x0000000f (15) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2012/08/30 15:27:53.302356, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 2F 00 00 00 00 00 00 00 3F 50 B9 BE ..../... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:53.302602, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:53.302749, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x001e (30) size : 0x0024 (36) name : * name : 'Separator File' type : * type : REG_SZ (1) value : * value: ARRAY(2) [0] : 0x00 (0) [1] : 0x00 (0) size : * size : 0x00000002 (2) length : * length : 0x00000002 (2) result : WERR_OK [2012/08/30 15:27:53.304155, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000002f-0000-0000-3f50-b9beee0b0000 enum_index : 0x00000010 (16) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2012/08/30 15:27:53.305674, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 2F 00 00 00 00 00 00 00 3F 50 B9 BE ..../... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:53.305875, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:53.306014, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x000e (14) size : 0x0024 (36) name : * name : 'Status' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x00 (0) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2012/08/30 15:27:53.308718, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000002f-0000-0000-3f50-b9beee0b0000 enum_index : 0x00000011 (17) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2012/08/30 15:27:53.310247, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 2F 00 00 00 00 00 00 00 3F 50 B9 BE ..../... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:53.310502, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:53.310652, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0024 (36) name : * name : 'ChangeID' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x09 (9) [1] : 0x7d (125) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2012/08/30 15:27:53.312327, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000002f-0000-0000-3f50-b9beee0b0000 value_name : * value_name: struct winreg_String name_len : 0x0020 (32) name_size : 0x0020 (32) name : * name : 'Default DevMode' type : * type : REG_NONE (0) data : NULL data_size : * data_size : 0x00000000 (0) data_length : * data_length : 0x00000000 (0) [2012/08/30 15:27:53.313717, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 2F 00 00 00 00 00 00 00 3F 50 B9 BE ..../... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:53.313978, 7] rpc_server/winreg/srv_winreg_nt.c:262(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:53.314125, 7] rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2012/08/30 15:27:53.314268, 10] rpc_server/winreg/srv_winreg_nt.c:315(_winreg_QueryValue) _winreg_QueryValue: reg_queryvalue failed with: WERR_BADFILE [2012/08/30 15:27:53.314408, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_NONE (0) data : NULL data_size : * data_size : 0x00000000 (0) data_length : * data_length : 0x00000000 (0) result : WERR_BADFILE [2012/08/30 15:27:53.315220, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM in: struct winreg_OpenHKLM system_name : NULL access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2012/08/30 15:27:53.316285, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2012/08/30 15:27:53.316441, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (4->5) [2012/08/30 15:27:53.316567, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM] [2012/08/30 15:27:53.316702, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM] [2012/08/30 15:27:53.316842, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:53.316964, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM] [2012/08/30 15:27:53.317116, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM] [2012/08/30 15:27:53.317270, 10] ../libcli/security/access_check.c:178(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2012/08/30 15:27:53.317399, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[3] [0000] 00 00 00 00 30 00 00 00 00 00 00 00 3F 50 B9 BE ....0... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:53.317666, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM out: struct winreg_OpenHKLM handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000030-0000-0000-3f50-b9beee0b0000 result : WERR_OK [2012/08/30 15:27:53.318286, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey in: struct winreg_OpenKey parent_handle : * parent_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000030-0000-0000-3f50-b9beee0b0000 keyname: struct winreg_String name_len : 0x0088 (136) name_size : 0x0088 (136) name : * name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2012/08/30 15:27:53.320517, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 30 00 00 00 00 00 00 00 3F 50 B9 BE ....0... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:53.320750, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2012/08/30 15:27:53.320889, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (5->6) [2012/08/30 15:27:53.321046, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] [2012/08/30 15:27:53.321245, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE] [2012/08/30 15:27:53.321384, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:53.321503, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE] [2012/08/30 15:27:53.321683, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE] [2012/08/30 15:27:53.321837, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2012/08/30 15:27:53.321976, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (6->7) [2012/08/30 15:27:53.322117, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] [2012/08/30 15:27:53.322255, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] [2012/08/30 15:27:53.322410, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:53.322540, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE\Microsoft] [2012/08/30 15:27:53.322704, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft] [2012/08/30 15:27:53.322858, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2012/08/30 15:27:53.323015, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (7->8) [2012/08/30 15:27:53.323170, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] [2012/08/30 15:27:53.323293, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] [2012/08/30 15:27:53.323479, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:53.323653, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] [2012/08/30 15:27:53.323799, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT] [2012/08/30 15:27:53.323939, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2012/08/30 15:27:53.324077, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (8->9) [2012/08/30 15:27:53.324275, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2012/08/30 15:27:53.324400, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2012/08/30 15:27:53.324554, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:53.324689, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b776320 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2012/08/30 15:27:53.324877, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2012/08/30 15:27:53.325016, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (9->10) [2012/08/30 15:27:53.325158, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2012/08/30 15:27:53.325295, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2012/08/30 15:27:53.325434, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:53.325569, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b776320 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2012/08/30 15:27:53.325817, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2012/08/30 15:27:53.325949, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (10->11) [2012/08/30 15:27:53.326091, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2012/08/30 15:27:53.326220, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2012/08/30 15:27:53.326341, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:53.326493, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2012/08/30 15:27:53.326650, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2012/08/30 15:27:53.326805, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [HP_4515] [2012/08/30 15:27:53.326942, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (11->12) [2012/08/30 15:27:53.327115, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:53.327242, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:53.327365, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:53.327567, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:53.327762, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:53.327924, 10] ../libcli/security/access_check.c:178(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2012/08/30 15:27:53.328106, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (12->11) [2012/08/30 15:27:53.328250, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (11->10) [2012/08/30 15:27:53.328375, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (10->9) [2012/08/30 15:27:53.328524, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (9->8) [2012/08/30 15:27:53.328649, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (8->7) [2012/08/30 15:27:53.328772, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (7->6) [2012/08/30 15:27:53.328925, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[4] [0000] 00 00 00 00 31 00 00 00 00 00 00 00 3F 50 B9 BE ....1... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:53.329139, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey out: struct winreg_OpenKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000031-0000-0000-3f50-b9beee0b0000 result : WERR_OK [2012/08/30 15:27:53.329947, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000031-0000-0000-3f50-b9beee0b0000 value_name : * value_name: struct winreg_String name_len : 0x0012 (18) name_size : 0x0012 (18) name : * name : 'Security' type : * type : REG_NONE (0) data : NULL data_size : * data_size : 0x00000000 (0) data_length : * data_length : 0x00000000 (0) [2012/08/30 15:27:53.331285, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 31 00 00 00 00 00 00 00 3F 50 B9 BE ....1... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:53.331547, 7] rpc_server/winreg/srv_winreg_nt.c:262(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:53.331690, 7] rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2012/08/30 15:27:53.331834, 10] registry/reg_dispatcher.c:150(fetch_reg_values) fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515' (ops 0x7fd50b775f80) [2012/08/30 15:27:53.331974, 10] registry/reg_backend_db.c:1789(regdb_fetch_values_internal) regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:53.332289, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[0]: name[Attributes] len[4] [2012/08/30 15:27:53.332447, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[1]: name[Datatype] len[8] [2012/08/30 15:27:53.332574, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[2]: name[Default Priority] len[4] [2012/08/30 15:27:53.332712, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[3]: name[Port] len[38] [2012/08/30 15:27:53.332834, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[4]: name[Name] len[16] [2012/08/30 15:27:53.333004, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[5]: name[Print Processor] len[18] [2012/08/30 15:27:53.333166, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[6]: name[Priority] len[4] [2012/08/30 15:27:53.333293, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[7]: name[Security] len[248] [2012/08/30 15:27:53.333417, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[8]: name[Share Name] len[16] [2012/08/30 15:27:53.333557, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[9]: name[StartTime] len[4] [2012/08/30 15:27:53.333695, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[10]: name[UntilTime] len[4] [2012/08/30 15:27:53.333835, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[11]: name[Description] len[26] [2012/08/30 15:27:53.333974, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[12]: name[Printer Driver] len[16] [2012/08/30 15:27:53.334112, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[13]: name[Location] len[2] [2012/08/30 15:27:53.334237, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[14]: name[Parameters] len[2] [2012/08/30 15:27:53.334375, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[15]: name[Separator File] len[2] [2012/08/30 15:27:53.334513, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[16]: name[Status] len[4] [2012/08/30 15:27:53.334665, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[17]: name[ChangeID] len[4] [2012/08/30 15:27:53.334805, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_BINARY (3) data : NULL data_size : * data_size : 0x000000f8 (248) data_length : * data_length : 0x00000000 (0) result : WERR_OK [2012/08/30 15:27:53.335636, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000031-0000-0000-3f50-b9beee0b0000 value_name : * value_name: struct winreg_String name_len : 0x0012 (18) name_size : 0x0012 (18) name : * name : 'Security' type : * type : REG_BINARY (3) data : * data: ARRAY(0) data_size : * data_size : 0x000000f8 (248) data_length : * data_length : 0x00000000 (0) [2012/08/30 15:27:53.336999, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 31 00 00 00 00 00 00 00 3F 50 B9 BE ....1... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:53.337214, 7] rpc_server/winreg/srv_winreg_nt.c:262(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:53.337334, 7] rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2012/08/30 15:27:53.337471, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_BINARY (3) data : * data: ARRAY(248) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x04 (4) [3] : 0x80 (128) [4] : 0x14 (20) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) [8] : 0x24 (36) [9] : 0x00 (0) [10] : 0x00 (0) [11] : 0x00 (0) [12] : 0x00 (0) [13] : 0x00 (0) [14] : 0x00 (0) [15] : 0x00 (0) [16] : 0x34 (52) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) [20] : 0x01 (1) [21] : 0x02 (2) [22] : 0x00 (0) [23] : 0x00 (0) [24] : 0x00 (0) [25] : 0x00 (0) [26] : 0x00 (0) [27] : 0x05 (5) [28] : 0x20 (32) [29] : 0x00 (0) [30] : 0x00 (0) [31] : 0x00 (0) [32] : 0x20 (32) [33] : 0x02 (2) [34] : 0x00 (0) [35] : 0x00 (0) [36] : 0x01 (1) [37] : 0x02 (2) [38] : 0x00 (0) [39] : 0x00 (0) [40] : 0x00 (0) [41] : 0x00 (0) [42] : 0x00 (0) [43] : 0x05 (5) [44] : 0x20 (32) [45] : 0x00 (0) [46] : 0x00 (0) [47] : 0x00 (0) [48] : 0x20 (32) [49] : 0x02 (2) [50] : 0x00 (0) [51] : 0x00 (0) [52] : 0x02 (2) [53] : 0x00 (0) [54] : 0xc4 (196) [55] : 0x00 (0) [56] : 0x07 (7) [57] : 0x00 (0) [58] : 0x00 (0) [59] : 0x00 (0) [60] : 0x00 (0) [61] : 0x02 (2) [62] : 0x14 (20) [63] : 0x00 (0) [64] : 0x08 (8) [65] : 0x00 (0) [66] : 0x02 (2) [67] : 0x20 (32) [68] : 0x01 (1) [69] : 0x01 (1) [70] : 0x00 (0) [71] : 0x00 (0) [72] : 0x00 (0) [73] : 0x00 (0) [74] : 0x00 (0) [75] : 0x01 (1) [76] : 0x00 (0) [77] : 0x00 (0) [78] : 0x00 (0) [79] : 0x00 (0) [80] : 0x00 (0) [81] : 0x09 (9) [82] : 0x24 (36) [83] : 0x00 (0) [84] : 0x0c (12) [85] : 0x00 (0) [86] : 0x0f (15) [87] : 0x10 (16) [88] : 0x01 (1) [89] : 0x05 (5) [90] : 0x00 (0) [91] : 0x00 (0) [92] : 0x00 (0) [93] : 0x00 (0) [94] : 0x00 (0) [95] : 0x05 (5) [96] : 0x15 (21) [97] : 0x00 (0) [98] : 0x00 (0) [99] : 0x00 (0) [100] : 0x1b (27) [101] : 0xea (234) [102] : 0xaf (175) [103] : 0xc2 (194) [104] : 0xc0 (192) [105] : 0x3c (60) [106] : 0x7d (125) [107] : 0xdd (221) [108] : 0x2c (44) [109] : 0x8f (143) [110] : 0x72 (114) [111] : 0xd3 (211) [112] : 0x00 (0) [113] : 0x02 (2) [114] : 0x00 (0) [115] : 0x00 (0) [116] : 0x00 (0) [117] : 0x02 (2) [118] : 0x24 (36) [119] : 0x00 (0) [120] : 0x0c (12) [121] : 0x00 (0) [122] : 0x0f (15) [123] : 0x10 (16) [124] : 0x01 (1) [125] : 0x05 (5) [126] : 0x00 (0) [127] : 0x00 (0) [128] : 0x00 (0) [129] : 0x00 (0) [130] : 0x00 (0) [131] : 0x05 (5) [132] : 0x15 (21) [133] : 0x00 (0) [134] : 0x00 (0) [135] : 0x00 (0) [136] : 0x1b (27) [137] : 0xea (234) [138] : 0xaf (175) [139] : 0xc2 (194) [140] : 0xc0 (192) [141] : 0x3c (60) [142] : 0x7d (125) [143] : 0xdd (221) [144] : 0x2c (44) [145] : 0x8f (143) [146] : 0x72 (114) [147] : 0xd3 (211) [148] : 0x00 (0) [149] : 0x02 (2) [150] : 0x00 (0) [151] : 0x00 (0) [152] : 0x00 (0) [153] : 0x09 (9) [154] : 0x18 (24) [155] : 0x00 (0) [156] : 0x0c (12) [157] : 0x00 (0) [158] : 0x0f (15) [159] : 0x10 (16) [160] : 0x01 (1) [161] : 0x02 (2) [162] : 0x00 (0) [163] : 0x00 (0) [164] : 0x00 (0) [165] : 0x00 (0) [166] : 0x00 (0) [167] : 0x05 (5) [168] : 0x20 (32) [169] : 0x00 (0) [170] : 0x00 (0) [171] : 0x00 (0) [172] : 0x20 (32) [173] : 0x02 (2) [174] : 0x00 (0) [175] : 0x00 (0) [176] : 0x00 (0) [177] : 0x02 (2) [178] : 0x18 (24) [179] : 0x00 (0) [180] : 0x0c (12) [181] : 0x00 (0) [182] : 0x0f (15) [183] : 0x10 (16) [184] : 0x01 (1) [185] : 0x02 (2) [186] : 0x00 (0) [187] : 0x00 (0) [188] : 0x00 (0) [189] : 0x00 (0) [190] : 0x00 (0) [191] : 0x05 (5) [192] : 0x20 (32) [193] : 0x00 (0) [194] : 0x00 (0) [195] : 0x00 (0) [196] : 0x20 (32) [197] : 0x02 (2) [198] : 0x00 (0) [199] : 0x00 (0) [200] : 0x00 (0) [201] : 0x09 (9) [202] : 0x18 (24) [203] : 0x00 (0) [204] : 0x0c (12) [205] : 0x00 (0) [206] : 0x0f (15) [207] : 0x10 (16) [208] : 0x01 (1) [209] : 0x02 (2) [210] : 0x00 (0) [211] : 0x00 (0) [212] : 0x00 (0) [213] : 0x00 (0) [214] : 0x00 (0) [215] : 0x05 (5) [216] : 0x20 (32) [217] : 0x00 (0) [218] : 0x00 (0) [219] : 0x00 (0) [220] : 0x26 (38) [221] : 0x02 (2) [222] : 0x00 (0) [223] : 0x00 (0) [224] : 0x00 (0) [225] : 0x02 (2) [226] : 0x18 (24) [227] : 0x00 (0) [228] : 0x0c (12) [229] : 0x00 (0) [230] : 0x0f (15) [231] : 0x10 (16) [232] : 0x01 (1) [233] : 0x02 (2) [234] : 0x00 (0) [235] : 0x00 (0) [236] : 0x00 (0) [237] : 0x00 (0) [238] : 0x00 (0) [239] : 0x05 (5) [240] : 0x20 (32) [241] : 0x00 (0) [242] : 0x00 (0) [243] : 0x00 (0) [244] : 0x26 (38) [245] : 0x02 (2) [246] : 0x00 (0) [247] : 0x00 (0) data_size : * data_size : 0x000000f8 (248) data_length : * data_length : 0x000000f8 (248) result : WERR_OK [2012/08/30 15:27:53.354377, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000031-0000-0000-3f50-b9beee0b0000 [2012/08/30 15:27:53.354811, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 31 00 00 00 00 00 00 00 3F 50 B9 BE ....1... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:53.355026, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 31 00 00 00 00 00 00 00 3F 50 B9 BE ....1... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:53.355248, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/08/30 15:27:53.355394, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (6->5) [2012/08/30 15:27:53.355543, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2012/08/30 15:27:53.356210, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000030-0000-0000-3f50-b9beee0b0000 [2012/08/30 15:27:53.356644, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 30 00 00 00 00 00 00 00 3F 50 B9 BE ....0... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:53.356858, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 30 00 00 00 00 00 00 00 3F 50 B9 BE ....0... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:53.357056, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/08/30 15:27:53.357190, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (5->4) [2012/08/30 15:27:53.357310, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2012/08/30 15:27:53.357843, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000002f-0000-0000-3f50-b9beee0b0000 [2012/08/30 15:27:53.358287, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 2F 00 00 00 00 00 00 00 3F 50 B9 BE ..../... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:53.358514, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 2F 00 00 00 00 00 00 00 3F 50 B9 BE ..../... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:53.358740, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/08/30 15:27:53.358869, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (4->3) [2012/08/30 15:27:53.358989, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2012/08/30 15:27:53.359489, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000002e-0000-0000-3f50-b9beee0b0000 [2012/08/30 15:27:53.359967, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 2E 00 00 00 00 00 00 00 3F 50 B9 BE ........ ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:53.360192, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 2E 00 00 00 00 00 00 00 3F 50 B9 BE ........ ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:53.360421, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/08/30 15:27:53.360555, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (3->2) [2012/08/30 15:27:53.360675, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2012/08/30 15:27:53.361294, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) spoolss_GetPrinter: struct spoolss_GetPrinter out: struct spoolss_GetPrinter info : * info : union spoolss_PrinterInfo(case 2) info2: struct spoolss_PrinterInfo2 servername : * servername : '\\orange' printername : * printername : '\\orange\HP_4515' sharename : * sharename : 'HP_4515' portname : * portname : 'Samba Printer Port' drivername : * drivername : 'HP_4515' comment : * comment : 'cups printer' location : * location : '' devmode : * devmode: struct spoolss_DeviceMode devicename : '\\orange\HP_4515' specversion : DMSPEC_NT4_AND_ABOVE (1025) driverversion : 0x0400 (1024) size : 0x00dc (220) __driverextra_length : 0x0000 (0) fields : 0x00014713 (83731) 1: DEVMODE_ORIENTATION 1: DEVMODE_PAPERSIZE 0: DEVMODE_PAPERLENGTH 0: DEVMODE_PAPERWIDTH 1: DEVMODE_SCALE 0: DEVMODE_POSITION 0: DEVMODE_NUP 1: DEVMODE_COPIES 1: DEVMODE_DEFAULTSOURCE 1: DEVMODE_PRINTQUALITY 0: DEVMODE_COLOR 0: DEVMODE_DUPLEX 0: DEVMODE_YRESOLUTION 1: DEVMODE_TTOPTION 0: DEVMODE_COLLATE 1: DEVMODE_FORMNAME 0: DEVMODE_LOGPIXELS 0: DEVMODE_BITSPERPEL 0: DEVMODE_PELSWIDTH 0: DEVMODE_PELSHEIGHT 0: DEVMODE_DISPLAYFLAGS 0: DEVMODE_DISPLAYFREQUENCY 0: DEVMODE_ICMMETHOD 0: DEVMODE_ICMINTENT 0: DEVMODE_MEDIATYPE 0: DEVMODE_DITHERTYPE 0: DEVMODE_PANNINGWIDTH 0: DEVMODE_PANNINGHEIGHT orientation : DMORIENT_PORTRAIT (1) papersize : DMPAPER_LETTER (1) paperlength : 0x0000 (0) paperwidth : 0x0000 (0) scale : 0x0064 (100) copies : 0x0001 (1) defaultsource : DMBIN_FORMSOURCE (15) printquality : DMRES_HIGH (65532) color : DMRES_MONOCHROME (1) duplex : DMDUP_SIMPLEX (1) yresolution : 0x0000 (0) ttoption : DMTT_SUBDEV (3) collate : DMCOLLATE_FALSE (0) formname : 'Letter' logpixels : 0x0000 (0) bitsperpel : 0x00000000 (0) pelswidth : 0x00000000 (0) pelsheight : 0x00000000 (0) displayflags : UNKNOWN_ENUM_VALUE (0) displayfrequency : 0x00000000 (0) icmmethod : UNKNOWN_ENUM_VALUE (0) icmintent : UNKNOWN_ENUM_VALUE (0) mediatype : UNKNOWN_ENUM_VALUE (0) dithertype : UNKNOWN_ENUM_VALUE (0) reserved1 : 0x00000000 (0) reserved2 : 0x00000000 (0) panningwidth : 0x00000000 (0) panningheight : 0x00000000 (0) driverextra_data : DATA_BLOB length=0 sepfile : * sepfile : '' printprocessor : * printprocessor : 'winprint' datatype : * datatype : 'RAW' parameters : * parameters : '' secdesc : * secdesc: struct security_descriptor revision : SECURITY_DESCRIPTOR_REVISION_1 (1) type : 0x8004 (32772) 0: SEC_DESC_OWNER_DEFAULTED 0: SEC_DESC_GROUP_DEFAULTED 1: SEC_DESC_DACL_PRESENT 0: SEC_DESC_DACL_DEFAULTED 0: SEC_DESC_SACL_PRESENT 0: SEC_DESC_SACL_DEFAULTED 0: SEC_DESC_DACL_TRUSTED 0: SEC_DESC_SERVER_SECURITY 0: SEC_DESC_DACL_AUTO_INHERIT_REQ 0: SEC_DESC_SACL_AUTO_INHERIT_REQ 0: SEC_DESC_DACL_AUTO_INHERITED 0: SEC_DESC_SACL_AUTO_INHERITED 0: SEC_DESC_DACL_PROTECTED 0: SEC_DESC_SACL_PROTECTED 0: SEC_DESC_RM_CONTROL_VALID 1: SEC_DESC_SELF_RELATIVE owner_sid : * owner_sid : S-1-5-32-544 group_sid : * group_sid : S-1-5-32-544 sacl : NULL dacl : * dacl: struct security_acl revision : SECURITY_ACL_REVISION_NT4 (2) size : 0x00c4 (196) num_aces : 0x00000007 (7) aces: ARRAY(7) aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x02 (2) 0: SEC_ACE_FLAG_OBJECT_INHERIT 1: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 0: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0014 (20) access_mask : 0x20020008 (537001992) object : union security_ace_object_ctr(case 0) trustee : S-1-1-0 aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x09 (9) 1: SEC_ACE_FLAG_OBJECT_INHERIT 0: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 1: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x09: SEC_ACE_FLAG_VALID_INHERIT (9) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0024 (36) access_mask : 0x100f000c (269418508) object : union security_ace_object_ctr(case 0) trustee : S-1-5-21-3266308635-3715972288-3547500332-512 aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x02 (2) 0: SEC_ACE_FLAG_OBJECT_INHERIT 1: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 0: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0024 (36) access_mask : 0x100f000c (269418508) object : union security_ace_object_ctr(case 0) trustee : S-1-5-21-3266308635-3715972288-3547500332-512 aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x09 (9) 1: SEC_ACE_FLAG_OBJECT_INHERIT 0: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 1: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x09: SEC_ACE_FLAG_VALID_INHERIT (9) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0018 (24) access_mask : 0x100f000c (269418508) object : union security_ace_object_ctr(case 0) trustee : S-1-5-32-544 aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x02 (2) 0: SEC_ACE_FLAG_OBJECT_INHERIT 1: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 0: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0018 (24) access_mask : 0x100f000c (269418508) object : union security_ace_object_ctr(case 0) trustee : S-1-5-32-544 aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x09 (9) 1: SEC_ACE_FLAG_OBJECT_INHERIT 0: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 1: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x09: SEC_ACE_FLAG_VALID_INHERIT (9) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0018 (24) access_mask : 0x100f000c (269418508) object : union security_ace_object_ctr(case 0) trustee : S-1-5-32-550 aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x02 (2) 0: SEC_ACE_FLAG_OBJECT_INHERIT 1: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 0: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0018 (24) access_mask : 0x100f000c (269418508) object : union security_ace_object_ctr(case 0) trustee : S-1-5-32-550 attributes : 0x00001048 (4168) 0: PRINTER_ATTRIBUTE_QUEUED 0: PRINTER_ATTRIBUTE_DIRECT 0: PRINTER_ATTRIBUTE_DEFAULT 1: PRINTER_ATTRIBUTE_SHARED 0: PRINTER_ATTRIBUTE_NETWORK 0: PRINTER_ATTRIBUTE_HIDDEN 1: PRINTER_ATTRIBUTE_LOCAL 0: PRINTER_ATTRIBUTE_ENABLE_DEVQ 0: PRINTER_ATTRIBUTE_KEEPPRINTEDJOBS 0: PRINTER_ATTRIBUTE_DO_COMPLETE_FIRST 0: PRINTER_ATTRIBUTE_WORK_OFFLINE 0: PRINTER_ATTRIBUTE_ENABLE_BIDI 1: PRINTER_ATTRIBUTE_RAW_ONLY 0: PRINTER_ATTRIBUTE_PUBLISHED 0: PRINTER_ATTRIBUTE_FAX 0: PRINTER_ATTRIBUTE_TS priority : 0x00000001 (1) defaultpriority : 0x00000001 (1) starttime : 0x00000000 (0) untiltime : 0x00000000 (0) status : 0x00000000 (0) 0: PRINTER_STATUS_PAUSED 0: PRINTER_STATUS_ERROR 0: PRINTER_STATUS_PENDING_DELETION 0: PRINTER_STATUS_PAPER_JAM 0: PRINTER_STATUS_PAPER_OUT 0: PRINTER_STATUS_MANUAL_FEED 0: PRINTER_STATUS_PAPER_PROBLEM 0: PRINTER_STATUS_OFFLINE 0: PRINTER_STATUS_IO_ACTIVE 0: PRINTER_STATUS_BUSY 0: PRINTER_STATUS_PRINTING 0: PRINTER_STATUS_OUTPUT_BIN_FULL 0: PRINTER_STATUS_NOT_AVAILABLE 0: PRINTER_STATUS_WAITING 0: PRINTER_STATUS_PROCESSING 0: PRINTER_STATUS_INITIALIZING 0: PRINTER_STATUS_WARMING_UP 0: PRINTER_STATUS_TONER_LOW 0: PRINTER_STATUS_NO_TONER 0: PRINTER_STATUS_PAGE_PUNT 0: PRINTER_STATUS_USER_INTERVENTION 0: PRINTER_STATUS_OUT_OF_MEMORY 0: PRINTER_STATUS_DOOR_OPEN 0: PRINTER_STATUS_SERVER_UNKNOWN 0: PRINTER_STATUS_POWER_SAVE cjobs : 0x00000000 (0) averageppm : 0x00000000 (0) needed : * needed : 0x00000308 (776) result : WERR_OK [2012/08/30 15:27:53.380853, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP) api_rpcTNP: called \spoolss successfully [2012/08/30 15:27:53.380993, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 4140 [2012/08/30 15:27:53.381172, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) name: \spoolss len: 1024 [2012/08/30 15:27:53.381294, 10] rpc_server/srv_pipe_hnd.c:346(read_from_internal_pipe) read_from_pipe: \spoolss: fault_state = 0 : data_sent_length = 0, p->out_data.rdata.length = 4112. [2012/08/30 15:27:53.381422, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) &r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_RESPONSE (2) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x1028 (4136) auth_length : 0x0000 (0) call_id : 0x00000003 (3) u : union dcerpc_payload(case 2) response: struct dcerpc_response alloc_hint : 0x00001010 (4112) context_id : 0x0000 (0) cancel_count : 0x00 (0) _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=4112 [0000] 04 00 02 00 00 10 00 00 EE 0F 00 00 CC 0F 00 00 ........ ........ [0010] BC 0F 00 00 96 0F 00 00 86 0F 00 00 6C 0F 00 00 ........ ....l... [0020] 6A 0F 00 00 70 0E 00 00 68 0F 00 00 56 0F 00 00 j...p... h...V... [0030] 4E 0F 00 00 4C 0F 00 00 78 0D 00 00 48 10 00 00 N...L... x...H... [0040] 01 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0200] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0210] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0220] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0230] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0240] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0250] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0260] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0270] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0280] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0290] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0300] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0310] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0320] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0330] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0340] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0350] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0360] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0370] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0380] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0390] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0400] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0410] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0420] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0430] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0440] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0450] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0460] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0470] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0480] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0490] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0500] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0510] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0520] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0530] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0540] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0550] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0560] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0570] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0580] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0590] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0600] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0610] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0620] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0630] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0640] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0650] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0660] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0670] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0680] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0690] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0700] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0710] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0720] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0730] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0740] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0750] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0760] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0770] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0780] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0790] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0800] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0810] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0820] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0830] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0840] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0850] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0860] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0870] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0880] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0890] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0900] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0910] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0920] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0930] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0940] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0950] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0960] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0970] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0980] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0990] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D80] 01 00 04 80 D8 00 00 00 E8 00 00 00 00 00 00 00 ........ ........ [0D90] 14 00 00 00 02 00 C4 00 07 00 00 00 00 02 14 00 ........ ........ [0DA0] 08 00 02 20 01 01 00 00 00 00 00 01 00 00 00 00 ... .... ........ [0DB0] 00 09 24 00 0C 00 0F 10 01 05 00 00 00 00 00 05 ..$..... ........ [0DC0] 15 00 00 00 1B EA AF C2 C0 3C 7D DD 2C 8F 72 D3 ........ .<}.,.r. [0DD0] 00 02 00 00 00 02 24 00 0C 00 0F 10 01 05 00 00 ......$. ........ [0DE0] 00 00 00 05 15 00 00 00 1B EA AF C2 C0 3C 7D DD ........ .....<}. [0DF0] 2C 8F 72 D3 00 02 00 00 00 09 18 00 0C 00 0F 10 ,.r..... ........ [0E00] 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 ........ ... ... [0E10] 00 02 18 00 0C 00 0F 10 01 02 00 00 00 00 00 05 ........ ........ [0E20] 20 00 00 00 20 02 00 00 00 09 18 00 0C 00 0F 10 ... ... ........ [0E30] 01 02 00 00 00 00 00 05 20 00 00 00 26 02 00 00 ........ ...&... [0E40] 00 02 18 00 0C 00 0F 10 01 02 00 00 00 00 00 05 ........ ........ [0E50] 20 00 00 00 26 02 00 00 01 02 00 00 00 00 00 05 ...&... ........ [0E60] 20 00 00 00 20 02 00 00 01 02 00 00 00 00 00 05 ... ... ........ [0E70] 20 00 00 00 20 02 00 00 5C 00 5C 00 6F 00 72 00 ... ... \.\.o.r. [0E80] 61 00 6E 00 67 00 65 00 5C 00 48 00 50 00 5F 00 a.n.g.e. \.H.P._. [0E90] 34 00 35 00 31 00 35 00 00 00 00 00 00 00 00 00 4.5.1.5. ........ [0EA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EB0] 00 00 00 00 00 00 00 00 01 04 00 04 DC 00 00 00 ........ ........ [0EC0] 13 47 01 00 01 00 01 00 00 00 00 00 64 00 01 00 .G...... ....d... [0ED0] 0F 00 FC FF 01 00 01 00 00 00 03 00 00 00 4C 00 ........ ......L. [0EE0] 65 00 74 00 74 00 65 00 72 00 00 00 00 00 00 00 e.t.t.e. r....... [0EF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F50] 00 00 00 00 00 00 52 00 41 00 57 00 00 00 77 00 ......R. A.W...w. [0F60] 69 00 6E 00 70 00 72 00 69 00 6E 00 74 00 00 00 i.n.p.r. i.n.t... [0F70] 00 00 00 00 63 00 75 00 70 00 73 00 20 00 70 00 ....c.u. p.s. .p. [0F80] 72 00 69 00 6E 00 74 00 65 00 72 00 00 00 48 00 r.i.n.t. e.r...H. [0F90] 50 00 5F 00 34 00 35 00 31 00 35 00 00 00 53 00 P._.4.5. 1.5...S. [0FA0] 61 00 6D 00 62 00 61 00 20 00 50 00 72 00 69 00 a.m.b.a. .P.r.i. [0FB0] 6E 00 74 00 65 00 72 00 20 00 50 00 6F 00 72 00 n.t.e.r. .P.o.r. [0FC0] 74 00 00 00 48 00 50 00 5F 00 34 00 35 00 31 00 t...H.P. _.4.5.1. [0FD0] 35 00 00 00 5C 00 5C 00 6F 00 72 00 61 00 6E 00 5...\.\. o.r.a.n. [0FE0] 67 00 65 00 5C 00 48 00 50 00 5F 00 34 00 35 00 g.e.\.H. P._.4.5. [0FF0] 31 00 35 00 00 00 5C 00 5C 00 6F 00 72 00 61 00 1.5...\. \.o.r.a. [1000] 6E 00 67 00 65 00 00 00 08 03 00 00 00 00 00 00 n.g.e... ........ [2012/08/30 15:27:53.404320, 10] rpc_server/srv_pipe_hnd.c:788(np_read_recv) Received 1024 bytes. There is more data outstanding [2012/08/30 15:27:53.404475, 5] smbd/ipc.c:103(send_trans_reply) send_trans_reply: buffer 1024 too large [2012/08/30 15:27:53.404601, 5] smbd/ipc.c:62(copy_trans_params_and_data) copy_trans_params_and_data: params[0..0] data[0..1024] (align 0) [2012/08/30 15:27:53.404740, 3] smbd/error.c:81(error_packet_set) error packet at smbd/ipc.c(137) cmd=37 (SMBtrans) STATUS_BUFFER_OVERFLOW [2012/08/30 15:27:53.404931, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:53.405017, 5] lib/util.c:342(show_msg) size=1080 smb_com=0x25 smb_rcls=5 smb_reh=0 smb_err=32768 smb_flg=136 smb_flg2=51203 smb_tid=1 smb_pid=1080 smb_uid=100 smb_mid=7745 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 1024 (0x400) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 1024 (0x400) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=1025 [2012/08/30 15:27:53.406494, 10] ../lib/util/util.c:415(dump_data) [0000] 00 05 00 02 03 10 00 00 00 28 10 00 00 03 00 00 ........ .(...... [0010] 00 10 10 00 00 00 00 00 00 04 00 02 00 00 10 00 ........ ........ [0020] 00 EE 0F 00 00 CC 0F 00 00 BC 0F 00 00 96 0F 00 ........ ........ [0030] 00 86 0F 00 00 6C 0F 00 00 6A 0F 00 00 70 0E 00 .....l.. .j...p.. [0040] 00 68 0F 00 00 56 0F 00 00 4E 0F 00 00 4C 0F 00 .h...V.. .N...L.. [0050] 00 78 0D 00 00 48 10 00 00 01 00 00 00 01 00 00 .x...H.. ........ [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [2012/08/30 15:27:53.412603, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 59 [2012/08/30 15:27:53.412864, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x3b [2012/08/30 15:27:53.412986, 3] smbd/process.c:1662(process_smb) Transaction 43 of length 63 (0 toread) [2012/08/30 15:27:53.413115, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:53.413182, 5] lib/util.c:342(show_msg) size=59 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=100 smb_mid=7809 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]=17757 (0x455D) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 3112 (0xC28) smb_vwv[ 6]= 3112 (0xC28) smb_vwv[ 7]=65535 (0xFFFF) smb_vwv[ 8]=65535 (0xFFFF) smb_vwv[ 9]= 3112 (0xC28) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=0 [2012/08/30 15:27:53.414716, 10] ../lib/util/util.c:415(dump_data) [2012/08/30 15:27:53.414783, 3] smbd/process.c:1467(switch_message) switch message SMBreadX (pid 3054) conn 0x7fd50c02fa20 [2012/08/30 15:27:53.414923, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/08/30 15:27:53.415063, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) name: \spoolss len: 3112 [2012/08/30 15:27:53.415204, 10] rpc_server/srv_pipe_hnd.c:325(read_from_internal_pipe) read_from_pipe: \spoolss: current_pdu_len = 4136, current_pdu_sent = 1024 returning 3112 bytes. [2012/08/30 15:27:53.415344, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) free_pipe_context: destroying talloc pool of size 4526 [2012/08/30 15:27:53.415480, 10] rpc_server/rpc_handles.c:307(close_policy_by_pipe) close_policy_by_pipe: deleted handle list for pipe \winreg [2012/08/30 15:27:53.415649, 10] rpc_server/srv_pipe_hnd.c:788(np_read_recv) Received 3112 bytes. There is more data outstanding [2012/08/30 15:27:53.415772, 3] smbd/pipes.c:485(pipe_read_andx_done) readX-IPC min=3112 max=3112 nread=3112 [2012/08/30 15:27:53.419711, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 128 [2012/08/30 15:27:53.419968, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x80 [2012/08/30 15:27:53.420091, 3] smbd/process.c:1662(process_smb) Transaction 44 of length 132 (0 toread) [2012/08/30 15:27:53.420333, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:53.420396, 5] lib/util.c:342(show_msg) size=128 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=1080 smb_uid=100 smb_mid=7873 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 44 (0x2C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4136 (0x1028) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 44 (0x2C) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=17757 (0x455D) smb_bcc=61 [2012/08/30 15:27:53.423124, 10] ../lib/util/util.c:415(dump_data) [0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [0010] 00 05 00 00 03 10 00 00 00 2C 00 00 00 04 00 00 ........ .,...... [0020] 00 14 00 00 00 00 00 1D 00 00 00 00 00 2B 00 00 ........ .....+.. [0030] 00 00 00 00 00 3F 50 B9 BE EE 0B 00 00 .....?P. ..... [2012/08/30 15:27:53.424356, 3] smbd/process.c:1467(switch_message) switch message SMBtrans (pid 3054) conn 0x7fd50c02fa20 [2012/08/30 15:27:53.424489, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/08/30 15:27:53.424617, 3] smbd/ipc.c:560(handle_trans) trans <\PIPE\> data=44 params=0 setup=2 [2012/08/30 15:27:53.424739, 5] smbd/ipc.c:593(handle_trans) calling named_pipe [2012/08/30 15:27:53.424856, 3] smbd/ipc.c:511(named_pipe) named pipe command on <> name [2012/08/30 15:27:53.424975, 5] smbd/ipc.c:434(api_fd_reply) api_fd_reply [2012/08/30 15:27:53.425093, 3] smbd/ipc.c:475(api_fd_reply) Got API command 0x26 on pipe "spoolss" (pnum 455d) [2012/08/30 15:27:53.425212, 10] smbd/ipc.c:477(api_fd_reply) api_fd_reply: p:0x7fd50c02ba70 max_trans_reply: 4136 [2012/08/30 15:27:53.425372, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 44 [2012/08/30 15:27:53.426408, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 44 [2012/08/30 15:27:53.426541, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 44 [2012/08/30 15:27:53.426660, 10] rpc_server/srv_pipe_hnd.c:50(fill_rpc_header) fill_rpc_header: data_to_copy = 44, len_needed_to_complete_hdr = 16, receive_len = 0 [2012/08/30 15:27:53.426780, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 16 [2012/08/30 15:27:53.426897, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 28 [2012/08/30 15:27:53.427569, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 28 [2012/08/30 15:27:53.427705, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 0 [2012/08/30 15:27:53.427966, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 28 [2012/08/30 15:27:53.428249, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 28, incoming data = 28 [2012/08/30 15:27:53.428371, 10] rpc_server/srv_pipe.c:1877(process_complete_pdu) PDU is in Little Endian format! [2012/08/30 15:27:53.428515, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_REQUEST (0) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x002c (44) auth_length : 0x0000 (0) call_id : 0x00000004 (4) u : union dcerpc_payload(case 0) request: struct dcerpc_request alloc_hint : 0x00000014 (20) context_id : 0x0000 (0) opnum : 0x001d (29) object : union dcerpc_object(case 0) empty: struct dcerpc_empty _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=20 [0000] 00 00 00 00 2B 00 00 00 00 00 00 00 3F 50 B9 BE ....+... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:53.431362, 10] rpc_server/srv_pipe.c:1890(process_complete_pdu) Processing packet type 0 [2012/08/30 15:27:53.431568, 10] rpc_server/srv_pipe.c:1734(dcesrv_auth_request) Checking request auth. [2012/08/30 15:27:53.431721, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) Requested \PIPE\\spoolss [2012/08/30 15:27:53.431843, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) api_rpcTNP: \spoolss op 0x1d - api_rpcTNP: rpc command: SPOOLSS_CLOSEPRINTER [2012/08/30 15:27:53.431964, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) api_rpc_cmds[29].fn == 0x7fd50aed00b0 [2012/08/30 15:27:53.432084, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) spoolss_ClosePrinter: struct spoolss_ClosePrinter in: struct spoolss_ClosePrinter handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000002b-0000-0000-3f50-b9beee0b0000 [2012/08/30 15:27:53.432640, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 2B 00 00 00 00 00 00 00 3F 50 B9 BE ....+... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:53.432886, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 2B 00 00 00 00 00 00 00 3F 50 B9 BE ....+... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:53.433078, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 2B 00 00 00 00 00 00 00 3F 50 B9 BE ....+... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:53.433333, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/08/30 15:27:53.433454, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) spoolss_ClosePrinter: struct spoolss_ClosePrinter out: struct spoolss_ClosePrinter handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2012/08/30 15:27:53.434050, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP) api_rpcTNP: called \spoolss successfully [2012/08/30 15:27:53.434173, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 28 [2012/08/30 15:27:53.434354, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) name: \spoolss len: 4136 [2012/08/30 15:27:53.434474, 10] rpc_server/srv_pipe_hnd.c:346(read_from_internal_pipe) read_from_pipe: \spoolss: fault_state = 0 : data_sent_length = 0, p->out_data.rdata.length = 24. [2012/08/30 15:27:53.434601, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) &r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_RESPONSE (2) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0030 (48) auth_length : 0x0000 (0) call_id : 0x00000004 (4) u : union dcerpc_payload(case 2) response: struct dcerpc_response alloc_hint : 0x00000018 (24) context_id : 0x0000 (0) cancel_count : 0x00 (0) _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=24 [0000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0010] 00 00 00 00 00 00 00 00 ........ [2012/08/30 15:27:53.436799, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) free_pipe_context: destroying talloc pool of size 29 [2012/08/30 15:27:53.436937, 10] rpc_server/srv_pipe_hnd.c:788(np_read_recv) Received 48 bytes. There is no more data outstanding [2012/08/30 15:27:53.437057, 5] smbd/ipc.c:62(copy_trans_params_and_data) copy_trans_params_and_data: params[0..0] data[0..48] (align 0) [2012/08/30 15:27:53.437179, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:53.437242, 5] lib/util.c:342(show_msg) size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=1 smb_pid=1080 smb_uid=100 smb_mid=7873 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [2012/08/30 15:27:53.439346, 10] ../lib/util/util.c:415(dump_data) [0000] 00 05 00 02 03 10 00 00 00 30 00 00 00 04 00 00 ........ .0...... [0010] 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0030] 00 . [2012/08/30 15:27:53.440711, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 102 [2012/08/30 15:27:53.440857, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x66 [2012/08/30 15:27:53.440993, 3] smbd/process.c:1662(process_smb) Transaction 45 of length 106 (0 toread) [2012/08/30 15:27:53.441111, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:53.441177, 5] lib/util.c:342(show_msg) size=102 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=1080 smb_uid=100 smb_mid=7936 smt_wct=24 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 4096 (0x1000) smb_vwv[ 3]= 4096 (0x1000) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]=40704 (0x9F00) smb_vwv[ 8]= 4609 (0x1201) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 1792 (0x700) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 256 (0x100) smb_vwv[18]= 0 (0x0) smb_vwv[19]=16384 (0x4000) smb_vwv[20]=16384 (0x4000) smb_vwv[21]= 512 (0x200) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 768 (0x300) smb_bcc=19 [2012/08/30 15:27:53.443333, 10] ../lib/util/util.c:415(dump_data) [0000] 00 5C 00 73 00 70 00 6F 00 6F 00 6C 00 73 00 73 .\.s.p.o .o.l.s.s [0010] 00 00 00 ... [2012/08/30 15:27:53.443553, 3] smbd/process.c:1467(switch_message) switch message SMBntcreateX (pid 3054) conn 0x7fd50c02fa20 [2012/08/30 15:27:53.443684, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/08/30 15:27:53.443839, 10] smbd/nttrans.c:500(reply_ntcreate_and_X) reply_ntcreate_and_X: flags = 0x10, access_mask = 0x12019f file_attributes = 0x0, share_access = 0x7, create_disposition = 0x1 create_options = 0x400040 root_dir_fid = 0x0, fname = spoolss [2012/08/30 15:27:53.444001, 4] smbd/nttrans.c:288(nt_open_pipe) nt_open_pipe: Opening pipe \spoolss. [2012/08/30 15:27:53.444129, 5] smbd/files.c:140(file_new) allocated file structure 13662, fnum = 17758 (2 used) [2012/08/30 15:27:53.444254, 10] smbd/files.c:705(file_name_hash) file_name_hash: /tmp/spoolss hash 0x7d4e46e5 [2012/08/30 15:27:53.444399, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) Create pipe requested \spoolss [2012/08/30 15:27:53.444526, 10] rpc_server/rpc_handles.c:133(init_pipe_handles) init_pipe_handle_list: pipe_handles ref count = 2 for pipe \spoolss [2012/08/30 15:27:53.444671, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) Created internal pipe \spoolss (pipes_open=0) [2012/08/30 15:27:53.444795, 5] smbd/nttrans.c:377(do_ntcreate_pipe_open) do_ntcreate_pipe_open: open pipe = \spoolss [2012/08/30 15:27:53.445878, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 41 [2012/08/30 15:27:53.446055, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x29 [2012/08/30 15:27:53.446178, 3] smbd/process.c:1662(process_smb) Transaction 46 of length 45 (0 toread) [2012/08/30 15:27:53.446334, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:53.446409, 5] lib/util.c:342(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=100 smb_mid=8000 smt_wct=3 smb_vwv[ 0]=17757 (0x455D) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2012/08/30 15:27:53.447466, 10] ../lib/util/util.c:415(dump_data) [2012/08/30 15:27:53.447566, 3] smbd/process.c:1467(switch_message) switch message SMBclose (pid 3054) conn 0x7fd50c02fa20 [2012/08/30 15:27:53.447695, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/08/30 15:27:53.447868, 3] smbd/reply.c:4848(reply_close) close fd=-1 fnum=17757 (numopen=2) [2012/08/30 15:27:53.447993, 6] smbd/close.c:532(set_close_write_time) close_write_time: Sun Feb 7 01:28:15 2106 [2012/08/30 15:27:53.448150, 5] smbd/files.c:482(file_free) freed files structure 17757 (1 used) [2012/08/30 15:27:53.448270, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:53.448332, 5] lib/util.c:342(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=1 smb_pid=65279 smb_uid=100 smb_mid=8000 smt_wct=0 smb_bcc=0 [2012/08/30 15:27:53.449292, 10] ../lib/util/util.c:415(dump_data) [2012/08/30 15:27:53.451486, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 224 [2012/08/30 15:27:53.451912, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0xe0 [2012/08/30 15:27:53.452035, 3] smbd/process.c:1662(process_smb) Transaction 47 of length 228 (0 toread) [2012/08/30 15:27:53.452235, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:53.452330, 5] lib/util.c:342(show_msg) size=224 smb_com=0x2f smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=100 smb_mid=8064 smt_wct=14 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]=17758 (0x455E) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]=65535 (0xFFFF) smb_vwv[ 6]=65535 (0xFFFF) smb_vwv[ 7]= 8 (0x8) smb_vwv[ 8]= 160 (0xA0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 160 (0xA0) smb_vwv[11]= 64 (0x40) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_bcc=161 [2012/08/30 15:27:53.454126, 10] ../lib/util/util.c:415(dump_data) [0000] EE 05 00 0B 03 10 00 00 00 A0 00 00 00 02 00 00 ........ ........ [0010] 00 B8 10 B8 10 00 00 00 00 03 00 00 00 00 00 01 ........ ........ [0020] 00 78 56 34 12 34 12 CD AB EF 00 01 23 45 67 89 .xV4.4.. ....#Eg. [0030] AB 01 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 ......]. ........ [0040] 00 2B 10 48 60 02 00 00 00 01 00 01 00 78 56 34 .+.H`... .....xV4 [0050] 12 34 12 CD AB EF 00 01 23 45 67 89 AB 01 00 00 .4...... #Eg..... [0060] 00 33 05 71 71 BA BE 37 49 83 19 B5 DB EF 9C CC .3.qq..7 I....... [0070] 36 01 00 00 00 02 00 01 00 78 56 34 12 34 12 CD 6....... .xV4.4.. [0080] AB EF 00 01 23 45 67 89 AB 01 00 00 00 2C 1C B7 ....#Eg. .....,.. [0090] 6C 12 98 40 45 03 00 00 00 00 00 00 00 01 00 00 l..@E... ........ [00A0] 00 . [2012/08/30 15:27:53.454994, 3] smbd/process.c:1467(switch_message) switch message SMBwriteX (pid 3054) conn 0x7fd50c02fa20 [2012/08/30 15:27:53.455203, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/08/30 15:27:53.455324, 6] smbd/pipes.c:300(reply_pipe_write_and_X) reply_pipe_write_and_X: 455e name: spoolss len: 160 [2012/08/30 15:27:53.455443, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 160 [2012/08/30 15:27:53.455618, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 160 [2012/08/30 15:27:53.455766, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 160 [2012/08/30 15:27:53.455890, 10] rpc_server/srv_pipe_hnd.c:50(fill_rpc_header) fill_rpc_header: data_to_copy = 160, len_needed_to_complete_hdr = 16, receive_len = 0 [2012/08/30 15:27:53.456008, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 16 [2012/08/30 15:27:53.456156, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 144 [2012/08/30 15:27:53.458404, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 144 [2012/08/30 15:27:53.458544, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 0 [2012/08/30 15:27:53.458661, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 144 [2012/08/30 15:27:53.458777, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 144, incoming data = 144 [2012/08/30 15:27:53.458896, 10] rpc_server/srv_pipe.c:1877(process_complete_pdu) PDU is in Little Endian format! [2012/08/30 15:27:53.459022, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_BIND (11) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x00a0 (160) auth_length : 0x0000 (0) call_id : 0x00000002 (2) u : union dcerpc_payload(case 11) bind: struct dcerpc_bind max_xmit_frag : 0x10b8 (4280) max_recv_frag : 0x10b8 (4280) assoc_group_id : 0x00000000 (0) num_contexts : 0x03 (3) ctx_list: ARRAY(3) ctx_list: struct dcerpc_ctx_list context_id : 0x0000 (0) num_transfer_syntaxes : 0x01 (1) abstract_syntax: struct ndr_syntax_id uuid : 12345678-1234-abcd-ef00-0123456789ab if_version : 0x00000001 (1) transfer_syntaxes: ARRAY(1) transfer_syntaxes: struct ndr_syntax_id uuid : 8a885d04-1ceb-11c9-9fe8-08002b104860 if_version : 0x00000002 (2) ctx_list: struct dcerpc_ctx_list context_id : 0x0001 (1) num_transfer_syntaxes : 0x01 (1) abstract_syntax: struct ndr_syntax_id uuid : 12345678-1234-abcd-ef00-0123456789ab if_version : 0x00000001 (1) transfer_syntaxes: ARRAY(1) transfer_syntaxes: struct ndr_syntax_id uuid : 71710533-beba-4937-8319-b5dbef9ccc36 if_version : 0x00000001 (1) ctx_list: struct dcerpc_ctx_list context_id : 0x0002 (2) num_transfer_syntaxes : 0x01 (1) abstract_syntax: struct ndr_syntax_id uuid : 12345678-1234-abcd-ef00-0123456789ab if_version : 0x00000001 (1) transfer_syntaxes: ARRAY(1) transfer_syntaxes: struct ndr_syntax_id uuid : 6cb71c2c-9812-4540-0300-000000000000 if_version : 0x00000001 (1) auth_info : DATA_BLOB length=0 [2012/08/30 15:27:53.463119, 10] rpc_server/srv_pipe.c:1890(process_complete_pdu) Processing packet type 11 [2012/08/30 15:27:53.463258, 3] rpc_server/srv_pipe.c:889(api_pipe_bind_req) api_pipe_bind_req: \PIPE\spoolss -> \PIPE\spoolss [2012/08/30 15:27:53.463382, 5] rpc_server/srv_pipe.c:923(api_pipe_bind_req) api_pipe_bind_req: make response. 923 [2012/08/30 15:27:53.463558, 3] rpc_server/srv_pipe.c:339(check_bind_req) check_bind_req for \spoolss [2012/08/30 15:27:53.463700, 3] rpc_server/srv_pipe.c:346(check_bind_req) check_bind_req: \PIPE\spoolss -> \PIPE\spoolss [2012/08/30 15:27:53.467516, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) &r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_BIND_ACK (12) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0044 (68) auth_length : 0x0000 (0) call_id : 0x00000002 (2) u : union dcerpc_payload(case 12) bind_ack: struct dcerpc_bind_ack max_xmit_frag : 0x10b8 (4280) max_recv_frag : 0x10b8 (4280) assoc_group_id : 0x000053f0 (21488) secondary_address_size : 0x000e (14) secondary_address : '\PIPE\spoolss' _pad1 : DATA_BLOB length=0 num_results : 0x01 (1) ctx_list: ARRAY(1) ctx_list: struct dcerpc_ack_ctx result : 0x0000 (0) reason : 0x0000 (0) syntax: struct ndr_syntax_id uuid : 8a885d04-1ceb-11c9-9fe8-08002b104860 if_version : 0x00000002 (2) auth_info : DATA_BLOB length=0 [2012/08/30 15:27:53.469307, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 144 [2012/08/30 15:27:53.469417, 3] smbd/pipes.c:361(pipe_write_andx_done) writeX-IPC nwritten=160 [2012/08/30 15:27:53.470625, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 59 [2012/08/30 15:27:53.470758, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x3b [2012/08/30 15:27:53.470880, 3] smbd/process.c:1662(process_smb) Transaction 48 of length 63 (0 toread) [2012/08/30 15:27:53.471025, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:53.471090, 5] lib/util.c:342(show_msg) size=59 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=100 smb_mid=8128 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]=17758 (0x455E) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 1024 (0x400) smb_vwv[ 6]= 1024 (0x400) smb_vwv[ 7]=65535 (0xFFFF) smb_vwv[ 8]=65535 (0xFFFF) smb_vwv[ 9]= 1024 (0x400) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=0 [2012/08/30 15:27:53.473002, 10] ../lib/util/util.c:415(dump_data) [2012/08/30 15:27:53.473061, 3] smbd/process.c:1467(switch_message) switch message SMBreadX (pid 3054) conn 0x7fd50c02fa20 [2012/08/30 15:27:53.473166, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/08/30 15:27:53.473258, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) name: \spoolss len: 1024 [2012/08/30 15:27:53.473370, 10] rpc_server/srv_pipe_hnd.c:325(read_from_internal_pipe) read_from_pipe: \spoolss: current_pdu_len = 68, current_pdu_sent = 0 returning 68 bytes. [2012/08/30 15:27:53.473463, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) free_pipe_context: destroying talloc pool of size 29 [2012/08/30 15:27:53.473568, 10] rpc_server/srv_pipe_hnd.c:788(np_read_recv) Received 68 bytes. There is no more data outstanding [2012/08/30 15:27:53.473667, 3] smbd/pipes.c:485(pipe_read_andx_done) readX-IPC min=1024 max=1024 nread=68 [2012/08/30 15:27:53.476838, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 292 [2012/08/30 15:27:53.477088, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x124 [2012/08/30 15:27:53.477289, 3] smbd/process.c:1662(process_smb) Transaction 49 of length 296 (0 toread) [2012/08/30 15:27:53.477540, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:53.477652, 5] lib/util.c:342(show_msg) size=292 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=1080 smb_uid=100 smb_mid=8192 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 208 (0xD0) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 208 (0xD0) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=17758 (0x455E) smb_bcc=225 [2012/08/30 15:27:53.480615, 10] ../lib/util/util.c:415(dump_data) [0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [0010] 00 05 00 00 03 10 00 00 00 D0 00 00 00 02 00 00 ........ ........ [0020] 00 B8 00 00 00 00 00 45 00 00 00 02 00 11 00 00 .......E ........ [0030] 00 00 00 00 00 11 00 00 00 5C 00 5C 00 6F 00 72 ........ .\.\.o.r [0040] 00 61 00 6E 00 67 00 65 00 5C 00 48 00 50 00 5F .a.n.g.e .\.H.P._ [0050] 00 34 00 35 00 31 00 35 00 00 00 00 00 00 00 00 .4.5.1.5 ........ [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 ........ ........ [0070] 00 01 00 00 00 04 00 02 00 28 00 00 00 08 00 02 ........ .(...... [0080] 00 0C 00 02 00 B1 1D 00 00 03 00 00 00 00 00 00 ........ ........ [0090] 00 09 00 00 00 07 00 00 00 00 00 00 00 07 00 00 ........ ........ [00A0] 00 50 00 41 00 4E 00 41 00 4D 00 41 00 00 00 00 .P.A.N.A .M.A.... [00B0] 00 12 00 00 00 00 00 00 00 12 00 00 00 41 00 43 ........ .....A.C [00C0] 00 52 00 5C 00 61 00 64 00 6D 00 69 00 6E 00 69 .R.\.a.d .m.i.n.i [00D0] 00 73 00 74 00 72 00 61 00 74 00 6F 00 72 00 00 .s.t.r.a .t.o.r.. [00E0] 00 . [2012/08/30 15:27:53.482528, 3] smbd/process.c:1467(switch_message) switch message SMBtrans (pid 3054) conn 0x7fd50c02fa20 [2012/08/30 15:27:53.482806, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/08/30 15:27:53.483038, 3] smbd/ipc.c:560(handle_trans) trans <\PIPE\> data=208 params=0 setup=2 [2012/08/30 15:27:53.483283, 5] smbd/ipc.c:593(handle_trans) calling named_pipe [2012/08/30 15:27:53.483493, 3] smbd/ipc.c:511(named_pipe) named pipe command on <> name [2012/08/30 15:27:53.483872, 5] smbd/ipc.c:434(api_fd_reply) api_fd_reply [2012/08/30 15:27:53.484089, 3] smbd/ipc.c:475(api_fd_reply) Got API command 0x26 on pipe "spoolss" (pnum 455e) [2012/08/30 15:27:53.484322, 10] smbd/ipc.c:477(api_fd_reply) api_fd_reply: p:0x7fd50c026d50 max_trans_reply: 1024 [2012/08/30 15:27:53.484530, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 208 [2012/08/30 15:27:53.484760, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 208 [2012/08/30 15:27:53.484960, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 208 [2012/08/30 15:27:53.485177, 10] rpc_server/srv_pipe_hnd.c:50(fill_rpc_header) fill_rpc_header: data_to_copy = 208, len_needed_to_complete_hdr = 16, receive_len = 0 [2012/08/30 15:27:53.485386, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 16 [2012/08/30 15:27:53.485585, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 192 [2012/08/30 15:27:53.485786, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 192 [2012/08/30 15:27:53.485986, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 0 [2012/08/30 15:27:53.486186, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 192 [2012/08/30 15:27:53.486380, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 192, incoming data = 192 [2012/08/30 15:27:53.486579, 10] rpc_server/srv_pipe.c:1877(process_complete_pdu) PDU is in Little Endian format! [2012/08/30 15:27:53.486783, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_REQUEST (0) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x00d0 (208) auth_length : 0x0000 (0) call_id : 0x00000002 (2) u : union dcerpc_payload(case 0) request: struct dcerpc_request alloc_hint : 0x000000b8 (184) context_id : 0x0000 (0) opnum : 0x0045 (69) object : union dcerpc_object(case 0) empty: struct dcerpc_empty _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=184 [0000] 00 00 02 00 11 00 00 00 00 00 00 00 11 00 00 00 ........ ........ [0010] 5C 00 5C 00 6F 00 72 00 61 00 6E 00 67 00 65 00 \.\.o.r. a.n.g.e. [0020] 5C 00 48 00 50 00 5F 00 34 00 35 00 31 00 35 00 \.H.P._. 4.5.1.5. [0030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0040] 00 00 00 00 01 00 00 00 01 00 00 00 04 00 02 00 ........ ........ [0050] 28 00 00 00 08 00 02 00 0C 00 02 00 B1 1D 00 00 (....... ........ [0060] 03 00 00 00 00 00 00 00 09 00 00 00 07 00 00 00 ........ ........ [0070] 00 00 00 00 07 00 00 00 50 00 41 00 4E 00 41 00 ........ P.A.N.A. [0080] 4D 00 41 00 00 00 00 00 12 00 00 00 00 00 00 00 M.A..... ........ [0090] 12 00 00 00 41 00 43 00 52 00 5C 00 61 00 64 00 ....A.C. R.\.a.d. [00A0] 6D 00 69 00 6E 00 69 00 73 00 74 00 72 00 61 00 m.i.n.i. s.t.r.a. [00B0] 74 00 6F 00 72 00 00 00 t.o.r... [2012/08/30 15:27:53.487908, 10] rpc_server/srv_pipe.c:1890(process_complete_pdu) Processing packet type 0 [2012/08/30 15:27:53.487926, 10] rpc_server/srv_pipe.c:1734(dcesrv_auth_request) Checking request auth. [2012/08/30 15:27:53.487943, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) Requested \PIPE\\spoolss [2012/08/30 15:27:53.487959, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) api_rpcTNP: \spoolss op 0x45 - api_rpcTNP: rpc command: SPOOLSS_OPENPRINTEREX [2012/08/30 15:27:53.487974, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) api_rpc_cmds[69].fn == 0x7fd50aec9b10 [2012/08/30 15:27:53.487989, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) spoolss_OpenPrinterEx: struct spoolss_OpenPrinterEx in: struct spoolss_OpenPrinterEx printername : * printername : '\\orange\HP_4515' datatype : NULL devmode_ctr: struct spoolss_DevmodeContainer _ndr_size : 0x00000000 (0) devmode : NULL access_mask : 0x00000000 (0) 0: SERVER_ACCESS_ADMINISTER 0: SERVER_ACCESS_ENUMERATE 0: PRINTER_ACCESS_ADMINISTER 0: PRINTER_ACCESS_USE 0: JOB_ACCESS_ADMINISTER 0: JOB_ACCESS_READ level : 0x00000001 (1) userlevel : union spoolss_UserLevel(case 1) level1 : * level1: struct spoolss_UserLevel1 size : 0x00000028 (40) client : * client : 'PANAMA' user : * user : 'ACR\administrator' build : 0x00001db1 (7601) major : UNKNOWN_ENUM_VALUE (3) minor : SPOOLSS_MINOR_VERSION_0 (0) processor : PROCESSOR_ARCHITECTURE_AMD64 (9) checking name: \\orange\HP_4515 [2012/08/30 15:27:53.488350, 10] rpc_server/spoolss/srv_spoolss_nt.c:752(open_printer_hnd) open_printer_hnd: name [\\orange\HP_4515] [2012/08/30 15:27:53.488505, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[1] [0000] 00 00 00 00 32 00 00 00 00 00 00 00 3F 50 B9 BE ....2... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:53.488746, 3] rpc_server/spoolss/srv_spoolss_nt.c:521(set_printer_hnd_printertype) Setting printer type=\\orange\HP_4515 Printer is a printer [2012/08/30 15:27:53.488942, 4] rpc_server/spoolss/srv_spoolss_nt.c:581(set_printer_hnd_name) Setting printer name=\\orange\HP_4515 (len=16) searching for [HP_4515] [2012/08/30 15:27:53.489171, 10] lib/gencache.c:183(gencache_set_data_blob) Adding cache entry with key = PRINTERNAME/HP_4515 and timeout = Thu Aug 30 15:32:53 2012 (300 seconds ahead) set_printer_hnd_name: Printer found: HP_4515 -> HP_4515 [2012/08/30 15:27:53.489471, 5] rpc_server/spoolss/srv_spoolss_nt.c:788(open_printer_hnd) 1 printer handles active [2012/08/30 15:27:53.489606, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 32 00 00 00 00 00 00 00 3F 50 B9 BE ....2... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:53.489836, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 32 00 00 00 00 00 00 00 3F 50 B9 BE ....2... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:53.490059, 4] rpc_server/spoolss/srv_spoolss_nt.c:504(get_printer_snum) short name:HP_4515 [2012/08/30 15:27:53.490199, 3] lib/access.c:338(allow_access) Allowed connection from 192.168.30.50 (192.168.30.50) [2012/08/30 15:27:53.492776, 3] ../libcli/security/dom_sid.c:208(dom_sid_parse_endp) string_to_sid: SID root is not in a valid format [2012/08/30 15:27:53.492960, 10] passdb/lookup_sid.c:76(lookup_name) lookup_name: ACR\root => domain=[ACR], name=[root] [2012/08/30 15:27:53.493081, 10] passdb/lookup_sid.c:77(lookup_name) lookup_name: flags = 0x073 [2012/08/30 15:27:53.493206, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(10000, 513) : sec_ctx_stack_ndx = 1 [2012/08/30 15:27:53.493331, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(100) : conn_ctx_stack_ndx = 0 [2012/08/30 15:27:53.493451, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2012/08/30 15:27:53.493569, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2012/08/30 15:27:53.493691, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2012/08/30 15:27:53.493900, 5] lib/smbldap.c:1439(smbldap_search_ext) smbldap_search_ext: base => [dc=acr,dc=lab], filter => [(&(uid=root)(objectclass=sambaSamAccount))], scope => [2] [2012/08/30 15:27:53.495198, 4] passdb/pdb_ldap.c:1581(ldapsam_getsampwnam) ldapsam_getsampwnam: Unable to locate user [root] count=0 [2012/08/30 15:27:53.495316, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (10000, 513) - sec_ctx_stack_ndx = 0 [2012/08/30 15:27:53.495422, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(10000, 513) : sec_ctx_stack_ndx = 1 [2012/08/30 15:27:53.495646, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(100) : conn_ctx_stack_ndx = 0 [2012/08/30 15:27:53.495767, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2012/08/30 15:27:53.495887, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2012/08/30 15:27:53.496006, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2012/08/30 15:27:53.496205, 5] lib/smbldap.c:1439(smbldap_search_ext) smbldap_search_ext: base => [dc=acr,dc=lab], filter => [(&(objectClass=sambaGroupMapping)(|(displayName=root)(cn=root)))], scope => [2] [2012/08/30 15:27:53.498269, 4] passdb/pdb_ldap.c:2543(ldapsam_getgroup) ldapsam_getgroup: Did not find group, filter was (&(objectClass=sambaGroupMapping)(|(displayName=root)(cn=root))) [2012/08/30 15:27:53.498444, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (10000, 513) - sec_ctx_stack_ndx = 0 [2012/08/30 15:27:53.498571, 10] passdb/lookup_sid.c:76(lookup_name) lookup_name: Unix User\root => domain=[Unix User], name=[root] [2012/08/30 15:27:53.498690, 10] passdb/lookup_sid.c:77(lookup_name) lookup_name: flags = 0x073 [2012/08/30 15:27:53.498821, 5] lib/username.c:171(Get_Pwnam_alloc) Finding user root [2012/08/30 15:27:53.498938, 5] lib/username.c:116(Get_Pwnam_internals) Trying _Get_Pwnam(), username as lowercase is root [2012/08/30 15:27:53.499057, 5] lib/username.c:149(Get_Pwnam_internals) Get_Pwnam_internals did find user [root]! [2012/08/30 15:27:53.499178, 10] smbd/share_access.c:241(user_ok_token) user_ok_token: share HP_4515 is ok for unix user administrator [2012/08/30 15:27:53.499311, 4] rpc_server/spoolss/srv_spoolss_nt.c:1923(_spoolss_OpenPrinterEx) Setting printer access = PRINTER_ACCESS_USE [2012/08/30 15:27:53.500243, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) Create pipe requested \winreg [2012/08/30 15:27:53.500386, 10] rpc_server/rpc_handles.c:116(init_pipe_handles) init_pipe_handle_list: created handle list for pipe \winreg [2012/08/30 15:27:53.500521, 10] rpc_server/rpc_handles.c:133(init_pipe_handles) init_pipe_handle_list: pipe_handles ref count = 1 for pipe \winreg [2012/08/30 15:27:53.500688, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) Created internal pipe \winreg (pipes_open=0) [2012/08/30 15:27:53.500838, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM in: struct winreg_OpenHKLM system_name : NULL access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2012/08/30 15:27:53.501635, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2012/08/30 15:27:53.501789, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (2->3) [2012/08/30 15:27:53.501924, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM] [2012/08/30 15:27:53.502053, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM] [2012/08/30 15:27:53.502184, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:53.502328, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM] [2012/08/30 15:27:53.502484, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM] [2012/08/30 15:27:53.502629, 10] ../libcli/security/access_check.c:178(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2012/08/30 15:27:53.502759, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[1] [0000] 00 00 00 00 33 00 00 00 00 00 00 00 3F 50 B9 BE ....3... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:53.502974, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM out: struct winreg_OpenHKLM handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000033-0000-0000-3f50-b9beee0b0000 result : WERR_OK [2012/08/30 15:27:53.503479, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey in: struct winreg_OpenKey parent_handle : * parent_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000033-0000-0000-3f50-b9beee0b0000 keyname: struct winreg_String name_len : 0x0088 (136) name_size : 0x0088 (136) name : * name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2012/08/30 15:27:53.505083, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 33 00 00 00 00 00 00 00 3F 50 B9 BE ....3... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:53.505287, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2012/08/30 15:27:53.505420, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (3->4) [2012/08/30 15:27:53.505541, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] [2012/08/30 15:27:53.505657, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE] [2012/08/30 15:27:53.505774, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:53.505889, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE] [2012/08/30 15:27:53.506029, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE] [2012/08/30 15:27:53.506161, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2012/08/30 15:27:53.506279, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (4->5) [2012/08/30 15:27:53.506398, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] [2012/08/30 15:27:53.506517, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] [2012/08/30 15:27:53.506634, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:53.506750, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE\Microsoft] [2012/08/30 15:27:53.506883, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft] [2012/08/30 15:27:53.507030, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2012/08/30 15:27:53.507149, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (5->6) [2012/08/30 15:27:53.507268, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] [2012/08/30 15:27:53.507385, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] [2012/08/30 15:27:53.507598, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:53.507719, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] [2012/08/30 15:27:53.507877, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT] [2012/08/30 15:27:53.508011, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2012/08/30 15:27:53.508132, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (6->7) [2012/08/30 15:27:53.508252, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2012/08/30 15:27:53.508369, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2012/08/30 15:27:53.508487, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:53.508693, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b776320 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2012/08/30 15:27:53.508843, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2012/08/30 15:27:53.508969, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (7->8) [2012/08/30 15:27:53.509335, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2012/08/30 15:27:53.509471, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2012/08/30 15:27:53.511495, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:53.512285, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b776320 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2012/08/30 15:27:53.512462, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2012/08/30 15:27:53.512609, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (8->9) [2012/08/30 15:27:53.512749, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2012/08/30 15:27:53.512888, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2012/08/30 15:27:53.513043, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:53.513175, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2012/08/30 15:27:53.513332, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2012/08/30 15:27:53.513486, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [HP_4515] [2012/08/30 15:27:53.513622, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (9->10) [2012/08/30 15:27:53.513758, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:53.513890, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:53.514023, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:53.514152, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:53.514311, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:53.514468, 10] ../libcli/security/access_check.c:178(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2012/08/30 15:27:53.514604, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (10->9) [2012/08/30 15:27:53.514732, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (9->8) [2012/08/30 15:27:53.514854, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (8->7) [2012/08/30 15:27:53.514972, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (7->6) [2012/08/30 15:27:53.515091, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (6->5) [2012/08/30 15:27:53.515210, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (5->4) [2012/08/30 15:27:53.515330, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[2] [0000] 00 00 00 00 34 00 00 00 00 00 00 00 3F 50 B9 BE ....4... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:53.515748, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey out: struct winreg_OpenKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000034-0000-0000-3f50-b9beee0b0000 result : WERR_OK [2012/08/30 15:27:53.516809, 2] rpc_client/cli_winreg_spoolss.c:898(winreg_create_printer) winreg_create_printer: Skipping, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515 already exists [2012/08/30 15:27:53.516943, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000034-0000-0000-3f50-b9beee0b0000 [2012/08/30 15:27:53.517409, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 34 00 00 00 00 00 00 00 3F 50 B9 BE ....4... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:53.517608, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 34 00 00 00 00 00 00 00 3F 50 B9 BE ....4... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:53.517803, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/08/30 15:27:53.517940, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (4->3) [2012/08/30 15:27:53.518059, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2012/08/30 15:27:53.518536, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000033-0000-0000-3f50-b9beee0b0000 [2012/08/30 15:27:53.518946, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 33 00 00 00 00 00 00 00 3F 50 B9 BE ....3... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:53.519141, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 33 00 00 00 00 00 00 00 3F 50 B9 BE ....3... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:53.519336, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/08/30 15:27:53.519455, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (3->2) [2012/08/30 15:27:53.519628, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2012/08/30 15:27:53.520172, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) spoolss_OpenPrinterEx: struct spoolss_OpenPrinterEx out: struct spoolss_OpenPrinterEx handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000032-0000-0000-3f50-b9beee0b0000 result : WERR_OK [2012/08/30 15:27:53.520692, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP) api_rpcTNP: called \spoolss successfully [2012/08/30 15:27:53.520827, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 192 [2012/08/30 15:27:53.520950, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2012/08/30 15:27:53.521066, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2012/08/30 15:27:53.521182, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2012/08/30 15:27:53.521387, 5] smbd/uid.c:400(change_to_root_user) change_to_root_user: now uid=(0,0) gid=(0,0) [2012/08/30 15:27:53.521515, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) name: \spoolss len: 1024 [2012/08/30 15:27:53.521633, 10] rpc_server/srv_pipe_hnd.c:346(read_from_internal_pipe) read_from_pipe: \spoolss: fault_state = 0 : data_sent_length = 0, p->out_data.rdata.length = 24. [2012/08/30 15:27:53.521756, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) &r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_RESPONSE (2) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0030 (48) auth_length : 0x0000 (0) call_id : 0x00000002 (2) u : union dcerpc_payload(case 2) response: struct dcerpc_response alloc_hint : 0x00000018 (24) context_id : 0x0000 (0) cancel_count : 0x00 (0) _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=24 [0000] 00 00 00 00 32 00 00 00 00 00 00 00 3F 50 B9 BE ....2... ....?P.. [0010] EE 0B 00 00 00 00 00 00 ........ [2012/08/30 15:27:53.523108, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) free_pipe_context: destroying talloc pool of size 1460 [2012/08/30 15:27:53.523227, 10] rpc_server/rpc_handles.c:307(close_policy_by_pipe) close_policy_by_pipe: deleted handle list for pipe \winreg [2012/08/30 15:27:53.523351, 10] rpc_server/srv_pipe_hnd.c:788(np_read_recv) Received 48 bytes. There is no more data outstanding [2012/08/30 15:27:53.523470, 5] smbd/ipc.c:62(copy_trans_params_and_data) copy_trans_params_and_data: params[0..0] data[0..48] (align 0) [2012/08/30 15:27:53.523618, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:53.523680, 5] lib/util.c:342(show_msg) size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=1 smb_pid=1080 smb_uid=100 smb_mid=8192 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [2012/08/30 15:27:53.525241, 10] ../lib/util/util.c:415(dump_data) [0000] 00 05 00 02 03 10 00 00 00 30 00 00 00 02 00 00 ........ .0...... [0010] 00 18 00 00 00 00 00 00 00 00 00 00 00 32 00 00 ........ .....2.. [0020] 00 00 00 00 00 3F 50 B9 BE EE 0B 00 00 00 00 00 .....?P. ........ [0030] 00 . [2012/08/30 15:27:53.529401, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 4240 [2012/08/30 15:27:53.529854, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x1090 [2012/08/30 15:27:53.529999, 3] smbd/process.c:1662(process_smb) Transaction 50 of length 4244 (0 toread) [2012/08/30 15:27:53.530129, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:53.530203, 5] lib/util.c:342(show_msg) size=4240 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=1080 smb_uid=100 smb_mid=8256 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 4156 (0x103C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 4156 (0x103C) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=17758 (0x455E) smb_bcc=4173 [2012/08/30 15:27:53.532428, 10] ../lib/util/util.c:415(dump_data) [0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [0010] 00 05 00 00 03 10 00 00 00 3C 10 00 00 03 00 00 ........ .<...... [0020] 00 24 10 00 00 00 00 08 00 00 00 00 00 32 00 00 .$...... .....2.. [0030] 00 00 00 00 00 3F 50 B9 BE EE 0B 00 00 02 00 00 .....?P. ........ [0040] 00 00 00 02 00 00 10 00 00 00 00 00 00 00 00 00 ........ ........ [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [2012/08/30 15:27:53.535555, 3] smbd/process.c:1467(switch_message) switch message SMBtrans (pid 3054) conn 0x7fd50c02fa20 [2012/08/30 15:27:53.535700, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (10000, 513) - sec_ctx_stack_ndx = 0 [2012/08/30 15:27:53.535820, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (14): SID[ 0]: S-1-5-21-3266308635-3715972288-3547500332-1001 SID[ 1]: S-1-5-21-3266308635-3715972288-3547500332-513 SID[ 2]: S-1-5-21-3266308635-3715972288-3547500332-512 SID[ 3]: S-1-5-21-3266308635-3715972288-3547500332-514 SID[ 4]: S-1-5-21-3266308635-3715972288-3547500332-515 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-10000 SID[ 10]: S-1-22-2-513 SID[ 11]: S-1-22-2-512 SID[ 12]: S-1-22-2-514 SID[ 13]: S-1-22-2-515 Privileges (0x 1FFFFFF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Privilege[ 8]: SeSecurityPrivilege Privilege[ 9]: SeSystemtimePrivilege Privilege[ 10]: SeShutdownPrivilege Privilege[ 11]: SeDebugPrivilege Privilege[ 12]: SeSystemEnvironmentPrivilege Privilege[ 13]: SeSystemProfilePrivilege Privilege[ 14]: SeProfileSingleProcessPrivilege Privilege[ 15]: SeIncreaseBasePriorityPrivilege Privilege[ 16]: SeLoadDriverPrivilege Privilege[ 17]: SeCreatePagefilePrivilege Privilege[ 18]: SeIncreaseQuotaPrivilege Privilege[ 19]: SeChangeNotifyPrivilege Privilege[ 20]: SeUndockPrivilege Privilege[ 21]: SeManageVolumePrivilege Privilege[ 22]: SeImpersonatePrivilege Privilege[ 23]: SeCreateGlobalPrivilege Privilege[ 24]: SeEnableDelegationPrivilege Rights (0x 0): [2012/08/30 15:27:53.539034, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 10000 Primary group is 513 and contains 4 supplementary groups Group[ 0]: 513 Group[ 1]: 512 Group[ 2]: 514 Group[ 3]: 515 [2012/08/30 15:27:53.539451, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,10000), gid=(0,513) [2012/08/30 15:27:53.539626, 3] smbd/ipc.c:560(handle_trans) trans <\PIPE\> data=4156 params=0 setup=2 [2012/08/30 15:27:53.539747, 5] smbd/ipc.c:593(handle_trans) calling named_pipe [2012/08/30 15:27:53.539862, 3] smbd/ipc.c:511(named_pipe) named pipe command on <> name [2012/08/30 15:27:53.540011, 5] smbd/ipc.c:434(api_fd_reply) api_fd_reply [2012/08/30 15:27:53.540130, 3] smbd/ipc.c:475(api_fd_reply) Got API command 0x26 on pipe "spoolss" (pnum 455e) [2012/08/30 15:27:53.540437, 10] smbd/ipc.c:477(api_fd_reply) api_fd_reply: p:0x7fd50c026d50 max_trans_reply: 1024 [2012/08/30 15:27:53.540560, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 4156 [2012/08/30 15:27:53.540678, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 4156 [2012/08/30 15:27:53.540795, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 4156 [2012/08/30 15:27:53.540908, 10] rpc_server/srv_pipe_hnd.c:50(fill_rpc_header) fill_rpc_header: data_to_copy = 4156, len_needed_to_complete_hdr = 16, receive_len = 0 [2012/08/30 15:27:53.541116, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 16 [2012/08/30 15:27:53.541233, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 4140 [2012/08/30 15:27:53.541349, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 4140 [2012/08/30 15:27:53.541467, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 0 [2012/08/30 15:27:53.541583, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 4140 [2012/08/30 15:27:53.541698, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 4140, incoming data = 4140 [2012/08/30 15:27:53.541820, 10] rpc_server/srv_pipe.c:1877(process_complete_pdu) PDU is in Little Endian format! [2012/08/30 15:27:53.541946, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_REQUEST (0) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x103c (4156) auth_length : 0x0000 (0) call_id : 0x00000003 (3) u : union dcerpc_payload(case 0) request: struct dcerpc_request alloc_hint : 0x00001024 (4132) context_id : 0x0000 (0) opnum : 0x0008 (8) object : union dcerpc_object(case 0) empty: struct dcerpc_empty _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=4132 [0000] 00 00 00 00 32 00 00 00 00 00 00 00 3F 50 B9 BE ....2... ....?P.. [0010] EE 0B 00 00 02 00 00 00 00 00 02 00 00 10 00 00 ........ ........ [0020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0040] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0200] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0210] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0220] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0230] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0240] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0250] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0260] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0270] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0280] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0290] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0300] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0310] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0320] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0330] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0340] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0350] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0360] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0370] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0380] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0390] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0400] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0410] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0420] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0430] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0440] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0450] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0460] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0470] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0480] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0490] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0500] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0510] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0520] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0530] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0540] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0550] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0560] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0570] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0580] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0590] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0600] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0610] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0620] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0630] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0640] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0650] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0660] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0670] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0680] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0690] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0700] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0710] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0720] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0730] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0740] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0750] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0760] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0770] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0780] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0790] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0800] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0810] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0820] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0830] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0840] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0850] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0860] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0870] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0880] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0890] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0900] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0910] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0920] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0930] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0940] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0950] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0960] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0970] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0980] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0990] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0ED0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1010] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1020] 00 10 00 00 .... [2012/08/30 15:27:53.563254, 10] rpc_server/srv_pipe.c:1890(process_complete_pdu) Processing packet type 0 [2012/08/30 15:27:53.563389, 10] rpc_server/srv_pipe.c:1734(dcesrv_auth_request) Checking request auth. [2012/08/30 15:27:53.563592, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) Requested \PIPE\\spoolss [2012/08/30 15:27:53.563720, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) api_rpcTNP: \spoolss op 0x8 - api_rpcTNP: rpc command: SPOOLSS_GETPRINTER [2012/08/30 15:27:53.563862, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) api_rpc_cmds[8].fn == 0x7fd50aed3850 [2012/08/30 15:27:53.563987, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) spoolss_GetPrinter: struct spoolss_GetPrinter in: struct spoolss_GetPrinter handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000032-0000-0000-3f50-b9beee0b0000 level : 0x00000002 (2) buffer : * buffer : DATA_BLOB length=4096 [0000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0010] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0040] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0200] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0210] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0220] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0230] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0240] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0250] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0260] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0270] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0280] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0290] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0300] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0310] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0320] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0330] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0340] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0350] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0360] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0370] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0380] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0390] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0400] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0410] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0420] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0430] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0440] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0450] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0460] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0470] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0480] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0490] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0500] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0510] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0520] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0530] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0540] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0550] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0560] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0570] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0580] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0590] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0600] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0610] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0620] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0630] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0640] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0650] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0660] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0670] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0680] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0690] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0700] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0710] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0720] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0730] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0740] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0750] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0760] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0770] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0780] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0790] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0800] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0810] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0820] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0830] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0840] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0850] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0860] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0870] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0880] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0890] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0900] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0910] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0920] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0930] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0940] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0950] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0960] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0970] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0980] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0990] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0ED0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ offered : 0x00001000 (4096) [2012/08/30 15:27:53.585286, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 32 00 00 00 00 00 00 00 3F 50 B9 BE ....2... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:53.585493, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 32 00 00 00 00 00 00 00 3F 50 B9 BE ....2... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:53.585686, 4] rpc_server/spoolss/srv_spoolss_nt.c:504(get_printer_snum) short name:HP_4515 [2012/08/30 15:27:53.585816, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) Create pipe requested \winreg [2012/08/30 15:27:53.585941, 10] rpc_server/rpc_handles.c:116(init_pipe_handles) init_pipe_handle_list: created handle list for pipe \winreg [2012/08/30 15:27:53.586059, 10] rpc_server/rpc_handles.c:133(init_pipe_handles) init_pipe_handle_list: pipe_handles ref count = 1 for pipe \winreg [2012/08/30 15:27:53.586183, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) Created internal pipe \winreg (pipes_open=0) [2012/08/30 15:27:53.586320, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM in: struct winreg_OpenHKLM system_name : NULL access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2012/08/30 15:27:53.587086, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2012/08/30 15:27:53.587205, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (2->3) [2012/08/30 15:27:53.587326, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM] [2012/08/30 15:27:53.587443, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM] [2012/08/30 15:27:53.587609, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:53.587732, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM] [2012/08/30 15:27:53.587908, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM] [2012/08/30 15:27:53.588041, 10] ../libcli/security/access_check.c:178(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2012/08/30 15:27:53.588195, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[1] [0000] 00 00 00 00 35 00 00 00 00 00 00 00 3F 50 B9 BE ....5... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:53.588404, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM out: struct winreg_OpenHKLM handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000035-0000-0000-3f50-b9beee0b0000 result : WERR_OK [2012/08/30 15:27:53.588901, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey in: struct winreg_OpenKey parent_handle : * parent_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000035-0000-0000-3f50-b9beee0b0000 keyname: struct winreg_String name_len : 0x0088 (136) name_size : 0x0088 (136) name : * name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2012/08/30 15:27:53.590509, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 35 00 00 00 00 00 00 00 3F 50 B9 BE ....5... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:53.590717, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2012/08/30 15:27:53.590837, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (3->4) [2012/08/30 15:27:53.591149, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] [2012/08/30 15:27:53.591278, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE] [2012/08/30 15:27:53.591398, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:53.591561, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE] [2012/08/30 15:27:53.591728, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE] [2012/08/30 15:27:53.591862, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2012/08/30 15:27:53.591982, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (4->5) [2012/08/30 15:27:53.592122, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] [2012/08/30 15:27:53.592248, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] [2012/08/30 15:27:53.592367, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:53.592484, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE\Microsoft] [2012/08/30 15:27:53.592618, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft] [2012/08/30 15:27:53.592749, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2012/08/30 15:27:53.593228, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (5->6) [2012/08/30 15:27:53.593366, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] [2012/08/30 15:27:53.593485, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] [2012/08/30 15:27:53.593606, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:53.593723, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] [2012/08/30 15:27:53.593865, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT] [2012/08/30 15:27:53.594002, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2012/08/30 15:27:53.594123, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (6->7) [2012/08/30 15:27:53.594246, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2012/08/30 15:27:53.594368, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2012/08/30 15:27:53.594487, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:53.594604, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b776320 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2012/08/30 15:27:53.594754, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2012/08/30 15:27:53.594874, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (7->8) [2012/08/30 15:27:53.594996, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2012/08/30 15:27:53.595113, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2012/08/30 15:27:53.595238, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:53.595544, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b776320 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2012/08/30 15:27:53.595701, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2012/08/30 15:27:53.595863, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (8->9) [2012/08/30 15:27:53.595984, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2012/08/30 15:27:53.596102, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2012/08/30 15:27:53.596221, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:53.596338, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2012/08/30 15:27:53.596488, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2012/08/30 15:27:53.596642, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [HP_4515] [2012/08/30 15:27:53.596762, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (9->10) [2012/08/30 15:27:53.596882, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:53.596999, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:53.597117, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:53.597237, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:53.597375, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:53.597510, 10] ../libcli/security/access_check.c:178(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2012/08/30 15:27:53.597631, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (10->9) [2012/08/30 15:27:53.597763, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (9->8) [2012/08/30 15:27:53.597887, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (8->7) [2012/08/30 15:27:53.598004, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (7->6) [2012/08/30 15:27:53.598122, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (6->5) [2012/08/30 15:27:53.598240, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (5->4) [2012/08/30 15:27:53.598359, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[2] [0000] 00 00 00 00 36 00 00 00 00 00 00 00 3F 50 B9 BE ....6... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:53.598556, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey out: struct winreg_OpenKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000036-0000-0000-3f50-b9beee0b0000 result : WERR_OK [2012/08/30 15:27:53.599064, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_QueryInfoKey: struct winreg_QueryInfoKey in: struct winreg_QueryInfoKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000036-0000-0000-3f50-b9beee0b0000 classname : * classname: struct winreg_String name_len : 0x0000 (0) name_size : 0x0000 (0) name : NULL [2012/08/30 15:27:53.600626, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 36 00 00 00 00 00 00 00 3F 50 B9 BE ....6... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:53.600841, 10] registry/reg_dispatcher.c:150(fetch_reg_values) fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515' (ops 0x7fd50b775f80) [2012/08/30 15:27:53.600961, 10] registry/reg_backend_db.c:1789(regdb_fetch_values_internal) regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:53.601103, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[0]: name[Attributes] len[4] [2012/08/30 15:27:53.601223, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[1]: name[Datatype] len[8] [2012/08/30 15:27:53.601342, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[2]: name[Default Priority] len[4] [2012/08/30 15:27:53.601461, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[3]: name[Port] len[38] [2012/08/30 15:27:53.601579, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[4]: name[Name] len[16] [2012/08/30 15:27:53.601698, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[5]: name[Print Processor] len[18] [2012/08/30 15:27:53.601833, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[6]: name[Priority] len[4] [2012/08/30 15:27:53.601952, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[7]: name[Security] len[248] [2012/08/30 15:27:53.602071, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[8]: name[Share Name] len[16] [2012/08/30 15:27:53.602190, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[9]: name[StartTime] len[4] [2012/08/30 15:27:53.602308, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[10]: name[UntilTime] len[4] [2012/08/30 15:27:53.602428, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[11]: name[Description] len[26] [2012/08/30 15:27:53.602547, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[12]: name[Printer Driver] len[16] [2012/08/30 15:27:53.602666, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[13]: name[Location] len[2] [2012/08/30 15:27:53.602785, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[14]: name[Parameters] len[2] [2012/08/30 15:27:53.602904, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[15]: name[Separator File] len[2] [2012/08/30 15:27:53.603025, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[16]: name[Status] len[4] [2012/08/30 15:27:53.603144, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[17]: name[ChangeID] len[4] [2012/08/30 15:27:53.603263, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:53.603399, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_QueryInfoKey: struct winreg_QueryInfoKey out: struct winreg_QueryInfoKey classname : * classname: struct winreg_String name_len : 0x0000 (0) name_size : 0x0000 (0) name : NULL num_subkeys : * num_subkeys : 0x00000003 (3) max_subkeylen : * max_subkeylen : 0x00000022 (34) max_classlen : * max_classlen : 0x00000000 (0) num_values : * num_values : 0x00000012 (18) max_valnamelen : * max_valnamelen : 0x00000022 (34) max_valbufsize : * max_valbufsize : 0x000000f8 (248) secdescsize : * secdescsize : 0x00000078 (120) last_changed_time : * last_changed_time : NTTIME(0) result : WERR_OK [2012/08/30 15:27:53.604946, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000036-0000-0000-3f50-b9beee0b0000 enum_index : 0x00000000 (0) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2012/08/30 15:27:53.606239, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 36 00 00 00 00 00 00 00 3F 50 B9 BE ....6... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:53.606457, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:53.606580, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0016 (22) size : 0x0024 (36) name : * name : 'Attributes' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x48 (72) [1] : 0x10 (16) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2012/08/30 15:27:53.607926, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000036-0000-0000-3f50-b9beee0b0000 enum_index : 0x00000001 (1) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2012/08/30 15:27:53.609379, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 36 00 00 00 00 00 00 00 3F 50 B9 BE ....6... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:53.609574, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:53.609695, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0024 (36) name : * name : 'Datatype' type : * type : REG_SZ (1) value : * value: ARRAY(8) [0] : 0x52 (82) [1] : 0x00 (0) [2] : 0x41 (65) [3] : 0x00 (0) [4] : 0x57 (87) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) size : * size : 0x00000008 (8) length : * length : 0x00000008 (8) result : WERR_OK [2012/08/30 15:27:53.611380, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000036-0000-0000-3f50-b9beee0b0000 enum_index : 0x00000002 (2) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2012/08/30 15:27:53.612998, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 36 00 00 00 00 00 00 00 3F 50 B9 BE ....6... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:53.613205, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:53.613330, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0022 (34) size : 0x0024 (36) name : * name : 'Default Priority' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2012/08/30 15:27:53.614657, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000036-0000-0000-3f50-b9beee0b0000 enum_index : 0x00000003 (3) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2012/08/30 15:27:53.615989, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 36 00 00 00 00 00 00 00 3F 50 B9 BE ....6... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:53.616189, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:53.616312, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x000a (10) size : 0x0024 (36) name : * name : 'Port' type : * type : REG_SZ (1) value : * value: ARRAY(38) [0] : 0x53 (83) [1] : 0x00 (0) [2] : 0x61 (97) [3] : 0x00 (0) [4] : 0x6d (109) [5] : 0x00 (0) [6] : 0x62 (98) [7] : 0x00 (0) [8] : 0x61 (97) [9] : 0x00 (0) [10] : 0x20 (32) [11] : 0x00 (0) [12] : 0x50 (80) [13] : 0x00 (0) [14] : 0x72 (114) [15] : 0x00 (0) [16] : 0x69 (105) [17] : 0x00 (0) [18] : 0x6e (110) [19] : 0x00 (0) [20] : 0x74 (116) [21] : 0x00 (0) [22] : 0x65 (101) [23] : 0x00 (0) [24] : 0x72 (114) [25] : 0x00 (0) [26] : 0x20 (32) [27] : 0x00 (0) [28] : 0x50 (80) [29] : 0x00 (0) [30] : 0x6f (111) [31] : 0x00 (0) [32] : 0x72 (114) [33] : 0x00 (0) [34] : 0x74 (116) [35] : 0x00 (0) [36] : 0x00 (0) [37] : 0x00 (0) size : * size : 0x00000026 (38) length : * length : 0x00000026 (38) result : WERR_OK [2012/08/30 15:27:53.619635, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000036-0000-0000-3f50-b9beee0b0000 enum_index : 0x00000004 (4) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2012/08/30 15:27:53.621156, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 36 00 00 00 00 00 00 00 3F 50 B9 BE ....6... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:53.621353, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:53.621475, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x000a (10) size : 0x0024 (36) name : * name : 'Name' type : * type : REG_SZ (1) value : * value: ARRAY(16) [0] : 0x48 (72) [1] : 0x00 (0) [2] : 0x50 (80) [3] : 0x00 (0) [4] : 0x5f (95) [5] : 0x00 (0) [6] : 0x34 (52) [7] : 0x00 (0) [8] : 0x35 (53) [9] : 0x00 (0) [10] : 0x31 (49) [11] : 0x00 (0) [12] : 0x35 (53) [13] : 0x00 (0) [14] : 0x00 (0) [15] : 0x00 (0) size : * size : 0x00000010 (16) length : * length : 0x00000010 (16) result : WERR_OK [2012/08/30 15:27:53.623471, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000036-0000-0000-3f50-b9beee0b0000 enum_index : 0x00000005 (5) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2012/08/30 15:27:53.624806, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 36 00 00 00 00 00 00 00 3F 50 B9 BE ....6... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:53.625000, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:53.625121, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0020 (32) size : 0x0024 (36) name : * name : 'Print Processor' type : * type : REG_SZ (1) value : * value: ARRAY(18) [0] : 0x77 (119) [1] : 0x00 (0) [2] : 0x69 (105) [3] : 0x00 (0) [4] : 0x6e (110) [5] : 0x00 (0) [6] : 0x70 (112) [7] : 0x00 (0) [8] : 0x72 (114) [9] : 0x00 (0) [10] : 0x69 (105) [11] : 0x00 (0) [12] : 0x6e (110) [13] : 0x00 (0) [14] : 0x74 (116) [15] : 0x00 (0) [16] : 0x00 (0) [17] : 0x00 (0) size : * size : 0x00000012 (18) length : * length : 0x00000012 (18) result : WERR_OK [2012/08/30 15:27:53.627341, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000036-0000-0000-3f50-b9beee0b0000 enum_index : 0x00000006 (6) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2012/08/30 15:27:53.628706, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 36 00 00 00 00 00 00 00 3F 50 B9 BE ....6... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:53.628902, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:53.629024, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0024 (36) name : * name : 'Priority' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2012/08/30 15:27:53.630330, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000036-0000-0000-3f50-b9beee0b0000 enum_index : 0x00000007 (7) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2012/08/30 15:27:53.631937, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 36 00 00 00 00 00 00 00 3F 50 B9 BE ....6... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:53.632150, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:53.632273, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0024 (36) name : * name : 'Security' type : * type : REG_BINARY (3) value : * value: ARRAY(248) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x04 (4) [3] : 0x80 (128) [4] : 0x14 (20) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) [8] : 0x24 (36) [9] : 0x00 (0) [10] : 0x00 (0) [11] : 0x00 (0) [12] : 0x00 (0) [13] : 0x00 (0) [14] : 0x00 (0) [15] : 0x00 (0) [16] : 0x34 (52) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) [20] : 0x01 (1) [21] : 0x02 (2) [22] : 0x00 (0) [23] : 0x00 (0) [24] : 0x00 (0) [25] : 0x00 (0) [26] : 0x00 (0) [27] : 0x05 (5) [28] : 0x20 (32) [29] : 0x00 (0) [30] : 0x00 (0) [31] : 0x00 (0) [32] : 0x20 (32) [33] : 0x02 (2) [34] : 0x00 (0) [35] : 0x00 (0) [36] : 0x01 (1) [37] : 0x02 (2) [38] : 0x00 (0) [39] : 0x00 (0) [40] : 0x00 (0) [41] : 0x00 (0) [42] : 0x00 (0) [43] : 0x05 (5) [44] : 0x20 (32) [45] : 0x00 (0) [46] : 0x00 (0) [47] : 0x00 (0) [48] : 0x20 (32) [49] : 0x02 (2) [50] : 0x00 (0) [51] : 0x00 (0) [52] : 0x02 (2) [53] : 0x00 (0) [54] : 0xc4 (196) [55] : 0x00 (0) [56] : 0x07 (7) [57] : 0x00 (0) [58] : 0x00 (0) [59] : 0x00 (0) [60] : 0x00 (0) [61] : 0x02 (2) [62] : 0x14 (20) [63] : 0x00 (0) [64] : 0x08 (8) [65] : 0x00 (0) [66] : 0x02 (2) [67] : 0x20 (32) [68] : 0x01 (1) [69] : 0x01 (1) [70] : 0x00 (0) [71] : 0x00 (0) [72] : 0x00 (0) [73] : 0x00 (0) [74] : 0x00 (0) [75] : 0x01 (1) [76] : 0x00 (0) [77] : 0x00 (0) [78] : 0x00 (0) [79] : 0x00 (0) [80] : 0x00 (0) [81] : 0x09 (9) [82] : 0x24 (36) [83] : 0x00 (0) [84] : 0x0c (12) [85] : 0x00 (0) [86] : 0x0f (15) [87] : 0x10 (16) [88] : 0x01 (1) [89] : 0x05 (5) [90] : 0x00 (0) [91] : 0x00 (0) [92] : 0x00 (0) [93] : 0x00 (0) [94] : 0x00 (0) [95] : 0x05 (5) [96] : 0x15 (21) [97] : 0x00 (0) [98] : 0x00 (0) [99] : 0x00 (0) [100] : 0x1b (27) [101] : 0xea (234) [102] : 0xaf (175) [103] : 0xc2 (194) [104] : 0xc0 (192) [105] : 0x3c (60) [106] : 0x7d (125) [107] : 0xdd (221) [108] : 0x2c (44) [109] : 0x8f (143) [110] : 0x72 (114) [111] : 0xd3 (211) [112] : 0x00 (0) [113] : 0x02 (2) [114] : 0x00 (0) [115] : 0x00 (0) [116] : 0x00 (0) [117] : 0x02 (2) [118] : 0x24 (36) [119] : 0x00 (0) [120] : 0x0c (12) [121] : 0x00 (0) [122] : 0x0f (15) [123] : 0x10 (16) [124] : 0x01 (1) [125] : 0x05 (5) [126] : 0x00 (0) [127] : 0x00 (0) [128] : 0x00 (0) [129] : 0x00 (0) [130] : 0x00 (0) [131] : 0x05 (5) [132] : 0x15 (21) [133] : 0x00 (0) [134] : 0x00 (0) [135] : 0x00 (0) [136] : 0x1b (27) [137] : 0xea (234) [138] : 0xaf (175) [139] : 0xc2 (194) [140] : 0xc0 (192) [141] : 0x3c (60) [142] : 0x7d (125) [143] : 0xdd (221) [144] : 0x2c (44) [145] : 0x8f (143) [146] : 0x72 (114) [147] : 0xd3 (211) [148] : 0x00 (0) [149] : 0x02 (2) [150] : 0x00 (0) [151] : 0x00 (0) [152] : 0x00 (0) [153] : 0x09 (9) [154] : 0x18 (24) [155] : 0x00 (0) [156] : 0x0c (12) [157] : 0x00 (0) [158] : 0x0f (15) [159] : 0x10 (16) [160] : 0x01 (1) [161] : 0x02 (2) [162] : 0x00 (0) [163] : 0x00 (0) [164] : 0x00 (0) [165] : 0x00 (0) [166] : 0x00 (0) [167] : 0x05 (5) [168] : 0x20 (32) [169] : 0x00 (0) [170] : 0x00 (0) [171] : 0x00 (0) [172] : 0x20 (32) [173] : 0x02 (2) [174] : 0x00 (0) [175] : 0x00 (0) [176] : 0x00 (0) [177] : 0x02 (2) [178] : 0x18 (24) [179] : 0x00 (0) [180] : 0x0c (12) [181] : 0x00 (0) [182] : 0x0f (15) [183] : 0x10 (16) [184] : 0x01 (1) [185] : 0x02 (2) [186] : 0x00 (0) [187] : 0x00 (0) [188] : 0x00 (0) [189] : 0x00 (0) [190] : 0x00 (0) [191] : 0x05 (5) [192] : 0x20 (32) [193] : 0x00 (0) [194] : 0x00 (0) [195] : 0x00 (0) [196] : 0x20 (32) [197] : 0x02 (2) [198] : 0x00 (0) [199] : 0x00 (0) [200] : 0x00 (0) [201] : 0x09 (9) [202] : 0x18 (24) [203] : 0x00 (0) [204] : 0x0c (12) [205] : 0x00 (0) [206] : 0x0f (15) [207] : 0x10 (16) [208] : 0x01 (1) [209] : 0x02 (2) [210] : 0x00 (0) [211] : 0x00 (0) [212] : 0x00 (0) [213] : 0x00 (0) [214] : 0x00 (0) [215] : 0x05 (5) [216] : 0x20 (32) [217] : 0x00 (0) [218] : 0x00 (0) [219] : 0x00 (0) [220] : 0x26 (38) [221] : 0x02 (2) [222] : 0x00 (0) [223] : 0x00 (0) [224] : 0x00 (0) [225] : 0x02 (2) [226] : 0x18 (24) [227] : 0x00 (0) [228] : 0x0c (12) [229] : 0x00 (0) [230] : 0x0f (15) [231] : 0x10 (16) [232] : 0x01 (1) [233] : 0x02 (2) [234] : 0x00 (0) [235] : 0x00 (0) [236] : 0x00 (0) [237] : 0x00 (0) [238] : 0x00 (0) [239] : 0x05 (5) [240] : 0x20 (32) [241] : 0x00 (0) [242] : 0x00 (0) [243] : 0x00 (0) [244] : 0x26 (38) [245] : 0x02 (2) [246] : 0x00 (0) [247] : 0x00 (0) size : * size : 0x000000f8 (248) length : * length : 0x000000f8 (248) result : WERR_OK [2012/08/30 15:27:53.648097, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000036-0000-0000-3f50-b9beee0b0000 enum_index : 0x00000008 (8) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2012/08/30 15:27:53.649400, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 36 00 00 00 00 00 00 00 3F 50 B9 BE ....6... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:53.649595, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:53.649735, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0016 (22) size : 0x0024 (36) name : * name : 'Share Name' type : * type : REG_SZ (1) value : * value: ARRAY(16) [0] : 0x48 (72) [1] : 0x00 (0) [2] : 0x50 (80) [3] : 0x00 (0) [4] : 0x5f (95) [5] : 0x00 (0) [6] : 0x34 (52) [7] : 0x00 (0) [8] : 0x35 (53) [9] : 0x00 (0) [10] : 0x31 (49) [11] : 0x00 (0) [12] : 0x35 (53) [13] : 0x00 (0) [14] : 0x00 (0) [15] : 0x00 (0) size : * size : 0x00000010 (16) length : * length : 0x00000010 (16) result : WERR_OK [2012/08/30 15:27:53.652697, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000036-0000-0000-3f50-b9beee0b0000 enum_index : 0x00000009 (9) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2012/08/30 15:27:53.653981, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 36 00 00 00 00 00 00 00 3F 50 B9 BE ....6... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:53.654176, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:53.654297, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0014 (20) size : 0x0024 (36) name : * name : 'StartTime' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x00 (0) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2012/08/30 15:27:53.655641, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000036-0000-0000-3f50-b9beee0b0000 enum_index : 0x0000000a (10) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2012/08/30 15:27:53.657071, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 36 00 00 00 00 00 00 00 3F 50 B9 BE ....6... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:53.657268, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:53.657396, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0014 (20) size : 0x0024 (36) name : * name : 'UntilTime' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x00 (0) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2012/08/30 15:27:53.658716, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000036-0000-0000-3f50-b9beee0b0000 enum_index : 0x0000000b (11) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2012/08/30 15:27:53.660066, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 36 00 00 00 00 00 00 00 3F 50 B9 BE ....6... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:53.660263, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:53.660438, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0018 (24) size : 0x0024 (36) name : * name : 'Description' type : * type : REG_SZ (1) value : * value: ARRAY(26) [0] : 0x63 (99) [1] : 0x00 (0) [2] : 0x75 (117) [3] : 0x00 (0) [4] : 0x70 (112) [5] : 0x00 (0) [6] : 0x73 (115) [7] : 0x00 (0) [8] : 0x20 (32) [9] : 0x00 (0) [10] : 0x70 (112) [11] : 0x00 (0) [12] : 0x72 (114) [13] : 0x00 (0) [14] : 0x69 (105) [15] : 0x00 (0) [16] : 0x6e (110) [17] : 0x00 (0) [18] : 0x74 (116) [19] : 0x00 (0) [20] : 0x65 (101) [21] : 0x00 (0) [22] : 0x72 (114) [23] : 0x00 (0) [24] : 0x00 (0) [25] : 0x00 (0) size : * size : 0x0000001a (26) length : * length : 0x0000001a (26) result : WERR_OK [2012/08/30 15:27:53.663019, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000036-0000-0000-3f50-b9beee0b0000 enum_index : 0x0000000c (12) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2012/08/30 15:27:53.664319, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 36 00 00 00 00 00 00 00 3F 50 B9 BE ....6... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:53.664514, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:53.664634, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x001e (30) size : 0x0024 (36) name : * name : 'Printer Driver' type : * type : REG_SZ (1) value : * value: ARRAY(16) [0] : 0x48 (72) [1] : 0x00 (0) [2] : 0x50 (80) [3] : 0x00 (0) [4] : 0x5f (95) [5] : 0x00 (0) [6] : 0x34 (52) [7] : 0x00 (0) [8] : 0x35 (53) [9] : 0x00 (0) [10] : 0x31 (49) [11] : 0x00 (0) [12] : 0x35 (53) [13] : 0x00 (0) [14] : 0x00 (0) [15] : 0x00 (0) size : * size : 0x00000010 (16) length : * length : 0x00000010 (16) result : WERR_OK [2012/08/30 15:27:53.666652, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000036-0000-0000-3f50-b9beee0b0000 enum_index : 0x0000000d (13) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2012/08/30 15:27:53.668123, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 36 00 00 00 00 00 00 00 3F 50 B9 BE ....6... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:53.668356, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:53.668481, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0024 (36) name : * name : 'Location' type : * type : REG_SZ (1) value : * value: ARRAY(2) [0] : 0x00 (0) [1] : 0x00 (0) size : * size : 0x00000002 (2) length : * length : 0x00000002 (2) result : WERR_OK [2012/08/30 15:27:53.669647, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000036-0000-0000-3f50-b9beee0b0000 enum_index : 0x0000000e (14) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2012/08/30 15:27:53.670953, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 36 00 00 00 00 00 00 00 3F 50 B9 BE ....6... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:53.671153, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:53.671273, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0016 (22) size : 0x0024 (36) name : * name : 'Parameters' type : * type : REG_SZ (1) value : * value: ARRAY(2) [0] : 0x00 (0) [1] : 0x00 (0) size : * size : 0x00000002 (2) length : * length : 0x00000002 (2) result : WERR_OK [2012/08/30 15:27:53.672730, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000036-0000-0000-3f50-b9beee0b0000 enum_index : 0x0000000f (15) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2012/08/30 15:27:53.674003, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 36 00 00 00 00 00 00 00 3F 50 B9 BE ....6... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:53.674279, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:53.674401, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x001e (30) size : 0x0024 (36) name : * name : 'Separator File' type : * type : REG_SZ (1) value : * value: ARRAY(2) [0] : 0x00 (0) [1] : 0x00 (0) size : * size : 0x00000002 (2) length : * length : 0x00000002 (2) result : WERR_OK [2012/08/30 15:27:53.675596, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000036-0000-0000-3f50-b9beee0b0000 enum_index : 0x00000010 (16) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2012/08/30 15:27:53.677073, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 36 00 00 00 00 00 00 00 3F 50 B9 BE ....6... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:53.677290, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:53.677412, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x000e (14) size : 0x0024 (36) name : * name : 'Status' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x00 (0) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2012/08/30 15:27:53.678700, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000036-0000-0000-3f50-b9beee0b0000 enum_index : 0x00000011 (17) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2012/08/30 15:27:53.680173, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 36 00 00 00 00 00 00 00 3F 50 B9 BE ....6... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:53.680376, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:53.680496, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0024 (36) name : * name : 'ChangeID' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x09 (9) [1] : 0x7d (125) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2012/08/30 15:27:53.681810, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000036-0000-0000-3f50-b9beee0b0000 value_name : * value_name: struct winreg_String name_len : 0x0020 (32) name_size : 0x0020 (32) name : * name : 'Default DevMode' type : * type : REG_NONE (0) data : NULL data_size : * data_size : 0x00000000 (0) data_length : * data_length : 0x00000000 (0) [2012/08/30 15:27:53.682970, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 36 00 00 00 00 00 00 00 3F 50 B9 BE ....6... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:53.683166, 7] rpc_server/winreg/srv_winreg_nt.c:262(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:53.683286, 7] rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2012/08/30 15:27:53.683409, 10] rpc_server/winreg/srv_winreg_nt.c:315(_winreg_QueryValue) _winreg_QueryValue: reg_queryvalue failed with: WERR_BADFILE [2012/08/30 15:27:53.683572, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_NONE (0) data : NULL data_size : * data_size : 0x00000000 (0) data_length : * data_length : 0x00000000 (0) result : WERR_BADFILE [2012/08/30 15:27:53.684277, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM in: struct winreg_OpenHKLM system_name : NULL access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2012/08/30 15:27:53.685056, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2012/08/30 15:27:53.685178, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (4->5) [2012/08/30 15:27:53.685299, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM] [2012/08/30 15:27:53.685417, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM] [2012/08/30 15:27:53.685536, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:53.685653, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM] [2012/08/30 15:27:53.685801, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM] [2012/08/30 15:27:53.685935, 10] ../libcli/security/access_check.c:178(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2012/08/30 15:27:53.686057, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[3] [0000] 00 00 00 00 37 00 00 00 00 00 00 00 3F 50 B9 BE ....7... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:53.686276, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM out: struct winreg_OpenHKLM handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000037-0000-0000-3f50-b9beee0b0000 result : WERR_OK [2012/08/30 15:27:53.686775, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey in: struct winreg_OpenKey parent_handle : * parent_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000037-0000-0000-3f50-b9beee0b0000 keyname: struct winreg_String name_len : 0x0088 (136) name_size : 0x0088 (136) name : * name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2012/08/30 15:27:53.688380, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 37 00 00 00 00 00 00 00 3F 50 B9 BE ....7... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:53.688583, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2012/08/30 15:27:53.688702, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (5->6) [2012/08/30 15:27:53.688833, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] [2012/08/30 15:27:53.688949, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE] [2012/08/30 15:27:53.689067, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:53.689183, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE] [2012/08/30 15:27:53.689327, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE] [2012/08/30 15:27:53.689460, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2012/08/30 15:27:53.689634, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (6->7) [2012/08/30 15:27:53.689756, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] [2012/08/30 15:27:53.689873, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] [2012/08/30 15:27:53.689990, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:53.690105, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE\Microsoft] [2012/08/30 15:27:53.690239, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft] [2012/08/30 15:27:53.690371, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2012/08/30 15:27:53.690489, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (7->8) [2012/08/30 15:27:53.690612, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] [2012/08/30 15:27:53.690728, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] [2012/08/30 15:27:53.690845, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:53.690961, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] [2012/08/30 15:27:53.691092, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT] [2012/08/30 15:27:53.691224, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2012/08/30 15:27:53.691570, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (8->9) [2012/08/30 15:27:53.691692, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2012/08/30 15:27:53.691835, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2012/08/30 15:27:53.691954, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:53.692193, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b776320 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2012/08/30 15:27:53.692339, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2012/08/30 15:27:53.693692, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (9->10) [2012/08/30 15:27:53.693821, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2012/08/30 15:27:53.693940, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2012/08/30 15:27:53.694062, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:53.694178, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b776320 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2012/08/30 15:27:53.694327, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2012/08/30 15:27:53.694446, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (10->11) [2012/08/30 15:27:53.694567, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2012/08/30 15:27:53.694683, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2012/08/30 15:27:53.694801, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:53.694916, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2012/08/30 15:27:53.695051, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2012/08/30 15:27:53.695204, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [HP_4515] [2012/08/30 15:27:53.695322, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (11->12) [2012/08/30 15:27:53.695481, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:53.699007, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:53.699141, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:53.699278, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:53.699430, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:53.699598, 10] ../libcli/security/access_check.c:178(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2012/08/30 15:27:53.699945, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (12->11) [2012/08/30 15:27:53.700093, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (11->10) [2012/08/30 15:27:53.700214, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (10->9) [2012/08/30 15:27:53.700337, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (9->8) [2012/08/30 15:27:53.700513, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (8->7) [2012/08/30 15:27:53.700633, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (7->6) [2012/08/30 15:27:53.700755, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[4] [0000] 00 00 00 00 38 00 00 00 00 00 00 00 3F 50 B9 BE ....8... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:53.700954, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey out: struct winreg_OpenKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000038-0000-0000-3f50-b9beee0b0000 result : WERR_OK [2012/08/30 15:27:53.701771, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000038-0000-0000-3f50-b9beee0b0000 value_name : * value_name: struct winreg_String name_len : 0x0012 (18) name_size : 0x0012 (18) name : * name : 'Security' type : * type : REG_NONE (0) data : NULL data_size : * data_size : 0x00000000 (0) data_length : * data_length : 0x00000000 (0) [2012/08/30 15:27:53.703105, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 38 00 00 00 00 00 00 00 3F 50 B9 BE ....8... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:53.703319, 7] rpc_server/winreg/srv_winreg_nt.c:262(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:53.703444, 7] rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2012/08/30 15:27:53.707159, 10] registry/reg_dispatcher.c:150(fetch_reg_values) fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515' (ops 0x7fd50b775f80) [2012/08/30 15:27:53.707487, 10] registry/reg_backend_db.c:1789(regdb_fetch_values_internal) regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:53.708638, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[0]: name[Attributes] len[4] [2012/08/30 15:27:53.708873, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[1]: name[Datatype] len[8] [2012/08/30 15:27:53.709094, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[2]: name[Default Priority] len[4] [2012/08/30 15:27:53.709287, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[3]: name[Port] len[38] [2012/08/30 15:27:53.709459, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[4]: name[Name] len[16] [2012/08/30 15:27:53.709647, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[5]: name[Print Processor] len[18] [2012/08/30 15:27:53.710671, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[6]: name[Priority] len[4] [2012/08/30 15:27:53.711262, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[7]: name[Security] len[248] [2012/08/30 15:27:53.711480, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[8]: name[Share Name] len[16] [2012/08/30 15:27:53.711650, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[9]: name[StartTime] len[4] [2012/08/30 15:27:53.715911, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[10]: name[UntilTime] len[4] [2012/08/30 15:27:53.716085, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[11]: name[Description] len[26] [2012/08/30 15:27:53.716243, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[12]: name[Printer Driver] len[16] [2012/08/30 15:27:53.716383, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[13]: name[Location] len[2] [2012/08/30 15:27:53.716550, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[14]: name[Parameters] len[2] [2012/08/30 15:27:53.716686, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[15]: name[Separator File] len[2] [2012/08/30 15:27:53.716842, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[16]: name[Status] len[4] [2012/08/30 15:27:53.717202, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[17]: name[ChangeID] len[4] [2012/08/30 15:27:53.717355, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_BINARY (3) data : NULL data_size : * data_size : 0x000000f8 (248) data_length : * data_length : 0x00000000 (0) result : WERR_OK [2012/08/30 15:27:53.719340, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000038-0000-0000-3f50-b9beee0b0000 value_name : * value_name: struct winreg_String name_len : 0x0012 (18) name_size : 0x0012 (18) name : * name : 'Security' type : * type : REG_BINARY (3) data : * data: ARRAY(0) data_size : * data_size : 0x000000f8 (248) data_length : * data_length : 0x00000000 (0) [2012/08/30 15:27:53.721004, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 38 00 00 00 00 00 00 00 3F 50 B9 BE ....8... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:53.721281, 7] rpc_server/winreg/srv_winreg_nt.c:262(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:53.721423, 7] rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2012/08/30 15:27:53.721552, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_BINARY (3) data : * data: ARRAY(248) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x04 (4) [3] : 0x80 (128) [4] : 0x14 (20) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) [8] : 0x24 (36) [9] : 0x00 (0) [10] : 0x00 (0) [11] : 0x00 (0) [12] : 0x00 (0) [13] : 0x00 (0) [14] : 0x00 (0) [15] : 0x00 (0) [16] : 0x34 (52) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) [20] : 0x01 (1) [21] : 0x02 (2) [22] : 0x00 (0) [23] : 0x00 (0) [24] : 0x00 (0) [25] : 0x00 (0) [26] : 0x00 (0) [27] : 0x05 (5) [28] : 0x20 (32) [29] : 0x00 (0) [30] : 0x00 (0) [31] : 0x00 (0) [32] : 0x20 (32) [33] : 0x02 (2) [34] : 0x00 (0) [35] : 0x00 (0) [36] : 0x01 (1) [37] : 0x02 (2) [38] : 0x00 (0) [39] : 0x00 (0) [40] : 0x00 (0) [41] : 0x00 (0) [42] : 0x00 (0) [43] : 0x05 (5) [44] : 0x20 (32) [45] : 0x00 (0) [46] : 0x00 (0) [47] : 0x00 (0) [48] : 0x20 (32) [49] : 0x02 (2) [50] : 0x00 (0) [51] : 0x00 (0) [52] : 0x02 (2) [53] : 0x00 (0) [54] : 0xc4 (196) [55] : 0x00 (0) [56] : 0x07 (7) [57] : 0x00 (0) [58] : 0x00 (0) [59] : 0x00 (0) [60] : 0x00 (0) [61] : 0x02 (2) [62] : 0x14 (20) [63] : 0x00 (0) [64] : 0x08 (8) [65] : 0x00 (0) [66] : 0x02 (2) [67] : 0x20 (32) [68] : 0x01 (1) [69] : 0x01 (1) [70] : 0x00 (0) [71] : 0x00 (0) [72] : 0x00 (0) [73] : 0x00 (0) [74] : 0x00 (0) [75] : 0x01 (1) [76] : 0x00 (0) [77] : 0x00 (0) [78] : 0x00 (0) [79] : 0x00 (0) [80] : 0x00 (0) [81] : 0x09 (9) [82] : 0x24 (36) [83] : 0x00 (0) [84] : 0x0c (12) [85] : 0x00 (0) [86] : 0x0f (15) [87] : 0x10 (16) [88] : 0x01 (1) [89] : 0x05 (5) [90] : 0x00 (0) [91] : 0x00 (0) [92] : 0x00 (0) [93] : 0x00 (0) [94] : 0x00 (0) [95] : 0x05 (5) [96] : 0x15 (21) [97] : 0x00 (0) [98] : 0x00 (0) [99] : 0x00 (0) [100] : 0x1b (27) [101] : 0xea (234) [102] : 0xaf (175) [103] : 0xc2 (194) [104] : 0xc0 (192) [105] : 0x3c (60) [106] : 0x7d (125) [107] : 0xdd (221) [108] : 0x2c (44) [109] : 0x8f (143) [110] : 0x72 (114) [111] : 0xd3 (211) [112] : 0x00 (0) [113] : 0x02 (2) [114] : 0x00 (0) [115] : 0x00 (0) [116] : 0x00 (0) [117] : 0x02 (2) [118] : 0x24 (36) [119] : 0x00 (0) [120] : 0x0c (12) [121] : 0x00 (0) [122] : 0x0f (15) [123] : 0x10 (16) [124] : 0x01 (1) [125] : 0x05 (5) [126] : 0x00 (0) [127] : 0x00 (0) [128] : 0x00 (0) [129] : 0x00 (0) [130] : 0x00 (0) [131] : 0x05 (5) [132] : 0x15 (21) [133] : 0x00 (0) [134] : 0x00 (0) [135] : 0x00 (0) [136] : 0x1b (27) [137] : 0xea (234) [138] : 0xaf (175) [139] : 0xc2 (194) [140] : 0xc0 (192) [141] : 0x3c (60) [142] : 0x7d (125) [143] : 0xdd (221) [144] : 0x2c (44) [145] : 0x8f (143) [146] : 0x72 (114) [147] : 0xd3 (211) [148] : 0x00 (0) [149] : 0x02 (2) [150] : 0x00 (0) [151] : 0x00 (0) [152] : 0x00 (0) [153] : 0x09 (9) [154] : 0x18 (24) [155] : 0x00 (0) [156] : 0x0c (12) [157] : 0x00 (0) [158] : 0x0f (15) [159] : 0x10 (16) [160] : 0x01 (1) [161] : 0x02 (2) [162] : 0x00 (0) [163] : 0x00 (0) [164] : 0x00 (0) [165] : 0x00 (0) [166] : 0x00 (0) [167] : 0x05 (5) [168] : 0x20 (32) [169] : 0x00 (0) [170] : 0x00 (0) [171] : 0x00 (0) [172] : 0x20 (32) [173] : 0x02 (2) [174] : 0x00 (0) [175] : 0x00 (0) [176] : 0x00 (0) [177] : 0x02 (2) [178] : 0x18 (24) [179] : 0x00 (0) [180] : 0x0c (12) [181] : 0x00 (0) [182] : 0x0f (15) [183] : 0x10 (16) [184] : 0x01 (1) [185] : 0x02 (2) [186] : 0x00 (0) [187] : 0x00 (0) [188] : 0x00 (0) [189] : 0x00 (0) [190] : 0x00 (0) [191] : 0x05 (5) [192] : 0x20 (32) [193] : 0x00 (0) [194] : 0x00 (0) [195] : 0x00 (0) [196] : 0x20 (32) [197] : 0x02 (2) [198] : 0x00 (0) [199] : 0x00 (0) [200] : 0x00 (0) [201] : 0x09 (9) [202] : 0x18 (24) [203] : 0x00 (0) [204] : 0x0c (12) [205] : 0x00 (0) [206] : 0x0f (15) [207] : 0x10 (16) [208] : 0x01 (1) [209] : 0x02 (2) [210] : 0x00 (0) [211] : 0x00 (0) [212] : 0x00 (0) [213] : 0x00 (0) [214] : 0x00 (0) [215] : 0x05 (5) [216] : 0x20 (32) [217] : 0x00 (0) [218] : 0x00 (0) [219] : 0x00 (0) [220] : 0x26 (38) [221] : 0x02 (2) [222] : 0x00 (0) [223] : 0x00 (0) [224] : 0x00 (0) [225] : 0x02 (2) [226] : 0x18 (24) [227] : 0x00 (0) [228] : 0x0c (12) [229] : 0x00 (0) [230] : 0x0f (15) [231] : 0x10 (16) [232] : 0x01 (1) [233] : 0x02 (2) [234] : 0x00 (0) [235] : 0x00 (0) [236] : 0x00 (0) [237] : 0x00 (0) [238] : 0x00 (0) [239] : 0x05 (5) [240] : 0x20 (32) [241] : 0x00 (0) [242] : 0x00 (0) [243] : 0x00 (0) [244] : 0x26 (38) [245] : 0x02 (2) [246] : 0x00 (0) [247] : 0x00 (0) data_size : * data_size : 0x000000f8 (248) data_length : * data_length : 0x000000f8 (248) result : WERR_OK [2012/08/30 15:27:53.739517, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000038-0000-0000-3f50-b9beee0b0000 [2012/08/30 15:27:53.740706, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 38 00 00 00 00 00 00 00 3F 50 B9 BE ....8... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:53.740941, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 38 00 00 00 00 00 00 00 3F 50 B9 BE ....8... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:53.741160, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/08/30 15:27:53.741281, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (6->5) [2012/08/30 15:27:53.741409, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2012/08/30 15:27:53.741980, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000037-0000-0000-3f50-b9beee0b0000 [2012/08/30 15:27:53.742428, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 37 00 00 00 00 00 00 00 3F 50 B9 BE ....7... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:53.742641, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 37 00 00 00 00 00 00 00 3F 50 B9 BE ....7... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:53.742856, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/08/30 15:27:53.742998, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (5->4) [2012/08/30 15:27:53.743133, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2012/08/30 15:27:53.743684, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000036-0000-0000-3f50-b9beee0b0000 [2012/08/30 15:27:53.744167, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 36 00 00 00 00 00 00 00 3F 50 B9 BE ....6... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:53.744367, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 36 00 00 00 00 00 00 00 3F 50 B9 BE ....6... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:53.744621, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/08/30 15:27:53.744746, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (4->3) [2012/08/30 15:27:53.744879, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2012/08/30 15:27:53.745406, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000035-0000-0000-3f50-b9beee0b0000 [2012/08/30 15:27:53.745871, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 35 00 00 00 00 00 00 00 3F 50 B9 BE ....5... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:53.746063, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 35 00 00 00 00 00 00 00 3F 50 B9 BE ....5... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:53.746287, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/08/30 15:27:53.746408, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (3->2) [2012/08/30 15:27:53.746559, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2012/08/30 15:27:53.747161, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) spoolss_GetPrinter: struct spoolss_GetPrinter out: struct spoolss_GetPrinter info : * info : union spoolss_PrinterInfo(case 2) info2: struct spoolss_PrinterInfo2 servername : * servername : '\\orange' printername : * printername : '\\orange\HP_4515' sharename : * sharename : 'HP_4515' portname : * portname : 'Samba Printer Port' drivername : * drivername : 'HP_4515' comment : * comment : 'cups printer' location : * location : '' devmode : * devmode: struct spoolss_DeviceMode devicename : '\\orange\HP_4515' specversion : DMSPEC_NT4_AND_ABOVE (1025) driverversion : 0x0400 (1024) size : 0x00dc (220) __driverextra_length : 0x0000 (0) fields : 0x00014713 (83731) 1: DEVMODE_ORIENTATION 1: DEVMODE_PAPERSIZE 0: DEVMODE_PAPERLENGTH 0: DEVMODE_PAPERWIDTH 1: DEVMODE_SCALE 0: DEVMODE_POSITION 0: DEVMODE_NUP 1: DEVMODE_COPIES 1: DEVMODE_DEFAULTSOURCE 1: DEVMODE_PRINTQUALITY 0: DEVMODE_COLOR 0: DEVMODE_DUPLEX 0: DEVMODE_YRESOLUTION 1: DEVMODE_TTOPTION 0: DEVMODE_COLLATE 1: DEVMODE_FORMNAME 0: DEVMODE_LOGPIXELS 0: DEVMODE_BITSPERPEL 0: DEVMODE_PELSWIDTH 0: DEVMODE_PELSHEIGHT 0: DEVMODE_DISPLAYFLAGS 0: DEVMODE_DISPLAYFREQUENCY 0: DEVMODE_ICMMETHOD 0: DEVMODE_ICMINTENT 0: DEVMODE_MEDIATYPE 0: DEVMODE_DITHERTYPE 0: DEVMODE_PANNINGWIDTH 0: DEVMODE_PANNINGHEIGHT orientation : DMORIENT_PORTRAIT (1) papersize : DMPAPER_LETTER (1) paperlength : 0x0000 (0) paperwidth : 0x0000 (0) scale : 0x0064 (100) copies : 0x0001 (1) defaultsource : DMBIN_FORMSOURCE (15) printquality : DMRES_HIGH (65532) color : DMRES_MONOCHROME (1) duplex : DMDUP_SIMPLEX (1) yresolution : 0x0000 (0) ttoption : DMTT_SUBDEV (3) collate : DMCOLLATE_FALSE (0) formname : 'Letter' logpixels : 0x0000 (0) bitsperpel : 0x00000000 (0) pelswidth : 0x00000000 (0) pelsheight : 0x00000000 (0) displayflags : UNKNOWN_ENUM_VALUE (0) displayfrequency : 0x00000000 (0) icmmethod : UNKNOWN_ENUM_VALUE (0) icmintent : UNKNOWN_ENUM_VALUE (0) mediatype : UNKNOWN_ENUM_VALUE (0) dithertype : UNKNOWN_ENUM_VALUE (0) reserved1 : 0x00000000 (0) reserved2 : 0x00000000 (0) panningwidth : 0x00000000 (0) panningheight : 0x00000000 (0) driverextra_data : DATA_BLOB length=0 sepfile : * sepfile : '' printprocessor : * printprocessor : 'winprint' datatype : * datatype : 'RAW' parameters : * parameters : '' secdesc : * secdesc: struct security_descriptor revision : SECURITY_DESCRIPTOR_REVISION_1 (1) type : 0x8004 (32772) 0: SEC_DESC_OWNER_DEFAULTED 0: SEC_DESC_GROUP_DEFAULTED 1: SEC_DESC_DACL_PRESENT 0: SEC_DESC_DACL_DEFAULTED 0: SEC_DESC_SACL_PRESENT 0: SEC_DESC_SACL_DEFAULTED 0: SEC_DESC_DACL_TRUSTED 0: SEC_DESC_SERVER_SECURITY 0: SEC_DESC_DACL_AUTO_INHERIT_REQ 0: SEC_DESC_SACL_AUTO_INHERIT_REQ 0: SEC_DESC_DACL_AUTO_INHERITED 0: SEC_DESC_SACL_AUTO_INHERITED 0: SEC_DESC_DACL_PROTECTED 0: SEC_DESC_SACL_PROTECTED 0: SEC_DESC_RM_CONTROL_VALID 1: SEC_DESC_SELF_RELATIVE owner_sid : * owner_sid : S-1-5-32-544 group_sid : * group_sid : S-1-5-32-544 sacl : NULL dacl : * dacl: struct security_acl revision : SECURITY_ACL_REVISION_NT4 (2) size : 0x00c4 (196) num_aces : 0x00000007 (7) aces: ARRAY(7) aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x02 (2) 0: SEC_ACE_FLAG_OBJECT_INHERIT 1: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 0: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0014 (20) access_mask : 0x20020008 (537001992) object : union security_ace_object_ctr(case 0) trustee : S-1-1-0 aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x09 (9) 1: SEC_ACE_FLAG_OBJECT_INHERIT 0: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 1: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x09: SEC_ACE_FLAG_VALID_INHERIT (9) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0024 (36) access_mask : 0x100f000c (269418508) object : union security_ace_object_ctr(case 0) trustee : S-1-5-21-3266308635-3715972288-3547500332-512 aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x02 (2) 0: SEC_ACE_FLAG_OBJECT_INHERIT 1: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 0: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0024 (36) access_mask : 0x100f000c (269418508) object : union security_ace_object_ctr(case 0) trustee : S-1-5-21-3266308635-3715972288-3547500332-512 aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x09 (9) 1: SEC_ACE_FLAG_OBJECT_INHERIT 0: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 1: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x09: SEC_ACE_FLAG_VALID_INHERIT (9) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0018 (24) access_mask : 0x100f000c (269418508) object : union security_ace_object_ctr(case 0) trustee : S-1-5-32-544 aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x02 (2) 0: SEC_ACE_FLAG_OBJECT_INHERIT 1: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 0: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0018 (24) access_mask : 0x100f000c (269418508) object : union security_ace_object_ctr(case 0) trustee : S-1-5-32-544 aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x09 (9) 1: SEC_ACE_FLAG_OBJECT_INHERIT 0: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 1: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x09: SEC_ACE_FLAG_VALID_INHERIT (9) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0018 (24) access_mask : 0x100f000c (269418508) object : union security_ace_object_ctr(case 0) trustee : S-1-5-32-550 aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x02 (2) 0: SEC_ACE_FLAG_OBJECT_INHERIT 1: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 0: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0018 (24) access_mask : 0x100f000c (269418508) object : union security_ace_object_ctr(case 0) trustee : S-1-5-32-550 attributes : 0x00001048 (4168) 0: PRINTER_ATTRIBUTE_QUEUED 0: PRINTER_ATTRIBUTE_DIRECT 0: PRINTER_ATTRIBUTE_DEFAULT 1: PRINTER_ATTRIBUTE_SHARED 0: PRINTER_ATTRIBUTE_NETWORK 0: PRINTER_ATTRIBUTE_HIDDEN 1: PRINTER_ATTRIBUTE_LOCAL 0: PRINTER_ATTRIBUTE_ENABLE_DEVQ 0: PRINTER_ATTRIBUTE_KEEPPRINTEDJOBS 0: PRINTER_ATTRIBUTE_DO_COMPLETE_FIRST 0: PRINTER_ATTRIBUTE_WORK_OFFLINE 0: PRINTER_ATTRIBUTE_ENABLE_BIDI 1: PRINTER_ATTRIBUTE_RAW_ONLY 0: PRINTER_ATTRIBUTE_PUBLISHED 0: PRINTER_ATTRIBUTE_FAX 0: PRINTER_ATTRIBUTE_TS priority : 0x00000001 (1) defaultpriority : 0x00000001 (1) starttime : 0x00000000 (0) untiltime : 0x00000000 (0) status : 0x00000000 (0) 0: PRINTER_STATUS_PAUSED 0: PRINTER_STATUS_ERROR 0: PRINTER_STATUS_PENDING_DELETION 0: PRINTER_STATUS_PAPER_JAM 0: PRINTER_STATUS_PAPER_OUT 0: PRINTER_STATUS_MANUAL_FEED 0: PRINTER_STATUS_PAPER_PROBLEM 0: PRINTER_STATUS_OFFLINE 0: PRINTER_STATUS_IO_ACTIVE 0: PRINTER_STATUS_BUSY 0: PRINTER_STATUS_PRINTING 0: PRINTER_STATUS_OUTPUT_BIN_FULL 0: PRINTER_STATUS_NOT_AVAILABLE 0: PRINTER_STATUS_WAITING 0: PRINTER_STATUS_PROCESSING 0: PRINTER_STATUS_INITIALIZING 0: PRINTER_STATUS_WARMING_UP 0: PRINTER_STATUS_TONER_LOW 0: PRINTER_STATUS_NO_TONER 0: PRINTER_STATUS_PAGE_PUNT 0: PRINTER_STATUS_USER_INTERVENTION 0: PRINTER_STATUS_OUT_OF_MEMORY 0: PRINTER_STATUS_DOOR_OPEN 0: PRINTER_STATUS_SERVER_UNKNOWN 0: PRINTER_STATUS_POWER_SAVE cjobs : 0x00000000 (0) averageppm : 0x00000000 (0) needed : * needed : 0x00000308 (776) result : WERR_OK [2012/08/30 15:27:53.766865, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP) api_rpcTNP: called \spoolss successfully [2012/08/30 15:27:53.767003, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 4140 [2012/08/30 15:27:53.767191, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) name: \spoolss len: 1024 [2012/08/30 15:27:53.767311, 10] rpc_server/srv_pipe_hnd.c:346(read_from_internal_pipe) read_from_pipe: \spoolss: fault_state = 0 : data_sent_length = 0, p->out_data.rdata.length = 4112. [2012/08/30 15:27:53.767436, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) &r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_RESPONSE (2) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x1028 (4136) auth_length : 0x0000 (0) call_id : 0x00000003 (3) u : union dcerpc_payload(case 2) response: struct dcerpc_response alloc_hint : 0x00001010 (4112) context_id : 0x0000 (0) cancel_count : 0x00 (0) _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=4112 [0000] 04 00 02 00 00 10 00 00 EE 0F 00 00 CC 0F 00 00 ........ ........ [0010] BC 0F 00 00 96 0F 00 00 86 0F 00 00 6C 0F 00 00 ........ ....l... [0020] 6A 0F 00 00 70 0E 00 00 68 0F 00 00 56 0F 00 00 j...p... h...V... [0030] 4E 0F 00 00 4C 0F 00 00 78 0D 00 00 48 10 00 00 N...L... x...H... [0040] 01 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0200] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0210] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0220] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0230] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0240] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0250] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0260] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0270] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0280] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0290] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0300] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0310] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0320] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0330] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0340] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0350] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0360] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0370] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0380] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0390] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0400] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0410] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0420] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0430] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0440] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0450] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0460] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0470] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0480] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0490] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0500] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0510] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0520] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0530] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0540] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0550] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0560] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0570] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0580] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0590] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0600] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0610] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0620] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0630] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0640] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0650] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0660] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0670] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0680] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0690] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0700] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0710] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0720] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0730] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0740] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0750] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0760] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0770] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0780] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0790] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0800] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0810] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0820] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0830] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0840] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0850] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0860] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0870] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0880] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0890] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0900] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0910] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0920] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0930] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0940] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0950] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0960] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0970] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0980] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0990] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D80] 01 00 04 80 D8 00 00 00 E8 00 00 00 00 00 00 00 ........ ........ [0D90] 14 00 00 00 02 00 C4 00 07 00 00 00 00 02 14 00 ........ ........ [0DA0] 08 00 02 20 01 01 00 00 00 00 00 01 00 00 00 00 ... .... ........ [0DB0] 00 09 24 00 0C 00 0F 10 01 05 00 00 00 00 00 05 ..$..... ........ [0DC0] 15 00 00 00 1B EA AF C2 C0 3C 7D DD 2C 8F 72 D3 ........ .<}.,.r. [0DD0] 00 02 00 00 00 02 24 00 0C 00 0F 10 01 05 00 00 ......$. ........ [0DE0] 00 00 00 05 15 00 00 00 1B EA AF C2 C0 3C 7D DD ........ .....<}. [0DF0] 2C 8F 72 D3 00 02 00 00 00 09 18 00 0C 00 0F 10 ,.r..... ........ [0E00] 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 ........ ... ... [0E10] 00 02 18 00 0C 00 0F 10 01 02 00 00 00 00 00 05 ........ ........ [0E20] 20 00 00 00 20 02 00 00 00 09 18 00 0C 00 0F 10 ... ... ........ [0E30] 01 02 00 00 00 00 00 05 20 00 00 00 26 02 00 00 ........ ...&... [0E40] 00 02 18 00 0C 00 0F 10 01 02 00 00 00 00 00 05 ........ ........ [0E50] 20 00 00 00 26 02 00 00 01 02 00 00 00 00 00 05 ...&... ........ [0E60] 20 00 00 00 20 02 00 00 01 02 00 00 00 00 00 05 ... ... ........ [0E70] 20 00 00 00 20 02 00 00 5C 00 5C 00 6F 00 72 00 ... ... \.\.o.r. [0E80] 61 00 6E 00 67 00 65 00 5C 00 48 00 50 00 5F 00 a.n.g.e. \.H.P._. [0E90] 34 00 35 00 31 00 35 00 00 00 00 00 00 00 00 00 4.5.1.5. ........ [0EA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EB0] 00 00 00 00 00 00 00 00 01 04 00 04 DC 00 00 00 ........ ........ [0EC0] 13 47 01 00 01 00 01 00 00 00 00 00 64 00 01 00 .G...... ....d... [0ED0] 0F 00 FC FF 01 00 01 00 00 00 03 00 00 00 4C 00 ........ ......L. [0EE0] 65 00 74 00 74 00 65 00 72 00 00 00 00 00 00 00 e.t.t.e. r....... [0EF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F50] 00 00 00 00 00 00 52 00 41 00 57 00 00 00 77 00 ......R. A.W...w. [0F60] 69 00 6E 00 70 00 72 00 69 00 6E 00 74 00 00 00 i.n.p.r. i.n.t... [0F70] 00 00 00 00 63 00 75 00 70 00 73 00 20 00 70 00 ....c.u. p.s. .p. [0F80] 72 00 69 00 6E 00 74 00 65 00 72 00 00 00 48 00 r.i.n.t. e.r...H. [0F90] 50 00 5F 00 34 00 35 00 31 00 35 00 00 00 53 00 P._.4.5. 1.5...S. [0FA0] 61 00 6D 00 62 00 61 00 20 00 50 00 72 00 69 00 a.m.b.a. .P.r.i. [0FB0] 6E 00 74 00 65 00 72 00 20 00 50 00 6F 00 72 00 n.t.e.r. .P.o.r. [0FC0] 74 00 00 00 48 00 50 00 5F 00 34 00 35 00 31 00 t...H.P. _.4.5.1. [0FD0] 35 00 00 00 5C 00 5C 00 6F 00 72 00 61 00 6E 00 5...\.\. o.r.a.n. [0FE0] 67 00 65 00 5C 00 48 00 50 00 5F 00 34 00 35 00 g.e.\.H. P._.4.5. [0FF0] 31 00 35 00 00 00 5C 00 5C 00 6F 00 72 00 61 00 1.5...\. \.o.r.a. [1000] 6E 00 67 00 65 00 00 00 08 03 00 00 00 00 00 00 n.g.e... ........ [2012/08/30 15:27:53.788983, 10] rpc_server/srv_pipe_hnd.c:788(np_read_recv) Received 1024 bytes. There is more data outstanding [2012/08/30 15:27:53.789115, 5] smbd/ipc.c:103(send_trans_reply) send_trans_reply: buffer 1024 too large [2012/08/30 15:27:53.789235, 5] smbd/ipc.c:62(copy_trans_params_and_data) copy_trans_params_and_data: params[0..0] data[0..1024] (align 0) [2012/08/30 15:27:53.789353, 3] smbd/error.c:81(error_packet_set) error packet at smbd/ipc.c(137) cmd=37 (SMBtrans) STATUS_BUFFER_OVERFLOW [2012/08/30 15:27:53.789472, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:53.789551, 5] lib/util.c:342(show_msg) size=1080 smb_com=0x25 smb_rcls=5 smb_reh=0 smb_err=32768 smb_flg=136 smb_flg2=51203 smb_tid=1 smb_pid=1080 smb_uid=100 smb_mid=8256 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 1024 (0x400) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 1024 (0x400) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=1025 [2012/08/30 15:27:53.790887, 10] ../lib/util/util.c:415(dump_data) [0000] 00 05 00 02 03 10 00 00 00 28 10 00 00 03 00 00 ........ .(...... [0010] 00 10 10 00 00 00 00 00 00 04 00 02 00 00 10 00 ........ ........ [0020] 00 EE 0F 00 00 CC 0F 00 00 BC 0F 00 00 96 0F 00 ........ ........ [0030] 00 86 0F 00 00 6C 0F 00 00 6A 0F 00 00 70 0E 00 .....l.. .j...p.. [0040] 00 68 0F 00 00 56 0F 00 00 4E 0F 00 00 4C 0F 00 .h...V.. .N...L.. [0050] 00 78 0D 00 00 48 10 00 00 01 00 00 00 01 00 00 .x...H.. ........ [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [2012/08/30 15:27:53.794648, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 59 [2012/08/30 15:27:53.794837, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x3b [2012/08/30 15:27:53.794956, 3] smbd/process.c:1662(process_smb) Transaction 51 of length 63 (0 toread) [2012/08/30 15:27:53.795074, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:53.795135, 5] lib/util.c:342(show_msg) size=59 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=100 smb_mid=8320 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]=17758 (0x455E) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 3112 (0xC28) smb_vwv[ 6]= 3112 (0xC28) smb_vwv[ 7]=65535 (0xFFFF) smb_vwv[ 8]=65535 (0xFFFF) smb_vwv[ 9]= 3112 (0xC28) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=0 [2012/08/30 15:27:53.796637, 10] ../lib/util/util.c:415(dump_data) [2012/08/30 15:27:53.796704, 3] smbd/process.c:1467(switch_message) switch message SMBreadX (pid 3054) conn 0x7fd50c02fa20 [2012/08/30 15:27:53.796823, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/08/30 15:27:53.796945, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) name: \spoolss len: 3112 [2012/08/30 15:27:53.797086, 10] rpc_server/srv_pipe_hnd.c:325(read_from_internal_pipe) read_from_pipe: \spoolss: current_pdu_len = 4136, current_pdu_sent = 1024 returning 3112 bytes. [2012/08/30 15:27:53.797207, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) free_pipe_context: destroying talloc pool of size 4526 [2012/08/30 15:27:53.797336, 10] rpc_server/rpc_handles.c:307(close_policy_by_pipe) close_policy_by_pipe: deleted handle list for pipe \winreg [2012/08/30 15:27:53.797467, 10] rpc_server/srv_pipe_hnd.c:788(np_read_recv) Received 3112 bytes. There is more data outstanding [2012/08/30 15:27:53.797602, 3] smbd/pipes.c:485(pipe_read_andx_done) readX-IPC min=3112 max=3112 nread=3112 [2012/08/30 15:27:53.805550, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 102 [2012/08/30 15:27:53.805745, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x66 [2012/08/30 15:27:53.805886, 3] smbd/process.c:1662(process_smb) Transaction 52 of length 106 (0 toread) [2012/08/30 15:27:53.806004, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:53.806065, 5] lib/util.c:342(show_msg) size=102 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=1080 smb_uid=100 smb_mid=8384 smt_wct=24 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 4096 (0x1000) smb_vwv[ 3]= 4096 (0x1000) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]=40704 (0x9F00) smb_vwv[ 8]= 4609 (0x1201) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 1792 (0x700) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 256 (0x100) smb_vwv[18]= 0 (0x0) smb_vwv[19]=16384 (0x4000) smb_vwv[20]=16384 (0x4000) smb_vwv[21]= 512 (0x200) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 768 (0x300) smb_bcc=19 [2012/08/30 15:27:53.808406, 10] ../lib/util/util.c:415(dump_data) [0000] 00 5C 00 73 00 70 00 6F 00 6F 00 6C 00 73 00 73 .\.s.p.o .o.l.s.s [0010] 00 00 00 ... [2012/08/30 15:27:53.808612, 3] smbd/process.c:1467(switch_message) switch message SMBntcreateX (pid 3054) conn 0x7fd50c02fa20 [2012/08/30 15:27:53.808735, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/08/30 15:27:53.808911, 10] smbd/nttrans.c:500(reply_ntcreate_and_X) reply_ntcreate_and_X: flags = 0x10, access_mask = 0x12019f file_attributes = 0x0, share_access = 0x7, create_disposition = 0x1 create_options = 0x400040 root_dir_fid = 0x0, fname = spoolss [2012/08/30 15:27:53.809036, 4] smbd/nttrans.c:288(nt_open_pipe) nt_open_pipe: Opening pipe \spoolss. [2012/08/30 15:27:53.809158, 5] smbd/files.c:140(file_new) allocated file structure 13663, fnum = 17759 (2 used) [2012/08/30 15:27:53.809303, 10] smbd/files.c:705(file_name_hash) file_name_hash: /tmp/spoolss hash 0x7d4e46e5 [2012/08/30 15:27:53.809433, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) Create pipe requested \spoolss [2012/08/30 15:27:53.809593, 10] rpc_server/rpc_handles.c:133(init_pipe_handles) init_pipe_handle_list: pipe_handles ref count = 2 for pipe \spoolss [2012/08/30 15:27:53.809756, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) Created internal pipe \spoolss (pipes_open=0) [2012/08/30 15:27:53.809908, 5] smbd/nttrans.c:377(do_ntcreate_pipe_open) do_ntcreate_pipe_open: open pipe = \spoolss [2012/08/30 15:27:53.811015, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 224 [2012/08/30 15:27:53.811164, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0xe0 [2012/08/30 15:27:53.811437, 3] smbd/process.c:1662(process_smb) Transaction 53 of length 228 (0 toread) [2012/08/30 15:27:53.811612, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:53.811673, 5] lib/util.c:342(show_msg) size=224 smb_com=0x2f smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=100 smb_mid=8448 smt_wct=14 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]=17759 (0x455F) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]=65535 (0xFFFF) smb_vwv[ 6]=65535 (0xFFFF) smb_vwv[ 7]= 8 (0x8) smb_vwv[ 8]= 160 (0xA0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 160 (0xA0) smb_vwv[11]= 64 (0x40) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_bcc=161 [2012/08/30 15:27:53.813250, 10] ../lib/util/util.c:415(dump_data) [0000] EE 05 00 0B 03 10 00 00 00 A0 00 00 00 02 00 00 ........ ........ [0010] 00 B8 10 B8 10 00 00 00 00 03 00 00 00 00 00 01 ........ ........ [0020] 00 78 56 34 12 34 12 CD AB EF 00 01 23 45 67 89 .xV4.4.. ....#Eg. [0030] AB 01 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 ......]. ........ [0040] 00 2B 10 48 60 02 00 00 00 01 00 01 00 78 56 34 .+.H`... .....xV4 [0050] 12 34 12 CD AB EF 00 01 23 45 67 89 AB 01 00 00 .4...... #Eg..... [0060] 00 33 05 71 71 BA BE 37 49 83 19 B5 DB EF 9C CC .3.qq..7 I....... [0070] 36 01 00 00 00 02 00 01 00 78 56 34 12 34 12 CD 6....... .xV4.4.. [0080] AB EF 00 01 23 45 67 89 AB 01 00 00 00 2C 1C B7 ....#Eg. .....,.. [0090] 6C 12 98 40 45 03 00 00 00 00 00 00 00 01 00 00 l..@E... ........ [00A0] 00 . [2012/08/30 15:27:53.814074, 3] smbd/process.c:1467(switch_message) switch message SMBwriteX (pid 3054) conn 0x7fd50c02fa20 [2012/08/30 15:27:53.814193, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/08/30 15:27:53.814312, 6] smbd/pipes.c:300(reply_pipe_write_and_X) reply_pipe_write_and_X: 455f name: spoolss len: 160 [2012/08/30 15:27:53.814431, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 160 [2012/08/30 15:27:53.814568, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 160 [2012/08/30 15:27:53.814696, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 160 [2012/08/30 15:27:53.814814, 10] rpc_server/srv_pipe_hnd.c:50(fill_rpc_header) fill_rpc_header: data_to_copy = 160, len_needed_to_complete_hdr = 16, receive_len = 0 [2012/08/30 15:27:53.814945, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 16 [2012/08/30 15:27:53.815084, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 144 [2012/08/30 15:27:53.815200, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 144 [2012/08/30 15:27:53.815318, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 0 [2012/08/30 15:27:53.815473, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 144 [2012/08/30 15:27:53.815609, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 144, incoming data = 144 [2012/08/30 15:27:53.815728, 10] rpc_server/srv_pipe.c:1877(process_complete_pdu) PDU is in Little Endian format! [2012/08/30 15:27:53.815878, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_BIND (11) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x00a0 (160) auth_length : 0x0000 (0) call_id : 0x00000002 (2) u : union dcerpc_payload(case 11) bind: struct dcerpc_bind max_xmit_frag : 0x10b8 (4280) max_recv_frag : 0x10b8 (4280) assoc_group_id : 0x00000000 (0) num_contexts : 0x03 (3) ctx_list: ARRAY(3) ctx_list: struct dcerpc_ctx_list context_id : 0x0000 (0) num_transfer_syntaxes : 0x01 (1) abstract_syntax: struct ndr_syntax_id uuid : 12345678-1234-abcd-ef00-0123456789ab if_version : 0x00000001 (1) transfer_syntaxes: ARRAY(1) transfer_syntaxes: struct ndr_syntax_id uuid : 8a885d04-1ceb-11c9-9fe8-08002b104860 if_version : 0x00000002 (2) ctx_list: struct dcerpc_ctx_list context_id : 0x0001 (1) num_transfer_syntaxes : 0x01 (1) abstract_syntax: struct ndr_syntax_id uuid : 12345678-1234-abcd-ef00-0123456789ab if_version : 0x00000001 (1) transfer_syntaxes: ARRAY(1) transfer_syntaxes: struct ndr_syntax_id uuid : 71710533-beba-4937-8319-b5dbef9ccc36 if_version : 0x00000001 (1) ctx_list: struct dcerpc_ctx_list context_id : 0x0002 (2) num_transfer_syntaxes : 0x01 (1) abstract_syntax: struct ndr_syntax_id uuid : 12345678-1234-abcd-ef00-0123456789ab if_version : 0x00000001 (1) transfer_syntaxes: ARRAY(1) transfer_syntaxes: struct ndr_syntax_id uuid : 6cb71c2c-9812-4540-0300-000000000000 if_version : 0x00000001 (1) auth_info : DATA_BLOB length=0 [2012/08/30 15:27:53.819137, 10] rpc_server/srv_pipe.c:1890(process_complete_pdu) Processing packet type 11 [2012/08/30 15:27:53.819281, 3] rpc_server/srv_pipe.c:889(api_pipe_bind_req) api_pipe_bind_req: \PIPE\spoolss -> \PIPE\spoolss [2012/08/30 15:27:53.819420, 5] rpc_server/srv_pipe.c:923(api_pipe_bind_req) api_pipe_bind_req: make response. 923 [2012/08/30 15:27:53.820405, 3] rpc_server/srv_pipe.c:339(check_bind_req) check_bind_req for \spoolss [2012/08/30 15:27:53.820543, 3] rpc_server/srv_pipe.c:346(check_bind_req) check_bind_req: \PIPE\spoolss -> \PIPE\spoolss [2012/08/30 15:27:53.820697, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) &r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_BIND_ACK (12) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0044 (68) auth_length : 0x0000 (0) call_id : 0x00000002 (2) u : union dcerpc_payload(case 12) bind_ack: struct dcerpc_bind_ack max_xmit_frag : 0x10b8 (4280) max_recv_frag : 0x10b8 (4280) assoc_group_id : 0x000053f0 (21488) secondary_address_size : 0x000e (14) secondary_address : '\PIPE\spoolss' _pad1 : DATA_BLOB length=0 num_results : 0x01 (1) ctx_list: ARRAY(1) ctx_list: struct dcerpc_ack_ctx result : 0x0000 (0) reason : 0x0000 (0) syntax: struct ndr_syntax_id uuid : 8a885d04-1ceb-11c9-9fe8-08002b104860 if_version : 0x00000002 (2) auth_info : DATA_BLOB length=0 [2012/08/30 15:27:53.822567, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 144 [2012/08/30 15:27:53.822704, 3] smbd/pipes.c:361(pipe_write_andx_done) writeX-IPC nwritten=160 [2012/08/30 15:27:53.823920, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 59 [2012/08/30 15:27:53.824210, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x3b [2012/08/30 15:27:53.824331, 3] smbd/process.c:1662(process_smb) Transaction 54 of length 63 (0 toread) [2012/08/30 15:27:53.824448, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:53.824509, 5] lib/util.c:342(show_msg) size=59 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=100 smb_mid=8512 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]=17759 (0x455F) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 1024 (0x400) smb_vwv[ 6]= 1024 (0x400) smb_vwv[ 7]=65535 (0xFFFF) smb_vwv[ 8]=65535 (0xFFFF) smb_vwv[ 9]= 1024 (0x400) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=0 [2012/08/30 15:27:53.826328, 10] ../lib/util/util.c:415(dump_data) [2012/08/30 15:27:53.826393, 3] smbd/process.c:1467(switch_message) switch message SMBreadX (pid 3054) conn 0x7fd50c02fa20 [2012/08/30 15:27:53.826512, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/08/30 15:27:53.826637, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) name: \spoolss len: 1024 [2012/08/30 15:27:53.826767, 10] rpc_server/srv_pipe_hnd.c:325(read_from_internal_pipe) read_from_pipe: \spoolss: current_pdu_len = 68, current_pdu_sent = 0 returning 68 bytes. [2012/08/30 15:27:53.826887, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) free_pipe_context: destroying talloc pool of size 29 [2012/08/30 15:27:53.827028, 10] rpc_server/srv_pipe_hnd.c:788(np_read_recv) Received 68 bytes. There is no more data outstanding [2012/08/30 15:27:53.827146, 3] smbd/pipes.c:485(pipe_read_andx_done) readX-IPC min=1024 max=1024 nread=68 [2012/08/30 15:27:53.827611, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 292 [2012/08/30 15:27:53.827803, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x124 [2012/08/30 15:27:53.828007, 3] smbd/process.c:1662(process_smb) Transaction 55 of length 296 (0 toread) [2012/08/30 15:27:53.828246, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:53.828309, 5] lib/util.c:342(show_msg) size=292 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=1080 smb_uid=100 smb_mid=8576 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 208 (0xD0) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 208 (0xD0) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=17759 (0x455F) smb_bcc=225 [2012/08/30 15:27:53.830003, 10] ../lib/util/util.c:415(dump_data) [0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [0010] 00 05 00 00 03 10 00 00 00 D0 00 00 00 02 00 00 ........ ........ [0020] 00 B8 00 00 00 00 00 45 00 00 00 02 00 11 00 00 .......E ........ [0030] 00 00 00 00 00 11 00 00 00 5C 00 5C 00 6F 00 72 ........ .\.\.o.r [0040] 00 61 00 6E 00 67 00 65 00 5C 00 48 00 50 00 5F .a.n.g.e .\.H.P._ [0050] 00 34 00 35 00 31 00 35 00 00 00 00 00 00 00 00 .4.5.1.5 ........ [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 ........ ........ [0070] 00 01 00 00 00 04 00 02 00 28 00 00 00 08 00 02 ........ .(...... [0080] 00 0C 00 02 00 B1 1D 00 00 03 00 00 00 00 00 00 ........ ........ [0090] 00 09 00 00 00 07 00 00 00 00 00 00 00 07 00 00 ........ ........ [00A0] 00 50 00 41 00 4E 00 41 00 4D 00 41 00 00 00 00 .P.A.N.A .M.A.... [00B0] 00 12 00 00 00 00 00 00 00 12 00 00 00 41 00 43 ........ .....A.C [00C0] 00 52 00 5C 00 61 00 64 00 6D 00 69 00 6E 00 69 .R.\.a.d .m.i.n.i [00D0] 00 73 00 74 00 72 00 61 00 74 00 6F 00 72 00 00 .s.t.r.a .t.o.r.. [00E0] 00 . [2012/08/30 15:27:53.831213, 3] smbd/process.c:1467(switch_message) switch message SMBtrans (pid 3054) conn 0x7fd50c02fa20 [2012/08/30 15:27:53.831336, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/08/30 15:27:53.831459, 3] smbd/ipc.c:560(handle_trans) trans <\PIPE\> data=208 params=0 setup=2 [2012/08/30 15:27:53.831611, 5] smbd/ipc.c:593(handle_trans) calling named_pipe [2012/08/30 15:27:53.831770, 3] smbd/ipc.c:511(named_pipe) named pipe command on <> name [2012/08/30 15:27:53.831887, 5] smbd/ipc.c:434(api_fd_reply) api_fd_reply [2012/08/30 15:27:53.832007, 3] smbd/ipc.c:475(api_fd_reply) Got API command 0x26 on pipe "spoolss" (pnum 455f) [2012/08/30 15:27:53.832129, 10] smbd/ipc.c:477(api_fd_reply) api_fd_reply: p:0x7fd50c02ba70 max_trans_reply: 1024 [2012/08/30 15:27:53.832250, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 208 [2012/08/30 15:27:53.832368, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 208 [2012/08/30 15:27:53.832498, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 208 [2012/08/30 15:27:53.832646, 10] rpc_server/srv_pipe_hnd.c:50(fill_rpc_header) fill_rpc_header: data_to_copy = 208, len_needed_to_complete_hdr = 16, receive_len = 0 [2012/08/30 15:27:53.832764, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 16 [2012/08/30 15:27:53.832892, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 192 [2012/08/30 15:27:53.833026, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 192 [2012/08/30 15:27:53.833150, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 0 [2012/08/30 15:27:53.833266, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 192 [2012/08/30 15:27:53.833381, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 192, incoming data = 192 [2012/08/30 15:27:53.833516, 10] rpc_server/srv_pipe.c:1877(process_complete_pdu) PDU is in Little Endian format! [2012/08/30 15:27:53.833637, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_REQUEST (0) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x00d0 (208) auth_length : 0x0000 (0) call_id : 0x00000002 (2) u : union dcerpc_payload(case 0) request: struct dcerpc_request alloc_hint : 0x000000b8 (184) context_id : 0x0000 (0) opnum : 0x0045 (69) object : union dcerpc_object(case 0) empty: struct dcerpc_empty _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=184 [0000] 00 00 02 00 11 00 00 00 00 00 00 00 11 00 00 00 ........ ........ [0010] 5C 00 5C 00 6F 00 72 00 61 00 6E 00 67 00 65 00 \.\.o.r. a.n.g.e. [0020] 5C 00 48 00 50 00 5F 00 34 00 35 00 31 00 35 00 \.H.P._. 4.5.1.5. [0030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0040] 00 00 00 00 01 00 00 00 01 00 00 00 04 00 02 00 ........ ........ [0050] 28 00 00 00 08 00 02 00 0C 00 02 00 B1 1D 00 00 (....... ........ [0060] 03 00 00 00 00 00 00 00 09 00 00 00 07 00 00 00 ........ ........ [0070] 00 00 00 00 07 00 00 00 50 00 41 00 4E 00 41 00 ........ P.A.N.A. [0080] 4D 00 41 00 00 00 00 00 12 00 00 00 00 00 00 00 M.A..... ........ [0090] 12 00 00 00 41 00 43 00 52 00 5C 00 61 00 64 00 ....A.C. R.\.a.d. [00A0] 6D 00 69 00 6E 00 69 00 73 00 74 00 72 00 61 00 m.i.n.i. s.t.r.a. [00B0] 74 00 6F 00 72 00 00 00 t.o.r... [2012/08/30 15:27:53.836049, 10] rpc_server/srv_pipe.c:1890(process_complete_pdu) Processing packet type 0 [2012/08/30 15:27:53.836168, 10] rpc_server/srv_pipe.c:1734(dcesrv_auth_request) Checking request auth. [2012/08/30 15:27:53.836303, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) Requested \PIPE\\spoolss [2012/08/30 15:27:53.836422, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) api_rpcTNP: \spoolss op 0x45 - api_rpcTNP: rpc command: SPOOLSS_OPENPRINTEREX [2012/08/30 15:27:53.836558, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) api_rpc_cmds[69].fn == 0x7fd50aec9b10 [2012/08/30 15:27:53.836681, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) spoolss_OpenPrinterEx: struct spoolss_OpenPrinterEx in: struct spoolss_OpenPrinterEx printername : * printername : '\\orange\HP_4515' datatype : NULL devmode_ctr: struct spoolss_DevmodeContainer _ndr_size : 0x00000000 (0) devmode : NULL access_mask : 0x00000000 (0) 0: SERVER_ACCESS_ADMINISTER 0: SERVER_ACCESS_ENUMERATE 0: PRINTER_ACCESS_ADMINISTER 0: PRINTER_ACCESS_USE 0: JOB_ACCESS_ADMINISTER 0: JOB_ACCESS_READ level : 0x00000001 (1) userlevel : union spoolss_UserLevel(case 1) level1 : * level1: struct spoolss_UserLevel1 size : 0x00000028 (40) client : * client : 'PANAMA' user : * user : 'ACR\administrator' build : 0x00001db1 (7601) major : UNKNOWN_ENUM_VALUE (3) minor : SPOOLSS_MINOR_VERSION_0 (0) processor : PROCESSOR_ARCHITECTURE_AMD64 (9) checking name: \\orange\HP_4515 [2012/08/30 15:27:53.838454, 10] rpc_server/spoolss/srv_spoolss_nt.c:752(open_printer_hnd) open_printer_hnd: name [\\orange\HP_4515] [2012/08/30 15:27:53.838595, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[2] [0000] 00 00 00 00 39 00 00 00 00 00 00 00 3F 50 B9 BE ....9... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:53.838790, 3] rpc_server/spoolss/srv_spoolss_nt.c:521(set_printer_hnd_printertype) Setting printer type=\\orange\HP_4515 Printer is a printer [2012/08/30 15:27:53.839025, 4] rpc_server/spoolss/srv_spoolss_nt.c:581(set_printer_hnd_name) Setting printer name=\\orange\HP_4515 (len=16) searching for [HP_4515] [2012/08/30 15:27:53.839229, 10] lib/gencache.c:183(gencache_set_data_blob) Adding cache entry with key = PRINTERNAME/HP_4515 and timeout = Thu Aug 30 15:32:53 2012 (300 seconds ahead) set_printer_hnd_name: Printer found: HP_4515 -> HP_4515 [2012/08/30 15:27:53.839481, 5] rpc_server/spoolss/srv_spoolss_nt.c:788(open_printer_hnd) 2 printer handles active [2012/08/30 15:27:53.839641, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 39 00 00 00 00 00 00 00 3F 50 B9 BE ....9... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:53.839846, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 39 00 00 00 00 00 00 00 3F 50 B9 BE ....9... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:53.840071, 4] rpc_server/spoolss/srv_spoolss_nt.c:504(get_printer_snum) short name:HP_4515 [2012/08/30 15:27:53.840196, 3] lib/access.c:338(allow_access) Allowed connection from 192.168.30.50 (192.168.30.50) [2012/08/30 15:27:53.843296, 3] ../libcli/security/dom_sid.c:208(dom_sid_parse_endp) string_to_sid: SID root is not in a valid format [2012/08/30 15:27:53.843485, 10] passdb/lookup_sid.c:76(lookup_name) lookup_name: ACR\root => domain=[ACR], name=[root] [2012/08/30 15:27:53.843624, 10] passdb/lookup_sid.c:77(lookup_name) lookup_name: flags = 0x073 [2012/08/30 15:27:53.843750, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(10000, 513) : sec_ctx_stack_ndx = 1 [2012/08/30 15:27:53.843873, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(100) : conn_ctx_stack_ndx = 0 [2012/08/30 15:27:53.844004, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2012/08/30 15:27:53.844121, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2012/08/30 15:27:53.844240, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2012/08/30 15:27:53.844454, 5] lib/smbldap.c:1439(smbldap_search_ext) smbldap_search_ext: base => [dc=acr,dc=lab], filter => [(&(uid=root)(objectclass=sambaSamAccount))], scope => [2] [2012/08/30 15:27:53.845535, 4] passdb/pdb_ldap.c:1581(ldapsam_getsampwnam) ldapsam_getsampwnam: Unable to locate user [root] count=0 [2012/08/30 15:27:53.845707, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (10000, 513) - sec_ctx_stack_ndx = 0 [2012/08/30 15:27:53.845828, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(10000, 513) : sec_ctx_stack_ndx = 1 [2012/08/30 15:27:53.845950, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(100) : conn_ctx_stack_ndx = 0 [2012/08/30 15:27:53.846070, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2012/08/30 15:27:53.846188, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2012/08/30 15:27:53.846304, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2012/08/30 15:27:53.846510, 5] lib/smbldap.c:1439(smbldap_search_ext) smbldap_search_ext: base => [dc=acr,dc=lab], filter => [(&(objectClass=sambaGroupMapping)(|(displayName=root)(cn=root)))], scope => [2] [2012/08/30 15:27:53.847898, 4] passdb/pdb_ldap.c:2543(ldapsam_getgroup) ldapsam_getgroup: Did not find group, filter was (&(objectClass=sambaGroupMapping)(|(displayName=root)(cn=root))) [2012/08/30 15:27:53.848051, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (10000, 513) - sec_ctx_stack_ndx = 0 [2012/08/30 15:27:53.848179, 10] passdb/lookup_sid.c:76(lookup_name) lookup_name: Unix User\root => domain=[Unix User], name=[root] [2012/08/30 15:27:53.848297, 10] passdb/lookup_sid.c:77(lookup_name) lookup_name: flags = 0x073 [2012/08/30 15:27:53.848425, 5] lib/username.c:171(Get_Pwnam_alloc) Finding user root [2012/08/30 15:27:53.848560, 5] lib/username.c:116(Get_Pwnam_internals) Trying _Get_Pwnam(), username as lowercase is root [2012/08/30 15:27:53.848679, 5] lib/username.c:149(Get_Pwnam_internals) Get_Pwnam_internals did find user [root]! [2012/08/30 15:27:53.848799, 10] smbd/share_access.c:241(user_ok_token) user_ok_token: share HP_4515 is ok for unix user administrator [2012/08/30 15:27:53.848920, 4] rpc_server/spoolss/srv_spoolss_nt.c:1923(_spoolss_OpenPrinterEx) Setting printer access = PRINTER_ACCESS_USE [2012/08/30 15:27:53.849044, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) Create pipe requested \winreg [2012/08/30 15:27:53.849168, 10] rpc_server/rpc_handles.c:116(init_pipe_handles) init_pipe_handle_list: created handle list for pipe \winreg [2012/08/30 15:27:53.849285, 10] rpc_server/rpc_handles.c:133(init_pipe_handles) init_pipe_handle_list: pipe_handles ref count = 1 for pipe \winreg [2012/08/30 15:27:53.849407, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) Created internal pipe \winreg (pipes_open=0) [2012/08/30 15:27:53.849566, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM in: struct winreg_OpenHKLM system_name : NULL access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2012/08/30 15:27:53.850337, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2012/08/30 15:27:53.850458, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (2->3) [2012/08/30 15:27:53.850578, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM] [2012/08/30 15:27:53.850704, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM] [2012/08/30 15:27:53.850838, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:53.850954, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM] [2012/08/30 15:27:53.851096, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM] [2012/08/30 15:27:53.851255, 10] ../libcli/security/access_check.c:178(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2012/08/30 15:27:53.851377, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[1] [0000] 00 00 00 00 3A 00 00 00 00 00 00 00 3F 50 B9 BE ....:... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:53.851637, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM out: struct winreg_OpenHKLM handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000003a-0000-0000-3f50-b9beee0b0000 result : WERR_OK [2012/08/30 15:27:53.852163, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey in: struct winreg_OpenKey parent_handle : * parent_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000003a-0000-0000-3f50-b9beee0b0000 keyname: struct winreg_String name_len : 0x0088 (136) name_size : 0x0088 (136) name : * name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2012/08/30 15:27:53.853716, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 3A 00 00 00 00 00 00 00 3F 50 B9 BE ....:... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:53.853928, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2012/08/30 15:27:53.854046, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (3->4) [2012/08/30 15:27:53.854166, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] [2012/08/30 15:27:53.854285, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE] [2012/08/30 15:27:53.854403, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:53.854519, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE] [2012/08/30 15:27:53.854676, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE] [2012/08/30 15:27:53.854827, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2012/08/30 15:27:53.854952, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (4->5) [2012/08/30 15:27:53.855072, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] [2012/08/30 15:27:53.855200, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] [2012/08/30 15:27:53.855326, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:53.855443, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE\Microsoft] [2012/08/30 15:27:53.855665, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft] [2012/08/30 15:27:53.855798, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2012/08/30 15:27:53.855917, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (5->6) [2012/08/30 15:27:53.856053, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] [2012/08/30 15:27:53.856170, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] [2012/08/30 15:27:53.856288, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:53.856403, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] [2012/08/30 15:27:53.856551, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT] [2012/08/30 15:27:53.856683, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2012/08/30 15:27:53.856802, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (6->7) [2012/08/30 15:27:53.856922, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2012/08/30 15:27:53.857056, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2012/08/30 15:27:53.857173, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:53.857289, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b776320 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2012/08/30 15:27:53.857433, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2012/08/30 15:27:53.857553, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (7->8) [2012/08/30 15:27:53.857673, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2012/08/30 15:27:53.857791, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2012/08/30 15:27:53.857912, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:53.858029, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b776320 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2012/08/30 15:27:53.858168, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2012/08/30 15:27:53.858308, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (8->9) [2012/08/30 15:27:53.858437, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2012/08/30 15:27:53.858555, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2012/08/30 15:27:53.858674, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:53.858803, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2012/08/30 15:27:53.858946, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2012/08/30 15:27:53.859083, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [HP_4515] [2012/08/30 15:27:53.859205, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (9->10) [2012/08/30 15:27:53.859326, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:53.859623, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:53.859746, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:53.859862, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:53.860003, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:53.860139, 10] ../libcli/security/access_check.c:178(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2012/08/30 15:27:53.860278, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (10->9) [2012/08/30 15:27:53.860398, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (9->8) [2012/08/30 15:27:53.860518, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (8->7) [2012/08/30 15:27:53.860640, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (7->6) [2012/08/30 15:27:53.860761, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (6->5) [2012/08/30 15:27:53.860881, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (5->4) [2012/08/30 15:27:53.861002, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[2] [0000] 00 00 00 00 3B 00 00 00 00 00 00 00 3F 50 B9 BE ....;... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:53.861222, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey out: struct winreg_OpenKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000003b-0000-0000-3f50-b9beee0b0000 result : WERR_OK [2012/08/30 15:27:53.861718, 2] rpc_client/cli_winreg_spoolss.c:898(winreg_create_printer) winreg_create_printer: Skipping, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515 already exists [2012/08/30 15:27:53.861853, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000003b-0000-0000-3f50-b9beee0b0000 [2012/08/30 15:27:53.862287, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 3B 00 00 00 00 00 00 00 3F 50 B9 BE ....;... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:53.862502, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 3B 00 00 00 00 00 00 00 3F 50 B9 BE ....;... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:53.862706, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/08/30 15:27:53.862825, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (4->3) [2012/08/30 15:27:53.862961, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2012/08/30 15:27:53.863483, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000003a-0000-0000-3f50-b9beee0b0000 [2012/08/30 15:27:53.863915, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 3A 00 00 00 00 00 00 00 3F 50 B9 BE ....:... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:53.864109, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 3A 00 00 00 00 00 00 00 3F 50 B9 BE ....:... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:53.864320, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/08/30 15:27:53.864436, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (3->2) [2012/08/30 15:27:53.864554, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2012/08/30 15:27:53.865069, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) spoolss_OpenPrinterEx: struct spoolss_OpenPrinterEx out: struct spoolss_OpenPrinterEx handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000039-0000-0000-3f50-b9beee0b0000 result : WERR_OK [2012/08/30 15:27:53.865541, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP) api_rpcTNP: called \spoolss successfully [2012/08/30 15:27:53.865664, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 192 [2012/08/30 15:27:53.865792, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) name: \spoolss len: 1024 [2012/08/30 15:27:53.865910, 10] rpc_server/srv_pipe_hnd.c:346(read_from_internal_pipe) read_from_pipe: \spoolss: fault_state = 0 : data_sent_length = 0, p->out_data.rdata.length = 24. [2012/08/30 15:27:53.866037, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) &r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_RESPONSE (2) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0030 (48) auth_length : 0x0000 (0) call_id : 0x00000002 (2) u : union dcerpc_payload(case 2) response: struct dcerpc_response alloc_hint : 0x00000018 (24) context_id : 0x0000 (0) cancel_count : 0x00 (0) _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=24 [0000] 00 00 00 00 39 00 00 00 00 00 00 00 3F 50 B9 BE ....9... ....?P.. [0010] EE 0B 00 00 00 00 00 00 ........ [2012/08/30 15:27:53.867426, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) free_pipe_context: destroying talloc pool of size 1460 [2012/08/30 15:27:53.867946, 10] rpc_server/rpc_handles.c:307(close_policy_by_pipe) close_policy_by_pipe: deleted handle list for pipe \winreg [2012/08/30 15:27:53.868091, 10] rpc_server/srv_pipe_hnd.c:788(np_read_recv) Received 48 bytes. There is no more data outstanding [2012/08/30 15:27:53.868229, 5] smbd/ipc.c:62(copy_trans_params_and_data) copy_trans_params_and_data: params[0..0] data[0..48] (align 0) [2012/08/30 15:27:53.868348, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:53.868409, 5] lib/util.c:342(show_msg) size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=1 smb_pid=1080 smb_uid=100 smb_mid=8576 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [2012/08/30 15:27:53.870212, 10] ../lib/util/util.c:415(dump_data) [0000] 00 05 00 02 03 10 00 00 00 30 00 00 00 02 00 00 ........ .0...... [0010] 00 18 00 00 00 00 00 00 00 00 00 00 00 39 00 00 ........ .....9.. [0020] 00 00 00 00 00 3F 50 B9 BE EE 0B 00 00 00 00 00 .....?P. ........ [0030] 00 . [2012/08/30 15:27:53.872859, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 4240 [2012/08/30 15:27:53.873021, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x1090 [2012/08/30 15:27:53.873159, 3] smbd/process.c:1662(process_smb) Transaction 56 of length 4244 (0 toread) [2012/08/30 15:27:53.873276, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:53.873337, 5] lib/util.c:342(show_msg) size=4240 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=1080 smb_uid=100 smb_mid=8640 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 4156 (0x103C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 4156 (0x103C) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=17759 (0x455F) smb_bcc=4173 [2012/08/30 15:27:53.875098, 10] ../lib/util/util.c:415(dump_data) [0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [0010] 00 05 00 00 03 10 00 00 00 3C 10 00 00 03 00 00 ........ .<...... [0020] 00 24 10 00 00 00 00 08 00 00 00 00 00 39 00 00 .$...... .....9.. [0030] 00 00 00 00 00 3F 50 B9 BE EE 0B 00 00 02 00 00 .....?P. ........ [0040] 00 00 00 02 00 00 10 00 00 00 00 00 00 00 00 00 ........ ........ [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [2012/08/30 15:27:53.877557, 3] smbd/process.c:1467(switch_message) switch message SMBtrans (pid 3054) conn 0x7fd50c02fa20 [2012/08/30 15:27:53.877700, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/08/30 15:27:53.877827, 3] smbd/ipc.c:560(handle_trans) trans <\PIPE\> data=4156 params=0 setup=2 [2012/08/30 15:27:53.877966, 5] smbd/ipc.c:593(handle_trans) calling named_pipe [2012/08/30 15:27:53.878081, 3] smbd/ipc.c:511(named_pipe) named pipe command on <> name [2012/08/30 15:27:53.878199, 5] smbd/ipc.c:434(api_fd_reply) api_fd_reply [2012/08/30 15:27:53.878318, 3] smbd/ipc.c:475(api_fd_reply) Got API command 0x26 on pipe "spoolss" (pnum 455f) [2012/08/30 15:27:53.878436, 10] smbd/ipc.c:477(api_fd_reply) api_fd_reply: p:0x7fd50c02ba70 max_trans_reply: 1024 [2012/08/30 15:27:53.878558, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 4156 [2012/08/30 15:27:53.878679, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 4156 [2012/08/30 15:27:53.878801, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 4156 [2012/08/30 15:27:53.878921, 10] rpc_server/srv_pipe_hnd.c:50(fill_rpc_header) fill_rpc_header: data_to_copy = 4156, len_needed_to_complete_hdr = 16, receive_len = 0 [2012/08/30 15:27:53.879038, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 16 [2012/08/30 15:27:53.879155, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 4140 [2012/08/30 15:27:53.879291, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 4140 [2012/08/30 15:27:53.879410, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 0 [2012/08/30 15:27:53.879557, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 4140 [2012/08/30 15:27:53.879690, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 4140, incoming data = 4140 [2012/08/30 15:27:53.879822, 10] rpc_server/srv_pipe.c:1877(process_complete_pdu) PDU is in Little Endian format! [2012/08/30 15:27:53.879948, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_REQUEST (0) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x103c (4156) auth_length : 0x0000 (0) call_id : 0x00000003 (3) u : union dcerpc_payload(case 0) request: struct dcerpc_request alloc_hint : 0x00001024 (4132) context_id : 0x0000 (0) opnum : 0x0008 (8) object : union dcerpc_object(case 0) empty: struct dcerpc_empty _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=4132 [0000] 00 00 00 00 39 00 00 00 00 00 00 00 3F 50 B9 BE ....9... ....?P.. [0010] EE 0B 00 00 02 00 00 00 00 00 02 00 00 10 00 00 ........ ........ [0020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0040] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0200] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0210] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0220] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0230] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0240] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0250] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0260] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0270] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0280] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0290] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0300] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0310] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0320] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0330] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0340] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0350] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0360] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0370] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0380] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0390] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0400] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0410] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0420] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0430] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0440] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0450] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0460] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0470] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0480] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0490] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0500] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0510] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0520] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0530] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0540] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0550] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0560] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0570] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0580] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0590] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0600] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0610] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0620] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0630] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0640] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0650] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0660] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0670] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0680] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0690] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0700] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0710] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0720] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0730] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0740] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0750] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0760] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0770] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0780] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0790] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0800] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0810] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0820] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0830] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0840] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0850] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0860] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0870] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0880] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0890] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0900] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0910] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0920] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0930] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0940] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0950] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0960] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0970] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0980] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0990] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0ED0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1010] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1020] 00 10 00 00 .... [2012/08/30 15:27:53.905882, 10] rpc_server/srv_pipe.c:1890(process_complete_pdu) Processing packet type 0 [2012/08/30 15:27:53.906014, 10] rpc_server/srv_pipe.c:1734(dcesrv_auth_request) Checking request auth. [2012/08/30 15:27:53.906137, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) Requested \PIPE\\spoolss [2012/08/30 15:27:53.906259, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) api_rpcTNP: \spoolss op 0x8 - api_rpcTNP: rpc command: SPOOLSS_GETPRINTER [2012/08/30 15:27:53.906381, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) api_rpc_cmds[8].fn == 0x7fd50aed3850 [2012/08/30 15:27:53.906504, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) spoolss_GetPrinter: struct spoolss_GetPrinter in: struct spoolss_GetPrinter handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000039-0000-0000-3f50-b9beee0b0000 level : 0x00000002 (2) buffer : * buffer : DATA_BLOB length=4096 [0000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0010] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0040] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0200] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0210] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0220] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0230] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0240] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0250] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0260] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0270] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0280] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0290] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0300] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0310] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0320] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0330] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0340] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0350] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0360] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0370] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0380] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0390] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0400] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0410] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0420] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0430] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0440] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0450] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0460] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0470] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0480] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0490] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0500] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0510] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0520] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0530] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0540] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0550] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0560] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0570] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0580] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0590] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0600] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0610] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0620] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0630] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0640] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0650] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0660] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0670] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0680] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0690] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0700] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0710] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0720] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0730] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0740] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0750] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0760] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0770] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0780] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0790] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0800] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0810] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0820] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0830] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0840] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0850] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0860] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0870] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0880] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0890] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0900] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0910] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0920] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0930] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0940] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0950] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0960] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0970] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0980] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0990] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0ED0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ offered : 0x00001000 (4096) [2012/08/30 15:27:53.928958, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 39 00 00 00 00 00 00 00 3F 50 B9 BE ....9... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:53.929205, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 39 00 00 00 00 00 00 00 3F 50 B9 BE ....9... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:53.929403, 4] rpc_server/spoolss/srv_spoolss_nt.c:504(get_printer_snum) short name:HP_4515 [2012/08/30 15:27:53.929555, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) Create pipe requested \winreg [2012/08/30 15:27:53.929682, 10] rpc_server/rpc_handles.c:116(init_pipe_handles) init_pipe_handle_list: created handle list for pipe \winreg [2012/08/30 15:27:53.929802, 10] rpc_server/rpc_handles.c:133(init_pipe_handles) init_pipe_handle_list: pipe_handles ref count = 1 for pipe \winreg [2012/08/30 15:27:53.929929, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) Created internal pipe \winreg (pipes_open=0) [2012/08/30 15:27:53.930066, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM in: struct winreg_OpenHKLM system_name : NULL access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2012/08/30 15:27:53.930932, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2012/08/30 15:27:53.931056, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (2->3) [2012/08/30 15:27:53.931181, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM] [2012/08/30 15:27:53.931308, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM] [2012/08/30 15:27:53.931426, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:53.931603, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM] [2012/08/30 15:27:53.931911, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM] [2012/08/30 15:27:53.932044, 10] ../libcli/security/access_check.c:178(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2012/08/30 15:27:53.932177, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[1] [0000] 00 00 00 00 3C 00 00 00 00 00 00 00 3F 50 B9 BE ....<... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:53.932378, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM out: struct winreg_OpenHKLM handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000003c-0000-0000-3f50-b9beee0b0000 result : WERR_OK [2012/08/30 15:27:53.932872, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey in: struct winreg_OpenKey parent_handle : * parent_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000003c-0000-0000-3f50-b9beee0b0000 keyname: struct winreg_String name_len : 0x0088 (136) name_size : 0x0088 (136) name : * name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2012/08/30 15:27:53.934402, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 3C 00 00 00 00 00 00 00 3F 50 B9 BE ....<... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:53.934603, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2012/08/30 15:27:53.934721, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (3->4) [2012/08/30 15:27:53.934840, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] [2012/08/30 15:27:53.934974, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE] [2012/08/30 15:27:53.935092, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:53.935207, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE] [2012/08/30 15:27:53.935347, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE] [2012/08/30 15:27:53.935479, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2012/08/30 15:27:53.935610, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (4->5) [2012/08/30 15:27:53.935778, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] [2012/08/30 15:27:53.935894, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] [2012/08/30 15:27:53.936011, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:53.936129, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE\Microsoft] [2012/08/30 15:27:53.936263, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft] [2012/08/30 15:27:53.936394, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2012/08/30 15:27:53.936511, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (5->6) [2012/08/30 15:27:53.936648, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] [2012/08/30 15:27:53.936764, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] [2012/08/30 15:27:53.936881, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:53.936996, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] [2012/08/30 15:27:53.937130, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT] [2012/08/30 15:27:53.937263, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2012/08/30 15:27:53.937381, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (6->7) [2012/08/30 15:27:53.937518, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2012/08/30 15:27:53.937635, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2012/08/30 15:27:53.937752, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:53.937868, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b776320 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2012/08/30 15:27:53.938014, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2012/08/30 15:27:53.938133, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (7->8) [2012/08/30 15:27:53.938253, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2012/08/30 15:27:53.938370, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2012/08/30 15:27:53.938506, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:53.938621, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b776320 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2012/08/30 15:27:53.938758, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2012/08/30 15:27:53.938879, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (8->9) [2012/08/30 15:27:53.938999, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2012/08/30 15:27:53.939181, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2012/08/30 15:27:53.939328, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:53.939446, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2012/08/30 15:27:53.939649, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2012/08/30 15:27:53.939788, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [HP_4515] [2012/08/30 15:27:53.939907, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (9->10) [2012/08/30 15:27:53.940055, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:53.940189, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:53.940308, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:53.940424, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:53.940563, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:53.940733, 10] ../libcli/security/access_check.c:178(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2012/08/30 15:27:53.940854, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (10->9) [2012/08/30 15:27:53.940973, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (9->8) [2012/08/30 15:27:53.941111, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (8->7) [2012/08/30 15:27:53.941229, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (7->6) [2012/08/30 15:27:53.941347, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (6->5) [2012/08/30 15:27:53.941465, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (5->4) [2012/08/30 15:27:53.941600, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[2] [0000] 00 00 00 00 3D 00 00 00 00 00 00 00 3F 50 B9 BE ....=... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:53.941794, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey out: struct winreg_OpenKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000003d-0000-0000-3f50-b9beee0b0000 result : WERR_OK [2012/08/30 15:27:53.942282, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_QueryInfoKey: struct winreg_QueryInfoKey in: struct winreg_QueryInfoKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000003d-0000-0000-3f50-b9beee0b0000 classname : * classname: struct winreg_String name_len : 0x0000 (0) name_size : 0x0000 (0) name : NULL [2012/08/30 15:27:53.943054, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 3D 00 00 00 00 00 00 00 3F 50 B9 BE ....=... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:53.943288, 10] registry/reg_dispatcher.c:150(fetch_reg_values) fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515' (ops 0x7fd50b775f80) [2012/08/30 15:27:53.943415, 10] registry/reg_backend_db.c:1789(regdb_fetch_values_internal) regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:53.943580, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[0]: name[Attributes] len[4] [2012/08/30 15:27:53.943720, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[1]: name[Datatype] len[8] [2012/08/30 15:27:53.943840, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[2]: name[Default Priority] len[4] [2012/08/30 15:27:53.943959, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[3]: name[Port] len[38] [2012/08/30 15:27:53.944077, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[4]: name[Name] len[16] [2012/08/30 15:27:53.944216, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[5]: name[Print Processor] len[18] [2012/08/30 15:27:53.944335, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[6]: name[Priority] len[4] [2012/08/30 15:27:53.944455, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[7]: name[Security] len[248] [2012/08/30 15:27:53.944576, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[8]: name[Share Name] len[16] [2012/08/30 15:27:53.944695, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[9]: name[StartTime] len[4] [2012/08/30 15:27:53.944814, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[10]: name[UntilTime] len[4] [2012/08/30 15:27:53.944933, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[11]: name[Description] len[26] [2012/08/30 15:27:53.945057, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[12]: name[Printer Driver] len[16] [2012/08/30 15:27:53.945176, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[13]: name[Location] len[2] [2012/08/30 15:27:53.945295, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[14]: name[Parameters] len[2] [2012/08/30 15:27:53.945414, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[15]: name[Separator File] len[2] [2012/08/30 15:27:53.945535, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[16]: name[Status] len[4] [2012/08/30 15:27:53.945654, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[17]: name[ChangeID] len[4] [2012/08/30 15:27:53.945773, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:53.945909, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_QueryInfoKey: struct winreg_QueryInfoKey out: struct winreg_QueryInfoKey classname : * classname: struct winreg_String name_len : 0x0000 (0) name_size : 0x0000 (0) name : NULL num_subkeys : * num_subkeys : 0x00000003 (3) max_subkeylen : * max_subkeylen : 0x00000022 (34) max_classlen : * max_classlen : 0x00000000 (0) num_values : * num_values : 0x00000012 (18) max_valnamelen : * max_valnamelen : 0x00000022 (34) max_valbufsize : * max_valbufsize : 0x000000f8 (248) secdescsize : * secdescsize : 0x00000078 (120) last_changed_time : * last_changed_time : NTTIME(0) result : WERR_OK [2012/08/30 15:27:53.947472, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000003d-0000-0000-3f50-b9beee0b0000 enum_index : 0x00000000 (0) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2012/08/30 15:27:53.948789, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 3D 00 00 00 00 00 00 00 3F 50 B9 BE ....=... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:53.948988, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:53.949119, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0016 (22) size : 0x0024 (36) name : * name : 'Attributes' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x48 (72) [1] : 0x10 (16) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2012/08/30 15:27:53.950477, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000003d-0000-0000-3f50-b9beee0b0000 enum_index : 0x00000001 (1) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2012/08/30 15:27:53.951864, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 3D 00 00 00 00 00 00 00 3F 50 B9 BE ....=... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:53.952059, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:53.952197, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0024 (36) name : * name : 'Datatype' type : * type : REG_SZ (1) value : * value: ARRAY(8) [0] : 0x52 (82) [1] : 0x00 (0) [2] : 0x41 (65) [3] : 0x00 (0) [4] : 0x57 (87) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) size : * size : 0x00000008 (8) length : * length : 0x00000008 (8) result : WERR_OK [2012/08/30 15:27:53.953746, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000003d-0000-0000-3f50-b9beee0b0000 enum_index : 0x00000002 (2) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2012/08/30 15:27:53.955065, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 3D 00 00 00 00 00 00 00 3F 50 B9 BE ....=... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:53.955404, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:53.955553, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0022 (34) size : 0x0024 (36) name : * name : 'Default Priority' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2012/08/30 15:27:53.956885, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000003d-0000-0000-3f50-b9beee0b0000 enum_index : 0x00000003 (3) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2012/08/30 15:27:53.958160, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 3D 00 00 00 00 00 00 00 3F 50 B9 BE ....=... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:53.958354, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:53.958474, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x000a (10) size : 0x0024 (36) name : * name : 'Port' type : * type : REG_SZ (1) value : * value: ARRAY(38) [0] : 0x53 (83) [1] : 0x00 (0) [2] : 0x61 (97) [3] : 0x00 (0) [4] : 0x6d (109) [5] : 0x00 (0) [6] : 0x62 (98) [7] : 0x00 (0) [8] : 0x61 (97) [9] : 0x00 (0) [10] : 0x20 (32) [11] : 0x00 (0) [12] : 0x50 (80) [13] : 0x00 (0) [14] : 0x72 (114) [15] : 0x00 (0) [16] : 0x69 (105) [17] : 0x00 (0) [18] : 0x6e (110) [19] : 0x00 (0) [20] : 0x74 (116) [21] : 0x00 (0) [22] : 0x65 (101) [23] : 0x00 (0) [24] : 0x72 (114) [25] : 0x00 (0) [26] : 0x20 (32) [27] : 0x00 (0) [28] : 0x50 (80) [29] : 0x00 (0) [30] : 0x6f (111) [31] : 0x00 (0) [32] : 0x72 (114) [33] : 0x00 (0) [34] : 0x74 (116) [35] : 0x00 (0) [36] : 0x00 (0) [37] : 0x00 (0) size : * size : 0x00000026 (38) length : * length : 0x00000026 (38) result : WERR_OK [2012/08/30 15:27:53.962868, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000003d-0000-0000-3f50-b9beee0b0000 enum_index : 0x00000004 (4) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2012/08/30 15:27:53.964243, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 3D 00 00 00 00 00 00 00 3F 50 B9 BE ....=... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:53.964444, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:53.964588, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x000a (10) size : 0x0024 (36) name : * name : 'Name' type : * type : REG_SZ (1) value : * value: ARRAY(16) [0] : 0x48 (72) [1] : 0x00 (0) [2] : 0x50 (80) [3] : 0x00 (0) [4] : 0x5f (95) [5] : 0x00 (0) [6] : 0x34 (52) [7] : 0x00 (0) [8] : 0x35 (53) [9] : 0x00 (0) [10] : 0x31 (49) [11] : 0x00 (0) [12] : 0x35 (53) [13] : 0x00 (0) [14] : 0x00 (0) [15] : 0x00 (0) size : * size : 0x00000010 (16) length : * length : 0x00000010 (16) result : WERR_OK [2012/08/30 15:27:53.966615, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000003d-0000-0000-3f50-b9beee0b0000 enum_index : 0x00000005 (5) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2012/08/30 15:27:53.968068, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 3D 00 00 00 00 00 00 00 3F 50 B9 BE ....=... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:53.968266, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:53.968388, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0020 (32) size : 0x0024 (36) name : * name : 'Print Processor' type : * type : REG_SZ (1) value : * value: ARRAY(18) [0] : 0x77 (119) [1] : 0x00 (0) [2] : 0x69 (105) [3] : 0x00 (0) [4] : 0x6e (110) [5] : 0x00 (0) [6] : 0x70 (112) [7] : 0x00 (0) [8] : 0x72 (114) [9] : 0x00 (0) [10] : 0x69 (105) [11] : 0x00 (0) [12] : 0x6e (110) [13] : 0x00 (0) [14] : 0x74 (116) [15] : 0x00 (0) [16] : 0x00 (0) [17] : 0x00 (0) size : * size : 0x00000012 (18) length : * length : 0x00000012 (18) result : WERR_OK [2012/08/30 15:27:53.970565, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000003d-0000-0000-3f50-b9beee0b0000 enum_index : 0x00000006 (6) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2012/08/30 15:27:53.971932, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 3D 00 00 00 00 00 00 00 3F 50 B9 BE ....=... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:53.972129, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:53.972251, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0024 (36) name : * name : 'Priority' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2012/08/30 15:27:53.973552, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000003d-0000-0000-3f50-b9beee0b0000 enum_index : 0x00000007 (7) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2012/08/30 15:27:53.975094, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 3D 00 00 00 00 00 00 00 3F 50 B9 BE ....=... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:53.975290, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:53.975427, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0024 (36) name : * name : 'Security' type : * type : REG_BINARY (3) value : * value: ARRAY(248) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x04 (4) [3] : 0x80 (128) [4] : 0x14 (20) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) [8] : 0x24 (36) [9] : 0x00 (0) [10] : 0x00 (0) [11] : 0x00 (0) [12] : 0x00 (0) [13] : 0x00 (0) [14] : 0x00 (0) [15] : 0x00 (0) [16] : 0x34 (52) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) [20] : 0x01 (1) [21] : 0x02 (2) [22] : 0x00 (0) [23] : 0x00 (0) [24] : 0x00 (0) [25] : 0x00 (0) [26] : 0x00 (0) [27] : 0x05 (5) [28] : 0x20 (32) [29] : 0x00 (0) [30] : 0x00 (0) [31] : 0x00 (0) [32] : 0x20 (32) [33] : 0x02 (2) [34] : 0x00 (0) [35] : 0x00 (0) [36] : 0x01 (1) [37] : 0x02 (2) [38] : 0x00 (0) [39] : 0x00 (0) [40] : 0x00 (0) [41] : 0x00 (0) [42] : 0x00 (0) [43] : 0x05 (5) [44] : 0x20 (32) [45] : 0x00 (0) [46] : 0x00 (0) [47] : 0x00 (0) [48] : 0x20 (32) [49] : 0x02 (2) [50] : 0x00 (0) [51] : 0x00 (0) [52] : 0x02 (2) [53] : 0x00 (0) [54] : 0xc4 (196) [55] : 0x00 (0) [56] : 0x07 (7) [57] : 0x00 (0) [58] : 0x00 (0) [59] : 0x00 (0) [60] : 0x00 (0) [61] : 0x02 (2) [62] : 0x14 (20) [63] : 0x00 (0) [64] : 0x08 (8) [65] : 0x00 (0) [66] : 0x02 (2) [67] : 0x20 (32) [68] : 0x01 (1) [69] : 0x01 (1) [70] : 0x00 (0) [71] : 0x00 (0) [72] : 0x00 (0) [73] : 0x00 (0) [74] : 0x00 (0) [75] : 0x01 (1) [76] : 0x00 (0) [77] : 0x00 (0) [78] : 0x00 (0) [79] : 0x00 (0) [80] : 0x00 (0) [81] : 0x09 (9) [82] : 0x24 (36) [83] : 0x00 (0) [84] : 0x0c (12) [85] : 0x00 (0) [86] : 0x0f (15) [87] : 0x10 (16) [88] : 0x01 (1) [89] : 0x05 (5) [90] : 0x00 (0) [91] : 0x00 (0) [92] : 0x00 (0) [93] : 0x00 (0) [94] : 0x00 (0) [95] : 0x05 (5) [96] : 0x15 (21) [97] : 0x00 (0) [98] : 0x00 (0) [99] : 0x00 (0) [100] : 0x1b (27) [101] : 0xea (234) [102] : 0xaf (175) [103] : 0xc2 (194) [104] : 0xc0 (192) [105] : 0x3c (60) [106] : 0x7d (125) [107] : 0xdd (221) [108] : 0x2c (44) [109] : 0x8f (143) [110] : 0x72 (114) [111] : 0xd3 (211) [112] : 0x00 (0) [113] : 0x02 (2) [114] : 0x00 (0) [115] : 0x00 (0) [116] : 0x00 (0) [117] : 0x02 (2) [118] : 0x24 (36) [119] : 0x00 (0) [120] : 0x0c (12) [121] : 0x00 (0) [122] : 0x0f (15) [123] : 0x10 (16) [124] : 0x01 (1) [125] : 0x05 (5) [126] : 0x00 (0) [127] : 0x00 (0) [128] : 0x00 (0) [129] : 0x00 (0) [130] : 0x00 (0) [131] : 0x05 (5) [132] : 0x15 (21) [133] : 0x00 (0) [134] : 0x00 (0) [135] : 0x00 (0) [136] : 0x1b (27) [137] : 0xea (234) [138] : 0xaf (175) [139] : 0xc2 (194) [140] : 0xc0 (192) [141] : 0x3c (60) [142] : 0x7d (125) [143] : 0xdd (221) [144] : 0x2c (44) [145] : 0x8f (143) [146] : 0x72 (114) [147] : 0xd3 (211) [148] : 0x00 (0) [149] : 0x02 (2) [150] : 0x00 (0) [151] : 0x00 (0) [152] : 0x00 (0) [153] : 0x09 (9) [154] : 0x18 (24) [155] : 0x00 (0) [156] : 0x0c (12) [157] : 0x00 (0) [158] : 0x0f (15) [159] : 0x10 (16) [160] : 0x01 (1) [161] : 0x02 (2) [162] : 0x00 (0) [163] : 0x00 (0) [164] : 0x00 (0) [165] : 0x00 (0) [166] : 0x00 (0) [167] : 0x05 (5) [168] : 0x20 (32) [169] : 0x00 (0) [170] : 0x00 (0) [171] : 0x00 (0) [172] : 0x20 (32) [173] : 0x02 (2) [174] : 0x00 (0) [175] : 0x00 (0) [176] : 0x00 (0) [177] : 0x02 (2) [178] : 0x18 (24) [179] : 0x00 (0) [180] : 0x0c (12) [181] : 0x00 (0) [182] : 0x0f (15) [183] : 0x10 (16) [184] : 0x01 (1) [185] : 0x02 (2) [186] : 0x00 (0) [187] : 0x00 (0) [188] : 0x00 (0) [189] : 0x00 (0) [190] : 0x00 (0) [191] : 0x05 (5) [192] : 0x20 (32) [193] : 0x00 (0) [194] : 0x00 (0) [195] : 0x00 (0) [196] : 0x20 (32) [197] : 0x02 (2) [198] : 0x00 (0) [199] : 0x00 (0) [200] : 0x00 (0) [201] : 0x09 (9) [202] : 0x18 (24) [203] : 0x00 (0) [204] : 0x0c (12) [205] : 0x00 (0) [206] : 0x0f (15) [207] : 0x10 (16) [208] : 0x01 (1) [209] : 0x02 (2) [210] : 0x00 (0) [211] : 0x00 (0) [212] : 0x00 (0) [213] : 0x00 (0) [214] : 0x00 (0) [215] : 0x05 (5) [216] : 0x20 (32) [217] : 0x00 (0) [218] : 0x00 (0) [219] : 0x00 (0) [220] : 0x26 (38) [221] : 0x02 (2) [222] : 0x00 (0) [223] : 0x00 (0) [224] : 0x00 (0) [225] : 0x02 (2) [226] : 0x18 (24) [227] : 0x00 (0) [228] : 0x0c (12) [229] : 0x00 (0) [230] : 0x0f (15) [231] : 0x10 (16) [232] : 0x01 (1) [233] : 0x02 (2) [234] : 0x00 (0) [235] : 0x00 (0) [236] : 0x00 (0) [237] : 0x00 (0) [238] : 0x00 (0) [239] : 0x05 (5) [240] : 0x20 (32) [241] : 0x00 (0) [242] : 0x00 (0) [243] : 0x00 (0) [244] : 0x26 (38) [245] : 0x02 (2) [246] : 0x00 (0) [247] : 0x00 (0) size : * size : 0x000000f8 (248) length : * length : 0x000000f8 (248) result : WERR_OK [2012/08/30 15:27:53.991769, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000003d-0000-0000-3f50-b9beee0b0000 enum_index : 0x00000008 (8) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2012/08/30 15:27:53.993123, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 3D 00 00 00 00 00 00 00 3F 50 B9 BE ....=... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:53.993332, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:53.993465, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0016 (22) size : 0x0024 (36) name : * name : 'Share Name' type : * type : REG_SZ (1) value : * value: ARRAY(16) [0] : 0x48 (72) [1] : 0x00 (0) [2] : 0x50 (80) [3] : 0x00 (0) [4] : 0x5f (95) [5] : 0x00 (0) [6] : 0x34 (52) [7] : 0x00 (0) [8] : 0x35 (53) [9] : 0x00 (0) [10] : 0x31 (49) [11] : 0x00 (0) [12] : 0x35 (53) [13] : 0x00 (0) [14] : 0x00 (0) [15] : 0x00 (0) size : * size : 0x00000010 (16) length : * length : 0x00000010 (16) result : WERR_OK [2012/08/30 15:27:53.995567, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000003d-0000-0000-3f50-b9beee0b0000 enum_index : 0x00000009 (9) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2012/08/30 15:27:53.996900, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 3D 00 00 00 00 00 00 00 3F 50 B9 BE ....=... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:53.997103, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:53.997228, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0014 (20) size : 0x0024 (36) name : * name : 'StartTime' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x00 (0) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2012/08/30 15:27:53.998559, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000003d-0000-0000-3f50-b9beee0b0000 enum_index : 0x0000000a (10) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2012/08/30 15:27:53.999884, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 3D 00 00 00 00 00 00 00 3F 50 B9 BE ....=... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:54.000096, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:54.000216, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0014 (20) size : 0x0024 (36) name : * name : 'UntilTime' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x00 (0) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2012/08/30 15:27:54.001550, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000003d-0000-0000-3f50-b9beee0b0000 enum_index : 0x0000000b (11) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2012/08/30 15:27:54.002824, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 3D 00 00 00 00 00 00 00 3F 50 B9 BE ....=... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:54.003018, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:54.003141, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0018 (24) size : 0x0024 (36) name : * name : 'Description' type : * type : REG_SZ (1) value : * value: ARRAY(26) [0] : 0x63 (99) [1] : 0x00 (0) [2] : 0x75 (117) [3] : 0x00 (0) [4] : 0x70 (112) [5] : 0x00 (0) [6] : 0x73 (115) [7] : 0x00 (0) [8] : 0x20 (32) [9] : 0x00 (0) [10] : 0x70 (112) [11] : 0x00 (0) [12] : 0x72 (114) [13] : 0x00 (0) [14] : 0x69 (105) [15] : 0x00 (0) [16] : 0x6e (110) [17] : 0x00 (0) [18] : 0x74 (116) [19] : 0x00 (0) [20] : 0x65 (101) [21] : 0x00 (0) [22] : 0x72 (114) [23] : 0x00 (0) [24] : 0x00 (0) [25] : 0x00 (0) size : * size : 0x0000001a (26) length : * length : 0x0000001a (26) result : WERR_OK [2012/08/30 15:27:54.006654, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000003d-0000-0000-3f50-b9beee0b0000 enum_index : 0x0000000c (12) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2012/08/30 15:27:54.008118, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 3D 00 00 00 00 00 00 00 3F 50 B9 BE ....=... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:54.008314, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:54.008436, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x001e (30) size : 0x0024 (36) name : * name : 'Printer Driver' type : * type : REG_SZ (1) value : * value: ARRAY(16) [0] : 0x48 (72) [1] : 0x00 (0) [2] : 0x50 (80) [3] : 0x00 (0) [4] : 0x5f (95) [5] : 0x00 (0) [6] : 0x34 (52) [7] : 0x00 (0) [8] : 0x35 (53) [9] : 0x00 (0) [10] : 0x31 (49) [11] : 0x00 (0) [12] : 0x35 (53) [13] : 0x00 (0) [14] : 0x00 (0) [15] : 0x00 (0) size : * size : 0x00000010 (16) length : * length : 0x00000010 (16) result : WERR_OK [2012/08/30 15:27:54.010521, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000003d-0000-0000-3f50-b9beee0b0000 enum_index : 0x0000000d (13) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2012/08/30 15:27:54.011951, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 3D 00 00 00 00 00 00 00 3F 50 B9 BE ....=... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:54.012171, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:54.012296, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0024 (36) name : * name : 'Location' type : * type : REG_SZ (1) value : * value: ARRAY(2) [0] : 0x00 (0) [1] : 0x00 (0) size : * size : 0x00000002 (2) length : * length : 0x00000002 (2) result : WERR_OK [2012/08/30 15:27:54.013499, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000003d-0000-0000-3f50-b9beee0b0000 enum_index : 0x0000000e (14) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2012/08/30 15:27:54.014835, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 3D 00 00 00 00 00 00 00 3F 50 B9 BE ....=... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:54.015032, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:54.015153, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0016 (22) size : 0x0024 (36) name : * name : 'Parameters' type : * type : REG_SZ (1) value : * value: ARRAY(2) [0] : 0x00 (0) [1] : 0x00 (0) size : * size : 0x00000002 (2) length : * length : 0x00000002 (2) result : WERR_OK [2012/08/30 15:27:54.016670, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000003d-0000-0000-3f50-b9beee0b0000 enum_index : 0x0000000f (15) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2012/08/30 15:27:54.017960, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 3D 00 00 00 00 00 00 00 3F 50 B9 BE ....=... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:54.018157, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:54.018277, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x001e (30) size : 0x0024 (36) name : * name : 'Separator File' type : * type : REG_SZ (1) value : * value: ARRAY(2) [0] : 0x00 (0) [1] : 0x00 (0) size : * size : 0x00000002 (2) length : * length : 0x00000002 (2) result : WERR_OK [2012/08/30 15:27:54.019493, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000003d-0000-0000-3f50-b9beee0b0000 enum_index : 0x00000010 (16) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2012/08/30 15:27:54.020876, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 3D 00 00 00 00 00 00 00 3F 50 B9 BE ....=... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:54.021073, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:54.021196, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x000e (14) size : 0x0024 (36) name : * name : 'Status' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x00 (0) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2012/08/30 15:27:54.022511, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000003d-0000-0000-3f50-b9beee0b0000 enum_index : 0x00000011 (17) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2012/08/30 15:27:54.023868, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 3D 00 00 00 00 00 00 00 3F 50 B9 BE ....=... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:54.024065, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:54.024203, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0024 (36) name : * name : 'ChangeID' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x09 (9) [1] : 0x7d (125) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2012/08/30 15:27:54.025552, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000003d-0000-0000-3f50-b9beee0b0000 value_name : * value_name: struct winreg_String name_len : 0x0020 (32) name_size : 0x0020 (32) name : * name : 'Default DevMode' type : * type : REG_NONE (0) data : NULL data_size : * data_size : 0x00000000 (0) data_length : * data_length : 0x00000000 (0) [2012/08/30 15:27:54.026735, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 3D 00 00 00 00 00 00 00 3F 50 B9 BE ....=... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:54.026934, 7] rpc_server/winreg/srv_winreg_nt.c:262(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:54.027053, 7] rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2012/08/30 15:27:54.027174, 10] rpc_server/winreg/srv_winreg_nt.c:315(_winreg_QueryValue) _winreg_QueryValue: reg_queryvalue failed with: WERR_BADFILE [2012/08/30 15:27:54.027292, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_NONE (0) data : NULL data_size : * data_size : 0x00000000 (0) data_length : * data_length : 0x00000000 (0) result : WERR_BADFILE [2012/08/30 15:27:54.028158, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM in: struct winreg_OpenHKLM system_name : NULL access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2012/08/30 15:27:54.028951, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2012/08/30 15:27:54.029074, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (4->5) [2012/08/30 15:27:54.029195, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM] [2012/08/30 15:27:54.029334, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM] [2012/08/30 15:27:54.029453, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:54.029568, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM] [2012/08/30 15:27:54.029715, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM] [2012/08/30 15:27:54.029847, 10] ../libcli/security/access_check.c:178(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2012/08/30 15:27:54.029969, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[3] [0000] 00 00 00 00 3E 00 00 00 00 00 00 00 3F 50 BA BE ....>... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:54.030182, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM out: struct winreg_OpenHKLM handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000003e-0000-0000-3f50-babeee0b0000 result : WERR_OK [2012/08/30 15:27:54.030696, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey in: struct winreg_OpenKey parent_handle : * parent_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000003e-0000-0000-3f50-babeee0b0000 keyname: struct winreg_String name_len : 0x0088 (136) name_size : 0x0088 (136) name : * name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2012/08/30 15:27:54.032308, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 3E 00 00 00 00 00 00 00 3F 50 BA BE ....>... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:54.032526, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2012/08/30 15:27:54.032647, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (5->6) [2012/08/30 15:27:54.032771, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] [2012/08/30 15:27:54.032888, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE] [2012/08/30 15:27:54.033008, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:54.033124, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE] [2012/08/30 15:27:54.033291, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE] [2012/08/30 15:27:54.033427, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2012/08/30 15:27:54.033546, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (6->7) [2012/08/30 15:27:54.033670, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] [2012/08/30 15:27:54.033787, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] [2012/08/30 15:27:54.033905, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:54.034020, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE\Microsoft] [2012/08/30 15:27:54.034156, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft] [2012/08/30 15:27:54.034288, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2012/08/30 15:27:54.034406, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (7->8) [2012/08/30 15:27:54.034525, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] [2012/08/30 15:27:54.034658, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] [2012/08/30 15:27:54.034776, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:54.034891, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] [2012/08/30 15:27:54.035039, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT] [2012/08/30 15:27:54.035171, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2012/08/30 15:27:54.035289, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (8->9) [2012/08/30 15:27:54.035409, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2012/08/30 15:27:54.035570, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2012/08/30 15:27:54.035699, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:54.035815, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b776320 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2012/08/30 15:27:54.035975, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2012/08/30 15:27:54.036094, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (9->10) [2012/08/30 15:27:54.036214, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2012/08/30 15:27:54.036350, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2012/08/30 15:27:54.036475, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:54.036590, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b776320 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2012/08/30 15:27:54.036727, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2012/08/30 15:27:54.036849, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (10->11) [2012/08/30 15:27:54.036969, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2012/08/30 15:27:54.037085, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2012/08/30 15:27:54.037203, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:54.037336, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2012/08/30 15:27:54.037470, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2012/08/30 15:27:54.037603, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [HP_4515] [2012/08/30 15:27:54.037724, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (11->12) [2012/08/30 15:27:54.037846, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:54.037962, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:54.038080, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:54.038198, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:54.038334, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:54.038468, 10] ../libcli/security/access_check.c:178(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2012/08/30 15:27:54.038604, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (12->11) [2012/08/30 15:27:54.038723, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (11->10) [2012/08/30 15:27:54.038840, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (10->9) [2012/08/30 15:27:54.038958, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (9->8) [2012/08/30 15:27:54.039143, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (8->7) [2012/08/30 15:27:54.039262, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (7->6) [2012/08/30 15:27:54.039382, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[4] [0000] 00 00 00 00 3F 00 00 00 00 00 00 00 3F 50 BA BE ....?... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:54.039662, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey out: struct winreg_OpenKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000003f-0000-0000-3f50-babeee0b0000 result : WERR_OK [2012/08/30 15:27:54.040181, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000003f-0000-0000-3f50-babeee0b0000 value_name : * value_name: struct winreg_String name_len : 0x0012 (18) name_size : 0x0012 (18) name : * name : 'Security' type : * type : REG_NONE (0) data : NULL data_size : * data_size : 0x00000000 (0) data_length : * data_length : 0x00000000 (0) [2012/08/30 15:27:54.041356, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 3F 00 00 00 00 00 00 00 3F 50 BA BE ....?... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:54.041549, 7] rpc_server/winreg/srv_winreg_nt.c:262(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:54.041667, 7] rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2012/08/30 15:27:54.041802, 10] registry/reg_dispatcher.c:150(fetch_reg_values) fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515' (ops 0x7fd50b775f80) [2012/08/30 15:27:54.041922, 10] registry/reg_backend_db.c:1789(regdb_fetch_values_internal) regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:54.042060, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[0]: name[Attributes] len[4] [2012/08/30 15:27:54.042198, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[1]: name[Datatype] len[8] [2012/08/30 15:27:54.042319, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[2]: name[Default Priority] len[4] [2012/08/30 15:27:54.042439, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[3]: name[Port] len[38] [2012/08/30 15:27:54.042558, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[4]: name[Name] len[16] [2012/08/30 15:27:54.042681, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[5]: name[Print Processor] len[18] [2012/08/30 15:27:54.042801, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[6]: name[Priority] len[4] [2012/08/30 15:27:54.042923, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[7]: name[Security] len[248] [2012/08/30 15:27:54.043037, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[8]: name[Share Name] len[16] [2012/08/30 15:27:54.043226, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[9]: name[StartTime] len[4] [2012/08/30 15:27:54.043347, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[10]: name[UntilTime] len[4] [2012/08/30 15:27:54.043559, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[11]: name[Description] len[26] [2012/08/30 15:27:54.043693, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[12]: name[Printer Driver] len[16] [2012/08/30 15:27:54.043820, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[13]: name[Location] len[2] [2012/08/30 15:27:54.043958, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[14]: name[Parameters] len[2] [2012/08/30 15:27:54.044078, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[15]: name[Separator File] len[2] [2012/08/30 15:27:54.044197, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[16]: name[Status] len[4] [2012/08/30 15:27:54.044316, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[17]: name[ChangeID] len[4] [2012/08/30 15:27:54.044461, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_BINARY (3) data : NULL data_size : * data_size : 0x000000f8 (248) data_length : * data_length : 0x00000000 (0) result : WERR_OK [2012/08/30 15:27:54.045138, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000003f-0000-0000-3f50-babeee0b0000 value_name : * value_name: struct winreg_String name_len : 0x0012 (18) name_size : 0x0012 (18) name : * name : 'Security' type : * type : REG_BINARY (3) data : * data: ARRAY(0) data_size : * data_size : 0x000000f8 (248) data_length : * data_length : 0x00000000 (0) [2012/08/30 15:27:54.046391, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 3F 00 00 00 00 00 00 00 3F 50 BA BE ....?... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:54.046586, 7] rpc_server/winreg/srv_winreg_nt.c:262(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:54.046721, 7] rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2012/08/30 15:27:54.046841, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_BINARY (3) data : * data: ARRAY(248) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x04 (4) [3] : 0x80 (128) [4] : 0x14 (20) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) [8] : 0x24 (36) [9] : 0x00 (0) [10] : 0x00 (0) [11] : 0x00 (0) [12] : 0x00 (0) [13] : 0x00 (0) [14] : 0x00 (0) [15] : 0x00 (0) [16] : 0x34 (52) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) [20] : 0x01 (1) [21] : 0x02 (2) [22] : 0x00 (0) [23] : 0x00 (0) [24] : 0x00 (0) [25] : 0x00 (0) [26] : 0x00 (0) [27] : 0x05 (5) [28] : 0x20 (32) [29] : 0x00 (0) [30] : 0x00 (0) [31] : 0x00 (0) [32] : 0x20 (32) [33] : 0x02 (2) [34] : 0x00 (0) [35] : 0x00 (0) [36] : 0x01 (1) [37] : 0x02 (2) [38] : 0x00 (0) [39] : 0x00 (0) [40] : 0x00 (0) [41] : 0x00 (0) [42] : 0x00 (0) [43] : 0x05 (5) [44] : 0x20 (32) [45] : 0x00 (0) [46] : 0x00 (0) [47] : 0x00 (0) [48] : 0x20 (32) [49] : 0x02 (2) [50] : 0x00 (0) [51] : 0x00 (0) [52] : 0x02 (2) [53] : 0x00 (0) [54] : 0xc4 (196) [55] : 0x00 (0) [56] : 0x07 (7) [57] : 0x00 (0) [58] : 0x00 (0) [59] : 0x00 (0) [60] : 0x00 (0) [61] : 0x02 (2) [62] : 0x14 (20) [63] : 0x00 (0) [64] : 0x08 (8) [65] : 0x00 (0) [66] : 0x02 (2) [67] : 0x20 (32) [68] : 0x01 (1) [69] : 0x01 (1) [70] : 0x00 (0) [71] : 0x00 (0) [72] : 0x00 (0) [73] : 0x00 (0) [74] : 0x00 (0) [75] : 0x01 (1) [76] : 0x00 (0) [77] : 0x00 (0) [78] : 0x00 (0) [79] : 0x00 (0) [80] : 0x00 (0) [81] : 0x09 (9) [82] : 0x24 (36) [83] : 0x00 (0) [84] : 0x0c (12) [85] : 0x00 (0) [86] : 0x0f (15) [87] : 0x10 (16) [88] : 0x01 (1) [89] : 0x05 (5) [90] : 0x00 (0) [91] : 0x00 (0) [92] : 0x00 (0) [93] : 0x00 (0) [94] : 0x00 (0) [95] : 0x05 (5) [96] : 0x15 (21) [97] : 0x00 (0) [98] : 0x00 (0) [99] : 0x00 (0) [100] : 0x1b (27) [101] : 0xea (234) [102] : 0xaf (175) [103] : 0xc2 (194) [104] : 0xc0 (192) [105] : 0x3c (60) [106] : 0x7d (125) [107] : 0xdd (221) [108] : 0x2c (44) [109] : 0x8f (143) [110] : 0x72 (114) [111] : 0xd3 (211) [112] : 0x00 (0) [113] : 0x02 (2) [114] : 0x00 (0) [115] : 0x00 (0) [116] : 0x00 (0) [117] : 0x02 (2) [118] : 0x24 (36) [119] : 0x00 (0) [120] : 0x0c (12) [121] : 0x00 (0) [122] : 0x0f (15) [123] : 0x10 (16) [124] : 0x01 (1) [125] : 0x05 (5) [126] : 0x00 (0) [127] : 0x00 (0) [128] : 0x00 (0) [129] : 0x00 (0) [130] : 0x00 (0) [131] : 0x05 (5) [132] : 0x15 (21) [133] : 0x00 (0) [134] : 0x00 (0) [135] : 0x00 (0) [136] : 0x1b (27) [137] : 0xea (234) [138] : 0xaf (175) [139] : 0xc2 (194) [140] : 0xc0 (192) [141] : 0x3c (60) [142] : 0x7d (125) [143] : 0xdd (221) [144] : 0x2c (44) [145] : 0x8f (143) [146] : 0x72 (114) [147] : 0xd3 (211) [148] : 0x00 (0) [149] : 0x02 (2) [150] : 0x00 (0) [151] : 0x00 (0) [152] : 0x00 (0) [153] : 0x09 (9) [154] : 0x18 (24) [155] : 0x00 (0) [156] : 0x0c (12) [157] : 0x00 (0) [158] : 0x0f (15) [159] : 0x10 (16) [160] : 0x01 (1) [161] : 0x02 (2) [162] : 0x00 (0) [163] : 0x00 (0) [164] : 0x00 (0) [165] : 0x00 (0) [166] : 0x00 (0) [167] : 0x05 (5) [168] : 0x20 (32) [169] : 0x00 (0) [170] : 0x00 (0) [171] : 0x00 (0) [172] : 0x20 (32) [173] : 0x02 (2) [174] : 0x00 (0) [175] : 0x00 (0) [176] : 0x00 (0) [177] : 0x02 (2) [178] : 0x18 (24) [179] : 0x00 (0) [180] : 0x0c (12) [181] : 0x00 (0) [182] : 0x0f (15) [183] : 0x10 (16) [184] : 0x01 (1) [185] : 0x02 (2) [186] : 0x00 (0) [187] : 0x00 (0) [188] : 0x00 (0) [189] : 0x00 (0) [190] : 0x00 (0) [191] : 0x05 (5) [192] : 0x20 (32) [193] : 0x00 (0) [194] : 0x00 (0) [195] : 0x00 (0) [196] : 0x20 (32) [197] : 0x02 (2) [198] : 0x00 (0) [199] : 0x00 (0) [200] : 0x00 (0) [201] : 0x09 (9) [202] : 0x18 (24) [203] : 0x00 (0) [204] : 0x0c (12) [205] : 0x00 (0) [206] : 0x0f (15) [207] : 0x10 (16) [208] : 0x01 (1) [209] : 0x02 (2) [210] : 0x00 (0) [211] : 0x00 (0) [212] : 0x00 (0) [213] : 0x00 (0) [214] : 0x00 (0) [215] : 0x05 (5) [216] : 0x20 (32) [217] : 0x00 (0) [218] : 0x00 (0) [219] : 0x00 (0) [220] : 0x26 (38) [221] : 0x02 (2) [222] : 0x00 (0) [223] : 0x00 (0) [224] : 0x00 (0) [225] : 0x02 (2) [226] : 0x18 (24) [227] : 0x00 (0) [228] : 0x0c (12) [229] : 0x00 (0) [230] : 0x0f (15) [231] : 0x10 (16) [232] : 0x01 (1) [233] : 0x02 (2) [234] : 0x00 (0) [235] : 0x00 (0) [236] : 0x00 (0) [237] : 0x00 (0) [238] : 0x00 (0) [239] : 0x05 (5) [240] : 0x20 (32) [241] : 0x00 (0) [242] : 0x00 (0) [243] : 0x00 (0) [244] : 0x26 (38) [245] : 0x02 (2) [246] : 0x00 (0) [247] : 0x00 (0) data_size : * data_size : 0x000000f8 (248) data_length : * data_length : 0x000000f8 (248) result : WERR_OK [2012/08/30 15:27:54.064383, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000003f-0000-0000-3f50-babeee0b0000 [2012/08/30 15:27:54.064818, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 3F 00 00 00 00 00 00 00 3F 50 BA BE ....?... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:54.065019, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 3F 00 00 00 00 00 00 00 3F 50 BA BE ....?... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:54.065214, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/08/30 15:27:54.065350, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (6->5) [2012/08/30 15:27:54.065477, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2012/08/30 15:27:54.065966, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000003e-0000-0000-3f50-babeee0b0000 [2012/08/30 15:27:54.066379, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 3E 00 00 00 00 00 00 00 3F 50 BA BE ....>... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:54.066591, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 3E 00 00 00 00 00 00 00 3F 50 BA BE ....>... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:54.066793, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/08/30 15:27:54.066910, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (5->4) [2012/08/30 15:27:54.067044, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2012/08/30 15:27:54.067562, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000003d-0000-0000-3f50-b9beee0b0000 [2012/08/30 15:27:54.068019, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 3D 00 00 00 00 00 00 00 3F 50 B9 BE ....=... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:54.068216, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 3D 00 00 00 00 00 00 00 3F 50 B9 BE ....=... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:54.068409, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/08/30 15:27:54.068546, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (4->3) [2012/08/30 15:27:54.068663, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2012/08/30 15:27:54.069140, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000003c-0000-0000-3f50-b9beee0b0000 [2012/08/30 15:27:54.069552, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 3C 00 00 00 00 00 00 00 3F 50 B9 BE ....<... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:54.069772, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 3C 00 00 00 00 00 00 00 3F 50 B9 BE ....<... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:54.069964, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/08/30 15:27:54.070099, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (3->2) [2012/08/30 15:27:54.070216, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2012/08/30 15:27:54.070762, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) spoolss_GetPrinter: struct spoolss_GetPrinter out: struct spoolss_GetPrinter info : * info : union spoolss_PrinterInfo(case 2) info2: struct spoolss_PrinterInfo2 servername : * servername : '\\orange' printername : * printername : '\\orange\HP_4515' sharename : * sharename : 'HP_4515' portname : * portname : 'Samba Printer Port' drivername : * drivername : 'HP_4515' comment : * comment : 'cups printer' location : * location : '' devmode : * devmode: struct spoolss_DeviceMode devicename : '\\orange\HP_4515' specversion : DMSPEC_NT4_AND_ABOVE (1025) driverversion : 0x0400 (1024) size : 0x00dc (220) __driverextra_length : 0x0000 (0) fields : 0x00014713 (83731) 1: DEVMODE_ORIENTATION 1: DEVMODE_PAPERSIZE 0: DEVMODE_PAPERLENGTH 0: DEVMODE_PAPERWIDTH 1: DEVMODE_SCALE 0: DEVMODE_POSITION 0: DEVMODE_NUP 1: DEVMODE_COPIES 1: DEVMODE_DEFAULTSOURCE 1: DEVMODE_PRINTQUALITY 0: DEVMODE_COLOR 0: DEVMODE_DUPLEX 0: DEVMODE_YRESOLUTION 1: DEVMODE_TTOPTION 0: DEVMODE_COLLATE 1: DEVMODE_FORMNAME 0: DEVMODE_LOGPIXELS 0: DEVMODE_BITSPERPEL 0: DEVMODE_PELSWIDTH 0: DEVMODE_PELSHEIGHT 0: DEVMODE_DISPLAYFLAGS 0: DEVMODE_DISPLAYFREQUENCY 0: DEVMODE_ICMMETHOD 0: DEVMODE_ICMINTENT 0: DEVMODE_MEDIATYPE 0: DEVMODE_DITHERTYPE 0: DEVMODE_PANNINGWIDTH 0: DEVMODE_PANNINGHEIGHT orientation : DMORIENT_PORTRAIT (1) papersize : DMPAPER_LETTER (1) paperlength : 0x0000 (0) paperwidth : 0x0000 (0) scale : 0x0064 (100) copies : 0x0001 (1) defaultsource : DMBIN_FORMSOURCE (15) printquality : DMRES_HIGH (65532) color : DMRES_MONOCHROME (1) duplex : DMDUP_SIMPLEX (1) yresolution : 0x0000 (0) ttoption : DMTT_SUBDEV (3) collate : DMCOLLATE_FALSE (0) formname : 'Letter' logpixels : 0x0000 (0) bitsperpel : 0x00000000 (0) pelswidth : 0x00000000 (0) pelsheight : 0x00000000 (0) displayflags : UNKNOWN_ENUM_VALUE (0) displayfrequency : 0x00000000 (0) icmmethod : UNKNOWN_ENUM_VALUE (0) icmintent : UNKNOWN_ENUM_VALUE (0) mediatype : UNKNOWN_ENUM_VALUE (0) dithertype : UNKNOWN_ENUM_VALUE (0) reserved1 : 0x00000000 (0) reserved2 : 0x00000000 (0) panningwidth : 0x00000000 (0) panningheight : 0x00000000 (0) driverextra_data : DATA_BLOB length=0 sepfile : * sepfile : '' printprocessor : * printprocessor : 'winprint' datatype : * datatype : 'RAW' parameters : * parameters : '' secdesc : * secdesc: struct security_descriptor revision : SECURITY_DESCRIPTOR_REVISION_1 (1) type : 0x8004 (32772) 0: SEC_DESC_OWNER_DEFAULTED 0: SEC_DESC_GROUP_DEFAULTED 1: SEC_DESC_DACL_PRESENT 0: SEC_DESC_DACL_DEFAULTED 0: SEC_DESC_SACL_PRESENT 0: SEC_DESC_SACL_DEFAULTED 0: SEC_DESC_DACL_TRUSTED 0: SEC_DESC_SERVER_SECURITY 0: SEC_DESC_DACL_AUTO_INHERIT_REQ 0: SEC_DESC_SACL_AUTO_INHERIT_REQ 0: SEC_DESC_DACL_AUTO_INHERITED 0: SEC_DESC_SACL_AUTO_INHERITED 0: SEC_DESC_DACL_PROTECTED 0: SEC_DESC_SACL_PROTECTED 0: SEC_DESC_RM_CONTROL_VALID 1: SEC_DESC_SELF_RELATIVE owner_sid : * owner_sid : S-1-5-32-544 group_sid : * group_sid : S-1-5-32-544 sacl : NULL dacl : * dacl: struct security_acl revision : SECURITY_ACL_REVISION_NT4 (2) size : 0x00c4 (196) num_aces : 0x00000007 (7) aces: ARRAY(7) aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x02 (2) 0: SEC_ACE_FLAG_OBJECT_INHERIT 1: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 0: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0014 (20) access_mask : 0x20020008 (537001992) object : union security_ace_object_ctr(case 0) trustee : S-1-1-0 aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x09 (9) 1: SEC_ACE_FLAG_OBJECT_INHERIT 0: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 1: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x09: SEC_ACE_FLAG_VALID_INHERIT (9) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0024 (36) access_mask : 0x100f000c (269418508) object : union security_ace_object_ctr(case 0) trustee : S-1-5-21-3266308635-3715972288-3547500332-512 aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x02 (2) 0: SEC_ACE_FLAG_OBJECT_INHERIT 1: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 0: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0024 (36) access_mask : 0x100f000c (269418508) object : union security_ace_object_ctr(case 0) trustee : S-1-5-21-3266308635-3715972288-3547500332-512 aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x09 (9) 1: SEC_ACE_FLAG_OBJECT_INHERIT 0: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 1: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x09: SEC_ACE_FLAG_VALID_INHERIT (9) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0018 (24) access_mask : 0x100f000c (269418508) object : union security_ace_object_ctr(case 0) trustee : S-1-5-32-544 aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x02 (2) 0: SEC_ACE_FLAG_OBJECT_INHERIT 1: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 0: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0018 (24) access_mask : 0x100f000c (269418508) object : union security_ace_object_ctr(case 0) trustee : S-1-5-32-544 aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x09 (9) 1: SEC_ACE_FLAG_OBJECT_INHERIT 0: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 1: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x09: SEC_ACE_FLAG_VALID_INHERIT (9) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0018 (24) access_mask : 0x100f000c (269418508) object : union security_ace_object_ctr(case 0) trustee : S-1-5-32-550 aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x02 (2) 0: SEC_ACE_FLAG_OBJECT_INHERIT 1: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 0: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0018 (24) access_mask : 0x100f000c (269418508) object : union security_ace_object_ctr(case 0) trustee : S-1-5-32-550 attributes : 0x00001048 (4168) 0: PRINTER_ATTRIBUTE_QUEUED 0: PRINTER_ATTRIBUTE_DIRECT 0: PRINTER_ATTRIBUTE_DEFAULT 1: PRINTER_ATTRIBUTE_SHARED 0: PRINTER_ATTRIBUTE_NETWORK 0: PRINTER_ATTRIBUTE_HIDDEN 1: PRINTER_ATTRIBUTE_LOCAL 0: PRINTER_ATTRIBUTE_ENABLE_DEVQ 0: PRINTER_ATTRIBUTE_KEEPPRINTEDJOBS 0: PRINTER_ATTRIBUTE_DO_COMPLETE_FIRST 0: PRINTER_ATTRIBUTE_WORK_OFFLINE 0: PRINTER_ATTRIBUTE_ENABLE_BIDI 1: PRINTER_ATTRIBUTE_RAW_ONLY 0: PRINTER_ATTRIBUTE_PUBLISHED 0: PRINTER_ATTRIBUTE_FAX 0: PRINTER_ATTRIBUTE_TS priority : 0x00000001 (1) defaultpriority : 0x00000001 (1) starttime : 0x00000000 (0) untiltime : 0x00000000 (0) status : 0x00000000 (0) 0: PRINTER_STATUS_PAUSED 0: PRINTER_STATUS_ERROR 0: PRINTER_STATUS_PENDING_DELETION 0: PRINTER_STATUS_PAPER_JAM 0: PRINTER_STATUS_PAPER_OUT 0: PRINTER_STATUS_MANUAL_FEED 0: PRINTER_STATUS_PAPER_PROBLEM 0: PRINTER_STATUS_OFFLINE 0: PRINTER_STATUS_IO_ACTIVE 0: PRINTER_STATUS_BUSY 0: PRINTER_STATUS_PRINTING 0: PRINTER_STATUS_OUTPUT_BIN_FULL 0: PRINTER_STATUS_NOT_AVAILABLE 0: PRINTER_STATUS_WAITING 0: PRINTER_STATUS_PROCESSING 0: PRINTER_STATUS_INITIALIZING 0: PRINTER_STATUS_WARMING_UP 0: PRINTER_STATUS_TONER_LOW 0: PRINTER_STATUS_NO_TONER 0: PRINTER_STATUS_PAGE_PUNT 0: PRINTER_STATUS_USER_INTERVENTION 0: PRINTER_STATUS_OUT_OF_MEMORY 0: PRINTER_STATUS_DOOR_OPEN 0: PRINTER_STATUS_SERVER_UNKNOWN 0: PRINTER_STATUS_POWER_SAVE cjobs : 0x00000000 (0) averageppm : 0x00000000 (0) needed : * needed : 0x00000308 (776) result : WERR_OK [2012/08/30 15:27:54.088631, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP) api_rpcTNP: called \spoolss successfully [2012/08/30 15:27:54.088771, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 4140 [2012/08/30 15:27:54.088923, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) name: \spoolss len: 1024 [2012/08/30 15:27:54.089042, 10] rpc_server/srv_pipe_hnd.c:346(read_from_internal_pipe) read_from_pipe: \spoolss: fault_state = 0 : data_sent_length = 0, p->out_data.rdata.length = 4112. [2012/08/30 15:27:54.089167, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) &r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_RESPONSE (2) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x1028 (4136) auth_length : 0x0000 (0) call_id : 0x00000003 (3) u : union dcerpc_payload(case 2) response: struct dcerpc_response alloc_hint : 0x00001010 (4112) context_id : 0x0000 (0) cancel_count : 0x00 (0) _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=4112 [0000] 04 00 02 00 00 10 00 00 EE 0F 00 00 CC 0F 00 00 ........ ........ [0010] BC 0F 00 00 96 0F 00 00 86 0F 00 00 6C 0F 00 00 ........ ....l... [0020] 6A 0F 00 00 70 0E 00 00 68 0F 00 00 56 0F 00 00 j...p... h...V... [0030] 4E 0F 00 00 4C 0F 00 00 78 0D 00 00 48 10 00 00 N...L... x...H... [0040] 01 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0200] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0210] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0220] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0230] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0240] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0250] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0260] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0270] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0280] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0290] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0300] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0310] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0320] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0330] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0340] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0350] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0360] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0370] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0380] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0390] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0400] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0410] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0420] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0430] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0440] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0450] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0460] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0470] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0480] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0490] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0500] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0510] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0520] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0530] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0540] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0550] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0560] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0570] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0580] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0590] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0600] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0610] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0620] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0630] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0640] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0650] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0660] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0670] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0680] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0690] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0700] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0710] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0720] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0730] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0740] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0750] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0760] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0770] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0780] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0790] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0800] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0810] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0820] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0830] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0840] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0850] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0860] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0870] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0880] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0890] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0900] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0910] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0920] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0930] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0940] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0950] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0960] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0970] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0980] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0990] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D80] 01 00 04 80 D8 00 00 00 E8 00 00 00 00 00 00 00 ........ ........ [0D90] 14 00 00 00 02 00 C4 00 07 00 00 00 00 02 14 00 ........ ........ [0DA0] 08 00 02 20 01 01 00 00 00 00 00 01 00 00 00 00 ... .... ........ [0DB0] 00 09 24 00 0C 00 0F 10 01 05 00 00 00 00 00 05 ..$..... ........ [0DC0] 15 00 00 00 1B EA AF C2 C0 3C 7D DD 2C 8F 72 D3 ........ .<}.,.r. [0DD0] 00 02 00 00 00 02 24 00 0C 00 0F 10 01 05 00 00 ......$. ........ [0DE0] 00 00 00 05 15 00 00 00 1B EA AF C2 C0 3C 7D DD ........ .....<}. [0DF0] 2C 8F 72 D3 00 02 00 00 00 09 18 00 0C 00 0F 10 ,.r..... ........ [0E00] 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 ........ ... ... [0E10] 00 02 18 00 0C 00 0F 10 01 02 00 00 00 00 00 05 ........ ........ [0E20] 20 00 00 00 20 02 00 00 00 09 18 00 0C 00 0F 10 ... ... ........ [0E30] 01 02 00 00 00 00 00 05 20 00 00 00 26 02 00 00 ........ ...&... [0E40] 00 02 18 00 0C 00 0F 10 01 02 00 00 00 00 00 05 ........ ........ [0E50] 20 00 00 00 26 02 00 00 01 02 00 00 00 00 00 05 ...&... ........ [0E60] 20 00 00 00 20 02 00 00 01 02 00 00 00 00 00 05 ... ... ........ [0E70] 20 00 00 00 20 02 00 00 5C 00 5C 00 6F 00 72 00 ... ... \.\.o.r. [0E80] 61 00 6E 00 67 00 65 00 5C 00 48 00 50 00 5F 00 a.n.g.e. \.H.P._. [0E90] 34 00 35 00 31 00 35 00 00 00 00 00 00 00 00 00 4.5.1.5. ........ [0EA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EB0] 00 00 00 00 00 00 00 00 01 04 00 04 DC 00 00 00 ........ ........ [0EC0] 13 47 01 00 01 00 01 00 00 00 00 00 64 00 01 00 .G...... ....d... [0ED0] 0F 00 FC FF 01 00 01 00 00 00 03 00 00 00 4C 00 ........ ......L. [0EE0] 65 00 74 00 74 00 65 00 72 00 00 00 00 00 00 00 e.t.t.e. r....... [0EF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F50] 00 00 00 00 00 00 52 00 41 00 57 00 00 00 77 00 ......R. A.W...w. [0F60] 69 00 6E 00 70 00 72 00 69 00 6E 00 74 00 00 00 i.n.p.r. i.n.t... [0F70] 00 00 00 00 63 00 75 00 70 00 73 00 20 00 70 00 ....c.u. p.s. .p. [0F80] 72 00 69 00 6E 00 74 00 65 00 72 00 00 00 48 00 r.i.n.t. e.r...H. [0F90] 50 00 5F 00 34 00 35 00 31 00 35 00 00 00 53 00 P._.4.5. 1.5...S. [0FA0] 61 00 6D 00 62 00 61 00 20 00 50 00 72 00 69 00 a.m.b.a. .P.r.i. [0FB0] 6E 00 74 00 65 00 72 00 20 00 50 00 6F 00 72 00 n.t.e.r. .P.o.r. [0FC0] 74 00 00 00 48 00 50 00 5F 00 34 00 35 00 31 00 t...H.P. _.4.5.1. [0FD0] 35 00 00 00 5C 00 5C 00 6F 00 72 00 61 00 6E 00 5...\.\. o.r.a.n. [0FE0] 67 00 65 00 5C 00 48 00 50 00 5F 00 34 00 35 00 g.e.\.H. P._.4.5. [0FF0] 31 00 35 00 00 00 5C 00 5C 00 6F 00 72 00 61 00 1.5...\. \.o.r.a. [1000] 6E 00 67 00 65 00 00 00 08 03 00 00 00 00 00 00 n.g.e... ........ [2012/08/30 15:27:54.111044, 10] rpc_server/srv_pipe_hnd.c:788(np_read_recv) Received 1024 bytes. There is more data outstanding [2012/08/30 15:27:54.111173, 5] smbd/ipc.c:103(send_trans_reply) send_trans_reply: buffer 1024 too large [2012/08/30 15:27:54.111310, 5] smbd/ipc.c:62(copy_trans_params_and_data) copy_trans_params_and_data: params[0..0] data[0..1024] (align 0) [2012/08/30 15:27:54.111430, 3] smbd/error.c:81(error_packet_set) error packet at smbd/ipc.c(137) cmd=37 (SMBtrans) STATUS_BUFFER_OVERFLOW [2012/08/30 15:27:54.111601, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:54.111671, 5] lib/util.c:342(show_msg) size=1080 smb_com=0x25 smb_rcls=5 smb_reh=0 smb_err=32768 smb_flg=136 smb_flg2=51203 smb_tid=1 smb_pid=1080 smb_uid=100 smb_mid=8640 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 1024 (0x400) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 1024 (0x400) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=1025 [2012/08/30 15:27:54.113178, 10] ../lib/util/util.c:415(dump_data) [0000] 00 05 00 02 03 10 00 00 00 28 10 00 00 03 00 00 ........ .(...... [0010] 00 10 10 00 00 00 00 00 00 04 00 02 00 00 10 00 ........ ........ [0020] 00 EE 0F 00 00 CC 0F 00 00 BC 0F 00 00 96 0F 00 ........ ........ [0030] 00 86 0F 00 00 6C 0F 00 00 6A 0F 00 00 70 0E 00 .....l.. .j...p.. [0040] 00 68 0F 00 00 56 0F 00 00 4E 0F 00 00 4C 0F 00 .h...V.. .N...L.. [0050] 00 78 0D 00 00 48 10 00 00 01 00 00 00 01 00 00 .x...H.. ........ [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [2012/08/30 15:27:54.116660, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 59 [2012/08/30 15:27:54.116888, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x3b [2012/08/30 15:27:54.117014, 3] smbd/process.c:1662(process_smb) Transaction 57 of length 63 (0 toread) [2012/08/30 15:27:54.117131, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:54.117192, 5] lib/util.c:342(show_msg) size=59 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=100 smb_mid=8704 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]=17759 (0x455F) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 3112 (0xC28) smb_vwv[ 6]= 3112 (0xC28) smb_vwv[ 7]=65535 (0xFFFF) smb_vwv[ 8]=65535 (0xFFFF) smb_vwv[ 9]= 3112 (0xC28) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=0 [2012/08/30 15:27:54.118661, 10] ../lib/util/util.c:415(dump_data) [2012/08/30 15:27:54.118726, 3] smbd/process.c:1467(switch_message) switch message SMBreadX (pid 3054) conn 0x7fd50c02fa20 [2012/08/30 15:27:54.118861, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/08/30 15:27:54.118983, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) name: \spoolss len: 3112 [2012/08/30 15:27:54.119103, 10] rpc_server/srv_pipe_hnd.c:325(read_from_internal_pipe) read_from_pipe: \spoolss: current_pdu_len = 4136, current_pdu_sent = 1024 returning 3112 bytes. [2012/08/30 15:27:54.119227, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) free_pipe_context: destroying talloc pool of size 4526 [2012/08/30 15:27:54.119355, 10] rpc_server/rpc_handles.c:307(close_policy_by_pipe) close_policy_by_pipe: deleted handle list for pipe \winreg [2012/08/30 15:27:54.119484, 10] rpc_server/srv_pipe_hnd.c:788(np_read_recv) Received 3112 bytes. There is more data outstanding [2012/08/30 15:27:54.119620, 3] smbd/pipes.c:485(pipe_read_andx_done) readX-IPC min=3112 max=3112 nread=3112 [2012/08/30 15:27:54.121750, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 102 [2012/08/30 15:27:54.121944, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x66 [2012/08/30 15:27:54.122063, 3] smbd/process.c:1662(process_smb) Transaction 58 of length 106 (0 toread) [2012/08/30 15:27:54.122181, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:54.122242, 5] lib/util.c:342(show_msg) size=102 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=1080 smb_uid=100 smb_mid=8768 smt_wct=24 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 4096 (0x1000) smb_vwv[ 3]= 4096 (0x1000) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]=40704 (0x9F00) smb_vwv[ 8]= 4609 (0x1201) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 1792 (0x700) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 256 (0x100) smb_vwv[18]= 0 (0x0) smb_vwv[19]=16384 (0x4000) smb_vwv[20]=16384 (0x4000) smb_vwv[21]= 512 (0x200) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 768 (0x300) smb_bcc=19 [2012/08/30 15:27:54.124640, 10] ../lib/util/util.c:415(dump_data) [0000] F4 5C 00 73 00 70 00 6F 00 6F 00 6C 00 73 00 73 .\.s.p.o .o.l.s.s [0010] 00 00 00 ... [2012/08/30 15:27:54.124866, 3] smbd/process.c:1467(switch_message) switch message SMBntcreateX (pid 3054) conn 0x7fd50c02fa20 [2012/08/30 15:27:54.124988, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/08/30 15:27:54.125113, 10] smbd/nttrans.c:500(reply_ntcreate_and_X) reply_ntcreate_and_X: flags = 0x10, access_mask = 0x12019f file_attributes = 0x0, share_access = 0x7, create_disposition = 0x1 create_options = 0x400040 root_dir_fid = 0x0, fname = spoolss [2012/08/30 15:27:54.125252, 4] smbd/nttrans.c:288(nt_open_pipe) nt_open_pipe: Opening pipe \spoolss. [2012/08/30 15:27:54.125373, 5] smbd/files.c:140(file_new) allocated file structure 13664, fnum = 17760 (3 used) [2012/08/30 15:27:54.125496, 10] smbd/files.c:705(file_name_hash) file_name_hash: /tmp/spoolss hash 0x7d4e46e5 [2012/08/30 15:27:54.125637, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) Create pipe requested \spoolss [2012/08/30 15:27:54.125763, 10] rpc_server/rpc_handles.c:133(init_pipe_handles) init_pipe_handle_list: pipe_handles ref count = 3 for pipe \spoolss [2012/08/30 15:27:54.125890, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) Created internal pipe \spoolss (pipes_open=0) [2012/08/30 15:27:54.126028, 5] smbd/nttrans.c:377(do_ntcreate_pipe_open) do_ntcreate_pipe_open: open pipe = \spoolss [2012/08/30 15:27:54.126967, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 224 [2012/08/30 15:27:54.127141, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0xe0 [2012/08/30 15:27:54.127260, 3] smbd/process.c:1662(process_smb) Transaction 59 of length 228 (0 toread) [2012/08/30 15:27:54.127377, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:54.127438, 5] lib/util.c:342(show_msg) size=224 smb_com=0x2f smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=100 smb_mid=8832 smt_wct=14 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]=17760 (0x4560) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]=65535 (0xFFFF) smb_vwv[ 6]=65535 (0xFFFF) smb_vwv[ 7]= 8 (0x8) smb_vwv[ 8]= 160 (0xA0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 160 (0xA0) smb_vwv[11]= 64 (0x40) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_bcc=161 [2012/08/30 15:27:54.129129, 10] ../lib/util/util.c:415(dump_data) [0000] EE 05 00 0B 03 10 00 00 00 A0 00 00 00 02 00 00 ........ ........ [0010] 00 B8 10 B8 10 00 00 00 00 03 00 00 00 00 00 01 ........ ........ [0020] 00 78 56 34 12 34 12 CD AB EF 00 01 23 45 67 89 .xV4.4.. ....#Eg. [0030] AB 01 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 ......]. ........ [0040] 00 2B 10 48 60 02 00 00 00 01 00 01 00 78 56 34 .+.H`... .....xV4 [0050] 12 34 12 CD AB EF 00 01 23 45 67 89 AB 01 00 00 .4...... #Eg..... [0060] 00 33 05 71 71 BA BE 37 49 83 19 B5 DB EF 9C CC .3.qq..7 I....... [0070] 36 01 00 00 00 02 00 01 00 78 56 34 12 34 12 CD 6....... .xV4.4.. [0080] AB EF 00 01 23 45 67 89 AB 01 00 00 00 2C 1C B7 ....#Eg. .....,.. [0090] 6C 12 98 40 45 03 00 00 00 00 00 00 00 01 00 00 l..@E... ........ [00A0] 00 . [2012/08/30 15:27:54.129983, 3] smbd/process.c:1467(switch_message) switch message SMBwriteX (pid 3054) conn 0x7fd50c02fa20 [2012/08/30 15:27:54.130106, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/08/30 15:27:54.130242, 6] smbd/pipes.c:300(reply_pipe_write_and_X) reply_pipe_write_and_X: 4560 name: spoolss len: 160 [2012/08/30 15:27:54.130447, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 160 [2012/08/30 15:27:54.130574, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 160 [2012/08/30 15:27:54.130693, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 160 [2012/08/30 15:27:54.130811, 10] rpc_server/srv_pipe_hnd.c:50(fill_rpc_header) fill_rpc_header: data_to_copy = 160, len_needed_to_complete_hdr = 16, receive_len = 0 [2012/08/30 15:27:54.130933, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 16 [2012/08/30 15:27:54.131049, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 144 [2012/08/30 15:27:54.131165, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 144 [2012/08/30 15:27:54.131284, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 0 [2012/08/30 15:27:54.131421, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 144 [2012/08/30 15:27:54.131593, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 144, incoming data = 144 [2012/08/30 15:27:54.131716, 10] rpc_server/srv_pipe.c:1877(process_complete_pdu) PDU is in Little Endian format! [2012/08/30 15:27:54.131842, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_BIND (11) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x00a0 (160) auth_length : 0x0000 (0) call_id : 0x00000002 (2) u : union dcerpc_payload(case 11) bind: struct dcerpc_bind max_xmit_frag : 0x10b8 (4280) max_recv_frag : 0x10b8 (4280) assoc_group_id : 0x00000000 (0) num_contexts : 0x03 (3) ctx_list: ARRAY(3) ctx_list: struct dcerpc_ctx_list context_id : 0x0000 (0) num_transfer_syntaxes : 0x01 (1) abstract_syntax: struct ndr_syntax_id uuid : 12345678-1234-abcd-ef00-0123456789ab if_version : 0x00000001 (1) transfer_syntaxes: ARRAY(1) transfer_syntaxes: struct ndr_syntax_id uuid : 8a885d04-1ceb-11c9-9fe8-08002b104860 if_version : 0x00000002 (2) ctx_list: struct dcerpc_ctx_list context_id : 0x0001 (1) num_transfer_syntaxes : 0x01 (1) abstract_syntax: struct ndr_syntax_id uuid : 12345678-1234-abcd-ef00-0123456789ab if_version : 0x00000001 (1) transfer_syntaxes: ARRAY(1) transfer_syntaxes: struct ndr_syntax_id uuid : 71710533-beba-4937-8319-b5dbef9ccc36 if_version : 0x00000001 (1) ctx_list: struct dcerpc_ctx_list context_id : 0x0002 (2) num_transfer_syntaxes : 0x01 (1) abstract_syntax: struct ndr_syntax_id uuid : 12345678-1234-abcd-ef00-0123456789ab if_version : 0x00000001 (1) transfer_syntaxes: ARRAY(1) transfer_syntaxes: struct ndr_syntax_id uuid : 6cb71c2c-9812-4540-0300-000000000000 if_version : 0x00000001 (1) auth_info : DATA_BLOB length=0 [2012/08/30 15:27:54.134906, 10] rpc_server/srv_pipe.c:1890(process_complete_pdu) Processing packet type 11 [2012/08/30 15:27:54.135026, 3] rpc_server/srv_pipe.c:889(api_pipe_bind_req) api_pipe_bind_req: \PIPE\spoolss -> \PIPE\spoolss [2012/08/30 15:27:54.135144, 5] rpc_server/srv_pipe.c:923(api_pipe_bind_req) api_pipe_bind_req: make response. 923 [2012/08/30 15:27:54.135263, 3] rpc_server/srv_pipe.c:339(check_bind_req) check_bind_req for \spoolss [2012/08/30 15:27:54.135382, 3] rpc_server/srv_pipe.c:346(check_bind_req) check_bind_req: \PIPE\spoolss -> \PIPE\spoolss [2012/08/30 15:27:54.135636, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) &r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_BIND_ACK (12) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0044 (68) auth_length : 0x0000 (0) call_id : 0x00000002 (2) u : union dcerpc_payload(case 12) bind_ack: struct dcerpc_bind_ack max_xmit_frag : 0x10b8 (4280) max_recv_frag : 0x10b8 (4280) assoc_group_id : 0x000053f0 (21488) secondary_address_size : 0x000e (14) secondary_address : '\PIPE\spoolss' _pad1 : DATA_BLOB length=0 num_results : 0x01 (1) ctx_list: ARRAY(1) ctx_list: struct dcerpc_ack_ctx result : 0x0000 (0) reason : 0x0000 (0) syntax: struct ndr_syntax_id uuid : 8a885d04-1ceb-11c9-9fe8-08002b104860 if_version : 0x00000002 (2) auth_info : DATA_BLOB length=0 [2012/08/30 15:27:54.137519, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 144 [2012/08/30 15:27:54.137652, 3] smbd/pipes.c:361(pipe_write_andx_done) writeX-IPC nwritten=160 [2012/08/30 15:27:54.138410, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 59 [2012/08/30 15:27:54.138571, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x3b [2012/08/30 15:27:54.138690, 3] smbd/process.c:1662(process_smb) Transaction 60 of length 63 (0 toread) [2012/08/30 15:27:54.138807, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:54.138880, 5] lib/util.c:342(show_msg) size=59 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=100 smb_mid=8896 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]=17760 (0x4560) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 1024 (0x400) smb_vwv[ 6]= 1024 (0x400) smb_vwv[ 7]=65535 (0xFFFF) smb_vwv[ 8]=65535 (0xFFFF) smb_vwv[ 9]= 1024 (0x400) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=0 [2012/08/30 15:27:54.140498, 10] ../lib/util/util.c:415(dump_data) [2012/08/30 15:27:54.140563, 3] smbd/process.c:1467(switch_message) switch message SMBreadX (pid 3054) conn 0x7fd50c02fa20 [2012/08/30 15:27:54.140692, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/08/30 15:27:54.140848, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) name: \spoolss len: 1024 [2012/08/30 15:27:54.140972, 10] rpc_server/srv_pipe_hnd.c:325(read_from_internal_pipe) read_from_pipe: \spoolss: current_pdu_len = 68, current_pdu_sent = 0 returning 68 bytes. [2012/08/30 15:27:54.141094, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) free_pipe_context: destroying talloc pool of size 29 [2012/08/30 15:27:54.141244, 10] rpc_server/srv_pipe_hnd.c:788(np_read_recv) Received 68 bytes. There is no more data outstanding [2012/08/30 15:27:54.141363, 3] smbd/pipes.c:485(pipe_read_andx_done) readX-IPC min=1024 max=1024 nread=68 [2012/08/30 15:27:54.141984, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 292 [2012/08/30 15:27:54.142158, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x124 [2012/08/30 15:27:54.142277, 3] smbd/process.c:1662(process_smb) Transaction 61 of length 296 (0 toread) [2012/08/30 15:27:54.142394, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:54.142472, 5] lib/util.c:342(show_msg) size=292 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=1080 smb_uid=100 smb_mid=8960 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 208 (0xD0) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 208 (0xD0) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=17760 (0x4560) smb_bcc=225 [2012/08/30 15:27:54.144321, 10] ../lib/util/util.c:415(dump_data) [0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [0010] 00 05 00 00 03 10 00 00 00 D0 00 00 00 02 00 00 ........ ........ [0020] 00 B8 00 00 00 00 00 45 00 00 00 02 00 11 00 00 .......E ........ [0030] 00 00 00 00 00 11 00 00 00 5C 00 5C 00 6F 00 72 ........ .\.\.o.r [0040] 00 61 00 6E 00 67 00 65 00 5C 00 48 00 50 00 5F .a.n.g.e .\.H.P._ [0050] 00 34 00 35 00 31 00 35 00 00 00 00 00 00 00 00 .4.5.1.5 ........ [0060] 00 00 00 00 00 00 00 00 00 08 00 02 00 01 00 00 ........ ........ [0070] 00 01 00 00 00 04 00 02 00 28 00 00 00 08 00 02 ........ .(...... [0080] 00 0C 00 02 00 B1 1D 00 00 03 00 00 00 00 00 00 ........ ........ [0090] 00 09 00 00 00 07 00 00 00 00 00 00 00 07 00 00 ........ ........ [00A0] 00 50 00 41 00 4E 00 41 00 4D 00 41 00 00 00 00 .P.A.N.A .M.A.... [00B0] 00 12 00 00 00 00 00 00 00 12 00 00 00 41 00 43 ........ .....A.C [00C0] 00 52 00 5C 00 61 00 64 00 6D 00 69 00 6E 00 69 .R.\.a.d .m.i.n.i [00D0] 00 73 00 74 00 72 00 61 00 74 00 6F 00 72 00 00 .s.t.r.a .t.o.r.. [00E0] 00 . [2012/08/30 15:27:54.145422, 3] smbd/process.c:1467(switch_message) switch message SMBtrans (pid 3054) conn 0x7fd50c02fa20 [2012/08/30 15:27:54.145570, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/08/30 15:27:54.145698, 3] smbd/ipc.c:560(handle_trans) trans <\PIPE\> data=208 params=0 setup=2 [2012/08/30 15:27:54.145820, 5] smbd/ipc.c:593(handle_trans) calling named_pipe [2012/08/30 15:27:54.145954, 3] smbd/ipc.c:511(named_pipe) named pipe command on <> name [2012/08/30 15:27:54.146072, 5] smbd/ipc.c:434(api_fd_reply) api_fd_reply [2012/08/30 15:27:54.146189, 3] smbd/ipc.c:475(api_fd_reply) Got API command 0x26 on pipe "spoolss" (pnum 4560) [2012/08/30 15:27:54.146310, 10] smbd/ipc.c:477(api_fd_reply) api_fd_reply: p:0x7fd50c02c9d0 max_trans_reply: 1024 [2012/08/30 15:27:54.146430, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 208 [2012/08/30 15:27:54.146549, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 208 [2012/08/30 15:27:54.146677, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 208 [2012/08/30 15:27:54.146814, 10] rpc_server/srv_pipe_hnd.c:50(fill_rpc_header) fill_rpc_header: data_to_copy = 208, len_needed_to_complete_hdr = 16, receive_len = 0 [2012/08/30 15:27:54.146932, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 16 [2012/08/30 15:27:54.147048, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 192 [2012/08/30 15:27:54.147169, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 192 [2012/08/30 15:27:54.147423, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 0 [2012/08/30 15:27:54.147568, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 192 [2012/08/30 15:27:54.147695, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 192, incoming data = 192 [2012/08/30 15:27:54.147814, 10] rpc_server/srv_pipe.c:1877(process_complete_pdu) PDU is in Little Endian format! [2012/08/30 15:27:54.147952, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_REQUEST (0) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x00d0 (208) auth_length : 0x0000 (0) call_id : 0x00000002 (2) u : union dcerpc_payload(case 0) request: struct dcerpc_request alloc_hint : 0x000000b8 (184) context_id : 0x0000 (0) opnum : 0x0045 (69) object : union dcerpc_object(case 0) empty: struct dcerpc_empty _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=184 [0000] 00 00 02 00 11 00 00 00 00 00 00 00 11 00 00 00 ........ ........ [0010] 5C 00 5C 00 6F 00 72 00 61 00 6E 00 67 00 65 00 \.\.o.r. a.n.g.e. [0020] 5C 00 48 00 50 00 5F 00 34 00 35 00 31 00 35 00 \.H.P._. 4.5.1.5. [0030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0040] 08 00 02 00 01 00 00 00 01 00 00 00 04 00 02 00 ........ ........ [0050] 28 00 00 00 08 00 02 00 0C 00 02 00 B1 1D 00 00 (....... ........ [0060] 03 00 00 00 00 00 00 00 09 00 00 00 07 00 00 00 ........ ........ [0070] 00 00 00 00 07 00 00 00 50 00 41 00 4E 00 41 00 ........ P.A.N.A. [0080] 4D 00 41 00 00 00 00 00 12 00 00 00 00 00 00 00 M.A..... ........ [0090] 12 00 00 00 41 00 43 00 52 00 5C 00 61 00 64 00 ....A.C. R.\.a.d. [00A0] 6D 00 69 00 6E 00 69 00 73 00 74 00 72 00 61 00 m.i.n.i. s.t.r.a. [00B0] 74 00 6F 00 72 00 00 00 t.o.r... [2012/08/30 15:27:54.150195, 10] rpc_server/srv_pipe.c:1890(process_complete_pdu) Processing packet type 0 [2012/08/30 15:27:54.150323, 10] rpc_server/srv_pipe.c:1734(dcesrv_auth_request) Checking request auth. [2012/08/30 15:27:54.150447, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) Requested \PIPE\\spoolss [2012/08/30 15:27:54.150567, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) api_rpcTNP: \spoolss op 0x45 - api_rpcTNP: rpc command: SPOOLSS_OPENPRINTEREX [2012/08/30 15:27:54.150685, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) api_rpc_cmds[69].fn == 0x7fd50aec9b10 [2012/08/30 15:27:54.150810, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) spoolss_OpenPrinterEx: struct spoolss_OpenPrinterEx in: struct spoolss_OpenPrinterEx printername : * printername : '\\orange\HP_4515' datatype : NULL devmode_ctr: struct spoolss_DevmodeContainer _ndr_size : 0x00000000 (0) devmode : NULL access_mask : 0x00020008 (131080) 0: SERVER_ACCESS_ADMINISTER 0: SERVER_ACCESS_ENUMERATE 0: PRINTER_ACCESS_ADMINISTER 1: PRINTER_ACCESS_USE 0: JOB_ACCESS_ADMINISTER 0: JOB_ACCESS_READ level : 0x00000001 (1) userlevel : union spoolss_UserLevel(case 1) level1 : * level1: struct spoolss_UserLevel1 size : 0x00000028 (40) client : * client : 'PANAMA' user : * user : 'ACR\administrator' build : 0x00001db1 (7601) major : UNKNOWN_ENUM_VALUE (3) minor : SPOOLSS_MINOR_VERSION_0 (0) processor : PROCESSOR_ARCHITECTURE_AMD64 (9) checking name: \\orange\HP_4515 [2012/08/30 15:27:54.152647, 10] rpc_server/spoolss/srv_spoolss_nt.c:752(open_printer_hnd) open_printer_hnd: name [\\orange\HP_4515] [2012/08/30 15:27:54.152773, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[3] [0000] 00 00 00 00 40 00 00 00 00 00 00 00 3F 50 BA BE ....@... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:54.152968, 3] rpc_server/spoolss/srv_spoolss_nt.c:521(set_printer_hnd_printertype) Setting printer type=\\orange\HP_4515 Printer is a printer [2012/08/30 15:27:54.153158, 4] rpc_server/spoolss/srv_spoolss_nt.c:581(set_printer_hnd_name) Setting printer name=\\orange\HP_4515 (len=16) searching for [HP_4515] [2012/08/30 15:27:54.153354, 10] lib/gencache.c:183(gencache_set_data_blob) Adding cache entry with key = PRINTERNAME/HP_4515 and timeout = Thu Aug 30 15:32:54 2012 (300 seconds ahead) set_printer_hnd_name: Printer found: HP_4515 -> HP_4515 [2012/08/30 15:27:54.153616, 5] rpc_server/spoolss/srv_spoolss_nt.c:788(open_printer_hnd) 3 printer handles active [2012/08/30 15:27:54.153733, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 40 00 00 00 00 00 00 00 3F 50 BA BE ....@... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:54.153928, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 40 00 00 00 00 00 00 00 3F 50 BA BE ....@... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:54.154121, 4] rpc_server/spoolss/srv_spoolss_nt.c:504(get_printer_snum) short name:HP_4515 [2012/08/30 15:27:54.154261, 3] lib/access.c:338(allow_access) Allowed connection from 192.168.30.50 (192.168.30.50) [2012/08/30 15:27:54.157731, 3] ../libcli/security/dom_sid.c:208(dom_sid_parse_endp) string_to_sid: SID root is not in a valid format [2012/08/30 15:27:54.157896, 10] passdb/lookup_sid.c:76(lookup_name) lookup_name: ACR\root => domain=[ACR], name=[root] [2012/08/30 15:27:54.158015, 10] passdb/lookup_sid.c:77(lookup_name) lookup_name: flags = 0x073 [2012/08/30 15:27:54.158160, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(10000, 513) : sec_ctx_stack_ndx = 1 [2012/08/30 15:27:54.158283, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(100) : conn_ctx_stack_ndx = 0 [2012/08/30 15:27:54.158409, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2012/08/30 15:27:54.158530, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2012/08/30 15:27:54.158646, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2012/08/30 15:27:54.158866, 5] lib/smbldap.c:1439(smbldap_search_ext) smbldap_search_ext: base => [dc=acr,dc=lab], filter => [(&(uid=root)(objectclass=sambaSamAccount))], scope => [2] [2012/08/30 15:27:54.159986, 4] passdb/pdb_ldap.c:1581(ldapsam_getsampwnam) ldapsam_getsampwnam: Unable to locate user [root] count=0 [2012/08/30 15:27:54.160203, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (10000, 513) - sec_ctx_stack_ndx = 0 [2012/08/30 15:27:54.160325, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(10000, 513) : sec_ctx_stack_ndx = 1 [2012/08/30 15:27:54.160463, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(100) : conn_ctx_stack_ndx = 0 [2012/08/30 15:27:54.160581, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2012/08/30 15:27:54.160709, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2012/08/30 15:27:54.160835, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2012/08/30 15:27:54.161023, 5] lib/smbldap.c:1439(smbldap_search_ext) smbldap_search_ext: base => [dc=acr,dc=lab], filter => [(&(objectClass=sambaGroupMapping)(|(displayName=root)(cn=root)))], scope => [2] [2012/08/30 15:27:54.162537, 4] passdb/pdb_ldap.c:2543(ldapsam_getgroup) ldapsam_getgroup: Did not find group, filter was (&(objectClass=sambaGroupMapping)(|(displayName=root)(cn=root))) [2012/08/30 15:27:54.162689, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (10000, 513) - sec_ctx_stack_ndx = 0 [2012/08/30 15:27:54.162817, 10] passdb/lookup_sid.c:76(lookup_name) lookup_name: Unix User\root => domain=[Unix User], name=[root] [2012/08/30 15:27:54.162933, 10] passdb/lookup_sid.c:77(lookup_name) lookup_name: flags = 0x073 [2012/08/30 15:27:54.163059, 5] lib/username.c:171(Get_Pwnam_alloc) Finding user root [2012/08/30 15:27:54.163189, 5] lib/username.c:116(Get_Pwnam_internals) Trying _Get_Pwnam(), username as lowercase is root [2012/08/30 15:27:54.163314, 5] lib/username.c:149(Get_Pwnam_internals) Get_Pwnam_internals did find user [root]! [2012/08/30 15:27:54.163426, 10] smbd/share_access.c:241(user_ok_token) user_ok_token: share HP_4515 is ok for unix user administrator [2012/08/30 15:27:54.163631, 4] rpc_server/spoolss/srv_spoolss_nt.c:1923(_spoolss_OpenPrinterEx) Setting printer access = PRINTER_ACCESS_USE [2012/08/30 15:27:54.163792, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) Create pipe requested \winreg [2012/08/30 15:27:54.163919, 10] rpc_server/rpc_handles.c:116(init_pipe_handles) init_pipe_handle_list: created handle list for pipe \winreg [2012/08/30 15:27:54.164047, 10] rpc_server/rpc_handles.c:133(init_pipe_handles) init_pipe_handle_list: pipe_handles ref count = 1 for pipe \winreg [2012/08/30 15:27:54.164174, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) Created internal pipe \winreg (pipes_open=0) [2012/08/30 15:27:54.164310, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM in: struct winreg_OpenHKLM system_name : NULL access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2012/08/30 15:27:54.165077, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2012/08/30 15:27:54.165209, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (2->3) [2012/08/30 15:27:54.165329, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM] [2012/08/30 15:27:54.165445, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM] [2012/08/30 15:27:54.165565, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:54.165698, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM] [2012/08/30 15:27:54.165842, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM] [2012/08/30 15:27:54.165991, 10] ../libcli/security/access_check.c:178(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2012/08/30 15:27:54.166113, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[1] [0000] 00 00 00 00 41 00 00 00 00 00 00 00 3F 50 BA BE ....A... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:54.166324, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM out: struct winreg_OpenHKLM handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000041-0000-0000-3f50-babeee0b0000 result : WERR_OK [2012/08/30 15:27:54.166827, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey in: struct winreg_OpenKey parent_handle : * parent_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000041-0000-0000-3f50-babeee0b0000 keyname: struct winreg_String name_len : 0x0088 (136) name_size : 0x0088 (136) name : * name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2012/08/30 15:27:54.168398, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 41 00 00 00 00 00 00 00 3F 50 BA BE ....A... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:54.168599, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2012/08/30 15:27:54.168717, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (3->4) [2012/08/30 15:27:54.168837, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] [2012/08/30 15:27:54.168955, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE] [2012/08/30 15:27:54.169076, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:54.169191, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE] [2012/08/30 15:27:54.169365, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE] [2012/08/30 15:27:54.169499, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2012/08/30 15:27:54.169617, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (4->5) [2012/08/30 15:27:54.169794, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] [2012/08/30 15:27:54.169914, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] [2012/08/30 15:27:54.170033, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:54.170165, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE\Microsoft] [2012/08/30 15:27:54.170300, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft] [2012/08/30 15:27:54.170462, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2012/08/30 15:27:54.170584, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (5->6) [2012/08/30 15:27:54.170704, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] [2012/08/30 15:27:54.170821, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] [2012/08/30 15:27:54.170941, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:54.171056, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] [2012/08/30 15:27:54.171190, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT] [2012/08/30 15:27:54.171323, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2012/08/30 15:27:54.171441, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (6->7) [2012/08/30 15:27:54.171619, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2012/08/30 15:27:54.171754, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2012/08/30 15:27:54.171875, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:54.171991, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b776320 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2012/08/30 15:27:54.172137, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2012/08/30 15:27:54.172257, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (7->8) [2012/08/30 15:27:54.172379, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2012/08/30 15:27:54.172515, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2012/08/30 15:27:54.172628, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:54.172835, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b776320 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2012/08/30 15:27:54.172980, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2012/08/30 15:27:54.173100, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (8->9) [2012/08/30 15:27:54.173223, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2012/08/30 15:27:54.173349, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2012/08/30 15:27:54.173469, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:54.173585, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2012/08/30 15:27:54.173724, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2012/08/30 15:27:54.173876, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [HP_4515] [2012/08/30 15:27:54.173995, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (9->10) [2012/08/30 15:27:54.174133, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:54.174251, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:54.174371, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:54.174490, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:54.174644, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:54.174845, 10] ../libcli/security/access_check.c:178(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2012/08/30 15:27:54.174967, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (10->9) [2012/08/30 15:27:54.175086, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (9->8) [2012/08/30 15:27:54.175209, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (8->7) [2012/08/30 15:27:54.175357, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (7->6) [2012/08/30 15:27:54.175508, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (6->5) [2012/08/30 15:27:54.175654, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (5->4) [2012/08/30 15:27:54.175774, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[2] [0000] 00 00 00 00 42 00 00 00 00 00 00 00 3F 50 BA BE ....B... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:54.175986, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey out: struct winreg_OpenKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000042-0000-0000-3f50-babeee0b0000 result : WERR_OK [2012/08/30 15:27:54.176486, 2] rpc_client/cli_winreg_spoolss.c:898(winreg_create_printer) winreg_create_printer: Skipping, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515 already exists [2012/08/30 15:27:54.176615, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000042-0000-0000-3f50-babeee0b0000 [2012/08/30 15:27:54.177045, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 42 00 00 00 00 00 00 00 3F 50 BA BE ....B... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:54.177248, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 42 00 00 00 00 00 00 00 3F 50 BA BE ....B... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:54.177441, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/08/30 15:27:54.177630, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (4->3) [2012/08/30 15:27:54.177749, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2012/08/30 15:27:54.178229, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000041-0000-0000-3f50-babeee0b0000 [2012/08/30 15:27:54.178660, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 41 00 00 00 00 00 00 00 3F 50 BA BE ....A... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:54.178857, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 41 00 00 00 00 00 00 00 3F 50 BA BE ....A... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:54.179050, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/08/30 15:27:54.179184, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (3->2) [2012/08/30 15:27:54.179310, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2012/08/30 15:27:54.179973, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) spoolss_OpenPrinterEx: struct spoolss_OpenPrinterEx out: struct spoolss_OpenPrinterEx handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000040-0000-0000-3f50-babeee0b0000 result : WERR_OK [2012/08/30 15:27:54.180453, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP) api_rpcTNP: called \spoolss successfully [2012/08/30 15:27:54.180577, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 192 [2012/08/30 15:27:54.180726, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) name: \spoolss len: 1024 [2012/08/30 15:27:54.180846, 10] rpc_server/srv_pipe_hnd.c:346(read_from_internal_pipe) read_from_pipe: \spoolss: fault_state = 0 : data_sent_length = 0, p->out_data.rdata.length = 24. [2012/08/30 15:27:54.180975, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) &r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_RESPONSE (2) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0030 (48) auth_length : 0x0000 (0) call_id : 0x00000002 (2) u : union dcerpc_payload(case 2) response: struct dcerpc_response alloc_hint : 0x00000018 (24) context_id : 0x0000 (0) cancel_count : 0x00 (0) _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=24 [0000] 00 00 00 00 40 00 00 00 00 00 00 00 3F 50 BA BE ....@... ....?P.. [0010] EE 0B 00 00 00 00 00 00 ........ [2012/08/30 15:27:54.182413, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) free_pipe_context: destroying talloc pool of size 1460 [2012/08/30 15:27:54.182537, 10] rpc_server/rpc_handles.c:307(close_policy_by_pipe) close_policy_by_pipe: deleted handle list for pipe \winreg [2012/08/30 15:27:54.182685, 10] rpc_server/srv_pipe_hnd.c:788(np_read_recv) Received 48 bytes. There is no more data outstanding [2012/08/30 15:27:54.182808, 5] smbd/ipc.c:62(copy_trans_params_and_data) copy_trans_params_and_data: params[0..0] data[0..48] (align 0) [2012/08/30 15:27:54.182958, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:54.183029, 5] lib/util.c:342(show_msg) size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=1 smb_pid=1080 smb_uid=100 smb_mid=8960 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [2012/08/30 15:27:54.184943, 10] ../lib/util/util.c:415(dump_data) [0000] 00 05 00 02 03 10 00 00 00 30 00 00 00 02 00 00 ........ .0...... [0010] 00 18 00 00 00 00 00 00 00 00 00 00 00 40 00 00 ........ .....@.. [0020] 00 00 00 00 00 3F 50 BA BE EE 0B 00 00 00 00 00 .....?P. ........ [0030] 00 . [2012/08/30 15:27:54.197844, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 144 [2012/08/30 15:27:54.198132, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x90 [2012/08/30 15:27:54.198274, 3] smbd/process.c:1662(process_smb) Transaction 62 of length 148 (0 toread) [2012/08/30 15:27:54.198393, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:54.198454, 5] lib/util.c:342(show_msg) size=144 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=1080 smb_uid=100 smb_mid=9024 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 60 (0x3C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 60 (0x3C) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=17760 (0x4560) smb_bcc=77 [2012/08/30 15:27:54.200299, 10] ../lib/util/util.c:415(dump_data) [0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [0010] 00 05 00 00 03 10 00 00 00 3C 00 00 00 03 00 00 ........ .<...... [0020] 00 24 00 00 00 00 00 22 00 00 00 00 00 40 00 00 .$....." .....@.. [0030] 00 00 00 00 00 3F 50 BA BE EE 0B 00 00 02 00 00 .....?P. ........ [0040] 00 00 00 02 00 00 00 00 00 00 00 00 00 ........ ..... [2012/08/30 15:27:54.200708, 3] smbd/process.c:1467(switch_message) switch message SMBtrans (pid 3054) conn 0x7fd50c02fa20 [2012/08/30 15:27:54.200847, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/08/30 15:27:54.200973, 3] smbd/ipc.c:560(handle_trans) trans <\PIPE\> data=60 params=0 setup=2 [2012/08/30 15:27:54.201103, 5] smbd/ipc.c:593(handle_trans) calling named_pipe [2012/08/30 15:27:54.201222, 3] smbd/ipc.c:511(named_pipe) named pipe command on <> name [2012/08/30 15:27:54.201339, 5] smbd/ipc.c:434(api_fd_reply) api_fd_reply [2012/08/30 15:27:54.201456, 3] smbd/ipc.c:475(api_fd_reply) Got API command 0x26 on pipe "spoolss" (pnum 4560) [2012/08/30 15:27:54.201574, 10] smbd/ipc.c:477(api_fd_reply) api_fd_reply: p:0x7fd50c02c9d0 max_trans_reply: 1024 [2012/08/30 15:27:54.201697, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 60 [2012/08/30 15:27:54.201816, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 60 [2012/08/30 15:27:54.201932, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 60 [2012/08/30 15:27:54.202066, 10] rpc_server/srv_pipe_hnd.c:50(fill_rpc_header) fill_rpc_header: data_to_copy = 60, len_needed_to_complete_hdr = 16, receive_len = 0 [2012/08/30 15:27:54.202184, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 16 [2012/08/30 15:27:54.202300, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 44 [2012/08/30 15:27:54.202427, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 44 [2012/08/30 15:27:54.202551, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 0 [2012/08/30 15:27:54.202668, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 44 [2012/08/30 15:27:54.202794, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 44, incoming data = 44 [2012/08/30 15:27:54.202918, 10] rpc_server/srv_pipe.c:1877(process_complete_pdu) PDU is in Little Endian format! [2012/08/30 15:27:54.203041, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_REQUEST (0) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x003c (60) auth_length : 0x0000 (0) call_id : 0x00000003 (3) u : union dcerpc_payload(case 0) request: struct dcerpc_request alloc_hint : 0x00000024 (36) context_id : 0x0000 (0) opnum : 0x0022 (34) object : union dcerpc_object(case 0) empty: struct dcerpc_empty _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=36 [0000] 00 00 00 00 40 00 00 00 00 00 00 00 3F 50 BA BE ....@... ....?P.. [0010] EE 0B 00 00 02 00 00 00 00 00 02 00 00 00 00 00 ........ ........ [0020] 00 00 00 00 .... [2012/08/30 15:27:54.204678, 10] rpc_server/srv_pipe.c:1890(process_complete_pdu) Processing packet type 0 [2012/08/30 15:27:54.204798, 10] rpc_server/srv_pipe.c:1734(dcesrv_auth_request) Checking request auth. [2012/08/30 15:27:54.204918, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) Requested \PIPE\\spoolss [2012/08/30 15:27:54.205039, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) api_rpcTNP: \spoolss op 0x22 - api_rpcTNP: rpc command: SPOOLSS_ENUMFORMS [2012/08/30 15:27:54.205160, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) api_rpc_cmds[34].fn == 0x7fd50aecf370 [2012/08/30 15:27:54.205354, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) spoolss_EnumForms: struct spoolss_EnumForms in: struct spoolss_EnumForms handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000040-0000-0000-3f50-babeee0b0000 level : 0x00000002 (2) buffer : * buffer : DATA_BLOB length=0 offered : 0x00000000 (0) [2012/08/30 15:27:54.206067, 4] rpc_server/spoolss/srv_spoolss_nt.c:7481(_spoolss_EnumForms) _spoolss_EnumForms Offered buffer size [0] Info level [2] [2012/08/30 15:27:54.206322, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) spoolss_EnumForms: struct spoolss_EnumForms out: struct spoolss_EnumForms count : * count : 0x00000000 (0) info : * info : NULL needed : * needed : 0x00000000 (0) result : WERR_UNKNOWN_LEVEL [2012/08/30 15:27:54.206917, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP) api_rpcTNP: called \spoolss successfully [2012/08/30 15:27:54.207037, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 44 [2012/08/30 15:27:54.207167, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) name: \spoolss len: 1024 [2012/08/30 15:27:54.207286, 10] rpc_server/srv_pipe_hnd.c:346(read_from_internal_pipe) read_from_pipe: \spoolss: fault_state = 0 : data_sent_length = 0, p->out_data.rdata.length = 20. [2012/08/30 15:27:54.207409, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) &r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_RESPONSE (2) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x002c (44) auth_length : 0x0000 (0) call_id : 0x00000003 (3) u : union dcerpc_payload(case 2) response: struct dcerpc_response alloc_hint : 0x00000014 (20) context_id : 0x0000 (0) cancel_count : 0x00 (0) _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=20 [0000] 04 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0010] 7C 00 00 00 |... [2012/08/30 15:27:54.209188, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) free_pipe_context: destroying talloc pool of size 29 [2012/08/30 15:27:54.209344, 10] rpc_server/srv_pipe_hnd.c:788(np_read_recv) Received 44 bytes. There is no more data outstanding [2012/08/30 15:27:54.209465, 5] smbd/ipc.c:62(copy_trans_params_and_data) copy_trans_params_and_data: params[0..0] data[0..44] (align 0) [2012/08/30 15:27:54.209583, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:54.209647, 5] lib/util.c:342(show_msg) size=100 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=1 smb_pid=1080 smb_uid=100 smb_mid=9024 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 44 (0x2C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 44 (0x2C) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=45 [2012/08/30 15:27:54.211027, 10] ../lib/util/util.c:415(dump_data) [0000] 00 05 00 02 03 10 00 00 00 2C 00 00 00 03 00 00 ........ .,...... [0010] 00 14 00 00 00 00 00 00 00 04 00 02 00 00 00 00 ........ ........ [0020] 00 00 00 00 00 00 00 00 00 7C 00 00 00 ........ .|... [2012/08/30 15:27:54.212133, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 144 [2012/08/30 15:27:54.212303, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x90 [2012/08/30 15:27:54.212428, 3] smbd/process.c:1662(process_smb) Transaction 63 of length 148 (0 toread) [2012/08/30 15:27:54.212547, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:54.212609, 5] lib/util.c:342(show_msg) size=144 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=1080 smb_uid=100 smb_mid=9088 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 60 (0x3C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 60 (0x3C) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=17760 (0x4560) smb_bcc=77 [2012/08/30 15:27:54.214471, 10] ../lib/util/util.c:415(dump_data) [0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [0010] 00 05 00 00 03 10 00 00 00 3C 00 00 00 04 00 00 ........ .<...... [0020] 00 24 00 00 00 00 00 22 00 00 00 00 00 40 00 00 .$....." .....@.. [0030] 00 00 00 00 00 3F 50 BA BE EE 0B 00 00 01 00 00 .....?P. ........ [0040] 00 00 00 02 00 00 00 00 00 00 00 00 00 ........ ..... [2012/08/30 15:27:54.214888, 3] smbd/process.c:1467(switch_message) switch message SMBtrans (pid 3054) conn 0x7fd50c02fa20 [2012/08/30 15:27:54.215007, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/08/30 15:27:54.215150, 3] smbd/ipc.c:560(handle_trans) trans <\PIPE\> data=60 params=0 setup=2 [2012/08/30 15:27:54.215272, 5] smbd/ipc.c:593(handle_trans) calling named_pipe [2012/08/30 15:27:54.215389, 3] smbd/ipc.c:511(named_pipe) named pipe command on <> name [2012/08/30 15:27:54.215568, 5] smbd/ipc.c:434(api_fd_reply) api_fd_reply [2012/08/30 15:27:54.215715, 3] smbd/ipc.c:475(api_fd_reply) Got API command 0x26 on pipe "spoolss" (pnum 4560) [2012/08/30 15:27:54.215841, 10] smbd/ipc.c:477(api_fd_reply) api_fd_reply: p:0x7fd50c02c9d0 max_trans_reply: 1024 [2012/08/30 15:27:54.215963, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 60 [2012/08/30 15:27:54.216081, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 60 [2012/08/30 15:27:54.216196, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 60 [2012/08/30 15:27:54.216316, 10] rpc_server/srv_pipe_hnd.c:50(fill_rpc_header) fill_rpc_header: data_to_copy = 60, len_needed_to_complete_hdr = 16, receive_len = 0 [2012/08/30 15:27:54.216434, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 16 [2012/08/30 15:27:54.216551, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 44 [2012/08/30 15:27:54.216667, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 44 [2012/08/30 15:27:54.216788, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 0 [2012/08/30 15:27:54.216904, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 44 [2012/08/30 15:27:54.217020, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 44, incoming data = 44 [2012/08/30 15:27:54.217140, 10] rpc_server/srv_pipe.c:1877(process_complete_pdu) PDU is in Little Endian format! [2012/08/30 15:27:54.217262, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_REQUEST (0) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x003c (60) auth_length : 0x0000 (0) call_id : 0x00000004 (4) u : union dcerpc_payload(case 0) request: struct dcerpc_request alloc_hint : 0x00000024 (36) context_id : 0x0000 (0) opnum : 0x0022 (34) object : union dcerpc_object(case 0) empty: struct dcerpc_empty _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=36 [0000] 00 00 00 00 40 00 00 00 00 00 00 00 3F 50 BA BE ....@... ....?P.. [0010] EE 0B 00 00 01 00 00 00 00 00 02 00 00 00 00 00 ........ ........ [0020] 00 00 00 00 .... [2012/08/30 15:27:54.218944, 10] rpc_server/srv_pipe.c:1890(process_complete_pdu) Processing packet type 0 [2012/08/30 15:27:54.219066, 10] rpc_server/srv_pipe.c:1734(dcesrv_auth_request) Checking request auth. [2012/08/30 15:27:54.219183, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) Requested \PIPE\\spoolss [2012/08/30 15:27:54.219303, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) api_rpcTNP: \spoolss op 0x22 - api_rpcTNP: rpc command: SPOOLSS_ENUMFORMS [2012/08/30 15:27:54.219425, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) api_rpc_cmds[34].fn == 0x7fd50aecf370 [2012/08/30 15:27:54.219696, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) spoolss_EnumForms: struct spoolss_EnumForms in: struct spoolss_EnumForms handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000040-0000-0000-3f50-babeee0b0000 level : 0x00000001 (1) buffer : * buffer : DATA_BLOB length=0 offered : 0x00000000 (0) [2012/08/30 15:27:54.220378, 4] rpc_server/spoolss/srv_spoolss_nt.c:7481(_spoolss_EnumForms) _spoolss_EnumForms Offered buffer size [0] Info level [1] [2012/08/30 15:27:54.220634, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) Create pipe requested \winreg [2012/08/30 15:27:54.220774, 10] rpc_server/rpc_handles.c:116(init_pipe_handles) init_pipe_handle_list: created handle list for pipe \winreg [2012/08/30 15:27:54.220891, 10] rpc_server/rpc_handles.c:133(init_pipe_handles) init_pipe_handle_list: pipe_handles ref count = 1 for pipe \winreg [2012/08/30 15:27:54.221015, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) Created internal pipe \winreg (pipes_open=0) [2012/08/30 15:27:54.221167, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM in: struct winreg_OpenHKLM system_name : NULL access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2012/08/30 15:27:54.221934, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2012/08/30 15:27:54.222052, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (2->3) [2012/08/30 15:27:54.222178, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM] [2012/08/30 15:27:54.222297, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM] [2012/08/30 15:27:54.222415, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:54.222530, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM] [2012/08/30 15:27:54.222674, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM] [2012/08/30 15:27:54.222806, 10] ../libcli/security/access_check.c:178(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2012/08/30 15:27:54.222927, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[1] [0000] 00 00 00 00 43 00 00 00 00 00 00 00 3F 50 BA BE ....C... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:54.223124, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM out: struct winreg_OpenHKLM handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000043-0000-0000-3f50-babeee0b0000 result : WERR_OK [2012/08/30 15:27:54.223682, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CreateKey: struct winreg_CreateKey in: struct winreg_CreateKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000043-0000-0000-3f50-babeee0b0000 name: struct winreg_String name_len : 0x005a (90) name_size : 0x005a (90) name : * name : 'SYSTEM\CurrentControlSet\Control\Print\Forms' keyclass: struct winreg_String name_len : 0x0002 (2) name_size : 0x0002 (2) name : * name : '' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY secdesc : NULL action_taken : * action_taken : REG_ACTION_NONE (0) [2012/08/30 15:27:54.225746, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 43 00 00 00 00 00 00 00 3F 50 BA BE ....C... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:54.225953, 10] rpc_server/winreg/srv_winreg_nt.c:782(_winreg_CreateKey) _winreg_CreateKey called with parent key 'HKLM' and subkey name 'SYSTEM\CurrentControlSet\Control\Print\Forms' [2012/08/30 15:27:54.226085, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 [2012/08/30 15:27:54.226207, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [SYSTEM] [2012/08/30 15:27:54.226328, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (3->4) [2012/08/30 15:27:54.226461, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM] [2012/08/30 15:27:54.226585, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SYSTEM] [2012/08/30 15:27:54.226705, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:54.226820, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SYSTEM] [2012/08/30 15:27:54.226957, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM] [2012/08/30 15:27:54.227087, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 [2012/08/30 15:27:54.227206, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentControlSet] [2012/08/30 15:27:54.227327, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (4->5) [2012/08/30 15:27:54.227447, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet] [2012/08/30 15:27:54.227641, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet] [2012/08/30 15:27:54.227764, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:54.227881, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SYSTEM\CurrentControlSet] [2012/08/30 15:27:54.228041, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM\CurrentControlSet] [2012/08/30 15:27:54.228195, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (5->4) [2012/08/30 15:27:54.228317, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 [2012/08/30 15:27:54.228436, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Control] [2012/08/30 15:27:54.228575, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (4->5) [2012/08/30 15:27:54.228697, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Control] [2012/08/30 15:27:54.228815, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Control] [2012/08/30 15:27:54.228967, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:54.229085, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SYSTEM\CurrentControlSet\Control] [2012/08/30 15:27:54.229223, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM\CurrentControlSet\Control] [2012/08/30 15:27:54.229357, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (5->4) [2012/08/30 15:27:54.229478, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 [2012/08/30 15:27:54.229597, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2012/08/30 15:27:54.229720, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (4->5) [2012/08/30 15:27:54.229842, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Control\Print] [2012/08/30 15:27:54.229960, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Control\Print] [2012/08/30 15:27:54.230097, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:54.230213, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SYSTEM\CurrentControlSet\Control\Print] [2012/08/30 15:27:54.230362, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM\CurrentControlSet\Control\Print] [2012/08/30 15:27:54.230513, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (5->4) [2012/08/30 15:27:54.230633, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Forms] [2012/08/30 15:27:54.230751, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (4->5) [2012/08/30 15:27:54.230889, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Control\Print\Forms] [2012/08/30 15:27:54.231005, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Control\Print\Forms] [2012/08/30 15:27:54.231124, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:54.231251, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SYSTEM\CurrentControlSet\Control\Print\Forms] [2012/08/30 15:27:54.231385, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM\CurrentControlSet\Control\Print\Forms] [2012/08/30 15:27:54.231651, 10] ../libcli/security/access_check.c:178(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2012/08/30 15:27:54.231780, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (5->4) [2012/08/30 15:27:54.231900, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[2] [0000] 00 00 00 00 44 00 00 00 00 00 00 00 3F 50 BA BE ....D... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:54.232099, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CreateKey: struct winreg_CreateKey out: struct winreg_CreateKey new_handle : * new_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000044-0000-0000-3f50-babeee0b0000 action_taken : * action_taken : REG_OPENED_EXISTING_KEY (2) result : WERR_OK [2012/08/30 15:27:54.232714, 8] rpc_client/cli_winreg_spoolss.c:287(winreg_printer_openkey) winreg_printer_openkey: createkey opened existing SYSTEM\CurrentControlSet\Control\Print\Forms [2012/08/30 15:27:54.232850, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_QueryInfoKey: struct winreg_QueryInfoKey in: struct winreg_QueryInfoKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000044-0000-0000-3f50-babeee0b0000 classname : * classname: struct winreg_String name_len : 0x0000 (0) name_size : 0x0000 (0) name : NULL [2012/08/30 15:27:54.233571, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 44 00 00 00 00 00 00 00 3F 50 BA BE ....D... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:54.233784, 10] registry/reg_dispatcher.c:150(fetch_reg_values) fetch_reg_values called for key 'HKLM\SYSTEM\CurrentControlSet\Control\Print\Forms' (ops 0x7fd50b775f80) [2012/08/30 15:27:54.233903, 10] registry/reg_backend_db.c:1789(regdb_fetch_values_internal) regdb_fetch_values: Looking for values of key [HKLM\SYSTEM\CurrentControlSet\Control\Print\Forms] [2012/08/30 15:27:54.234040, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM\CurrentControlSet\Control\Print\Forms] [2012/08/30 15:27:54.234183, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_QueryInfoKey: struct winreg_QueryInfoKey out: struct winreg_QueryInfoKey classname : * classname: struct winreg_String name_len : 0x0000 (0) name_size : 0x0000 (0) name : NULL num_subkeys : * num_subkeys : 0x00000000 (0) max_subkeylen : * max_subkeylen : 0x00000000 (0) max_classlen : * max_classlen : 0x00000000 (0) num_values : * num_values : 0x00000000 (0) max_valnamelen : * max_valnamelen : 0x00000002 (2) max_valbufsize : * max_valbufsize : 0x00000000 (0) secdescsize : * secdescsize : 0x00000078 (120) last_changed_time : * last_changed_time : NTTIME(0) result : WERR_OK [2012/08/30 15:27:54.235766, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000044-0000-0000-3f50-babeee0b0000 [2012/08/30 15:27:54.236181, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 44 00 00 00 00 00 00 00 3F 50 BA BE ....D... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:54.236387, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 44 00 00 00 00 00 00 00 3F 50 BA BE ....D... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:54.236586, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/08/30 15:27:54.236704, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (4->3) [2012/08/30 15:27:54.236840, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2012/08/30 15:27:54.237321, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000043-0000-0000-3f50-babeee0b0000 [2012/08/30 15:27:54.237733, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 43 00 00 00 00 00 00 00 3F 50 BA BE ....C... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:54.237927, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 43 00 00 00 00 00 00 00 3F 50 BA BE ....C... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:54.238137, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/08/30 15:27:54.238254, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (3->2) [2012/08/30 15:27:54.238381, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2012/08/30 15:27:54.239028, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) spoolss_EnumForms: struct spoolss_EnumForms out: struct spoolss_EnumForms count : * count : 0x00000000 (0) info : * info : NULL needed : * needed : 0x00001de0 (7648) result : WERR_INSUFFICIENT_BUFFER [2012/08/30 15:27:54.239753, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP) api_rpcTNP: called \spoolss successfully [2012/08/30 15:27:54.239880, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 44 [2012/08/30 15:27:54.240008, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) name: \spoolss len: 1024 [2012/08/30 15:27:54.240128, 10] rpc_server/srv_pipe_hnd.c:346(read_from_internal_pipe) read_from_pipe: \spoolss: fault_state = 0 : data_sent_length = 0, p->out_data.rdata.length = 20. [2012/08/30 15:27:54.240252, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) &r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_RESPONSE (2) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x002c (44) auth_length : 0x0000 (0) call_id : 0x00000004 (4) u : union dcerpc_payload(case 2) response: struct dcerpc_response alloc_hint : 0x00000014 (20) context_id : 0x0000 (0) cancel_count : 0x00 (0) _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=20 [0000] 04 00 02 00 00 00 00 00 E0 1D 00 00 00 00 00 00 ........ ........ [0010] 7A 00 00 00 z... [2012/08/30 15:27:54.241657, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) free_pipe_context: destroying talloc pool of size 31828 [2012/08/30 15:27:54.241796, 10] rpc_server/rpc_handles.c:307(close_policy_by_pipe) close_policy_by_pipe: deleted handle list for pipe \winreg [2012/08/30 15:27:54.241945, 10] rpc_server/srv_pipe_hnd.c:788(np_read_recv) Received 44 bytes. There is no more data outstanding [2012/08/30 15:27:54.242065, 5] smbd/ipc.c:62(copy_trans_params_and_data) copy_trans_params_and_data: params[0..0] data[0..44] (align 0) [2012/08/30 15:27:54.242184, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:54.242248, 5] lib/util.c:342(show_msg) size=100 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=1 smb_pid=1080 smb_uid=100 smb_mid=9088 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 44 (0x2C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 44 (0x2C) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=45 [2012/08/30 15:27:54.243837, 10] ../lib/util/util.c:415(dump_data) [0000] 00 05 00 02 03 10 00 00 00 2C 00 00 00 04 00 00 ........ .,...... [0010] 00 14 00 00 00 00 00 00 00 04 00 02 00 00 00 00 ........ ........ [0020] 00 E0 1D 00 00 00 00 00 00 7A 00 00 00 ........ .z... [2012/08/30 15:27:54.245050, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 4344 [2012/08/30 15:27:54.245208, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x10f8 [2012/08/30 15:27:54.245328, 3] smbd/process.c:1662(process_smb) Transaction 64 of length 4348 (0 toread) [2012/08/30 15:27:54.245445, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:54.245510, 5] lib/util.c:342(show_msg) size=4344 smb_com=0x2f smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=100 smb_mid=9152 smt_wct=14 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]=17760 (0x4560) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]=65535 (0xFFFF) smb_vwv[ 6]=65535 (0xFFFF) smb_vwv[ 7]= 8 (0x8) smb_vwv[ 8]= 4280 (0x10B8) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 4280 (0x10B8) smb_vwv[11]= 64 (0x40) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_bcc=4281 [2012/08/30 15:27:54.247094, 10] ../lib/util/util.c:415(dump_data) [0000] EE 05 00 00 01 10 00 00 00 B8 10 00 00 05 00 00 ........ ........ [0010] 00 7C 25 00 00 00 00 22 00 00 00 00 00 40 00 00 .|%...." .....@.. [0020] 00 00 00 00 00 3F 50 BA BE EE 0B 00 00 01 00 00 .....?P. ........ [0030] 00 00 00 02 00 58 25 00 00 00 00 00 00 00 00 00 .....X%. ........ [0040] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [2012/08/30 15:27:54.249443, 3] smbd/process.c:1467(switch_message) switch message SMBwriteX (pid 3054) conn 0x7fd50c02fa20 [2012/08/30 15:27:54.249565, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/08/30 15:27:54.249686, 6] smbd/pipes.c:300(reply_pipe_write_and_X) reply_pipe_write_and_X: 4560 name: spoolss len: 4280 [2012/08/30 15:27:54.249807, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 4280 [2012/08/30 15:27:54.249934, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 4280 [2012/08/30 15:27:54.250051, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 4280 [2012/08/30 15:27:54.250188, 10] rpc_server/srv_pipe_hnd.c:50(fill_rpc_header) fill_rpc_header: data_to_copy = 4280, len_needed_to_complete_hdr = 16, receive_len = 0 [2012/08/30 15:27:54.250306, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 16 [2012/08/30 15:27:54.250422, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 4264 [2012/08/30 15:27:54.250539, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 4264 [2012/08/30 15:27:54.250675, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 0 [2012/08/30 15:27:54.250792, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 4264 [2012/08/30 15:27:54.250908, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 4264, incoming data = 4264 [2012/08/30 15:27:54.251045, 10] rpc_server/srv_pipe.c:1877(process_complete_pdu) PDU is in Little Endian format! [2012/08/30 15:27:54.251182, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_REQUEST (0) pfc_flags : 0x01 (1) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x10b8 (4280) auth_length : 0x0000 (0) call_id : 0x00000005 (5) u : union dcerpc_payload(case 0) request: struct dcerpc_request alloc_hint : 0x0000257c (9596) context_id : 0x0000 (0) opnum : 0x0022 (34) object : union dcerpc_object(case 0) empty: struct dcerpc_empty _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=4256 [0000] 00 00 00 00 40 00 00 00 00 00 00 00 3F 50 BA BE ....@... ....?P.. [0010] EE 0B 00 00 01 00 00 00 00 00 02 00 58 25 00 00 ........ ....X%.. [0020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0040] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0200] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0210] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0220] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0230] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0240] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0250] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0260] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0270] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0280] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0290] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0300] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0310] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0320] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0330] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0340] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0350] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0360] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0370] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0380] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0390] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0400] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0410] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0420] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0430] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0440] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0450] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0460] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0470] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0480] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0490] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0500] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0510] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0520] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0530] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0540] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0550] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0560] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0570] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0580] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0590] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0600] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0610] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0620] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0630] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0640] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0650] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0660] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0670] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0680] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0690] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0700] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0710] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0720] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0730] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0740] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0750] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0760] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0770] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0780] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0790] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0800] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0810] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0820] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0830] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0840] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0850] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0860] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0870] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0880] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0890] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0900] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0910] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0920] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0930] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0940] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0950] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0960] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0970] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0980] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0990] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0ED0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1010] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1040] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [2012/08/30 15:27:54.274445, 10] rpc_server/srv_pipe.c:1890(process_complete_pdu) Processing packet type 0 [2012/08/30 15:27:54.274577, 10] rpc_server/srv_pipe.c:1734(dcesrv_auth_request) Checking request auth. [2012/08/30 15:27:54.274702, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 4264 [2012/08/30 15:27:54.274815, 3] smbd/pipes.c:361(pipe_write_andx_done) writeX-IPC nwritten=4280 [2012/08/30 15:27:54.275953, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 4344 [2012/08/30 15:27:54.276114, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x10f8 [2012/08/30 15:27:54.276240, 3] smbd/process.c:1662(process_smb) Transaction 65 of length 4348 (0 toread) [2012/08/30 15:27:54.276358, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:54.276419, 5] lib/util.c:342(show_msg) size=4344 smb_com=0x2f smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=100 smb_mid=9216 smt_wct=14 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]=17760 (0x4560) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]=65535 (0xFFFF) smb_vwv[ 6]=65535 (0xFFFF) smb_vwv[ 7]= 8 (0x8) smb_vwv[ 8]= 4280 (0x10B8) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 4280 (0x10B8) smb_vwv[11]= 64 (0x40) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_bcc=4281 [2012/08/30 15:27:54.278031, 10] ../lib/util/util.c:415(dump_data) [0000] EE 05 00 00 00 10 00 00 00 B8 10 00 00 05 00 00 ........ ........ [0010] 00 DC 14 00 00 00 00 22 00 00 00 00 00 00 00 00 ......." ........ [0020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0040] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [2012/08/30 15:27:54.280420, 3] smbd/process.c:1467(switch_message) switch message SMBwriteX (pid 3054) conn 0x7fd50c02fa20 [2012/08/30 15:27:54.280542, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/08/30 15:27:54.280662, 6] smbd/pipes.c:300(reply_pipe_write_and_X) reply_pipe_write_and_X: 4560 name: spoolss len: 4280 [2012/08/30 15:27:54.280781, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 4280 [2012/08/30 15:27:54.280902, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 4280 [2012/08/30 15:27:54.281018, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 4280 [2012/08/30 15:27:54.281135, 10] rpc_server/srv_pipe_hnd.c:50(fill_rpc_header) fill_rpc_header: data_to_copy = 4280, len_needed_to_complete_hdr = 16, receive_len = 0 [2012/08/30 15:27:54.281255, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 16 [2012/08/30 15:27:54.281378, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 4264 [2012/08/30 15:27:54.281495, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 4264 [2012/08/30 15:27:54.281615, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 0 [2012/08/30 15:27:54.281750, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 4264 [2012/08/30 15:27:54.281867, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 4264, incoming data = 4264 [2012/08/30 15:27:54.281989, 10] rpc_server/srv_pipe.c:1877(process_complete_pdu) PDU is in Little Endian format! [2012/08/30 15:27:54.282119, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_REQUEST (0) pfc_flags : 0x00 (0) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x10b8 (4280) auth_length : 0x0000 (0) call_id : 0x00000005 (5) u : union dcerpc_payload(case 0) request: struct dcerpc_request alloc_hint : 0x000014dc (5340) context_id : 0x0000 (0) opnum : 0x0022 (34) object : union dcerpc_object(case 0) empty: struct dcerpc_empty _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=4256 [0000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0010] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0040] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0200] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0210] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0220] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0230] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0240] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0250] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0260] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0270] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0280] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0290] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0300] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0310] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0320] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0330] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0340] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0350] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0360] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0370] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0380] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0390] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0400] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0410] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0420] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0430] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0440] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0450] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0460] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0470] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0480] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0490] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0500] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0510] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0520] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0530] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0540] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0550] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0560] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0570] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0580] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0590] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0600] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0610] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0620] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0630] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0640] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0650] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0660] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0670] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0680] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0690] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0700] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0710] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0720] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0730] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0740] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0750] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0760] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0770] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0780] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0790] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0800] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0810] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0820] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0830] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0840] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0850] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0860] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0870] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0880] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0890] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0900] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0910] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0920] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0930] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0940] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0950] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0960] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0970] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0980] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0990] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0ED0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1010] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1040] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [2012/08/30 15:27:54.305095, 10] rpc_server/srv_pipe.c:1890(process_complete_pdu) Processing packet type 0 [2012/08/30 15:27:54.305244, 10] rpc_server/srv_pipe.c:1734(dcesrv_auth_request) Checking request auth. [2012/08/30 15:27:54.305371, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 4264 [2012/08/30 15:27:54.305502, 3] smbd/pipes.c:361(pipe_write_andx_done) writeX-IPC nwritten=4280 [2012/08/30 15:27:54.307119, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 1192 [2012/08/30 15:27:54.309327, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x4a8 [2012/08/30 15:27:54.309455, 3] smbd/process.c:1662(process_smb) Transaction 66 of length 1196 (0 toread) [2012/08/30 15:27:54.309573, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:54.309638, 5] lib/util.c:342(show_msg) size=1192 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=1080 smb_uid=100 smb_mid=9280 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 1108 (0x454) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 1108 (0x454) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=17760 (0x4560) smb_bcc=1125 [2012/08/30 15:27:54.312987, 10] ../lib/util/util.c:415(dump_data) [0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [0010] 00 05 00 00 02 10 00 00 00 54 04 00 00 05 00 00 ........ .T...... [0020] 00 3C 04 00 00 00 00 22 00 00 00 00 00 00 00 00 .<....." ........ [0030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0040] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [2012/08/30 15:27:54.315909, 3] smbd/process.c:1467(switch_message) switch message SMBtrans (pid 3054) conn 0x7fd50c02fa20 [2012/08/30 15:27:54.316065, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/08/30 15:27:54.316199, 3] smbd/ipc.c:560(handle_trans) trans <\PIPE\> data=1108 params=0 setup=2 [2012/08/30 15:27:54.316320, 5] smbd/ipc.c:593(handle_trans) calling named_pipe [2012/08/30 15:27:54.316469, 3] smbd/ipc.c:511(named_pipe) named pipe command on <> name [2012/08/30 15:27:54.316586, 5] smbd/ipc.c:434(api_fd_reply) api_fd_reply [2012/08/30 15:27:54.316703, 3] smbd/ipc.c:475(api_fd_reply) Got API command 0x26 on pipe "spoolss" (pnum 4560) [2012/08/30 15:27:54.316860, 10] smbd/ipc.c:477(api_fd_reply) api_fd_reply: p:0x7fd50c02c9d0 max_trans_reply: 1024 [2012/08/30 15:27:54.316980, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 1108 [2012/08/30 15:27:54.317099, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 1108 [2012/08/30 15:27:54.317215, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 1108 [2012/08/30 15:27:54.317332, 10] rpc_server/srv_pipe_hnd.c:50(fill_rpc_header) fill_rpc_header: data_to_copy = 1108, len_needed_to_complete_hdr = 16, receive_len = 0 [2012/08/30 15:27:54.317449, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 16 [2012/08/30 15:27:54.317565, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 1092 [2012/08/30 15:27:54.317723, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 1092 [2012/08/30 15:27:54.317958, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 0 [2012/08/30 15:27:54.318076, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 1092 [2012/08/30 15:27:54.318196, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 1092, incoming data = 1092 [2012/08/30 15:27:54.318314, 10] rpc_server/srv_pipe.c:1877(process_complete_pdu) PDU is in Little Endian format! [2012/08/30 15:27:54.318438, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_REQUEST (0) pfc_flags : 0x02 (2) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0454 (1108) auth_length : 0x0000 (0) call_id : 0x00000005 (5) u : union dcerpc_payload(case 0) request: struct dcerpc_request alloc_hint : 0x0000043c (1084) context_id : 0x0000 (0) opnum : 0x0022 (34) object : union dcerpc_object(case 0) empty: struct dcerpc_empty _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=1084 [0000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0010] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0040] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0200] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0210] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0220] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0230] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0240] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0250] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0260] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0270] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0280] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0290] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0300] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0310] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0320] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0330] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0340] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0350] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0360] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0370] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0380] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0390] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0400] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0410] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0420] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0430] 00 00 00 00 00 00 00 00 58 25 00 00 ........ X%.. [2012/08/30 15:27:54.325033, 10] rpc_server/srv_pipe.c:1890(process_complete_pdu) Processing packet type 0 [2012/08/30 15:27:54.325160, 10] rpc_server/srv_pipe.c:1734(dcesrv_auth_request) Checking request auth. [2012/08/30 15:27:54.325279, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) Requested \PIPE\\spoolss [2012/08/30 15:27:54.325400, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) api_rpcTNP: \spoolss op 0x22 - api_rpcTNP: rpc command: SPOOLSS_ENUMFORMS [2012/08/30 15:27:54.325520, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) api_rpc_cmds[34].fn == 0x7fd50aecf370 [2012/08/30 15:27:54.325645, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) spoolss_EnumForms: struct spoolss_EnumForms in: struct spoolss_EnumForms handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000040-0000-0000-3f50-babeee0b0000 level : 0x00000001 (1) buffer : * buffer : DATA_BLOB length=9560 [0000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0010] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0040] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0200] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0210] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0220] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0230] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0240] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0250] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0260] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0270] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0280] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0290] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0300] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0310] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0320] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0330] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0340] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0350] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0360] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0370] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0380] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0390] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0400] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0410] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0420] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0430] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0440] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0450] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0460] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0470] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0480] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0490] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0500] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0510] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0520] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0530] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0540] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0550] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0560] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0570] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0580] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0590] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0600] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0610] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0620] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0630] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0640] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0650] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0660] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0670] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0680] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0690] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0700] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0710] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0720] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0730] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0740] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0750] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0760] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0770] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0780] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0790] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0800] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0810] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0820] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0830] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0840] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0850] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0860] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0870] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0880] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0890] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0900] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0910] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0920] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0930] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0940] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0950] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0960] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0970] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0980] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0990] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0ED0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1010] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1040] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [10A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [10B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [10C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [10D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [10E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [10F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [11A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [11B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [11C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [11D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [11E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [11F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1200] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1210] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1220] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1230] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1240] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1250] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1260] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1270] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1280] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1290] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [12A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [12B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [12C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [12D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [12E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [12F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1300] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1310] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1320] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1330] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1340] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1350] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1360] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1370] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1380] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1390] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [13A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [13B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [13C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [13D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [13E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [13F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1400] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1410] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1420] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1430] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1440] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1450] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1460] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1470] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1480] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1490] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [14A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [14B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [14C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [14D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [14E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [14F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1500] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1510] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1520] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1530] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1540] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1550] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1560] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1570] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1580] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1590] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [15A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [15B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [15C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [15D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [15E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [15F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1600] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1610] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1620] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1630] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1640] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1650] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1660] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1670] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1680] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1690] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [16A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [16B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [16C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [16D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [16E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [16F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1700] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1710] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1720] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1730] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1740] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1750] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1760] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1770] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1780] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1790] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [17A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [17B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [17C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [17D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [17E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [17F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1800] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1810] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1820] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1830] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1840] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1850] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1860] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1870] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1880] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1890] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [18A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [18B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [18C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [18D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [18E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [18F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1900] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1910] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1920] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1930] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1940] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1950] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1960] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1970] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1980] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1990] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [19A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [19B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [19C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [19D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [19E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [19F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1A00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1A10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1A20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1A30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1A40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1A50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1A60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1A70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1A80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1A90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1AA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1AB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1AC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1AD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1AE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1AF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1B00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1B10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1B20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1B30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1B40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1B50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1B60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1B70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1B80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1B90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1BA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1BB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1BC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1BD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1BE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1BF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1C00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1C10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1C20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1C30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1C40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1C50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1C60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1C70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1C80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1C90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1CA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1CB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1CC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1CD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1CE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1CF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1D00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1D10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1D20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1D30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1D40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1D50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1D60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1D70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1D80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1D90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1DA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1DB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1DC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1DD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1DE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1DF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1E00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1E10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1E20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1E30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1E40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1E50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1E60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1E70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1E80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1E90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1EA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1EB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1EC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1ED0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1EE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1EF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1F00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1F10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1F20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1F30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1F40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1F50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1F60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1F70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1F80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1F90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1FA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1FB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1FC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1FD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1FE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1FF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [2000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [2010] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [2020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [2030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [2040] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [2050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [2060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [2070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [2080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [2090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [20A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [20B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [20C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [20D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [20E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [20F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [2100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [2110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [2120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [2130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [2140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [2150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [2160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [2170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [2180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [2190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [21A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [21B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [21C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [21D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [21E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [21F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [2200] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [2210] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [2220] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [2230] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [2240] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [2250] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [2260] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [2270] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [2280] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [2290] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [22A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [22B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [22C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [22D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [22E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [22F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [2300] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [2310] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [2320] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [2330] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [2340] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [2350] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [2360] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [2370] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [2380] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [2390] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [23A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [23B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [23C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [23D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [23E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [23F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [2400] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [2410] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [2420] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [2430] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [2440] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [2450] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [2460] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [2470] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [2480] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [2490] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [24A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [24B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [24C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [24D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [24E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [24F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [2500] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [2510] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [2520] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [2530] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [2540] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [2550] 00 00 00 00 00 00 00 00 ........ offered : 0x00002558 (9560) [2012/08/30 15:27:54.375107, 4] rpc_server/spoolss/srv_spoolss_nt.c:7481(_spoolss_EnumForms) _spoolss_EnumForms Offered buffer size [9560] Info level [1] [2012/08/30 15:27:54.375554, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) Create pipe requested \winreg [2012/08/30 15:27:54.375709, 10] rpc_server/rpc_handles.c:116(init_pipe_handles) init_pipe_handle_list: created handle list for pipe \winreg [2012/08/30 15:27:54.375955, 10] rpc_server/rpc_handles.c:133(init_pipe_handles) init_pipe_handle_list: pipe_handles ref count = 1 for pipe \winreg [2012/08/30 15:27:54.376100, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) Created internal pipe \winreg (pipes_open=0) [2012/08/30 15:27:54.376237, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM in: struct winreg_OpenHKLM system_name : NULL access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2012/08/30 15:27:54.377003, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2012/08/30 15:27:54.377127, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (2->3) [2012/08/30 15:27:54.377259, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM] [2012/08/30 15:27:54.377377, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM] [2012/08/30 15:27:54.377495, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:54.377611, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM] [2012/08/30 15:27:54.377760, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM] [2012/08/30 15:27:54.377961, 10] ../libcli/security/access_check.c:178(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2012/08/30 15:27:54.378087, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[1] [0000] 00 00 00 00 45 00 00 00 00 00 00 00 3F 50 BA BE ....E... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:54.378286, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM out: struct winreg_OpenHKLM handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000045-0000-0000-3f50-babeee0b0000 result : WERR_OK [2012/08/30 15:27:54.378821, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CreateKey: struct winreg_CreateKey in: struct winreg_CreateKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000045-0000-0000-3f50-babeee0b0000 name: struct winreg_String name_len : 0x005a (90) name_size : 0x005a (90) name : * name : 'SYSTEM\CurrentControlSet\Control\Print\Forms' keyclass: struct winreg_String name_len : 0x0002 (2) name_size : 0x0002 (2) name : * name : '' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY secdesc : NULL action_taken : * action_taken : REG_ACTION_NONE (0) [2012/08/30 15:27:54.381709, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 45 00 00 00 00 00 00 00 3F 50 BA BE ....E... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:54.381907, 10] rpc_server/winreg/srv_winreg_nt.c:782(_winreg_CreateKey) _winreg_CreateKey called with parent key 'HKLM' and subkey name 'SYSTEM\CurrentControlSet\Control\Print\Forms' [2012/08/30 15:27:54.382041, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 [2012/08/30 15:27:54.382178, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [SYSTEM] [2012/08/30 15:27:54.382306, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (3->4) [2012/08/30 15:27:54.382428, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM] [2012/08/30 15:27:54.382545, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SYSTEM] [2012/08/30 15:27:54.382663, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:54.382778, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SYSTEM] [2012/08/30 15:27:54.382912, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM] [2012/08/30 15:27:54.383046, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 [2012/08/30 15:27:54.383165, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentControlSet] [2012/08/30 15:27:54.383283, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (4->5) [2012/08/30 15:27:54.383403, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet] [2012/08/30 15:27:54.383558, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet] [2012/08/30 15:27:54.383685, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:54.383826, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SYSTEM\CurrentControlSet] [2012/08/30 15:27:54.383960, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM\CurrentControlSet] [2012/08/30 15:27:54.384088, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (5->4) [2012/08/30 15:27:54.384208, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 [2012/08/30 15:27:54.384325, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Control] [2012/08/30 15:27:54.384442, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (4->5) [2012/08/30 15:27:54.384561, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Control] [2012/08/30 15:27:54.384677, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Control] [2012/08/30 15:27:54.384798, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:54.384913, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SYSTEM\CurrentControlSet\Control] [2012/08/30 15:27:54.385044, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM\CurrentControlSet\Control] [2012/08/30 15:27:54.385172, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (5->4) [2012/08/30 15:27:54.385291, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 [2012/08/30 15:27:54.385408, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2012/08/30 15:27:54.385525, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (4->5) [2012/08/30 15:27:54.385644, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Control\Print] [2012/08/30 15:27:54.385764, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Control\Print] [2012/08/30 15:27:54.385881, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:54.385997, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SYSTEM\CurrentControlSet\Control\Print] [2012/08/30 15:27:54.386135, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM\CurrentControlSet\Control\Print] [2012/08/30 15:27:54.386266, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (5->4) [2012/08/30 15:27:54.386385, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Forms] [2012/08/30 15:27:54.386502, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (4->5) [2012/08/30 15:27:54.386645, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Control\Print\Forms] [2012/08/30 15:27:54.386762, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Control\Print\Forms] [2012/08/30 15:27:54.386880, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:54.386995, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SYSTEM\CurrentControlSet\Control\Print\Forms] [2012/08/30 15:27:54.387121, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM\CurrentControlSet\Control\Print\Forms] [2012/08/30 15:27:54.387249, 10] ../libcli/security/access_check.c:178(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2012/08/30 15:27:54.387374, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (5->4) [2012/08/30 15:27:54.387530, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[2] [0000] 00 00 00 00 46 00 00 00 00 00 00 00 3F 50 BA BE ....F... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:54.387899, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CreateKey: struct winreg_CreateKey out: struct winreg_CreateKey new_handle : * new_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000046-0000-0000-3f50-babeee0b0000 action_taken : * action_taken : REG_OPENED_EXISTING_KEY (2) result : WERR_OK [2012/08/30 15:27:54.388520, 8] rpc_client/cli_winreg_spoolss.c:287(winreg_printer_openkey) winreg_printer_openkey: createkey opened existing SYSTEM\CurrentControlSet\Control\Print\Forms [2012/08/30 15:27:54.388667, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_QueryInfoKey: struct winreg_QueryInfoKey in: struct winreg_QueryInfoKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000046-0000-0000-3f50-babeee0b0000 classname : * classname: struct winreg_String name_len : 0x0000 (0) name_size : 0x0000 (0) name : NULL [2012/08/30 15:27:54.389387, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 46 00 00 00 00 00 00 00 3F 50 BA BE ....F... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:54.389585, 10] registry/reg_dispatcher.c:150(fetch_reg_values) fetch_reg_values called for key 'HKLM\SYSTEM\CurrentControlSet\Control\Print\Forms' (ops 0x7fd50b775f80) [2012/08/30 15:27:54.389704, 10] registry/reg_backend_db.c:1789(regdb_fetch_values_internal) regdb_fetch_values: Looking for values of key [HKLM\SYSTEM\CurrentControlSet\Control\Print\Forms] [2012/08/30 15:27:54.389836, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM\CurrentControlSet\Control\Print\Forms] [2012/08/30 15:27:54.389978, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_QueryInfoKey: struct winreg_QueryInfoKey out: struct winreg_QueryInfoKey classname : * classname: struct winreg_String name_len : 0x0000 (0) name_size : 0x0000 (0) name : NULL num_subkeys : * num_subkeys : 0x00000000 (0) max_subkeylen : * max_subkeylen : 0x00000000 (0) max_classlen : * max_classlen : 0x00000000 (0) num_values : * num_values : 0x00000000 (0) max_valnamelen : * max_valnamelen : 0x00000002 (2) max_valbufsize : * max_valbufsize : 0x00000000 (0) secdescsize : * secdescsize : 0x00000078 (120) last_changed_time : * last_changed_time : NTTIME(0) result : WERR_OK [2012/08/30 15:27:54.391811, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000046-0000-0000-3f50-babeee0b0000 [2012/08/30 15:27:54.392258, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 46 00 00 00 00 00 00 00 3F 50 BA BE ....F... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:54.392504, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 46 00 00 00 00 00 00 00 3F 50 BA BE ....F... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:54.392716, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/08/30 15:27:54.392834, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (4->3) [2012/08/30 15:27:54.393378, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2012/08/30 15:27:54.393887, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000045-0000-0000-3f50-babeee0b0000 [2012/08/30 15:27:54.397534, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 45 00 00 00 00 00 00 00 3F 50 BA BE ....E... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:54.397848, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 45 00 00 00 00 00 00 00 3F 50 BA BE ....E... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:54.398108, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/08/30 15:27:54.398262, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (3->2) [2012/08/30 15:27:54.398423, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2012/08/30 15:27:54.399243, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) spoolss_EnumForms: struct spoolss_EnumForms out: struct spoolss_EnumForms count : * count : 0x00000078 (120) info : * info : * info: ARRAY(120) info : union spoolss_FormInfo(case 1) info1: struct spoolss_FormInfo1 flags : SPOOLSS_FORM_BUILTIN (1) form_name : * form_name : '10x11' size: struct spoolss_FormSize width : 0x0003e030 (254000) height : 0x00044368 (279400) area: struct spoolss_FormArea left : 0x00000000 (0) top : 0x00000000 (0) right : 0x0003e030 (254000) bottom : 0x00044368 (279400) info : union spoolss_FormInfo(case 1) info1: struct spoolss_FormInfo1 flags : SPOOLSS_FORM_BUILTIN (1) form_name : * form_name : '10x14' size: struct spoolss_FormSize width : 0x0003e030 (254000) height : 0x00056d10 (355600) area: struct spoolss_FormArea left : 0x00000000 (0) top : 0x00000000 (0) right : 0x0003e030 (254000) bottom : 0x00056d10 (355600) info : union spoolss_FormInfo(case 1) info1: struct spoolss_FormInfo1 flags : SPOOLSS_FORM_BUILTIN (1) form_name : * form_name : '11x17' size: struct spoolss_FormSize width : 0x00044368 (279400) height : 0x000696b8 (431800) area: struct spoolss_FormArea left : 0x00000000 (0) top : 0x00000000 (0) right : 0x00044368 (279400) bottom : 0x000696b8 (431800) info : union spoolss_FormInfo(case 1) info1: struct spoolss_FormInfo1 flags : SPOOLSS_FORM_BUILTIN (1) form_name : * form_name : '12x11' size: struct spoolss_FormSize width : 0x0004a724 (304932) height : 0x000443e1 (279521) area: struct spoolss_FormArea left : 0x00000000 (0) top : 0x00000000 (0) right : 0x0004a724 (304932) bottom : 0x000443e1 (279521) info : union spoolss_FormInfo(case 1) info1: struct spoolss_FormInfo1 flags : SPOOLSS_FORM_BUILTIN (1) form_name : * form_name : '15x11' size: struct spoolss_FormSize width : 0x0005d048 (381000) height : 0x00044368 (279400) area: struct spoolss_FormArea left : 0x00000000 (0) top : 0x00000000 (0) right : 0x0005d048 (381000) bottom : 0x00044368 (279400) info : union spoolss_FormInfo(case 1) info1: struct spoolss_FormInfo1 flags : SPOOLSS_FORM_BUILTIN (1) form_name : * form_name : '6 3/4 Envelope' size: struct spoolss_FormSize width : 0x000167ab (92075) height : 0x000284ec (165100) area: struct spoolss_FormArea left : 0x00000000 (0) top : 0x00000000 (0) right : 0x000167ab (92075) bottom : 0x000284ec (165100) info : union spoolss_FormInfo(case 1) info1: struct spoolss_FormInfo1 flags : SPOOLSS_FORM_BUILTIN (1) form_name : * form_name : '9x11' size: struct spoolss_FormSize width : 0x00037cf8 (228600) height : 0x00044368 (279400) area: struct spoolss_FormArea left : 0x00000000 (0) top : 0x00000000 (0) right : 0x00037cf8 (228600) bottom : 0x00044368 (279400) info : union spoolss_FormInfo(case 1) info1: struct spoolss_FormInfo1 flags : SPOOLSS_FORM_BUILTIN (1) form_name : * form_name : 'A0' size: struct spoolss_FormSize width : 0x000cd528 (841000) height : 0x00122488 (1189000) area: struct spoolss_FormArea left : 0x00000000 (0) top : 0x00000000 (0) right : 0x000cd528 (841000) bottom : 0x00122488 (1189000) info : union spoolss_FormInfo(case 1) info1: struct spoolss_FormInfo1 flags : SPOOLSS_FORM_BUILTIN (1) form_name : * form_name : 'A1' size: struct spoolss_FormSize width : 0x00091050 (594000) height : 0x000cd528 (841000) area: struct spoolss_FormArea left : 0x00000000 (0) top : 0x00000000 (0) right : 0x00091050 (594000) bottom : 0x000cd528 (841000) info : union spoolss_FormInfo(case 1) info1: struct spoolss_FormInfo1 flags : SPOOLSS_FORM_BUILTIN (1) form_name : * form_name : 'A2' size: struct spoolss_FormSize width : 0x000668a0 (420000) height : 0x00091050 (594000) area: struct spoolss_FormArea left : 0x00000000 (0) top : 0x00000000 (0) right : 0x000668a0 (420000) bottom : 0x00091050 (594000) info : union spoolss_FormInfo(case 1) info1: struct spoolss_FormInfo1 flags : SPOOLSS_FORM_BUILTIN (1) form_name : * form_name : 'A3 Extra Transverse' size: struct spoolss_FormSize width : 0x0004e9d0 (322000) height : 0x0006ca48 (445000) area: struct spoolss_FormArea left : 0x00000000 (0) top : 0x00000000 (0) right : 0x0004e9d0 (322000) bottom : 0x0006ca48 (445000) info : union spoolss_FormInfo(case 1) info1: struct spoolss_FormInfo1 flags : SPOOLSS_FORM_BUILTIN (1) form_name : * form_name : 'A3 Extra' size: struct spoolss_FormSize width : 0x0004e9d0 (322000) height : 0x0006ca48 (445000) area: struct spoolss_FormArea left : 0x00000000 (0) top : 0x00000000 (0) right : 0x0004e9d0 (322000) bottom : 0x0006ca48 (445000) info : union spoolss_FormInfo(case 1) info1: struct spoolss_FormInfo1 flags : SPOOLSS_FORM_BUILTIN (1) form_name : * form_name : 'A3 Rotated' size: struct spoolss_FormSize width : 0x000668a0 (420000) height : 0x00048828 (297000) area: struct spoolss_FormArea left : 0x00000000 (0) top : 0x00000000 (0) right : 0x000668a0 (420000) bottom : 0x00048828 (297000) info : union spoolss_FormInfo(case 1) info1: struct spoolss_FormInfo1 flags : SPOOLSS_FORM_BUILTIN (1) form_name : * form_name : 'A3 Transverse' size: struct spoolss_FormSize width : 0x00048828 (297000) height : 0x000668a0 (420000) area: struct spoolss_FormArea left : 0x00000000 (0) top : 0x00000000 (0) right : 0x00048828 (297000) bottom : 0x000668a0 (420000) info : union spoolss_FormInfo(case 1) info1: struct spoolss_FormInfo1 flags : SPOOLSS_FORM_BUILTIN (1) form_name : * form_name : 'A3' size: struct spoolss_FormSize width : 0x00048828 (297000) height : 0x000668a0 (420000) area: struct spoolss_FormArea left : 0x00000000 (0) top : 0x00000000 (0) right : 0x00048828 (297000) bottom : 0x000668a0 (420000) info : union spoolss_FormInfo(case 1) info1: struct spoolss_FormInfo1 flags : SPOOLSS_FORM_BUILTIN (1) form_name : * form_name : 'A4 Extra' size: struct spoolss_FormSize width : 0x000397c2 (235458) height : 0x0004eb16 (322326) area: struct spoolss_FormArea left : 0x00000000 (0) top : 0x00000000 (0) right : 0x000397c2 (235458) bottom : 0x0004eb16 (322326) info : union spoolss_FormInfo(case 1) info1: struct spoolss_FormInfo1 flags : SPOOLSS_FORM_BUILTIN (1) form_name : * form_name : 'A4 Plus' size: struct spoolss_FormSize width : 0x00033450 (210000) height : 0x00050910 (330000) area: struct spoolss_FormArea left : 0x00000000 (0) top : 0x00000000 (0) right : 0x00033450 (210000) bottom : 0x00050910 (330000) info : union spoolss_FormInfo(case 1) info1: struct spoolss_FormInfo1 flags : SPOOLSS_FORM_BUILTIN (1) form_name : * form_name : 'A4 Rotated' size: struct spoolss_FormSize width : 0x00048828 (297000) height : 0x00033450 (210000) area: struct spoolss_FormArea left : 0x00000000 (0) top : 0x00000000 (0) right : 0x00048828 (297000) bottom : 0x00033450 (210000) info : union spoolss_FormInfo(case 1) info1: struct spoolss_FormInfo1 flags : SPOOLSS_FORM_BUILTIN (1) form_name : * form_name : 'A4 Small' size: struct spoolss_FormSize width : 0x00033450 (210000) height : 0x00048828 (297000) area: struct spoolss_FormArea left : 0x00000000 (0) top : 0x00000000 (0) right : 0x00033450 (210000) bottom : 0x00048828 (297000) info : union spoolss_FormInfo(case 1) info1: struct spoolss_FormInfo1 flags : SPOOLSS_FORM_BUILTIN (1) form_name : * form_name : 'A4 Transverse' size: struct spoolss_FormSize width : 0x00033450 (210000) height : 0x00048828 (297000) area: struct spoolss_FormArea left : 0x00000000 (0) top : 0x00000000 (0) right : 0x00033450 (210000) bottom : 0x00048828 (297000) info : union spoolss_FormInfo(case 1) info1: struct spoolss_FormInfo1 flags : SPOOLSS_FORM_BUILTIN (1) form_name : * form_name : 'A4' size: struct spoolss_FormSize width : 0x00033450 (210000) height : 0x00048828 (297000) area: struct spoolss_FormArea left : 0x00000000 (0) top : 0x00000000 (0) right : 0x00033450 (210000) bottom : 0x00048828 (297000) info : union spoolss_FormInfo(case 1) info1: struct spoolss_FormInfo1 flags : SPOOLSS_FORM_BUILTIN (1) form_name : * form_name : 'A5 Extra' size: struct spoolss_FormSize width : 0x0002a7b0 (174000) height : 0x000395f8 (235000) area: struct spoolss_FormArea left : 0x00000000 (0) top : 0x00000000 (0) right : 0x0002a7b0 (174000) bottom : 0x000395f8 (235000) info : union spoolss_FormInfo(case 1) info1: struct spoolss_FormInfo1 flags : SPOOLSS_FORM_BUILTIN (1) form_name : * form_name : 'A5 Rotated' size: struct spoolss_FormSize width : 0x00033450 (210000) height : 0x00024220 (148000) area: struct spoolss_FormArea left : 0x00000000 (0) top : 0x00000000 (0) right : 0x00033450 (210000) bottom : 0x00024220 (148000) info : union spoolss_FormInfo(case 1) info1: struct spoolss_FormInfo1 flags : SPOOLSS_FORM_BUILTIN (1) form_name : * form_name : 'A5 Transverse' size: struct spoolss_FormSize width : 0x00024220 (148000) height : 0x00033450 (210000) area: struct spoolss_FormArea left : 0x00000000 (0) top : 0x00000000 (0) right : 0x00024220 (148000) bottom : 0x00033450 (210000) info : union spoolss_FormInfo(case 1) info1: struct spoolss_FormInfo1 flags : SPOOLSS_FORM_BUILTIN (1) form_name : * form_name : 'A5' size: struct spoolss_FormSize width : 0x00024220 (148000) height : 0x00033450 (210000) area: struct spoolss_FormArea left : 0x00000000 (0) top : 0x00000000 (0) right : 0x00024220 (148000) bottom : 0x00033450 (210000) info : union spoolss_FormInfo(case 1) info1: struct spoolss_FormInfo1 flags : SPOOLSS_FORM_BUILTIN (1) form_name : * form_name : 'A6 Rotated' size: struct spoolss_FormSize width : 0x00024220 (148000) height : 0x00019a28 (105000) area: struct spoolss_FormArea left : 0x00000000 (0) top : 0x00000000 (0) right : 0x00024220 (148000) bottom : 0x00019a28 (105000) info : union spoolss_FormInfo(case 1) info1: struct spoolss_FormInfo1 flags : SPOOLSS_FORM_BUILTIN (1) form_name : * form_name : 'A6' size: struct spoolss_FormSize width : 0x00019a28 (105000) height : 0x00024220 (148000) area: struct spoolss_FormArea left : 0x00000000 (0) top : 0x00000000 (0) right : 0x00019a28 (105000) bottom : 0x00024220 (148000) info : union spoolss_FormInfo(case 1) info1: struct spoolss_FormInfo1 flags : SPOOLSS_FORM_BUILTIN (1) form_name : * form_name : 'B4 (ISO)' size: struct spoolss_FormSize width : 0x0003d090 (250000) height : 0x000562e8 (353000) area: struct spoolss_FormArea left : 0x00000000 (0) top : 0x00000000 (0) right : 0x0003d090 (250000) bottom : 0x000562e8 (353000) info : union spoolss_FormInfo(case 1) info1: struct spoolss_FormInfo1 flags : SPOOLSS_FORM_BUILTIN (1) form_name : * form_name : 'B4 (JIS) Rotated' size: struct spoolss_FormSize width : 0x00058de0 (364000) height : 0x0003ebe8 (257000) area: struct spoolss_FormArea left : 0x00000000 (0) top : 0x00000000 (0) right : 0x00058de0 (364000) bottom : 0x0003ebe8 (257000) info : union spoolss_FormInfo(case 1) info1: struct spoolss_FormInfo1 flags : SPOOLSS_FORM_BUILTIN (1) form_name : * form_name : 'B4 (JIS)' size: struct spoolss_FormSize width : 0x0003ebe8 (257000) height : 0x00058de0 (364000) area: struct spoolss_FormArea left : 0x00000000 (0) top : 0x00000000 (0) right : 0x0003ebe8 (257000) bottom : 0x00058de0 (364000) info : union spoolss_FormInfo(case 1) info1: struct spoolss_FormInfo1 flags : SPOOLSS_FORM_BUILTIN (1) form_name : * form_name : 'B5 (ISO) Extra' size: struct spoolss_FormSize width : 0x00031128 (201000) height : 0x00043620 (276000) area: struct spoolss_FormArea left : 0x00000000 (0) top : 0x00000000 (0) right : 0x00031128 (201000) bottom : 0x00043620 (276000) info : union spoolss_FormInfo(case 1) info1: struct spoolss_FormInfo1 flags : SPOOLSS_FORM_BUILTIN (1) form_name : * form_name : 'B5 (JIS) Rotated' size: struct spoolss_FormSize width : 0x0003ebe8 (257000) height : 0x0002c6f0 (182000) area: struct spoolss_FormArea left : 0x00000000 (0) top : 0x00000000 (0) right : 0x0003ebe8 (257000) bottom : 0x0002c6f0 (182000) info : union spoolss_FormInfo(case 1) info1: struct spoolss_FormInfo1 flags : SPOOLSS_FORM_BUILTIN (1) form_name : * form_name : 'B5 (JIS) Transverse' size: struct spoolss_FormSize width : 0x0002c6f0 (182000) height : 0x0003ebe8 (257000) area: struct spoolss_FormArea left : 0x00000000 (0) top : 0x00000000 (0) right : 0x0002c6f0 (182000) bottom : 0x0003ebe8 (257000) info : union spoolss_FormInfo(case 1) info1: struct spoolss_FormInfo1 flags : SPOOLSS_FORM_BUILTIN (1) form_name : * form_name : 'B5 (JIS)' size: struct spoolss_FormSize width : 0x0002c6f0 (182000) height : 0x0003ebe8 (257000) area: struct spoolss_FormArea left : 0x00000000 (0) top : 0x00000000 (0) right : 0x0002c6f0 (182000) bottom : 0x0003ebe8 (257000) info : union spoolss_FormInfo(case 1) info1: struct spoolss_FormInfo1 flags : SPOOLSS_FORM_BUILTIN (1) form_name : * form_name : 'B6 (JIS) Rotated' size: struct spoolss_FormSize width : 0x0002c6f0 (182000) height : 0x0001f400 (128000) area: struct spoolss_FormArea left : 0x00000000 (0) top : 0x00000000 (0) right : 0x0002c6f0 (182000) bottom : 0x0001f400 (128000) info : union spoolss_FormInfo(case 1) info1: struct spoolss_FormInfo1 flags : SPOOLSS_FORM_BUILTIN (1) form_name : * form_name : 'B6 (JIS)' size: struct spoolss_FormSize width : 0x0001f400 (128000) height : 0x0002c6f0 (182000) area: struct spoolss_FormArea left : 0x00000000 (0) top : 0x00000000 (0) right : 0x0001f400 (128000) bottom : 0x0002c6f0 (182000) info : union spoolss_FormInfo(case 1) info1: struct spoolss_FormInfo1 flags : SPOOLSS_FORM_BUILTIN (1) form_name : * form_name : 'C size sheet' size: struct spoolss_FormSize width : 0x000696b8 (431800) height : 0x000886d0 (558800) area: struct spoolss_FormArea left : 0x00000000 (0) top : 0x00000000 (0) right : 0x000696b8 (431800) bottom : 0x000886d0 (558800) info : union spoolss_FormInfo(case 1) info1: struct spoolss_FormInfo1 flags : SPOOLSS_FORM_BUILTIN (1) form_name : * form_name : 'D size sheet' size: struct spoolss_FormSize width : 0x000886d0 (558800) height : 0x000d2d70 (863600) area: struct spoolss_FormArea left : 0x00000000 (0) top : 0x00000000 (0) right : 0x000886d0 (558800) bottom : 0x000d2d70 (863600) info : union spoolss_FormInfo(case 1) info1: struct spoolss_FormInfo1 flags : SPOOLSS_FORM_BUILTIN (1) form_name : * form_name : 'Double Japan Postcard Rotated' size: struct spoolss_FormSize width : 0x00024220 (148000) height : 0x00030d40 (200000) area: struct spoolss_FormArea left : 0x00000000 (0) top : 0x00000000 (0) right : 0x00024220 (148000) bottom : 0x00030d40 (200000) info : union spoolss_FormInfo(case 1) info1: struct spoolss_FormInfo1 flags : SPOOLSS_FORM_BUILTIN (1) form_name : * form_name : 'E size sheet' size: struct spoolss_FormSize width : 0x000d2d70 (863600) height : 0x00110da0 (1117600) area: struct spoolss_FormArea left : 0x00000000 (0) top : 0x00000000 (0) right : 0x000d2d70 (863600) bottom : 0x00110da0 (1117600) info : union spoolss_FormInfo(case 1) info1: struct spoolss_FormInfo1 flags : SPOOLSS_FORM_BUILTIN (1) form_name : * form_name : 'Envelope #10' size: struct spoolss_FormSize width : 0x00019947 (104775) height : 0x0003ae94 (241300) area: struct spoolss_FormArea left : 0x00000000 (0) top : 0x00000000 (0) right : 0x00019947 (104775) bottom : 0x0003ae94 (241300) info : union spoolss_FormInfo(case 1) info1: struct spoolss_FormInfo1 flags : SPOOLSS_FORM_BUILTIN (1) form_name : * form_name : 'Envelope #11' size: struct spoolss_FormSize width : 0x0001be7c (114300) height : 0x00040565 (263525) area: struct spoolss_FormArea left : 0x00000000 (0) top : 0x00000000 (0) right : 0x0001be7c (114300) bottom : 0x00040565 (263525) info : union spoolss_FormInfo(case 1) info1: struct spoolss_FormInfo1 flags : SPOOLSS_FORM_BUILTIN (1) form_name : * form_name : 'Envelope #12' size: struct spoolss_FormSize width : 0x0001d74a (120650) height : 0x00044368 (279400) area: struct spoolss_FormArea left : 0x00000000 (0) top : 0x00000000 (0) right : 0x0001d74a (120650) bottom : 0x00044368 (279400) info : union spoolss_FormInfo(case 1) info1: struct spoolss_FormInfo1 flags : SPOOLSS_FORM_BUILTIN (1) form_name : * form_name : 'Envelope #14' size: struct spoolss_FormSize width : 0x0001f018 (127000) height : 0x00047504 (292100) area: struct spoolss_FormArea left : 0x00000000 (0) top : 0x00000000 (0) right : 0x0001f018 (127000) bottom : 0x00047504 (292100) info : union spoolss_FormInfo(case 1) info1: struct spoolss_FormInfo1 flags : SPOOLSS_FORM_BUILTIN (1) form_name : * form_name : 'Envelope #9' size: struct spoolss_FormSize width : 0x00018079 (98425) height : 0x00037091 (225425) area: struct spoolss_FormArea left : 0x00000000 (0) top : 0x00000000 (0) right : 0x00018079 (98425) bottom : 0x00037091 (225425) info : union spoolss_FormInfo(case 1) info1: struct spoolss_FormInfo1 flags : SPOOLSS_FORM_BUILTIN (1) form_name : * form_name : 'Envelope B4' size: struct spoolss_FormSize width : 0x0003d090 (250000) height : 0x000562e8 (353000) area: struct spoolss_FormArea left : 0x00000000 (0) top : 0x00000000 (0) right : 0x0003d090 (250000) bottom : 0x000562e8 (353000) info : union spoolss_FormInfo(case 1) info1: struct spoolss_FormInfo1 flags : SPOOLSS_FORM_BUILTIN (1) form_name : * form_name : 'Envelope B5' size: struct spoolss_FormSize width : 0x0002af80 (176000) height : 0x0003d090 (250000) area: struct spoolss_FormArea left : 0x00000000 (0) top : 0x00000000 (0) right : 0x0002af80 (176000) bottom : 0x0003d090 (250000) info : union spoolss_FormInfo(case 1) info1: struct spoolss_FormInfo1 flags : SPOOLSS_FORM_BUILTIN (1) form_name : * form_name : 'Envelope B6' size: struct spoolss_FormSize width : 0x0002af80 (176000) height : 0x0001e848 (125000) area: struct spoolss_FormArea left : 0x00000000 (0) top : 0x00000000 (0) right : 0x0002af80 (176000) bottom : 0x0001e848 (125000) info : union spoolss_FormInfo(case 1) info1: struct spoolss_FormInfo1 flags : SPOOLSS_FORM_BUILTIN (1) form_name : * form_name : 'Envelope C3' size: struct spoolss_FormSize width : 0x0004f1a0 (324000) height : 0x0006fd10 (458000) area: struct spoolss_FormArea left : 0x00000000 (0) top : 0x00000000 (0) right : 0x0004f1a0 (324000) bottom : 0x0006fd10 (458000) info : union spoolss_FormInfo(case 1) info1: struct spoolss_FormInfo1 flags : SPOOLSS_FORM_BUILTIN (1) form_name : * form_name : 'Envelope C4' size: struct spoolss_FormSize width : 0x00037e88 (229000) height : 0x0004f1a0 (324000) area: struct spoolss_FormArea left : 0x00000000 (0) top : 0x00000000 (0) right : 0x00037e88 (229000) bottom : 0x0004f1a0 (324000) info : union spoolss_FormInfo(case 1) info1: struct spoolss_FormInfo1 flags : SPOOLSS_FORM_BUILTIN (1) form_name : * form_name : 'Envelope C5' size: struct spoolss_FormSize width : 0x000278d0 (162000) height : 0x00037e88 (229000) area: struct spoolss_FormArea left : 0x00000000 (0) top : 0x00000000 (0) right : 0x000278d0 (162000) bottom : 0x00037e88 (229000) info : union spoolss_FormInfo(case 1) info1: struct spoolss_FormInfo1 flags : SPOOLSS_FORM_BUILTIN (1) form_name : * form_name : 'Envelope C6' size: struct spoolss_FormSize width : 0x0001bd50 (114000) height : 0x000278d0 (162000) area: struct spoolss_FormArea left : 0x00000000 (0) top : 0x00000000 (0) right : 0x0001bd50 (114000) bottom : 0x000278d0 (162000) info : union spoolss_FormInfo(case 1) info1: struct spoolss_FormInfo1 flags : SPOOLSS_FORM_BUILTIN (1) form_name : * form_name : 'Envelope C65' size: struct spoolss_FormSize width : 0x0001bd50 (114000) height : 0x00037e88 (229000) area: struct spoolss_FormArea left : 0x00000000 (0) top : 0x00000000 (0) right : 0x0001bd50 (114000) bottom : 0x00037e88 (229000) info : union spoolss_FormInfo(case 1) info1: struct spoolss_FormInfo1 flags : SPOOLSS_FORM_BUILTIN (1) form_name : * form_name : 'Envelope DL' size: struct spoolss_FormSize width : 0x0001adb0 (110000) height : 0x00035b60 (220000) area: struct spoolss_FormArea left : 0x00000000 (0) top : 0x00000000 (0) right : 0x0001adb0 (110000) bottom : 0x00035b60 (220000) info : union spoolss_FormInfo(case 1) info1: struct spoolss_FormInfo1 flags : SPOOLSS_FORM_BUILTIN (1) form_name : * form_name : 'Envelope Invite' size: struct spoolss_FormSize width : 0x00035b60 (220000) height : 0x00035b60 (220000) area: struct spoolss_FormArea left : 0x00000000 (0) top : 0x00000000 (0) right : 0x00035b60 (220000) bottom : 0x00035b60 (220000) info : union spoolss_FormInfo(case 1) info1: struct spoolss_FormInfo1 flags : SPOOLSS_FORM_BUILTIN (1) form_name : * form_name : 'Envelope Monarch' size: struct spoolss_FormSize width : 0x00018079 (98425) height : 0x0002e824 (190500) area: struct spoolss_FormArea left : 0x00000000 (0) top : 0x00000000 (0) right : 0x00018079 (98425) bottom : 0x0002e824 (190500) info : union spoolss_FormInfo(case 1) info1: struct spoolss_FormInfo1 flags : SPOOLSS_FORM_BUILTIN (1) form_name : * form_name : 'Envelope' size: struct spoolss_FormSize width : 0x0001adb0 (110000) height : 0x00038270 (230000) area: struct spoolss_FormArea left : 0x00000000 (0) top : 0x00000000 (0) right : 0x0001adb0 (110000) bottom : 0x00038270 (230000) info : union spoolss_FormInfo(case 1) info1: struct spoolss_FormInfo1 flags : SPOOLSS_FORM_BUILTIN (1) form_name : * form_name : 'Executive' size: struct spoolss_FormSize width : 0x0002cf56 (184150) height : 0x000411cc (266700) area: struct spoolss_FormArea left : 0x00000000 (0) top : 0x00000000 (0) right : 0x0002cf56 (184150) bottom : 0x000411cc (266700) info : union spoolss_FormInfo(case 1) info1: struct spoolss_FormInfo1 flags : SPOOLSS_FORM_BUILTIN (1) form_name : * form_name : 'Folio' size: struct spoolss_FormSize width : 0x00034b5c (215900) height : 0x000509d8 (330200) area: struct spoolss_FormArea left : 0x00000000 (0) top : 0x00000000 (0) right : 0x00034b5c (215900) bottom : 0x000509d8 (330200) info : union spoolss_FormInfo(case 1) info1: struct spoolss_FormInfo1 flags : SPOOLSS_FORM_BUILTIN (1) form_name : * form_name : 'German Legal Fanfold' size: struct spoolss_FormSize width : 0x00034b5c (215900) height : 0x000509d8 (330200) area: struct spoolss_FormArea left : 0x00000000 (0) top : 0x00000000 (0) right : 0x00034b5c (215900) bottom : 0x000509d8 (330200) info : union spoolss_FormInfo(case 1) info1: struct spoolss_FormInfo1 flags : SPOOLSS_FORM_BUILTIN (1) form_name : * form_name : 'German Std Fanfold' size: struct spoolss_FormSize width : 0x00034b5c (215900) height : 0x0004a6a0 (304800) area: struct spoolss_FormArea left : 0x00000000 (0) top : 0x00000000 (0) right : 0x00034b5c (215900) bottom : 0x0004a6a0 (304800) info : union spoolss_FormInfo(case 1) info1: struct spoolss_FormInfo1 flags : SPOOLSS_FORM_BUILTIN (1) form_name : * form_name : 'Japan Envelope Chou #3 Rotated' size: struct spoolss_FormSize width : 0x000395f8 (235000) height : 0x0001d4c0 (120000) area: struct spoolss_FormArea left : 0x00000000 (0) top : 0x00000000 (0) right : 0x000395f8 (235000) bottom : 0x0001d4c0 (120000) info : union spoolss_FormInfo(case 1) info1: struct spoolss_FormInfo1 flags : SPOOLSS_FORM_BUILTIN (1) form_name : * form_name : 'Japan Envelope Chou #4 Rotated' size: struct spoolss_FormSize width : 0x000320c8 (205000) height : 0x00015f90 (90000) area: struct spoolss_FormArea left : 0x00000000 (0) top : 0x00000000 (0) right : 0x000320c8 (205000) bottom : 0x00015f90 (90000) info : union spoolss_FormInfo(case 1) info1: struct spoolss_FormInfo1 flags : SPOOLSS_FORM_BUILTIN (1) form_name : * form_name : 'Japan Envelope Kaku #2 Rotated' size: struct spoolss_FormSize width : 0x000510e0 (332000) height : 0x0003a980 (240000) area: struct spoolss_FormArea left : 0x00000000 (0) top : 0x00000000 (0) right : 0x000510e0 (332000) bottom : 0x0003a980 (240000) info : union spoolss_FormInfo(case 1) info1: struct spoolss_FormInfo1 flags : SPOOLSS_FORM_BUILTIN (1) form_name : * form_name : 'Japan Envelope Kaku #3 Rotated' size: struct spoolss_FormSize width : 0x00043a08 (277000) height : 0x00034bc0 (216000) area: struct spoolss_FormArea left : 0x00000000 (0) top : 0x00000000 (0) right : 0x00043a08 (277000) bottom : 0x00034bc0 (216000) info : union spoolss_FormInfo(case 1) info1: struct spoolss_FormInfo1 flags : SPOOLSS_FORM_BUILTIN (1) form_name : * form_name : 'Japan Envelope You #4 Rotated' size: struct spoolss_FormSize width : 0x000395f8 (235000) height : 0x00019a28 (105000) area: struct spoolss_FormArea left : 0x00000000 (0) top : 0x00000000 (0) right : 0x000395f8 (235000) bottom : 0x00019a28 (105000) info : union spoolss_FormInfo(case 1) info1: struct spoolss_FormInfo1 flags : SPOOLSS_FORM_BUILTIN (1) form_name : * form_name : 'Japan Envelope You #4' size: struct spoolss_FormSize width : 0x00019a28 (105000) height : 0x000395f8 (235000) area: struct spoolss_FormArea left : 0x00000000 (0) top : 0x00000000 (0) right : 0x00019a28 (105000) bottom : 0x000395f8 (235000) info : union spoolss_FormInfo(case 1) info1: struct spoolss_FormInfo1 flags : SPOOLSS_FORM_BUILTIN (1) form_name : * form_name : 'Japanese Double Postcard' size: struct spoolss_FormSize width : 0x00030d40 (200000) height : 0x00024220 (148000) area: struct spoolss_FormArea left : 0x00000000 (0) top : 0x00000000 (0) right : 0x00030d40 (200000) bottom : 0x00024220 (148000) info : union spoolss_FormInfo(case 1) info1: struct spoolss_FormInfo1 flags : SPOOLSS_FORM_BUILTIN (1) form_name : * form_name : 'Japanese Envelope Chou #3' size: struct spoolss_FormSize width : 0x0001d4c0 (120000) height : 0x000395f8 (235000) area: struct spoolss_FormArea left : 0x00000000 (0) top : 0x00000000 (0) right : 0x0001d4c0 (120000) bottom : 0x000395f8 (235000) info : union spoolss_FormInfo(case 1) info1: struct spoolss_FormInfo1 flags : SPOOLSS_FORM_BUILTIN (1) form_name : * form_name : 'Japanese Envelope Chou #4' size: struct spoolss_FormSize width : 0x00015f90 (90000) height : 0x000320c8 (205000) area: struct spoolss_FormArea left : 0x00000000 (0) top : 0x00000000 (0) right : 0x00015f90 (90000) bottom : 0x000320c8 (205000) info : union spoolss_FormInfo(case 1) info1: struct spoolss_FormInfo1 flags : SPOOLSS_FORM_BUILTIN (1) form_name : * form_name : 'Japanese Envelope Kaku #2' size: struct spoolss_FormSize width : 0x0003a980 (240000) height : 0x000510e0 (332000) area: struct spoolss_FormArea left : 0x00000000 (0) top : 0x00000000 (0) right : 0x0003a980 (240000) bottom : 0x000510e0 (332000) info : union spoolss_FormInfo(case 1) info1: struct spoolss_FormInfo1 flags : SPOOLSS_FORM_BUILTIN (1) form_name : * form_name : 'Japanese Envelope Kaku #3' size: struct spoolss_FormSize width : 0x00034bc0 (216000) height : 0x00043a08 (277000) area: struct spoolss_FormArea left : 0x00000000 (0) top : 0x00000000 (0) right : 0x00034bc0 (216000) bottom : 0x00043a08 (277000) info : union spoolss_FormInfo(case 1) info1: struct spoolss_FormInfo1 flags : SPOOLSS_FORM_BUILTIN (1) form_name : * form_name : 'Japanese Postcard Rotated' size: struct spoolss_FormSize width : 0x00024220 (148000) height : 0x000186a0 (100000) area: struct spoolss_FormArea left : 0x00000000 (0) top : 0x00000000 (0) right : 0x00024220 (148000) bottom : 0x000186a0 (100000) info : union spoolss_FormInfo(case 1) info1: struct spoolss_FormInfo1 flags : SPOOLSS_FORM_BUILTIN (1) form_name : * form_name : 'Japanese Postcard' size: struct spoolss_FormSize width : 0x000186a0 (100000) height : 0x00024220 (148000) area: struct spoolss_FormArea left : 0x00000000 (0) top : 0x00000000 (0) right : 0x000186a0 (100000) bottom : 0x00024220 (148000) info : union spoolss_FormInfo(case 1) info1: struct spoolss_FormInfo1 flags : SPOOLSS_FORM_BUILTIN (1) form_name : * form_name : 'Ledger' size: struct spoolss_FormSize width : 0x000696b8 (431800) height : 0x00044368 (279400) area: struct spoolss_FormArea left : 0x00000000 (0) top : 0x00000000 (0) right : 0x000696b8 (431800) bottom : 0x00044368 (279400) info : union spoolss_FormInfo(case 1) info1: struct spoolss_FormInfo1 flags : SPOOLSS_FORM_BUILTIN (1) form_name : * form_name : 'Legal Extra' size: struct spoolss_FormSize width : 0x0003ae94 (241300) height : 0x0005d048 (381000) area: struct spoolss_FormArea left : 0x00000000 (0) top : 0x00000000 (0) right : 0x0003ae94 (241300) bottom : 0x0005d048 (381000) info : union spoolss_FormInfo(case 1) info1: struct spoolss_FormInfo1 flags : SPOOLSS_FORM_BUILTIN (1) form_name : * form_name : 'Legal' size: struct spoolss_FormSize width : 0x00034b5c (215900) height : 0x00056d10 (355600) area: struct spoolss_FormArea left : 0x00000000 (0) top : 0x00000000 (0) right : 0x00034b5c (215900) bottom : 0x00056d10 (355600) info : union spoolss_FormInfo(case 1) info1: struct spoolss_FormInfo1 flags : SPOOLSS_FORM_BUILTIN (1) form_name : * form_name : 'Letter Extra Transverse' size: struct spoolss_FormSize width : 0x0003ae94 (241300) height : 0x0004a6a0 (304800) area: struct spoolss_FormArea left : 0x00000000 (0) top : 0x00000000 (0) right : 0x0003ae94 (241300) bottom : 0x0004a6a0 (304800) info : union spoolss_FormInfo(case 1) info1: struct spoolss_FormInfo1 flags : SPOOLSS_FORM_BUILTIN (1) form_name : * form_name : 'Letter Extra' size: struct spoolss_FormSize width : 0x0003ae94 (241300) height : 0x0004a6a0 (304800) area: struct spoolss_FormArea left : 0x00000000 (0) top : 0x00000000 (0) right : 0x0003ae94 (241300) bottom : 0x0004a6a0 (304800) info : union spoolss_FormInfo(case 1) info1: struct spoolss_FormInfo1 flags : SPOOLSS_FORM_BUILTIN (1) form_name : * form_name : 'Letter Plus' size: struct spoolss_FormSize width : 0x00034b5c (215900) height : 0x0004eb16 (322326) area: struct spoolss_FormArea left : 0x00000000 (0) top : 0x00000000 (0) right : 0x00034b5c (215900) bottom : 0x0004eb16 (322326) info : union spoolss_FormInfo(case 1) info1: struct spoolss_FormInfo1 flags : SPOOLSS_FORM_BUILTIN (1) form_name : * form_name : 'Letter Rotated' size: struct spoolss_FormSize width : 0x00044368 (279400) height : 0x00034b5c (215900) area: struct spoolss_FormArea left : 0x00000000 (0) top : 0x00000000 (0) right : 0x00044368 (279400) bottom : 0x00034b5c (215900) info : union spoolss_FormInfo(case 1) info1: struct spoolss_FormInfo1 flags : SPOOLSS_FORM_BUILTIN (1) form_name : * form_name : 'Letter Small' size: struct spoolss_FormSize width : 0x00034b5c (215900) height : 0x00044368 (279400) area: struct spoolss_FormArea left : 0x00000000 (0) top : 0x00000000 (0) right : 0x00034b5c (215900) bottom : 0x00044368 (279400) info : union spoolss_FormInfo(case 1) info1: struct spoolss_FormInfo1 flags : SPOOLSS_FORM_BUILTIN (1) form_name : * form_name : 'Letter Transverse' size: struct spoolss_FormSize width : 0x00034b5c (215900) height : 0x00044368 (279400) area: struct spoolss_FormArea left : 0x00000000 (0) top : 0x00000000 (0) right : 0x00034b5c (215900) bottom : 0x00044368 (279400) info : union spoolss_FormInfo(case 1) info1: struct spoolss_FormInfo1 flags : SPOOLSS_FORM_BUILTIN (1) form_name : * form_name : 'Letter' size: struct spoolss_FormSize width : 0x00034b5c (215900) height : 0x00044368 (279400) area: struct spoolss_FormArea left : 0x00000000 (0) top : 0x00000000 (0) right : 0x00034b5c (215900) bottom : 0x00044368 (279400) info : union spoolss_FormInfo(case 1) info1: struct spoolss_FormInfo1 flags : SPOOLSS_FORM_BUILTIN (1) form_name : * form_name : 'Note' size: struct spoolss_FormSize width : 0x00034b5c (215900) height : 0x00044368 (279400) area: struct spoolss_FormArea left : 0x00000000 (0) top : 0x00000000 (0) right : 0x00034b5c (215900) bottom : 0x00044368 (279400) info : union spoolss_FormInfo(case 1) info1: struct spoolss_FormInfo1 flags : SPOOLSS_FORM_BUILTIN (1) form_name : * form_name : 'PRC 16K Rotated' size: struct spoolss_FormSize width : 0x0003f7a0 (260000) height : 0x0002de60 (188000) area: struct spoolss_FormArea left : 0x00000000 (0) top : 0x00000000 (0) right : 0x0003f7a0 (260000) bottom : 0x0002de60 (188000) info : union spoolss_FormInfo(case 1) info1: struct spoolss_FormInfo1 flags : SPOOLSS_FORM_BUILTIN (1) form_name : * form_name : 'PRC 16K' size: struct spoolss_FormSize width : 0x0002de60 (188000) height : 0x0003f7a0 (260000) area: struct spoolss_FormArea left : 0x00000000 (0) top : 0x00000000 (0) right : 0x0002de60 (188000) bottom : 0x0003f7a0 (260000) info : union spoolss_FormInfo(case 1) info1: struct spoolss_FormInfo1 flags : SPOOLSS_FORM_BUILTIN (1) form_name : * form_name : 'PRC 32K Rotated' size: struct spoolss_FormSize width : 0x0002cec0 (184000) height : 0x0001fbd0 (130000) area: struct spoolss_FormArea left : 0x00000000 (0) top : 0x00000000 (0) right : 0x0002cec0 (184000) bottom : 0x0001fbd0 (130000) info : union spoolss_FormInfo(case 1) info1: struct spoolss_FormInfo1 flags : SPOOLSS_FORM_BUILTIN (1) form_name : * form_name : 'PRC 32K' size: struct spoolss_FormSize width : 0x0001fbd0 (130000) height : 0x0002cec0 (184000) area: struct spoolss_FormArea left : 0x00000000 (0) top : 0x00000000 (0) right : 0x0001fbd0 (130000) bottom : 0x0002cec0 (184000) info : union spoolss_FormInfo(case 1) info1: struct spoolss_FormInfo1 flags : SPOOLSS_FORM_BUILTIN (1) form_name : * form_name : 'PRC 32K(Big) Rotated' size: struct spoolss_FormSize width : 0x000318f8 (203000) height : 0x000222e0 (140000) area: struct spoolss_FormArea left : 0x00000000 (0) top : 0x00000000 (0) right : 0x000318f8 (203000) bottom : 0x000222e0 (140000) info : union spoolss_FormInfo(case 1) info1: struct spoolss_FormInfo1 flags : SPOOLSS_FORM_BUILTIN (1) form_name : * form_name : 'PRC 32K(Big)' size: struct spoolss_FormSize width : 0x000222e0 (140000) height : 0x000318f8 (203000) area: struct spoolss_FormArea left : 0x00000000 (0) top : 0x00000000 (0) right : 0x000222e0 (140000) bottom : 0x000318f8 (203000) info : union spoolss_FormInfo(case 1) info1: struct spoolss_FormInfo1 flags : SPOOLSS_FORM_BUILTIN (1) form_name : * form_name : 'PRC Envelope #1 Rotated' size: struct spoolss_FormSize width : 0x00028488 (165000) height : 0x00018e70 (102000) area: struct spoolss_FormArea left : 0x00000000 (0) top : 0x00000000 (0) right : 0x00028488 (165000) bottom : 0x00018e70 (102000) info : union spoolss_FormInfo(case 1) info1: struct spoolss_FormInfo1 flags : SPOOLSS_FORM_BUILTIN (1) form_name : * form_name : 'PRC Envelope #1' size: struct spoolss_FormSize width : 0x00018e70 (102000) height : 0x00028488 (165000) area: struct spoolss_FormArea left : 0x00000000 (0) top : 0x00000000 (0) right : 0x00018e70 (102000) bottom : 0x00028488 (165000) info : union spoolss_FormInfo(case 1) info1: struct spoolss_FormInfo1 flags : SPOOLSS_FORM_BUILTIN (1) form_name : * form_name : 'PRC Envelope #10 Rotated' size: struct spoolss_FormSize width : 0x0006fd10 (458000) height : 0x0004f1a0 (324000) area: struct spoolss_FormArea left : 0x00000000 (0) top : 0x00000000 (0) right : 0x0006fd10 (458000) bottom : 0x0004f1a0 (324000) info : union spoolss_FormInfo(case 1) info1: struct spoolss_FormInfo1 flags : SPOOLSS_FORM_BUILTIN (1) form_name : * form_name : 'PRC Envelope #10' size: struct spoolss_FormSize width : 0x0004f1a0 (324000) height : 0x0006fd10 (458000) area: struct spoolss_FormArea left : 0x00000000 (0) top : 0x00000000 (0) right : 0x0004f1a0 (324000) bottom : 0x0006fd10 (458000) info : union spoolss_FormInfo(case 1) info1: struct spoolss_FormInfo1 flags : SPOOLSS_FORM_BUILTIN (1) form_name : * form_name : 'PRC Envelope #2 Rotated' size: struct spoolss_FormSize width : 0x0002af80 (176000) height : 0x00018e70 (102000) area: struct spoolss_FormArea left : 0x00000000 (0) top : 0x00000000 (0) right : 0x0002af80 (176000) bottom : 0x00018e70 (102000) info : union spoolss_FormInfo(case 1) info1: struct spoolss_FormInfo1 flags : SPOOLSS_FORM_BUILTIN (1) form_name : * form_name : 'PRC Envelope #2' size: struct spoolss_FormSize width : 0x00018e70 (102000) height : 0x0002af80 (176000) area: struct spoolss_FormArea left : 0x00000000 (0) top : 0x00000000 (0) right : 0x00018e70 (102000) bottom : 0x0002af80 (176000) info : union spoolss_FormInfo(case 1) info1: struct spoolss_FormInfo1 flags : SPOOLSS_FORM_BUILTIN (1) form_name : * form_name : 'PRC Envelope #3 Rotated' size: struct spoolss_FormSize width : 0x0002af80 (176000) height : 0x0001e848 (125000) area: struct spoolss_FormArea left : 0x00000000 (0) top : 0x00000000 (0) right : 0x0002af80 (176000) bottom : 0x0001e848 (125000) info : union spoolss_FormInfo(case 1) info1: struct spoolss_FormInfo1 flags : SPOOLSS_FORM_BUILTIN (1) form_name : * form_name : 'PRC Envelope #3' size: struct spoolss_FormSize width : 0x0001e848 (125000) height : 0x0002af80 (176000) area: struct spoolss_FormArea left : 0x00000000 (0) top : 0x00000000 (0) right : 0x0001e848 (125000) bottom : 0x0002af80 (176000) info : union spoolss_FormInfo(case 1) info1: struct spoolss_FormInfo1 flags : SPOOLSS_FORM_BUILTIN (1) form_name : * form_name : 'PRC Envelope #4 Rotated' size: struct spoolss_FormSize width : 0x00032c80 (208000) height : 0x0001adb0 (110000) area: struct spoolss_FormArea left : 0x00000000 (0) top : 0x00000000 (0) right : 0x00032c80 (208000) bottom : 0x0001adb0 (110000) info : union spoolss_FormInfo(case 1) info1: struct spoolss_FormInfo1 flags : SPOOLSS_FORM_BUILTIN (1) form_name : * form_name : 'PRC Envelope #4' size: struct spoolss_FormSize width : 0x0001adb0 (110000) height : 0x00032c80 (208000) area: struct spoolss_FormArea left : 0x00000000 (0) top : 0x00000000 (0) right : 0x0001adb0 (110000) bottom : 0x00032c80 (208000) info : union spoolss_FormInfo(case 1) info1: struct spoolss_FormInfo1 flags : SPOOLSS_FORM_BUILTIN (1) form_name : * form_name : 'PRC Envelope #5 Rotated' size: struct spoolss_FormSize width : 0x00035b60 (220000) height : 0x0001adb0 (110000) area: struct spoolss_FormArea left : 0x00000000 (0) top : 0x00000000 (0) right : 0x00035b60 (220000) bottom : 0x0001adb0 (110000) info : union spoolss_FormInfo(case 1) info1: struct spoolss_FormInfo1 flags : SPOOLSS_FORM_BUILTIN (1) form_name : * form_name : 'PRC Envelope #5' size: struct spoolss_FormSize width : 0x0001adb0 (110000) height : 0x00035b60 (220000) area: struct spoolss_FormArea left : 0x00000000 (0) top : 0x00000000 (0) right : 0x0001adb0 (110000) bottom : 0x00035b60 (220000) info : union spoolss_FormInfo(case 1) info1: struct spoolss_FormInfo1 flags : SPOOLSS_FORM_BUILTIN (1) form_name : * form_name : 'PRC Envelope #6 Rotated' size: struct spoolss_FormSize width : 0x00038270 (230000) height : 0x0001d4c0 (120000) area: struct spoolss_FormArea left : 0x00000000 (0) top : 0x00000000 (0) right : 0x00038270 (230000) bottom : 0x0001d4c0 (120000) info : union spoolss_FormInfo(case 1) info1: struct spoolss_FormInfo1 flags : SPOOLSS_FORM_BUILTIN (1) form_name : * form_name : 'PRC Envelope #6' size: struct spoolss_FormSize width : 0x0001d4c0 (120000) height : 0x00038270 (230000) area: struct spoolss_FormArea left : 0x00000000 (0) top : 0x00000000 (0) right : 0x0001d4c0 (120000) bottom : 0x00038270 (230000) info : union spoolss_FormInfo(case 1) info1: struct spoolss_FormInfo1 flags : SPOOLSS_FORM_BUILTIN (1) form_name : * form_name : 'PRC Envelope #7 Rotated' size: struct spoolss_FormSize width : 0x00038270 (230000) height : 0x00027100 (160000) area: struct spoolss_FormArea left : 0x00000000 (0) top : 0x00000000 (0) right : 0x00038270 (230000) bottom : 0x00027100 (160000) info : union spoolss_FormInfo(case 1) info1: struct spoolss_FormInfo1 flags : SPOOLSS_FORM_BUILTIN (1) form_name : * form_name : 'PRC Envelope #7' size: struct spoolss_FormSize width : 0x00027100 (160000) height : 0x00038270 (230000) area: struct spoolss_FormArea left : 0x00000000 (0) top : 0x00000000 (0) right : 0x00027100 (160000) bottom : 0x00038270 (230000) info : union spoolss_FormInfo(case 1) info1: struct spoolss_FormInfo1 flags : SPOOLSS_FORM_BUILTIN (1) form_name : * form_name : 'PRC Envelope #8 Rotated' size: struct spoolss_FormSize width : 0x0004b708 (309000) height : 0x0001d4c0 (120000) area: struct spoolss_FormArea left : 0x00000000 (0) top : 0x00000000 (0) right : 0x0004b708 (309000) bottom : 0x0001d4c0 (120000) info : union spoolss_FormInfo(case 1) info1: struct spoolss_FormInfo1 flags : SPOOLSS_FORM_BUILTIN (1) form_name : * form_name : 'PRC Envelope #8' size: struct spoolss_FormSize width : 0x0001d4c0 (120000) height : 0x0004b708 (309000) area: struct spoolss_FormArea left : 0x00000000 (0) top : 0x00000000 (0) right : 0x0001d4c0 (120000) bottom : 0x0004b708 (309000) info : union spoolss_FormInfo(case 1) info1: struct spoolss_FormInfo1 flags : SPOOLSS_FORM_BUILTIN (1) form_name : * form_name : 'PRC Envelope #9 Rotated' size: struct spoolss_FormSize width : 0x0004f1a0 (324000) height : 0x00037e88 (229000) area: struct spoolss_FormArea left : 0x00000000 (0) top : 0x00000000 (0) right : 0x0004f1a0 (324000) bottom : 0x00037e88 (229000) info : union spoolss_FormInfo(case 1) info1: struct spoolss_FormInfo1 flags : SPOOLSS_FORM_BUILTIN (1) form_name : * form_name : 'PRC Envelope #9' size: struct spoolss_FormSize width : 0x00037e88 (229000) height : 0x0004f1a0 (324000) area: struct spoolss_FormArea left : 0x00000000 (0) top : 0x00000000 (0) right : 0x00037e88 (229000) bottom : 0x0004f1a0 (324000) info : union spoolss_FormInfo(case 1) info1: struct spoolss_FormInfo1 flags : SPOOLSS_FORM_BUILTIN (1) form_name : * form_name : 'Quarto' size: struct spoolss_FormSize width : 0x000347d8 (215000) height : 0x00043238 (275000) area: struct spoolss_FormArea left : 0x00000000 (0) top : 0x00000000 (0) right : 0x000347d8 (215000) bottom : 0x00043238 (275000) info : union spoolss_FormInfo(case 1) info1: struct spoolss_FormInfo1 flags : SPOOLSS_FORM_BUILTIN (1) form_name : * form_name : 'Reserved48' size: struct spoolss_FormSize width : 0x00000001 (1) height : 0x00000001 (1) area: struct spoolss_FormArea left : 0x00000000 (0) top : 0x00000000 (0) right : 0x00000001 (1) bottom : 0x00000001 (1) info : union spoolss_FormInfo(case 1) info1: struct spoolss_FormInfo1 flags : SPOOLSS_FORM_BUILTIN (1) form_name : * form_name : 'Reserved49' size: struct spoolss_FormSize width : 0x00000001 (1) height : 0x00000001 (1) area: struct spoolss_FormArea left : 0x00000000 (0) top : 0x00000000 (0) right : 0x00000001 (1) bottom : 0x00000001 (1) info : union spoolss_FormInfo(case 1) info1: struct spoolss_FormInfo1 flags : SPOOLSS_FORM_BUILTIN (1) form_name : * form_name : 'Statement' size: struct spoolss_FormSize width : 0x000221b4 (139700) height : 0x00034b5c (215900) area: struct spoolss_FormArea left : 0x00000000 (0) top : 0x00000000 (0) right : 0x000221b4 (139700) bottom : 0x00034b5c (215900) info : union spoolss_FormInfo(case 1) info1: struct spoolss_FormInfo1 flags : SPOOLSS_FORM_BUILTIN (1) form_name : * form_name : 'Super A' size: struct spoolss_FormSize width : 0x000376b8 (227000) height : 0x00056ea0 (356000) area: struct spoolss_FormArea left : 0x00000000 (0) top : 0x00000000 (0) right : 0x000376b8 (227000) bottom : 0x00056ea0 (356000) info : union spoolss_FormInfo(case 1) info1: struct spoolss_FormInfo1 flags : SPOOLSS_FORM_BUILTIN (1) form_name : * form_name : 'Super B' size: struct spoolss_FormSize width : 0x0004a768 (305000) height : 0x00076e58 (487000) area: struct spoolss_FormArea left : 0x00000000 (0) top : 0x00000000 (0) right : 0x0004a768 (305000) bottom : 0x00076e58 (487000) info : union spoolss_FormInfo(case 1) info1: struct spoolss_FormInfo1 flags : SPOOLSS_FORM_BUILTIN (1) form_name : * form_name : 'Tabloid Extra' size: struct spoolss_FormSize width : 0x0004a6a0 (304800) height : 0x0006f9f0 (457200) area: struct spoolss_FormArea left : 0x00000000 (0) top : 0x00000000 (0) right : 0x0004a6a0 (304800) bottom : 0x0006f9f0 (457200) info : union spoolss_FormInfo(case 1) info1: struct spoolss_FormInfo1 flags : SPOOLSS_FORM_BUILTIN (1) form_name : * form_name : 'Tabloid' size: struct spoolss_FormSize width : 0x00044368 (279400) height : 0x000696b8 (431800) area: struct spoolss_FormArea left : 0x00000000 (0) top : 0x00000000 (0) right : 0x00044368 (279400) bottom : 0x000696b8 (431800) info : union spoolss_FormInfo(case 1) info1: struct spoolss_FormInfo1 flags : SPOOLSS_FORM_BUILTIN (1) form_name : * form_name : 'US Std Fanfold' size: struct spoolss_FormSize width : 0x0005c3e1 (377825) height : 0x00044368 (279400) area: struct spoolss_FormArea left : 0x00000000 (0) top : 0x00000000 (0) right : 0x0005c3e1 (377825) bottom : 0x00044368 (279400) needed : * needed : 0x00001de0 (7648) result : WERR_OK [2012/08/30 15:27:54.499533, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP) api_rpcTNP: called \spoolss successfully [2012/08/30 15:27:54.499618, 10] rpc_server/srv_pipe.c:1684(api_rpcTNP) api_rpcTNP: rpc input buffer underflow (parse error?) [2012/08/30 15:27:54.499774, 10] ../lib/util/util.c:415(dump_data) [0000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0010] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0040] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0200] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0210] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0220] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0230] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0240] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0250] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0260] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0270] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0280] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0290] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0300] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0310] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0320] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0330] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0340] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0350] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0360] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0370] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0380] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0390] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0400] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0410] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0420] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0430] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0440] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0450] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0460] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0470] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0480] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0490] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0500] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0510] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0520] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0530] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0540] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0550] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0560] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0570] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0580] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0590] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0600] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0610] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0620] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0630] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0640] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0650] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0660] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0670] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0680] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0690] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0700] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0710] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0720] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0730] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0740] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0750] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0760] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0770] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0780] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0790] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0800] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0810] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0820] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0830] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0840] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0850] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0860] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0870] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0880] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0890] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0900] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0910] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0920] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0930] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0940] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0950] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0960] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0970] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0980] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0990] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0ED0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1010] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1040] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [10A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [10B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [10C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [10D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [10E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [10F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [11A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [11B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [11C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [11D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [11E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [11F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1200] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1210] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1220] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1230] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1240] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1250] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1260] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1270] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1280] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1290] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [12A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [12B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [12C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [12D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [12E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [12F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1300] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1310] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1320] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1330] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1340] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1350] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1360] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1370] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1380] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1390] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [13A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [13B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [13C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [13D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [13E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [13F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1400] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1410] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1420] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1430] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1440] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1450] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1460] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1470] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1480] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1490] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [14A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [14B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [14C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [14D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [14E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [14F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1500] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1510] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1520] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1530] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1540] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1550] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1560] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1570] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1580] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1590] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [15A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [15B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [15C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [15D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [15E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [15F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1600] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1610] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1620] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1630] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1640] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1650] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1660] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1670] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1680] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1690] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [16A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [16B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [16C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [16D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [16E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [16F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1700] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1710] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1720] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1730] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1740] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1750] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1760] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1770] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1780] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1790] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [17A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [17B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [17C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [17D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [17E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [17F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1800] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1810] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1820] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1830] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1840] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1850] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1860] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1870] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1880] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1890] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [18A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [18B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [18C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [18D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [18E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [18F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1900] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1910] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1920] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1930] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1940] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1950] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1960] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1970] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1980] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1990] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [19A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [19B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [19C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [19D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [19E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [19F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1A00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1A10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1A20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1A30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1A40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1A50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1A60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1A70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1A80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1A90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1AA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1AB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1AC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1AD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1AE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1AF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1B00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1B10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1B20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1B30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1B40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1B50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1B60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1B70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1B80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1B90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1BA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1BB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1BC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1BD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1BE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1BF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1C00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1C10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1C20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1C30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1C40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1C50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1C60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1C70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1C80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1C90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1CA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1CB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1CC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1CD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1CE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1CF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1D00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1D10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1D20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1D30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1D40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1D50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1D60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1D70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1D80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1D90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1DA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1DB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1DC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1DD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1DE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1DF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1E00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1E10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1E20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1E30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1E40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1E50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1E60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1E70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1E80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1E90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1EA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1EB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1EC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1ED0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1EE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1EF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1F00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1F10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1F20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1F30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1F40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1F50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1F60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1F70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1F80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1F90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1FA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1FB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1FC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1FD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1FE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1FF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [2000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [2010] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [2020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [2030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [2040] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [2050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [2060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [2070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [2080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [2090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [20A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [20B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [20C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [20D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [20E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [20F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [2100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [2110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [2120] 00 00 00 00 58 25 00 00 ....X%.. [2012/08/30 15:27:54.539184, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 1092 [2012/08/30 15:27:54.539341, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) name: \spoolss len: 1024 [2012/08/30 15:27:54.539466, 10] rpc_server/srv_pipe_hnd.c:346(read_from_internal_pipe) read_from_pipe: \spoolss: fault_state = 0 : data_sent_length = 0, p->out_data.rdata.length = 9580. [2012/08/30 15:27:54.539620, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) &r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_RESPONSE (2) pfc_flags : 0x01 (1) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x10b8 (4280) auth_length : 0x0000 (0) call_id : 0x00000005 (5) u : union dcerpc_payload(case 2) response: struct dcerpc_response alloc_hint : 0x0000256c (9580) context_id : 0x0000 (0) cancel_count : 0x00 (0) _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=4256 [0000] 04 00 02 00 58 25 00 00 01 00 00 00 4C 25 00 00 ....X%.. ....L%.. [0010] 30 E0 03 00 68 43 04 00 00 00 00 00 00 00 00 00 0...hC.. ........ [0020] 30 E0 03 00 68 43 04 00 01 00 00 00 20 25 00 00 0...hC.. .... %.. [0030] 30 E0 03 00 10 6D 05 00 00 00 00 00 00 00 00 00 0....m.. ........ [0040] 30 E0 03 00 10 6D 05 00 01 00 00 00 F4 24 00 00 0....m.. .....$.. [0050] 68 43 04 00 B8 96 06 00 00 00 00 00 00 00 00 00 hC...... ........ [0060] 68 43 04 00 B8 96 06 00 01 00 00 00 C8 24 00 00 hC...... .....$.. [0070] 24 A7 04 00 E1 43 04 00 00 00 00 00 00 00 00 00 $....C.. ........ [0080] 24 A7 04 00 E1 43 04 00 01 00 00 00 9C 24 00 00 $....C.. .....$.. [0090] 48 D0 05 00 68 43 04 00 00 00 00 00 00 00 00 00 H...hC.. ........ [00A0] 48 D0 05 00 68 43 04 00 01 00 00 00 5E 24 00 00 H...hC.. ....^$.. [00B0] AB 67 01 00 EC 84 02 00 00 00 00 00 00 00 00 00 .g...... ........ [00C0] AB 67 01 00 EC 84 02 00 01 00 00 00 34 24 00 00 .g...... ....4$.. [00D0] F8 7C 03 00 68 43 04 00 00 00 00 00 00 00 00 00 .|..hC.. ........ [00E0] F8 7C 03 00 68 43 04 00 01 00 00 00 0E 24 00 00 .|..hC.. .....$.. [00F0] 28 D5 0C 00 88 24 12 00 00 00 00 00 00 00 00 00 (....$.. ........ [0100] 28 D5 0C 00 88 24 12 00 01 00 00 00 E8 23 00 00 (....$.. .....#.. [0110] 50 10 09 00 28 D5 0C 00 00 00 00 00 00 00 00 00 P...(... ........ [0120] 50 10 09 00 28 D5 0C 00 01 00 00 00 C2 23 00 00 P...(... .....#.. [0130] A0 68 06 00 50 10 09 00 00 00 00 00 00 00 00 00 .h..P... ........ [0140] A0 68 06 00 50 10 09 00 01 00 00 00 7A 23 00 00 .h..P... ....z#.. [0150] D0 E9 04 00 48 CA 06 00 00 00 00 00 00 00 00 00 ....H... ........ [0160] D0 E9 04 00 48 CA 06 00 01 00 00 00 48 23 00 00 ....H... ....H#.. [0170] D0 E9 04 00 48 CA 06 00 00 00 00 00 00 00 00 00 ....H... ........ [0180] D0 E9 04 00 48 CA 06 00 01 00 00 00 12 23 00 00 ....H... .....#.. [0190] A0 68 06 00 28 88 04 00 00 00 00 00 00 00 00 00 .h..(... ........ [01A0] A0 68 06 00 28 88 04 00 01 00 00 00 D6 22 00 00 .h..(... .....".. [01B0] 28 88 04 00 A0 68 06 00 00 00 00 00 00 00 00 00 (....h.. ........ [01C0] 28 88 04 00 A0 68 06 00 01 00 00 00 B0 22 00 00 (....h.. .....".. [01D0] 28 88 04 00 A0 68 06 00 00 00 00 00 00 00 00 00 (....h.. ........ [01E0] 28 88 04 00 A0 68 06 00 01 00 00 00 7E 22 00 00 (....h.. ....~".. [01F0] C2 97 03 00 16 EB 04 00 00 00 00 00 00 00 00 00 ........ ........ [0200] C2 97 03 00 16 EB 04 00 01 00 00 00 4E 22 00 00 ........ ....N".. [0210] 50 34 03 00 10 09 05 00 00 00 00 00 00 00 00 00 P4...... ........ [0220] 50 34 03 00 10 09 05 00 01 00 00 00 18 22 00 00 P4...... .....".. [0230] 28 88 04 00 50 34 03 00 00 00 00 00 00 00 00 00 (...P4.. ........ [0240] 28 88 04 00 50 34 03 00 01 00 00 00 E6 21 00 00 (...P4.. .....!.. [0250] 50 34 03 00 28 88 04 00 00 00 00 00 00 00 00 00 P4..(... ........ [0260] 50 34 03 00 28 88 04 00 01 00 00 00 AA 21 00 00 P4..(... .....!.. [0270] 50 34 03 00 28 88 04 00 00 00 00 00 00 00 00 00 P4..(... ........ [0280] 50 34 03 00 28 88 04 00 01 00 00 00 84 21 00 00 P4..(... .....!.. [0290] 50 34 03 00 28 88 04 00 00 00 00 00 00 00 00 00 P4..(... ........ [02A0] 50 34 03 00 28 88 04 00 01 00 00 00 52 21 00 00 P4..(... ....R!.. [02B0] B0 A7 02 00 F8 95 03 00 00 00 00 00 00 00 00 00 ........ ........ [02C0] B0 A7 02 00 F8 95 03 00 01 00 00 00 1C 21 00 00 ........ .....!.. [02D0] 50 34 03 00 20 42 02 00 00 00 00 00 00 00 00 00 P4.. B.. ........ [02E0] 50 34 03 00 20 42 02 00 01 00 00 00 E0 20 00 00 P4.. B.. ..... .. [02F0] 20 42 02 00 50 34 03 00 00 00 00 00 00 00 00 00 B..P4.. ........ [0300] 20 42 02 00 50 34 03 00 01 00 00 00 BA 20 00 00 B..P4.. ..... .. [0310] 20 42 02 00 50 34 03 00 00 00 00 00 00 00 00 00 B..P4.. ........ [0320] 20 42 02 00 50 34 03 00 01 00 00 00 84 20 00 00 B..P4.. ..... .. [0330] 20 42 02 00 28 9A 01 00 00 00 00 00 00 00 00 00 B..(... ........ [0340] 20 42 02 00 28 9A 01 00 01 00 00 00 5E 20 00 00 B..(... ....^ .. [0350] 28 9A 01 00 20 42 02 00 00 00 00 00 00 00 00 00 (... B.. ........ [0360] 28 9A 01 00 20 42 02 00 01 00 00 00 2C 20 00 00 (... B.. ...., .. [0370] 90 D0 03 00 E8 62 05 00 00 00 00 00 00 00 00 00 .....b.. ........ [0380] 90 D0 03 00 E8 62 05 00 01 00 00 00 EA 1F 00 00 .....b.. ........ [0390] E0 8D 05 00 E8 EB 03 00 00 00 00 00 00 00 00 00 ........ ........ [03A0] E0 8D 05 00 E8 EB 03 00 01 00 00 00 B8 1F 00 00 ........ ........ [03B0] E8 EB 03 00 E0 8D 05 00 00 00 00 00 00 00 00 00 ........ ........ [03C0] E8 EB 03 00 E0 8D 05 00 01 00 00 00 7A 1F 00 00 ........ ....z... [03D0] 28 11 03 00 20 36 04 00 00 00 00 00 00 00 00 00 (... 6.. ........ [03E0] 28 11 03 00 20 36 04 00 01 00 00 00 38 1F 00 00 (... 6.. ....8... [03F0] E8 EB 03 00 F0 C6 02 00 00 00 00 00 00 00 00 00 ........ ........ [0400] E8 EB 03 00 F0 C6 02 00 01 00 00 00 F0 1E 00 00 ........ ........ [0410] F0 C6 02 00 E8 EB 03 00 00 00 00 00 00 00 00 00 ........ ........ [0420] F0 C6 02 00 E8 EB 03 00 01 00 00 00 BE 1E 00 00 ........ ........ [0430] F0 C6 02 00 E8 EB 03 00 00 00 00 00 00 00 00 00 ........ ........ [0440] F0 C6 02 00 E8 EB 03 00 01 00 00 00 7C 1E 00 00 ........ ....|... [0450] F0 C6 02 00 00 F4 01 00 00 00 00 00 00 00 00 00 ........ ........ [0460] F0 C6 02 00 00 F4 01 00 01 00 00 00 4A 1E 00 00 ........ ....J... [0470] 00 F4 01 00 F0 C6 02 00 00 00 00 00 00 00 00 00 ........ ........ [0480] 00 F4 01 00 F0 C6 02 00 01 00 00 00 10 1E 00 00 ........ ........ [0490] B8 96 06 00 D0 86 08 00 00 00 00 00 00 00 00 00 ........ ........ [04A0] B8 96 06 00 D0 86 08 00 01 00 00 00 D6 1D 00 00 ........ ........ [04B0] D0 86 08 00 70 2D 0D 00 00 00 00 00 00 00 00 00 ....p-.. ........ [04C0] D0 86 08 00 70 2D 0D 00 01 00 00 00 7A 1D 00 00 ....p-.. ....z... [04D0] 20 42 02 00 40 0D 03 00 00 00 00 00 00 00 00 00 B..@... ........ [04E0] 20 42 02 00 40 0D 03 00 01 00 00 00 40 1D 00 00 B..@... ....@... [04F0] 70 2D 0D 00 A0 0D 11 00 00 00 00 00 00 00 00 00 p-...... ........ [0500] 70 2D 0D 00 A0 0D 11 00 01 00 00 00 06 1D 00 00 p-...... ........ [0510] 47 99 01 00 94 AE 03 00 00 00 00 00 00 00 00 00 G....... ........ [0520] 47 99 01 00 94 AE 03 00 01 00 00 00 CC 1C 00 00 G....... ........ [0530] 7C BE 01 00 65 05 04 00 00 00 00 00 00 00 00 00 |...e... ........ [0540] 7C BE 01 00 65 05 04 00 01 00 00 00 92 1C 00 00 |...e... ........ [0550] 4A D7 01 00 68 43 04 00 00 00 00 00 00 00 00 00 J...hC.. ........ [0560] 4A D7 01 00 68 43 04 00 01 00 00 00 58 1C 00 00 J...hC.. ....X... [0570] 18 F0 01 00 04 75 04 00 00 00 00 00 00 00 00 00 .....u.. ........ [0580] 18 F0 01 00 04 75 04 00 01 00 00 00 20 1C 00 00 .....u.. .... ... [0590] 79 80 01 00 91 70 03 00 00 00 00 00 00 00 00 00 y....p.. ........ [05A0] 79 80 01 00 91 70 03 00 01 00 00 00 E8 1B 00 00 y....p.. ........ [05B0] 90 D0 03 00 E8 62 05 00 00 00 00 00 00 00 00 00 .....b.. ........ [05C0] 90 D0 03 00 E8 62 05 00 01 00 00 00 B0 1B 00 00 .....b.. ........ [05D0] 80 AF 02 00 90 D0 03 00 00 00 00 00 00 00 00 00 ........ ........ [05E0] 80 AF 02 00 90 D0 03 00 01 00 00 00 78 1B 00 00 ........ ....x... [05F0] 80 AF 02 00 48 E8 01 00 00 00 00 00 00 00 00 00 ....H... ........ [0600] 80 AF 02 00 48 E8 01 00 01 00 00 00 40 1B 00 00 ....H... ....@... [0610] A0 F1 04 00 10 FD 06 00 00 00 00 00 00 00 00 00 ........ ........ [0620] A0 F1 04 00 10 FD 06 00 01 00 00 00 08 1B 00 00 ........ ........ [0630] 88 7E 03 00 A0 F1 04 00 00 00 00 00 00 00 00 00 .~...... ........ [0640] 88 7E 03 00 A0 F1 04 00 01 00 00 00 D0 1A 00 00 .~...... ........ [0650] D0 78 02 00 88 7E 03 00 00 00 00 00 00 00 00 00 .x...~.. ........ [0660] D0 78 02 00 88 7E 03 00 01 00 00 00 98 1A 00 00 .x...~.. ........ [0670] 50 BD 01 00 D0 78 02 00 00 00 00 00 00 00 00 00 P....x.. ........ [0680] 50 BD 01 00 D0 78 02 00 01 00 00 00 5E 1A 00 00 P....x.. ....^... [0690] 50 BD 01 00 88 7E 03 00 00 00 00 00 00 00 00 00 P....~.. ........ [06A0] 50 BD 01 00 88 7E 03 00 01 00 00 00 26 1A 00 00 P....~.. ....&... [06B0] B0 AD 01 00 60 5B 03 00 00 00 00 00 00 00 00 00 ....`[.. ........ [06C0] B0 AD 01 00 60 5B 03 00 01 00 00 00 E6 19 00 00 ....`[.. ........ [06D0] 60 5B 03 00 60 5B 03 00 00 00 00 00 00 00 00 00 `[..`[.. ........ [06E0] 60 5B 03 00 60 5B 03 00 01 00 00 00 A4 19 00 00 `[..`[.. ........ [06F0] 79 80 01 00 24 E8 02 00 00 00 00 00 00 00 00 00 y...$... ........ [0700] 79 80 01 00 24 E8 02 00 01 00 00 00 72 19 00 00 y...$... ....r... [0710] B0 AD 01 00 70 82 03 00 00 00 00 00 00 00 00 00 ....p... ........ [0720] B0 AD 01 00 70 82 03 00 01 00 00 00 3E 19 00 00 ....p... ....>... [0730] 56 CF 02 00 CC 11 04 00 00 00 00 00 00 00 00 00 V....... ........ [0740] 56 CF 02 00 CC 11 04 00 01 00 00 00 12 19 00 00 V....... ........ [0750] 5C 4B 03 00 D8 09 05 00 00 00 00 00 00 00 00 00 \K...... ........ [0760] 5C 4B 03 00 D8 09 05 00 01 00 00 00 C8 18 00 00 \K...... ........ [0770] 5C 4B 03 00 D8 09 05 00 00 00 00 00 00 00 00 00 \K...... ........ [0780] 5C 4B 03 00 D8 09 05 00 01 00 00 00 82 18 00 00 \K...... ........ [0790] 5C 4B 03 00 A0 A6 04 00 00 00 00 00 00 00 00 00 \K...... ........ [07A0] 5C 4B 03 00 A0 A6 04 00 01 00 00 00 24 18 00 00 \K...... ....$... [07B0] F8 95 03 00 C0 D4 01 00 00 00 00 00 00 00 00 00 ........ ........ [07C0] F8 95 03 00 C0 D4 01 00 01 00 00 00 C6 17 00 00 ........ ........ [07D0] C8 20 03 00 90 5F 01 00 00 00 00 00 00 00 00 00 . ..._.. ........ [07E0] C8 20 03 00 90 5F 01 00 01 00 00 00 68 17 00 00 . ..._.. ....h... [07F0] E0 10 05 00 80 A9 03 00 00 00 00 00 00 00 00 00 ........ ........ [0800] E0 10 05 00 80 A9 03 00 01 00 00 00 0A 17 00 00 ........ ........ [0810] 08 3A 04 00 C0 4B 03 00 00 00 00 00 00 00 00 00 .:...K.. ........ [0820] 08 3A 04 00 C0 4B 03 00 01 00 00 00 AE 16 00 00 .:...K.. ........ [0830] F8 95 03 00 28 9A 01 00 00 00 00 00 00 00 00 00 ....(... ........ [0840] F8 95 03 00 28 9A 01 00 01 00 00 00 62 16 00 00 ....(... ....b... [0850] 28 9A 01 00 F8 95 03 00 00 00 00 00 00 00 00 00 (....... ........ [0860] 28 9A 01 00 F8 95 03 00 01 00 00 00 10 16 00 00 (....... ........ [0870] 40 0D 03 00 20 42 02 00 00 00 00 00 00 00 00 00 @... B.. ........ [0880] 40 0D 03 00 20 42 02 00 01 00 00 00 BC 15 00 00 @... B.. ........ [0890] C0 D4 01 00 F8 95 03 00 00 00 00 00 00 00 00 00 ........ ........ [08A0] C0 D4 01 00 F8 95 03 00 01 00 00 00 68 15 00 00 ........ ....h... [08B0] 90 5F 01 00 C8 20 03 00 00 00 00 00 00 00 00 00 ._... .. ........ [08C0] 90 5F 01 00 C8 20 03 00 01 00 00 00 14 15 00 00 ._... .. ........ [08D0] 80 A9 03 00 E0 10 05 00 00 00 00 00 00 00 00 00 ........ ........ [08E0] 80 A9 03 00 E0 10 05 00 01 00 00 00 C0 14 00 00 ........ ........ [08F0] C0 4B 03 00 08 3A 04 00 00 00 00 00 00 00 00 00 .K...:.. ........ [0900] C0 4B 03 00 08 3A 04 00 01 00 00 00 6C 14 00 00 .K...:.. ....l... [0910] 20 42 02 00 A0 86 01 00 00 00 00 00 00 00 00 00 B...... ........ [0920] 20 42 02 00 A0 86 01 00 01 00 00 00 28 14 00 00 B...... ....(... [0930] A0 86 01 00 20 42 02 00 00 00 00 00 00 00 00 00 .... B.. ........ [0940] A0 86 01 00 20 42 02 00 01 00 00 00 FA 13 00 00 .... B.. ........ [0950] B8 96 06 00 68 43 04 00 00 00 00 00 00 00 00 00 ....hC.. ........ [0960] B8 96 06 00 68 43 04 00 01 00 00 00 C2 13 00 00 ....hC.. ........ [0970] 94 AE 03 00 48 D0 05 00 00 00 00 00 00 00 00 00 ....H... ........ [0980] 94 AE 03 00 48 D0 05 00 01 00 00 00 96 13 00 00 ....H... ........ [0990] 5C 4B 03 00 10 6D 05 00 00 00 00 00 00 00 00 00 \K...m.. ........ [09A0] 5C 4B 03 00 10 6D 05 00 01 00 00 00 46 13 00 00 \K...m.. ....F... [09B0] 94 AE 03 00 A0 A6 04 00 00 00 00 00 00 00 00 00 ........ ........ [09C0] 94 AE 03 00 A0 A6 04 00 01 00 00 00 0C 13 00 00 ........ ........ [09D0] 94 AE 03 00 A0 A6 04 00 00 00 00 00 00 00 00 00 ........ ........ [09E0] 94 AE 03 00 A0 A6 04 00 01 00 00 00 D4 12 00 00 ........ ........ [09F0] 5C 4B 03 00 16 EB 04 00 00 00 00 00 00 00 00 00 \K...... ........ [0A00] 5C 4B 03 00 16 EB 04 00 01 00 00 00 96 12 00 00 \K...... ........ [0A10] 68 43 04 00 5C 4B 03 00 00 00 00 00 00 00 00 00 hC..\K.. ........ [0A20] 68 43 04 00 5C 4B 03 00 01 00 00 00 5C 12 00 00 hC..\K.. ....\... [0A30] 5C 4B 03 00 68 43 04 00 00 00 00 00 00 00 00 00 \K..hC.. ........ [0A40] 5C 4B 03 00 68 43 04 00 01 00 00 00 18 12 00 00 \K..hC.. ........ [0A50] 5C 4B 03 00 68 43 04 00 00 00 00 00 00 00 00 00 \K..hC.. ........ [0A60] 5C 4B 03 00 68 43 04 00 01 00 00 00 EA 11 00 00 \K..hC.. ........ [0A70] 5C 4B 03 00 68 43 04 00 00 00 00 00 00 00 00 00 \K..hC.. ........ [0A80] 5C 4B 03 00 68 43 04 00 01 00 00 00 C0 11 00 00 \K..hC.. ........ [0A90] 5C 4B 03 00 68 43 04 00 00 00 00 00 00 00 00 00 \K..hC.. ........ [0AA0] 5C 4B 03 00 68 43 04 00 01 00 00 00 80 11 00 00 \K..hC.. ........ [0AB0] A0 F7 03 00 60 DE 02 00 00 00 00 00 00 00 00 00 ....`... ........ [0AC0] A0 F7 03 00 60 DE 02 00 01 00 00 00 50 11 00 00 ....`... ....P... [0AD0] 60 DE 02 00 A0 F7 03 00 00 00 00 00 00 00 00 00 `....... ........ [0AE0] 60 DE 02 00 A0 F7 03 00 01 00 00 00 10 11 00 00 `....... ........ [0AF0] C0 CE 02 00 D0 FB 01 00 00 00 00 00 00 00 00 00 ........ ........ [0B00] C0 CE 02 00 D0 FB 01 00 01 00 00 00 E0 10 00 00 ........ ........ [0B10] D0 FB 01 00 C0 CE 02 00 00 00 00 00 00 00 00 00 ........ ........ [0B20] D0 FB 01 00 C0 CE 02 00 01 00 00 00 96 10 00 00 ........ ........ [0B30] F8 18 03 00 E0 22 02 00 00 00 00 00 00 00 00 00 .....".. ........ [0B40] F8 18 03 00 E0 22 02 00 01 00 00 00 5C 10 00 00 .....".. ....\... [0B50] E0 22 02 00 F8 18 03 00 00 00 00 00 00 00 00 00 ."...... ........ [0B60] E0 22 02 00 F8 18 03 00 01 00 00 00 0C 10 00 00 ."...... ........ [0B70] 88 84 02 00 70 8E 01 00 00 00 00 00 00 00 00 00 ....p... ........ [0B80] 88 84 02 00 70 8E 01 00 01 00 00 00 CC 0F 00 00 ....p... ........ [0B90] 70 8E 01 00 88 84 02 00 00 00 00 00 00 00 00 00 p....... ........ [0BA0] 70 8E 01 00 88 84 02 00 01 00 00 00 7A 0F 00 00 p....... ....z... [0BB0] 10 FD 06 00 A0 F1 04 00 00 00 00 00 00 00 00 00 ........ ........ [0BC0] 10 FD 06 00 A0 F1 04 00 01 00 00 00 38 0F 00 00 ........ ....8... [0BD0] A0 F1 04 00 10 FD 06 00 00 00 00 00 00 00 00 00 ........ ........ [0BE0] A0 F1 04 00 10 FD 06 00 01 00 00 00 E8 0E 00 00 ........ ........ [0BF0] 80 AF 02 00 70 8E 01 00 00 00 00 00 00 00 00 00 ....p... ........ [0C00] 80 AF 02 00 70 8E 01 00 01 00 00 00 A8 0E 00 00 ....p... ........ [0C10] 70 8E 01 00 80 AF 02 00 00 00 00 00 00 00 00 00 p....... ........ [0C20] 70 8E 01 00 80 AF 02 00 01 00 00 00 58 0E 00 00 p....... ....X... [0C30] 80 AF 02 00 48 E8 01 00 00 00 00 00 00 00 00 00 ....H... ........ [0C40] 80 AF 02 00 48 E8 01 00 01 00 00 00 18 0E 00 00 ....H... ........ [0C50] 48 E8 01 00 80 AF 02 00 00 00 00 00 00 00 00 00 H....... ........ [0C60] 48 E8 01 00 80 AF 02 00 01 00 00 00 C8 0D 00 00 H....... ........ [0C70] 80 2C 03 00 B0 AD 01 00 00 00 00 00 00 00 00 00 .,...... ........ [0C80] 80 2C 03 00 B0 AD 01 00 01 00 00 00 88 0D 00 00 .,...... ........ [0C90] B0 AD 01 00 80 2C 03 00 00 00 00 00 00 00 00 00 .....,.. ........ [0CA0] B0 AD 01 00 80 2C 03 00 01 00 00 00 38 0D 00 00 .....,.. ....8... [0CB0] 60 5B 03 00 B0 AD 01 00 00 00 00 00 00 00 00 00 `[...... ........ [0CC0] 60 5B 03 00 B0 AD 01 00 01 00 00 00 F8 0C 00 00 `[...... ........ [0CD0] B0 AD 01 00 60 5B 03 00 00 00 00 00 00 00 00 00 ....`[.. ........ [0CE0] B0 AD 01 00 60 5B 03 00 01 00 00 00 A8 0C 00 00 ....`[.. ........ [0CF0] 70 82 03 00 C0 D4 01 00 00 00 00 00 00 00 00 00 p....... ........ [0D00] 70 82 03 00 C0 D4 01 00 01 00 00 00 68 0C 00 00 p....... ....h... [0D10] C0 D4 01 00 70 82 03 00 00 00 00 00 00 00 00 00 ....p... ........ [0D20] C0 D4 01 00 70 82 03 00 01 00 00 00 18 0C 00 00 ....p... ........ [0D30] 70 82 03 00 00 71 02 00 00 00 00 00 00 00 00 00 p....q.. ........ [0D40] 70 82 03 00 00 71 02 00 01 00 00 00 D8 0B 00 00 p....q.. ........ [0D50] 00 71 02 00 70 82 03 00 00 00 00 00 00 00 00 00 .q..p... ........ [0D60] 00 71 02 00 70 82 03 00 01 00 00 00 88 0B 00 00 .q..p... ........ [0D70] 08 B7 04 00 C0 D4 01 00 00 00 00 00 00 00 00 00 ........ ........ [0D80] 08 B7 04 00 C0 D4 01 00 01 00 00 00 48 0B 00 00 ........ ....H... [0D90] C0 D4 01 00 08 B7 04 00 00 00 00 00 00 00 00 00 ........ ........ [0DA0] C0 D4 01 00 08 B7 04 00 01 00 00 00 F8 0A 00 00 ........ ........ [0DB0] A0 F1 04 00 88 7E 03 00 00 00 00 00 00 00 00 00 .....~.. ........ [0DC0] A0 F1 04 00 88 7E 03 00 01 00 00 00 B8 0A 00 00 .....~.. ........ [0DD0] 88 7E 03 00 A0 F1 04 00 00 00 00 00 00 00 00 00 .~...... ........ [0DE0] 88 7E 03 00 A0 F1 04 00 01 00 00 00 8A 0A 00 00 .~...... ........ [0DF0] D8 47 03 00 38 32 04 00 00 00 00 00 00 00 00 00 .G..82.. ........ [0E00] D8 47 03 00 38 32 04 00 01 00 00 00 54 0A 00 00 .G..82.. ....T... [0E10] 01 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E20] 01 00 00 00 01 00 00 00 01 00 00 00 1E 0A 00 00 ........ ........ [0E30] 01 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E40] 01 00 00 00 01 00 00 00 01 00 00 00 EA 09 00 00 ........ ........ [0E50] B4 21 02 00 5C 4B 03 00 00 00 00 00 00 00 00 00 .!..\K.. ........ [0E60] B4 21 02 00 5C 4B 03 00 01 00 00 00 BA 09 00 00 .!..\K.. ........ [0E70] B8 76 03 00 A0 6E 05 00 00 00 00 00 00 00 00 00 .v...n.. ........ [0E80] B8 76 03 00 A0 6E 05 00 01 00 00 00 8A 09 00 00 .v...n.. ........ [0E90] 68 A7 04 00 58 6E 07 00 00 00 00 00 00 00 00 00 h...Xn.. ........ [0EA0] 68 A7 04 00 58 6E 07 00 01 00 00 00 4E 09 00 00 h...Xn.. ....N... [0EB0] A0 A6 04 00 F0 F9 06 00 00 00 00 00 00 00 00 00 ........ ........ [0EC0] A0 A6 04 00 F0 F9 06 00 01 00 00 00 1E 09 00 00 ........ ........ [0ED0] 68 43 04 00 B8 96 06 00 00 00 00 00 00 00 00 00 hC...... ........ [0EE0] 68 43 04 00 B8 96 06 00 01 00 00 00 E0 08 00 00 hC...... ........ [0EF0] E1 C3 05 00 68 43 04 00 00 00 00 00 00 00 00 00 ....hC.. ........ [0F00] E1 C3 05 00 68 43 04 00 00 00 00 00 00 00 00 00 ....hC.. ........ [0F10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1010] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1040] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [2012/08/30 15:27:54.562108, 10] rpc_server/srv_pipe_hnd.c:788(np_read_recv) Received 1024 bytes. There is more data outstanding [2012/08/30 15:27:54.562246, 5] smbd/ipc.c:103(send_trans_reply) send_trans_reply: buffer 1024 too large [2012/08/30 15:27:54.562366, 5] smbd/ipc.c:62(copy_trans_params_and_data) copy_trans_params_and_data: params[0..0] data[0..1024] (align 0) [2012/08/30 15:27:54.562485, 3] smbd/error.c:81(error_packet_set) error packet at smbd/ipc.c(137) cmd=37 (SMBtrans) STATUS_BUFFER_OVERFLOW [2012/08/30 15:27:54.562621, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:54.562683, 5] lib/util.c:342(show_msg) size=1080 smb_com=0x25 smb_rcls=5 smb_reh=0 smb_err=32768 smb_flg=136 smb_flg2=51203 smb_tid=1 smb_pid=1080 smb_uid=100 smb_mid=9280 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 1024 (0x400) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 1024 (0x400) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=1025 [2012/08/30 15:27:54.564103, 10] ../lib/util/util.c:415(dump_data) [0000] 00 05 00 02 01 10 00 00 00 B8 10 00 00 05 00 00 ........ ........ [0010] 00 6C 25 00 00 00 00 00 00 04 00 02 00 58 25 00 .l%..... .....X%. [0020] 00 01 00 00 00 4C 25 00 00 30 E0 03 00 68 43 04 .....L%. .0...hC. [0030] 00 00 00 00 00 00 00 00 00 30 E0 03 00 68 43 04 ........ .0...hC. [0040] 00 01 00 00 00 20 25 00 00 30 E0 03 00 10 6D 05 ..... %. .0....m. [0050] 00 00 00 00 00 00 00 00 00 30 E0 03 00 10 6D 05 ........ .0....m. [0060] 00 01 00 00 00 F4 24 00 00 68 43 04 00 B8 96 06 ......$. .hC..... [0070] 00 00 00 00 00 00 00 00 00 68 43 04 00 B8 96 06 ........ .hC..... [0080] 00 01 00 00 00 C8 24 00 00 24 A7 04 00 E1 43 04 ......$. .$....C. [0090] 00 00 00 00 00 00 00 00 00 24 A7 04 00 E1 43 04 ........ .$....C. [00A0] 00 01 00 00 00 9C 24 00 00 48 D0 05 00 68 43 04 ......$. .H...hC. [00B0] 00 00 00 00 00 00 00 00 00 48 D0 05 00 68 43 04 ........ .H...hC. [00C0] 00 01 00 00 00 5E 24 00 00 AB 67 01 00 EC 84 02 .....^$. ..g..... [00D0] 00 00 00 00 00 00 00 00 00 AB 67 01 00 EC 84 02 ........ ..g..... [00E0] 00 01 00 00 00 34 24 00 00 F8 7C 03 00 68 43 04 .....4$. ..|..hC. [00F0] 00 00 00 00 00 00 00 00 00 F8 7C 03 00 68 43 04 ........ ..|..hC. [0100] 00 01 00 00 00 0E 24 00 00 28 D5 0C 00 88 24 12 ......$. .(....$. [0110] 00 00 00 00 00 00 00 00 00 28 D5 0C 00 88 24 12 ........ .(....$. [0120] 00 01 00 00 00 E8 23 00 00 50 10 09 00 28 D5 0C ......#. .P...(.. [0130] 00 00 00 00 00 00 00 00 00 50 10 09 00 28 D5 0C ........ .P...(.. [0140] 00 01 00 00 00 C2 23 00 00 A0 68 06 00 50 10 09 ......#. ..h..P.. [0150] 00 00 00 00 00 00 00 00 00 A0 68 06 00 50 10 09 ........ ..h..P.. [0160] 00 01 00 00 00 7A 23 00 00 D0 E9 04 00 48 CA 06 .....z#. .....H.. [0170] 00 00 00 00 00 00 00 00 00 D0 E9 04 00 48 CA 06 ........ .....H.. [0180] 00 01 00 00 00 48 23 00 00 D0 E9 04 00 48 CA 06 .....H#. .....H.. [0190] 00 00 00 00 00 00 00 00 00 D0 E9 04 00 48 CA 06 ........ .....H.. [01A0] 00 01 00 00 00 12 23 00 00 A0 68 06 00 28 88 04 ......#. ..h..(.. [01B0] 00 00 00 00 00 00 00 00 00 A0 68 06 00 28 88 04 ........ ..h..(.. [01C0] 00 01 00 00 00 D6 22 00 00 28 88 04 00 A0 68 06 ......". .(....h. [01D0] 00 00 00 00 00 00 00 00 00 28 88 04 00 A0 68 06 ........ .(....h. [01E0] 00 01 00 00 00 B0 22 00 00 28 88 04 00 A0 68 06 ......". .(....h. [01F0] 00 00 00 00 00 00 00 00 00 28 88 04 00 A0 68 06 ........ .(....h. [2012/08/30 15:27:54.568025, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 59 [2012/08/30 15:27:54.568192, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x3b [2012/08/30 15:27:54.568310, 3] smbd/process.c:1662(process_smb) Transaction 67 of length 63 (0 toread) [2012/08/30 15:27:54.568427, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:54.568488, 5] lib/util.c:342(show_msg) size=59 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=100 smb_mid=9344 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]=17760 (0x4560) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 3256 (0xCB8) smb_vwv[ 6]= 3256 (0xCB8) smb_vwv[ 7]=65535 (0xFFFF) smb_vwv[ 8]=65535 (0xFFFF) smb_vwv[ 9]= 3256 (0xCB8) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=0 [2012/08/30 15:27:54.570529, 10] ../lib/util/util.c:415(dump_data) [2012/08/30 15:27:54.570597, 3] smbd/process.c:1467(switch_message) switch message SMBreadX (pid 3054) conn 0x7fd50c02fa20 [2012/08/30 15:27:54.570716, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/08/30 15:27:54.570842, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) name: \spoolss len: 3256 [2012/08/30 15:27:54.570963, 10] rpc_server/srv_pipe_hnd.c:325(read_from_internal_pipe) read_from_pipe: \spoolss: current_pdu_len = 4280, current_pdu_sent = 1024 returning 3256 bytes. [2012/08/30 15:27:54.571122, 10] rpc_server/srv_pipe_hnd.c:788(np_read_recv) Received 3256 bytes. There is more data outstanding [2012/08/30 15:27:54.571247, 3] smbd/pipes.c:485(pipe_read_andx_done) readX-IPC min=3256 max=3256 nread=3256 [2012/08/30 15:27:54.572300, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 59 [2012/08/30 15:27:54.572446, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x3b [2012/08/30 15:27:54.572565, 3] smbd/process.c:1662(process_smb) Transaction 68 of length 63 (0 toread) [2012/08/30 15:27:54.572696, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:54.572780, 5] lib/util.c:342(show_msg) size=59 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=100 smb_mid=9408 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]=17760 (0x4560) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 4280 (0x10B8) smb_vwv[ 6]= 4280 (0x10B8) smb_vwv[ 7]=65535 (0xFFFF) smb_vwv[ 8]=65535 (0xFFFF) smb_vwv[ 9]= 4280 (0x10B8) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=0 [2012/08/30 15:27:54.574273, 10] ../lib/util/util.c:415(dump_data) [2012/08/30 15:27:54.574352, 3] smbd/process.c:1467(switch_message) switch message SMBreadX (pid 3054) conn 0x7fd50c02fa20 [2012/08/30 15:27:54.574478, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/08/30 15:27:54.574601, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) name: \spoolss len: 4280 [2012/08/30 15:27:54.574739, 10] rpc_server/srv_pipe_hnd.c:346(read_from_internal_pipe) read_from_pipe: \spoolss: fault_state = 0 : data_sent_length = 4256, p->out_data.rdata.length = 9580. [2012/08/30 15:27:54.574871, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) &r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_RESPONSE (2) pfc_flags : 0x00 (0) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x10b8 (4280) auth_length : 0x0000 (0) call_id : 0x00000005 (5) u : union dcerpc_payload(case 2) response: struct dcerpc_response alloc_hint : 0x000014cc (5324) context_id : 0x0000 (0) cancel_count : 0x00 (0) _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=4256 [0000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0010] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0040] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0200] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0210] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0220] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0230] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0240] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0250] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0260] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0270] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0280] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0290] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0300] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0310] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0320] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0330] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0340] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0350] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0360] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0370] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0380] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0390] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0400] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0410] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0420] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0430] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0440] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0450] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0460] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0470] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0480] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0490] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0500] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0510] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0520] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0530] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0540] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0550] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0560] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0570] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0580] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0590] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0600] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0610] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0620] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0630] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0640] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0650] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0660] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0670] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0680] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0690] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0700] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0710] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0720] 00 00 00 00 00 00 00 00 55 00 53 00 20 00 53 00 ........ U.S. .S. [0730] 74 00 64 00 20 00 46 00 61 00 6E 00 66 00 6F 00 t.d. .F. a.n.f.o. [0740] 6C 00 64 00 00 00 54 00 61 00 62 00 6C 00 6F 00 l.d...T. a.b.l.o. [0750] 69 00 64 00 00 00 54 00 61 00 62 00 6C 00 6F 00 i.d...T. a.b.l.o. [0760] 69 00 64 00 20 00 45 00 78 00 74 00 72 00 61 00 i.d. .E. x.t.r.a. [0770] 00 00 53 00 75 00 70 00 65 00 72 00 20 00 42 00 ..S.u.p. e.r. .B. [0780] 00 00 53 00 75 00 70 00 65 00 72 00 20 00 41 00 ..S.u.p. e.r. .A. [0790] 00 00 53 00 74 00 61 00 74 00 65 00 6D 00 65 00 ..S.t.a. t.e.m.e. [07A0] 6E 00 74 00 00 00 52 00 65 00 73 00 65 00 72 00 n.t...R. e.s.e.r. [07B0] 76 00 65 00 64 00 34 00 39 00 00 00 52 00 65 00 v.e.d.4. 9...R.e. [07C0] 73 00 65 00 72 00 76 00 65 00 64 00 34 00 38 00 s.e.r.v. e.d.4.8. [07D0] 00 00 51 00 75 00 61 00 72 00 74 00 6F 00 00 00 ..Q.u.a. r.t.o... [07E0] 50 00 52 00 43 00 20 00 45 00 6E 00 76 00 65 00 P.R.C. . E.n.v.e. [07F0] 6C 00 6F 00 70 00 65 00 20 00 23 00 39 00 00 00 l.o.p.e. .#.9... [0800] 50 00 52 00 43 00 20 00 45 00 6E 00 76 00 65 00 P.R.C. . E.n.v.e. [0810] 6C 00 6F 00 70 00 65 00 20 00 23 00 39 00 20 00 l.o.p.e. .#.9. . [0820] 52 00 6F 00 74 00 61 00 74 00 65 00 64 00 00 00 R.o.t.a. t.e.d... [0830] 50 00 52 00 43 00 20 00 45 00 6E 00 76 00 65 00 P.R.C. . E.n.v.e. [0840] 6C 00 6F 00 70 00 65 00 20 00 23 00 38 00 00 00 l.o.p.e. .#.8... [0850] 50 00 52 00 43 00 20 00 45 00 6E 00 76 00 65 00 P.R.C. . E.n.v.e. [0860] 6C 00 6F 00 70 00 65 00 20 00 23 00 38 00 20 00 l.o.p.e. .#.8. . [0870] 52 00 6F 00 74 00 61 00 74 00 65 00 64 00 00 00 R.o.t.a. t.e.d... [0880] 50 00 52 00 43 00 20 00 45 00 6E 00 76 00 65 00 P.R.C. . E.n.v.e. [0890] 6C 00 6F 00 70 00 65 00 20 00 23 00 37 00 00 00 l.o.p.e. .#.7... [08A0] 50 00 52 00 43 00 20 00 45 00 6E 00 76 00 65 00 P.R.C. . E.n.v.e. [08B0] 6C 00 6F 00 70 00 65 00 20 00 23 00 37 00 20 00 l.o.p.e. .#.7. . [08C0] 52 00 6F 00 74 00 61 00 74 00 65 00 64 00 00 00 R.o.t.a. t.e.d... [08D0] 50 00 52 00 43 00 20 00 45 00 6E 00 76 00 65 00 P.R.C. . E.n.v.e. [08E0] 6C 00 6F 00 70 00 65 00 20 00 23 00 36 00 00 00 l.o.p.e. .#.6... [08F0] 50 00 52 00 43 00 20 00 45 00 6E 00 76 00 65 00 P.R.C. . E.n.v.e. [0900] 6C 00 6F 00 70 00 65 00 20 00 23 00 36 00 20 00 l.o.p.e. .#.6. . [0910] 52 00 6F 00 74 00 61 00 74 00 65 00 64 00 00 00 R.o.t.a. t.e.d... [0920] 50 00 52 00 43 00 20 00 45 00 6E 00 76 00 65 00 P.R.C. . E.n.v.e. [0930] 6C 00 6F 00 70 00 65 00 20 00 23 00 35 00 00 00 l.o.p.e. .#.5... [0940] 50 00 52 00 43 00 20 00 45 00 6E 00 76 00 65 00 P.R.C. . E.n.v.e. [0950] 6C 00 6F 00 70 00 65 00 20 00 23 00 35 00 20 00 l.o.p.e. .#.5. . [0960] 52 00 6F 00 74 00 61 00 74 00 65 00 64 00 00 00 R.o.t.a. t.e.d... [0970] 50 00 52 00 43 00 20 00 45 00 6E 00 76 00 65 00 P.R.C. . E.n.v.e. [0980] 6C 00 6F 00 70 00 65 00 20 00 23 00 34 00 00 00 l.o.p.e. .#.4... [0990] 50 00 52 00 43 00 20 00 45 00 6E 00 76 00 65 00 P.R.C. . E.n.v.e. [09A0] 6C 00 6F 00 70 00 65 00 20 00 23 00 34 00 20 00 l.o.p.e. .#.4. . [09B0] 52 00 6F 00 74 00 61 00 74 00 65 00 64 00 00 00 R.o.t.a. t.e.d... [09C0] 50 00 52 00 43 00 20 00 45 00 6E 00 76 00 65 00 P.R.C. . E.n.v.e. [09D0] 6C 00 6F 00 70 00 65 00 20 00 23 00 33 00 00 00 l.o.p.e. .#.3... [09E0] 50 00 52 00 43 00 20 00 45 00 6E 00 76 00 65 00 P.R.C. . E.n.v.e. [09F0] 6C 00 6F 00 70 00 65 00 20 00 23 00 33 00 20 00 l.o.p.e. .#.3. . [0A00] 52 00 6F 00 74 00 61 00 74 00 65 00 64 00 00 00 R.o.t.a. t.e.d... [0A10] 50 00 52 00 43 00 20 00 45 00 6E 00 76 00 65 00 P.R.C. . E.n.v.e. [0A20] 6C 00 6F 00 70 00 65 00 20 00 23 00 32 00 00 00 l.o.p.e. .#.2... [0A30] 50 00 52 00 43 00 20 00 45 00 6E 00 76 00 65 00 P.R.C. . E.n.v.e. [0A40] 6C 00 6F 00 70 00 65 00 20 00 23 00 32 00 20 00 l.o.p.e. .#.2. . [0A50] 52 00 6F 00 74 00 61 00 74 00 65 00 64 00 00 00 R.o.t.a. t.e.d... [0A60] 50 00 52 00 43 00 20 00 45 00 6E 00 76 00 65 00 P.R.C. . E.n.v.e. [0A70] 6C 00 6F 00 70 00 65 00 20 00 23 00 31 00 30 00 l.o.p.e. .#.1.0. [0A80] 00 00 50 00 52 00 43 00 20 00 45 00 6E 00 76 00 ..P.R.C. .E.n.v. [0A90] 65 00 6C 00 6F 00 70 00 65 00 20 00 23 00 31 00 e.l.o.p. e. .#.1. [0AA0] 30 00 20 00 52 00 6F 00 74 00 61 00 74 00 65 00 0. .R.o. t.a.t.e. [0AB0] 64 00 00 00 50 00 52 00 43 00 20 00 45 00 6E 00 d...P.R. C. .E.n. [0AC0] 76 00 65 00 6C 00 6F 00 70 00 65 00 20 00 23 00 v.e.l.o. p.e. .#. [0AD0] 31 00 00 00 50 00 52 00 43 00 20 00 45 00 6E 00 1...P.R. C. .E.n. [0AE0] 76 00 65 00 6C 00 6F 00 70 00 65 00 20 00 23 00 v.e.l.o. p.e. .#. [0AF0] 31 00 20 00 52 00 6F 00 74 00 61 00 74 00 65 00 1. .R.o. t.a.t.e. [0B00] 64 00 00 00 50 00 52 00 43 00 20 00 33 00 32 00 d...P.R. C. .3.2. [0B10] 4B 00 28 00 42 00 69 00 67 00 29 00 00 00 50 00 K.(.B.i. g.)...P. [0B20] 52 00 43 00 20 00 33 00 32 00 4B 00 28 00 42 00 R.C. .3. 2.K.(.B. [0B30] 69 00 67 00 29 00 20 00 52 00 6F 00 74 00 61 00 i.g.). . R.o.t.a. [0B40] 74 00 65 00 64 00 00 00 50 00 52 00 43 00 20 00 t.e.d... P.R.C. . [0B50] 33 00 32 00 4B 00 00 00 50 00 52 00 43 00 20 00 3.2.K... P.R.C. . [0B60] 33 00 32 00 4B 00 20 00 52 00 6F 00 74 00 61 00 3.2.K. . R.o.t.a. [0B70] 74 00 65 00 64 00 00 00 50 00 52 00 43 00 20 00 t.e.d... P.R.C. . [0B80] 31 00 36 00 4B 00 00 00 50 00 52 00 43 00 20 00 1.6.K... P.R.C. . [0B90] 31 00 36 00 4B 00 20 00 52 00 6F 00 74 00 61 00 1.6.K. . R.o.t.a. [0BA0] 74 00 65 00 64 00 00 00 4E 00 6F 00 74 00 65 00 t.e.d... N.o.t.e. [0BB0] 00 00 4C 00 65 00 74 00 74 00 65 00 72 00 00 00 ..L.e.t. t.e.r... [0BC0] 4C 00 65 00 74 00 74 00 65 00 72 00 20 00 54 00 L.e.t.t. e.r. .T. [0BD0] 72 00 61 00 6E 00 73 00 76 00 65 00 72 00 73 00 r.a.n.s. v.e.r.s. [0BE0] 65 00 00 00 4C 00 65 00 74 00 74 00 65 00 72 00 e...L.e. t.t.e.r. [0BF0] 20 00 53 00 6D 00 61 00 6C 00 6C 00 00 00 4C 00 .S.m.a. l.l...L. [0C00] 65 00 74 00 74 00 65 00 72 00 20 00 52 00 6F 00 e.t.t.e. r. .R.o. [0C10] 74 00 61 00 74 00 65 00 64 00 00 00 4C 00 65 00 t.a.t.e. d...L.e. [0C20] 74 00 74 00 65 00 72 00 20 00 50 00 6C 00 75 00 t.t.e.r. .P.l.u. [0C30] 73 00 00 00 4C 00 65 00 74 00 74 00 65 00 72 00 s...L.e. t.t.e.r. [0C40] 20 00 45 00 78 00 74 00 72 00 61 00 00 00 4C 00 .E.x.t. r.a...L. [0C50] 65 00 74 00 74 00 65 00 72 00 20 00 45 00 78 00 e.t.t.e. r. .E.x. [0C60] 74 00 72 00 61 00 20 00 54 00 72 00 61 00 6E 00 t.r.a. . T.r.a.n. [0C70] 73 00 76 00 65 00 72 00 73 00 65 00 00 00 4C 00 s.v.e.r. s.e...L. [0C80] 65 00 67 00 61 00 6C 00 00 00 4C 00 65 00 67 00 e.g.a.l. ..L.e.g. [0C90] 61 00 6C 00 20 00 45 00 78 00 74 00 72 00 61 00 a.l. .E. x.t.r.a. [0CA0] 00 00 4C 00 65 00 64 00 67 00 65 00 72 00 00 00 ..L.e.d. g.e.r... [0CB0] 4A 00 61 00 70 00 61 00 6E 00 65 00 73 00 65 00 J.a.p.a. n.e.s.e. [0CC0] 20 00 50 00 6F 00 73 00 74 00 63 00 61 00 72 00 .P.o.s. t.c.a.r. [0CD0] 64 00 00 00 4A 00 61 00 70 00 61 00 6E 00 65 00 d...J.a. p.a.n.e. [0CE0] 73 00 65 00 20 00 50 00 6F 00 73 00 74 00 63 00 s.e. .P. o.s.t.c. [0CF0] 61 00 72 00 64 00 20 00 52 00 6F 00 74 00 61 00 a.r.d. . R.o.t.a. [0D00] 74 00 65 00 64 00 00 00 4A 00 61 00 70 00 61 00 t.e.d... J.a.p.a. [0D10] 6E 00 65 00 73 00 65 00 20 00 45 00 6E 00 76 00 n.e.s.e. .E.n.v. [0D20] 65 00 6C 00 6F 00 70 00 65 00 20 00 4B 00 61 00 e.l.o.p. e. .K.a. [0D30] 6B 00 75 00 20 00 23 00 33 00 00 00 4A 00 61 00 k.u. .#. 3...J.a. [0D40] 70 00 61 00 6E 00 65 00 73 00 65 00 20 00 45 00 p.a.n.e. s.e. .E. [0D50] 6E 00 76 00 65 00 6C 00 6F 00 70 00 65 00 20 00 n.v.e.l. o.p.e. . [0D60] 4B 00 61 00 6B 00 75 00 20 00 23 00 32 00 00 00 K.a.k.u. .#.2... [0D70] 4A 00 61 00 70 00 61 00 6E 00 65 00 73 00 65 00 J.a.p.a. n.e.s.e. [0D80] 20 00 45 00 6E 00 76 00 65 00 6C 00 6F 00 70 00 .E.n.v. e.l.o.p. [0D90] 65 00 20 00 43 00 68 00 6F 00 75 00 20 00 23 00 e. .C.h. o.u. .#. [0DA0] 34 00 00 00 4A 00 61 00 70 00 61 00 6E 00 65 00 4...J.a. p.a.n.e. [0DB0] 73 00 65 00 20 00 45 00 6E 00 76 00 65 00 6C 00 s.e. .E. n.v.e.l. [0DC0] 6F 00 70 00 65 00 20 00 43 00 68 00 6F 00 75 00 o.p.e. . C.h.o.u. [0DD0] 20 00 23 00 33 00 00 00 4A 00 61 00 70 00 61 00 .#.3... J.a.p.a. [0DE0] 6E 00 65 00 73 00 65 00 20 00 44 00 6F 00 75 00 n.e.s.e. .D.o.u. [0DF0] 62 00 6C 00 65 00 20 00 50 00 6F 00 73 00 74 00 b.l.e. . P.o.s.t. [0E00] 63 00 61 00 72 00 64 00 00 00 4A 00 61 00 70 00 c.a.r.d. ..J.a.p. [0E10] 61 00 6E 00 20 00 45 00 6E 00 76 00 65 00 6C 00 a.n. .E. n.v.e.l. [0E20] 6F 00 70 00 65 00 20 00 59 00 6F 00 75 00 20 00 o.p.e. . Y.o.u. . [0E30] 23 00 34 00 00 00 4A 00 61 00 70 00 61 00 6E 00 #.4...J. a.p.a.n. [0E40] 20 00 45 00 6E 00 76 00 65 00 6C 00 6F 00 70 00 .E.n.v. e.l.o.p. [0E50] 65 00 20 00 59 00 6F 00 75 00 20 00 23 00 34 00 e. .Y.o. u. .#.4. [0E60] 20 00 52 00 6F 00 74 00 61 00 74 00 65 00 64 00 .R.o.t. a.t.e.d. [0E70] 00 00 4A 00 61 00 70 00 61 00 6E 00 20 00 45 00 ..J.a.p. a.n. .E. [0E80] 6E 00 76 00 65 00 6C 00 6F 00 70 00 65 00 20 00 n.v.e.l. o.p.e. . [0E90] 4B 00 61 00 6B 00 75 00 20 00 23 00 33 00 20 00 K.a.k.u. .#.3. . [0EA0] 52 00 6F 00 74 00 61 00 74 00 65 00 64 00 00 00 R.o.t.a. t.e.d... [0EB0] 4A 00 61 00 70 00 61 00 6E 00 20 00 45 00 6E 00 J.a.p.a. n. .E.n. [0EC0] 76 00 65 00 6C 00 6F 00 70 00 65 00 20 00 4B 00 v.e.l.o. p.e. .K. [0ED0] 61 00 6B 00 75 00 20 00 23 00 32 00 20 00 52 00 a.k.u. . #.2. .R. [0EE0] 6F 00 74 00 61 00 74 00 65 00 64 00 00 00 4A 00 o.t.a.t. e.d...J. [0EF0] 61 00 70 00 61 00 6E 00 20 00 45 00 6E 00 76 00 a.p.a.n. .E.n.v. [0F00] 65 00 6C 00 6F 00 70 00 65 00 20 00 43 00 68 00 e.l.o.p. e. .C.h. [0F10] 6F 00 75 00 20 00 23 00 34 00 20 00 52 00 6F 00 o.u. .#. 4. .R.o. [0F20] 74 00 61 00 74 00 65 00 64 00 00 00 4A 00 61 00 t.a.t.e. d...J.a. [0F30] 70 00 61 00 6E 00 20 00 45 00 6E 00 76 00 65 00 p.a.n. . E.n.v.e. [0F40] 6C 00 6F 00 70 00 65 00 20 00 43 00 68 00 6F 00 l.o.p.e. .C.h.o. [0F50] 75 00 20 00 23 00 33 00 20 00 52 00 6F 00 74 00 u. .#.3. .R.o.t. [0F60] 61 00 74 00 65 00 64 00 00 00 47 00 65 00 72 00 a.t.e.d. ..G.e.r. [0F70] 6D 00 61 00 6E 00 20 00 53 00 74 00 64 00 20 00 m.a.n. . S.t.d. . [0F80] 46 00 61 00 6E 00 66 00 6F 00 6C 00 64 00 00 00 F.a.n.f. o.l.d... [0F90] 47 00 65 00 72 00 6D 00 61 00 6E 00 20 00 4C 00 G.e.r.m. a.n. .L. [0FA0] 65 00 67 00 61 00 6C 00 20 00 46 00 61 00 6E 00 e.g.a.l. .F.a.n. [0FB0] 66 00 6F 00 6C 00 64 00 00 00 46 00 6F 00 6C 00 f.o.l.d. ..F.o.l. [0FC0] 69 00 6F 00 00 00 45 00 78 00 65 00 63 00 75 00 i.o...E. x.e.c.u. [0FD0] 74 00 69 00 76 00 65 00 00 00 45 00 6E 00 76 00 t.i.v.e. ..E.n.v. [0FE0] 65 00 6C 00 6F 00 70 00 65 00 00 00 45 00 6E 00 e.l.o.p. e...E.n. [0FF0] 76 00 65 00 6C 00 6F 00 70 00 65 00 20 00 4D 00 v.e.l.o. p.e. .M. [1000] 6F 00 6E 00 61 00 72 00 63 00 68 00 00 00 45 00 o.n.a.r. c.h...E. [1010] 6E 00 76 00 65 00 6C 00 6F 00 70 00 65 00 20 00 n.v.e.l. o.p.e. . [1020] 49 00 6E 00 76 00 69 00 74 00 65 00 00 00 45 00 I.n.v.i. t.e...E. [1030] 6E 00 76 00 65 00 6C 00 6F 00 70 00 65 00 20 00 n.v.e.l. o.p.e. . [1040] 44 00 4C 00 00 00 45 00 6E 00 76 00 65 00 6C 00 D.L...E. n.v.e.l. [1050] 6F 00 70 00 65 00 20 00 43 00 36 00 35 00 00 00 o.p.e. . C.6.5... [1060] 45 00 6E 00 76 00 65 00 6C 00 6F 00 70 00 65 00 E.n.v.e. l.o.p.e. [1070] 20 00 43 00 36 00 00 00 45 00 6E 00 76 00 65 00 .C.6... E.n.v.e. [1080] 6C 00 6F 00 70 00 65 00 20 00 43 00 35 00 00 00 l.o.p.e. .C.5... [1090] 45 00 6E 00 76 00 65 00 6C 00 6F 00 70 00 65 00 E.n.v.e. l.o.p.e. [2012/08/30 15:27:54.598400, 10] rpc_server/srv_pipe_hnd.c:788(np_read_recv) Received 4280 bytes. There is no more data outstanding [2012/08/30 15:27:54.598552, 3] smbd/pipes.c:485(pipe_read_andx_done) readX-IPC min=4280 max=4280 nread=4280 [2012/08/30 15:27:54.600976, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 59 [2012/08/30 15:27:54.601147, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x3b [2012/08/30 15:27:54.601266, 3] smbd/process.c:1662(process_smb) Transaction 69 of length 63 (0 toread) [2012/08/30 15:27:54.601383, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:54.601444, 5] lib/util.c:342(show_msg) size=59 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=100 smb_mid=9472 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]=17760 (0x4560) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 4280 (0x10B8) smb_vwv[ 6]= 4280 (0x10B8) smb_vwv[ 7]=65535 (0xFFFF) smb_vwv[ 8]=65535 (0xFFFF) smb_vwv[ 9]= 4280 (0x10B8) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=0 [2012/08/30 15:27:54.608652, 10] ../lib/util/util.c:415(dump_data) [2012/08/30 15:27:54.608818, 3] smbd/process.c:1467(switch_message) switch message SMBreadX (pid 3054) conn 0x7fd50c02fa20 [2012/08/30 15:27:54.609008, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/08/30 15:27:54.609200, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) name: \spoolss len: 4280 [2012/08/30 15:27:54.609491, 10] rpc_server/srv_pipe_hnd.c:346(read_from_internal_pipe) read_from_pipe: \spoolss: fault_state = 0 : data_sent_length = 8512, p->out_data.rdata.length = 9580. [2012/08/30 15:27:54.609692, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) &r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_RESPONSE (2) pfc_flags : 0x02 (2) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0444 (1092) auth_length : 0x0000 (0) call_id : 0x00000005 (5) u : union dcerpc_payload(case 2) response: struct dcerpc_response alloc_hint : 0x0000042c (1068) context_id : 0x0000 (0) cancel_count : 0x00 (0) _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=1068 [0000] 20 00 43 00 34 00 00 00 45 00 6E 00 76 00 65 00 .C.4... E.n.v.e. [0010] 6C 00 6F 00 70 00 65 00 20 00 43 00 33 00 00 00 l.o.p.e. .C.3... [0020] 45 00 6E 00 76 00 65 00 6C 00 6F 00 70 00 65 00 E.n.v.e. l.o.p.e. [0030] 20 00 42 00 36 00 00 00 45 00 6E 00 76 00 65 00 .B.6... E.n.v.e. [0040] 6C 00 6F 00 70 00 65 00 20 00 42 00 35 00 00 00 l.o.p.e. .B.5... [0050] 45 00 6E 00 76 00 65 00 6C 00 6F 00 70 00 65 00 E.n.v.e. l.o.p.e. [0060] 20 00 42 00 34 00 00 00 45 00 6E 00 76 00 65 00 .B.4... E.n.v.e. [0070] 6C 00 6F 00 70 00 65 00 20 00 23 00 39 00 00 00 l.o.p.e. .#.9... [0080] 45 00 6E 00 76 00 65 00 6C 00 6F 00 70 00 65 00 E.n.v.e. l.o.p.e. [0090] 20 00 23 00 31 00 34 00 00 00 45 00 6E 00 76 00 .#.1.4. ..E.n.v. [00A0] 65 00 6C 00 6F 00 70 00 65 00 20 00 23 00 31 00 e.l.o.p. e. .#.1. [00B0] 32 00 00 00 45 00 6E 00 76 00 65 00 6C 00 6F 00 2...E.n. v.e.l.o. [00C0] 70 00 65 00 20 00 23 00 31 00 31 00 00 00 45 00 p.e. .#. 1.1...E. [00D0] 6E 00 76 00 65 00 6C 00 6F 00 70 00 65 00 20 00 n.v.e.l. o.p.e. . [00E0] 23 00 31 00 30 00 00 00 45 00 20 00 73 00 69 00 #.1.0... E. .s.i. [00F0] 7A 00 65 00 20 00 73 00 68 00 65 00 65 00 74 00 z.e. .s. h.e.e.t. [0100] 00 00 44 00 6F 00 75 00 62 00 6C 00 65 00 20 00 ..D.o.u. b.l.e. . [0110] 4A 00 61 00 70 00 61 00 6E 00 20 00 50 00 6F 00 J.a.p.a. n. .P.o. [0120] 73 00 74 00 63 00 61 00 72 00 64 00 20 00 52 00 s.t.c.a. r.d. .R. [0130] 6F 00 74 00 61 00 74 00 65 00 64 00 00 00 44 00 o.t.a.t. e.d...D. [0140] 20 00 73 00 69 00 7A 00 65 00 20 00 73 00 68 00 .s.i.z. e. .s.h. [0150] 65 00 65 00 74 00 00 00 43 00 20 00 73 00 69 00 e.e.t... C. .s.i. [0160] 7A 00 65 00 20 00 73 00 68 00 65 00 65 00 74 00 z.e. .s. h.e.e.t. [0170] 00 00 42 00 36 00 20 00 28 00 4A 00 49 00 53 00 ..B.6. . (.J.I.S. [0180] 29 00 00 00 42 00 36 00 20 00 28 00 4A 00 49 00 )...B.6. .(.J.I. [0190] 53 00 29 00 20 00 52 00 6F 00 74 00 61 00 74 00 S.). .R. o.t.a.t. [01A0] 65 00 64 00 00 00 42 00 35 00 20 00 28 00 4A 00 e.d...B. 5. .(.J. [01B0] 49 00 53 00 29 00 00 00 42 00 35 00 20 00 28 00 I.S.)... B.5. .(. [01C0] 4A 00 49 00 53 00 29 00 20 00 54 00 72 00 61 00 J.I.S.). .T.r.a. [01D0] 6E 00 73 00 76 00 65 00 72 00 73 00 65 00 00 00 n.s.v.e. r.s.e... [01E0] 42 00 35 00 20 00 28 00 4A 00 49 00 53 00 29 00 B.5. .(. J.I.S.). [01F0] 20 00 52 00 6F 00 74 00 61 00 74 00 65 00 64 00 .R.o.t. a.t.e.d. [0200] 00 00 42 00 35 00 20 00 28 00 49 00 53 00 4F 00 ..B.5. . (.I.S.O. [0210] 29 00 20 00 45 00 78 00 74 00 72 00 61 00 00 00 ). .E.x. t.r.a... [0220] 42 00 34 00 20 00 28 00 4A 00 49 00 53 00 29 00 B.4. .(. J.I.S.). [0230] 00 00 42 00 34 00 20 00 28 00 4A 00 49 00 53 00 ..B.4. . (.J.I.S. [0240] 29 00 20 00 52 00 6F 00 74 00 61 00 74 00 65 00 ). .R.o. t.a.t.e. [0250] 64 00 00 00 42 00 34 00 20 00 28 00 49 00 53 00 d...B.4. .(.I.S. [0260] 4F 00 29 00 00 00 41 00 36 00 00 00 41 00 36 00 O.)...A. 6...A.6. [0270] 20 00 52 00 6F 00 74 00 61 00 74 00 65 00 64 00 .R.o.t. a.t.e.d. [0280] 00 00 41 00 35 00 00 00 41 00 35 00 20 00 54 00 ..A.5... A.5. .T. [0290] 72 00 61 00 6E 00 73 00 76 00 65 00 72 00 73 00 r.a.n.s. v.e.r.s. [02A0] 65 00 00 00 41 00 35 00 20 00 52 00 6F 00 74 00 e...A.5. .R.o.t. [02B0] 61 00 74 00 65 00 64 00 00 00 41 00 35 00 20 00 a.t.e.d. ..A.5. . [02C0] 45 00 78 00 74 00 72 00 61 00 00 00 41 00 34 00 E.x.t.r. a...A.4. [02D0] 00 00 41 00 34 00 20 00 54 00 72 00 61 00 6E 00 ..A.4. . T.r.a.n. [02E0] 73 00 76 00 65 00 72 00 73 00 65 00 00 00 41 00 s.v.e.r. s.e...A. [02F0] 34 00 20 00 53 00 6D 00 61 00 6C 00 6C 00 00 00 4. .S.m. a.l.l... [0300] 41 00 34 00 20 00 52 00 6F 00 74 00 61 00 74 00 A.4. .R. o.t.a.t. [0310] 65 00 64 00 00 00 41 00 34 00 20 00 50 00 6C 00 e.d...A. 4. .P.l. [0320] 75 00 73 00 00 00 41 00 34 00 20 00 45 00 78 00 u.s...A. 4. .E.x. [0330] 74 00 72 00 61 00 00 00 41 00 33 00 00 00 41 00 t.r.a... A.3...A. [0340] 33 00 20 00 54 00 72 00 61 00 6E 00 73 00 76 00 3. .T.r. a.n.s.v. [0350] 65 00 72 00 73 00 65 00 00 00 41 00 33 00 20 00 e.r.s.e. ..A.3. . [0360] 52 00 6F 00 74 00 61 00 74 00 65 00 64 00 00 00 R.o.t.a. t.e.d... [0370] 41 00 33 00 20 00 45 00 78 00 74 00 72 00 61 00 A.3. .E. x.t.r.a. [0380] 00 00 41 00 33 00 20 00 45 00 78 00 74 00 72 00 ..A.3. . E.x.t.r. [0390] 61 00 20 00 54 00 72 00 61 00 6E 00 73 00 76 00 a. .T.r. a.n.s.v. [03A0] 65 00 72 00 73 00 65 00 00 00 41 00 32 00 00 00 e.r.s.e. ..A.2... [03B0] 41 00 31 00 00 00 41 00 30 00 00 00 39 00 78 00 A.1...A. 0...9.x. [03C0] 31 00 31 00 00 00 36 00 20 00 33 00 2F 00 34 00 1.1...6. .3./.4. [03D0] 20 00 45 00 6E 00 76 00 65 00 6C 00 6F 00 70 00 .E.n.v. e.l.o.p. [03E0] 65 00 00 00 31 00 35 00 78 00 31 00 31 00 00 00 e...1.5. x.1.1... [03F0] 31 00 32 00 78 00 31 00 31 00 00 00 31 00 31 00 1.2.x.1. 1...1.1. [0400] 78 00 31 00 37 00 00 00 31 00 30 00 78 00 31 00 x.1.7... 1.0.x.1. [0410] 34 00 00 00 31 00 30 00 78 00 31 00 31 00 00 00 4...1.0. x.1.1... [0420] E0 1D 00 00 78 00 00 00 00 00 00 00 ....x... .... [2012/08/30 15:27:54.616474, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) free_pipe_context: destroying talloc pool of size 31828 [2012/08/30 15:27:54.616647, 10] rpc_server/rpc_handles.c:307(close_policy_by_pipe) close_policy_by_pipe: deleted handle list for pipe \winreg [2012/08/30 15:27:54.616784, 10] rpc_server/srv_pipe_hnd.c:788(np_read_recv) Received 1092 bytes. There is no more data outstanding [2012/08/30 15:27:54.616903, 3] smbd/pipes.c:485(pipe_read_andx_done) readX-IPC min=4280 max=4280 nread=1092 [2012/08/30 15:27:54.624605, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 172 [2012/08/30 15:27:54.624790, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0xac [2012/08/30 15:27:54.624911, 3] smbd/process.c:1662(process_smb) Transaction 70 of length 176 (0 toread) [2012/08/30 15:27:54.625029, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:54.625091, 5] lib/util.c:342(show_msg) size=172 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=1080 smb_uid=100 smb_mid=9536 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 88 (0x58) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 88 (0x58) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=17760 (0x4560) smb_bcc=105 [2012/08/30 15:27:54.626757, 10] ../lib/util/util.c:415(dump_data) [0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [0010] 00 05 00 00 03 10 00 00 00 58 00 00 00 06 00 00 ........ .X...... [0020] 00 40 00 00 00 00 00 1A 00 00 00 00 00 40 00 00 .@...... .....@.. [0030] 00 00 00 00 00 3F 50 BA BE EE 0B 00 00 0D 00 00 .....?P. ........ [0040] 00 00 00 00 00 0D 00 00 00 44 00 72 00 69 00 76 ........ .D.r.i.v [0050] 00 65 00 72 00 50 00 6F 00 6C 00 69 00 63 00 79 .e.r.P.o .l.i.c.y [0060] 00 00 00 00 00 00 04 00 00 ........ . [2012/08/30 15:27:54.627298, 3] smbd/process.c:1467(switch_message) switch message SMBtrans (pid 3054) conn 0x7fd50c02fa20 [2012/08/30 15:27:54.627585, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/08/30 15:27:54.627716, 3] smbd/ipc.c:560(handle_trans) trans <\PIPE\> data=88 params=0 setup=2 [2012/08/30 15:27:54.627837, 5] smbd/ipc.c:593(handle_trans) calling named_pipe [2012/08/30 15:27:54.627972, 3] smbd/ipc.c:511(named_pipe) named pipe command on <> name [2012/08/30 15:27:54.628091, 5] smbd/ipc.c:434(api_fd_reply) api_fd_reply [2012/08/30 15:27:54.628209, 3] smbd/ipc.c:475(api_fd_reply) Got API command 0x26 on pipe "spoolss" (pnum 4560) [2012/08/30 15:27:54.628328, 10] smbd/ipc.c:477(api_fd_reply) api_fd_reply: p:0x7fd50c02c9d0 max_trans_reply: 4280 [2012/08/30 15:27:54.628448, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 88 [2012/08/30 15:27:54.628568, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 88 [2012/08/30 15:27:54.628685, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 88 [2012/08/30 15:27:54.628857, 10] rpc_server/srv_pipe_hnd.c:50(fill_rpc_header) fill_rpc_header: data_to_copy = 88, len_needed_to_complete_hdr = 16, receive_len = 0 [2012/08/30 15:27:54.628986, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 16 [2012/08/30 15:27:54.629104, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 72 [2012/08/30 15:27:54.629225, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 72 [2012/08/30 15:27:54.629349, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 0 [2012/08/30 15:27:54.629467, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 72 [2012/08/30 15:27:54.630729, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 72, incoming data = 72 [2012/08/30 15:27:54.630936, 10] rpc_server/srv_pipe.c:1877(process_complete_pdu) PDU is in Little Endian format! [2012/08/30 15:27:54.631063, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_REQUEST (0) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0058 (88) auth_length : 0x0000 (0) call_id : 0x00000006 (6) u : union dcerpc_payload(case 0) request: struct dcerpc_request alloc_hint : 0x00000040 (64) context_id : 0x0000 (0) opnum : 0x001a (26) object : union dcerpc_object(case 0) empty: struct dcerpc_empty _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=64 [0000] 00 00 00 00 40 00 00 00 00 00 00 00 3F 50 BA BE ....@... ....?P.. [0010] EE 0B 00 00 0D 00 00 00 00 00 00 00 0D 00 00 00 ........ ........ [0020] 44 00 72 00 69 00 76 00 65 00 72 00 50 00 6F 00 D.r.i.v. e.r.P.o. [0030] 6C 00 69 00 63 00 79 00 00 00 00 00 00 04 00 00 l.i.c.y. ........ [2012/08/30 15:27:54.636413, 10] rpc_server/srv_pipe.c:1890(process_complete_pdu) Processing packet type 0 [2012/08/30 15:27:54.636552, 10] rpc_server/srv_pipe.c:1734(dcesrv_auth_request) Checking request auth. [2012/08/30 15:27:54.636673, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) Requested \PIPE\\spoolss [2012/08/30 15:27:54.636797, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) api_rpcTNP: \spoolss op 0x1a - api_rpcTNP: rpc command: SPOOLSS_GETPRINTERDATA [2012/08/30 15:27:54.638146, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) api_rpc_cmds[26].fn == 0x7fd50aed07e0 [2012/08/30 15:27:54.638288, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) spoolss_GetPrinterData: struct spoolss_GetPrinterData in: struct spoolss_GetPrinterData handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000040-0000-0000-3f50-babeee0b0000 value_name : 'DriverPolicy' offered : 0x00000400 (1024) [2012/08/30 15:27:54.638821, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 40 00 00 00 00 00 00 00 3F 50 BA BE ....@... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:54.639019, 4] rpc_server/spoolss/srv_spoolss_nt.c:9191(_spoolss_GetPrinterDataEx) _spoolss_GetPrinterDataEx [2012/08/30 15:27:54.639149, 10] rpc_server/spoolss/srv_spoolss_nt.c:9194(_spoolss_GetPrinterDataEx) _spoolss_GetPrinterDataEx: key => [PrinterDriverData], value => [DriverPolicy] [2012/08/30 15:27:54.639421, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 40 00 00 00 00 00 00 00 3F 50 BA BE ....@... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:54.640785, 4] rpc_server/spoolss/srv_spoolss_nt.c:504(get_printer_snum) short name:HP_4515 [2012/08/30 15:27:54.640943, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) Create pipe requested \winreg [2012/08/30 15:27:54.641068, 10] rpc_server/rpc_handles.c:116(init_pipe_handles) init_pipe_handle_list: created handle list for pipe \winreg [2012/08/30 15:27:54.641188, 10] rpc_server/rpc_handles.c:133(init_pipe_handles) init_pipe_handle_list: pipe_handles ref count = 1 for pipe \winreg [2012/08/30 15:27:54.641315, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) Created internal pipe \winreg (pipes_open=0) [2012/08/30 15:27:54.641448, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM in: struct winreg_OpenHKLM system_name : NULL access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2012/08/30 15:27:54.644148, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2012/08/30 15:27:54.644276, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (2->3) [2012/08/30 15:27:54.644399, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM] [2012/08/30 15:27:54.644518, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM] [2012/08/30 15:27:54.644637, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:54.644754, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM] [2012/08/30 15:27:54.644924, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM] [2012/08/30 15:27:54.645061, 10] ../libcli/security/access_check.c:178(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2012/08/30 15:27:54.645184, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[1] [0000] 00 00 00 00 47 00 00 00 00 00 00 00 3F 50 BA BE ....G... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:54.645382, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM out: struct winreg_OpenHKLM handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000047-0000-0000-3f50-babeee0b0000 result : WERR_OK [2012/08/30 15:27:54.645885, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey in: struct winreg_OpenKey parent_handle : * parent_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000047-0000-0000-3f50-babeee0b0000 keyname: struct winreg_String name_len : 0x00ac (172) name_size : 0x00ac (172) name : * name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515\PrinterDriverData' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2012/08/30 15:27:54.647592, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 47 00 00 00 00 00 00 00 3F 50 BA BE ....G... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:54.647802, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2012/08/30 15:27:54.647923, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (3->4) [2012/08/30 15:27:54.648045, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] [2012/08/30 15:27:54.648163, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE] [2012/08/30 15:27:54.648282, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:54.648403, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE] [2012/08/30 15:27:54.648554, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE] [2012/08/30 15:27:54.648690, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2012/08/30 15:27:54.648810, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (4->5) [2012/08/30 15:27:54.648933, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] [2012/08/30 15:27:54.649050, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] [2012/08/30 15:27:54.649260, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:54.649414, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE\Microsoft] [2012/08/30 15:27:54.649556, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft] [2012/08/30 15:27:54.649693, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2012/08/30 15:27:54.649814, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (5->6) [2012/08/30 15:27:54.649936, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] [2012/08/30 15:27:54.650057, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] [2012/08/30 15:27:54.650177, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:54.650322, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] [2012/08/30 15:27:54.653098, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT] [2012/08/30 15:27:54.653257, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2012/08/30 15:27:54.653380, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (6->7) [2012/08/30 15:27:54.653513, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2012/08/30 15:27:54.653631, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2012/08/30 15:27:54.653752, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:54.653869, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b776320 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2012/08/30 15:27:54.654015, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2012/08/30 15:27:54.654136, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (7->8) [2012/08/30 15:27:54.654278, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2012/08/30 15:27:54.654398, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2012/08/30 15:27:54.654518, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:54.654635, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b776320 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2012/08/30 15:27:54.654778, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2012/08/30 15:27:54.654898, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (8->9) [2012/08/30 15:27:54.655020, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2012/08/30 15:27:54.655138, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2012/08/30 15:27:54.655262, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:54.655378, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2012/08/30 15:27:54.655523, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2012/08/30 15:27:54.655667, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [HP_4515] [2012/08/30 15:27:54.655828, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (9->10) [2012/08/30 15:27:54.655954, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:54.656072, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:54.656194, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:54.656310, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:54.656449, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:54.656585, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [PrinterDriverData] [2012/08/30 15:27:54.656720, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (10->11) [2012/08/30 15:27:54.656843, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515\PrinterDriverData] [2012/08/30 15:27:54.656968, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515\PrinterDriverData] [2012/08/30 15:27:54.657089, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:54.657205, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515\PrinterDriverData] [2012/08/30 15:27:54.657338, 10] registry/reg_backend_db.c:1656(regdb_fetch_keys_internal) regdb_fetch_keys: no subkeys found for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515\PrinterDriverData] [2012/08/30 15:27:54.657470, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515\PrinterDriverData] [2012/08/30 15:27:54.657611, 10] ../libcli/security/access_check.c:178(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2012/08/30 15:27:54.657735, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (11->10) [2012/08/30 15:27:54.657873, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (10->9) [2012/08/30 15:27:54.657992, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (9->8) [2012/08/30 15:27:54.658111, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (8->7) [2012/08/30 15:27:54.658229, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (7->6) [2012/08/30 15:27:54.658348, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (6->5) [2012/08/30 15:27:54.658483, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (5->4) [2012/08/30 15:27:54.658604, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[2] [0000] 00 00 00 00 48 00 00 00 00 00 00 00 3F 50 BA BE ....H... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:54.658801, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey out: struct winreg_OpenKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000048-0000-0000-3f50-babeee0b0000 result : WERR_OK [2012/08/30 15:27:54.659321, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000048-0000-0000-3f50-babeee0b0000 value_name : * value_name: struct winreg_String name_len : 0x001a (26) name_size : 0x001a (26) name : * name : 'DriverPolicy' type : * type : REG_NONE (0) data : NULL data_size : * data_size : 0x00000000 (0) data_length : * data_length : 0x00000000 (0) [2012/08/30 15:27:54.660584, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 48 00 00 00 00 00 00 00 3F 50 BA BE ....H... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:54.660790, 7] rpc_server/winreg/srv_winreg_nt.c:262(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515\PrinterDriverData] [2012/08/30 15:27:54.660935, 7] rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2012/08/30 15:27:54.661074, 10] registry/reg_dispatcher.c:150(fetch_reg_values) fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515\PrinterDriverData' (ops 0x7fd50b775f80) [2012/08/30 15:27:54.661202, 10] registry/reg_backend_db.c:1789(regdb_fetch_values_internal) regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515\PrinterDriverData] [2012/08/30 15:27:54.661381, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[0]: name[TrayFormSize] len[4] [2012/08/30 15:27:54.661507, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[1]: name[TrayFormTable] len[432] [2012/08/30 15:27:54.661628, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[2]: name[TrayFormMapSize] len[4] [2012/08/30 15:27:54.661749, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[3]: name[TrayFormKeywordSize] len[4] [2012/08/30 15:27:54.661870, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[4]: name[TrayFormKeyword] len[87] [2012/08/30 15:27:54.661992, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[5]: name[TrayFormMap] len[118] [2012/08/30 15:27:54.662113, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[6]: name[FreeMem] len[4] [2012/08/30 15:27:54.662235, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[7]: name[JobTimeOut] len[4] [2012/08/30 15:27:54.662394, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[8]: name[Protocol] len[4] [2012/08/30 15:27:54.662517, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[9]: name[PrinterDataSize] len[4] [2012/08/30 15:27:54.662638, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[10]: name[PrinterData] len[560] [2012/08/30 15:27:54.662758, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[11]: name[FeatureKeywordSize] len[4] [2012/08/30 15:27:54.662883, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[12]: name[FeatureKeyword] len[2] [2012/08/30 15:27:54.663005, 10] rpc_server/winreg/srv_winreg_nt.c:315(_winreg_QueryValue) _winreg_QueryValue: reg_queryvalue failed with: WERR_BADFILE [2012/08/30 15:27:54.663123, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_NONE (0) data : NULL data_size : * data_size : 0x00000000 (0) data_length : * data_length : 0x00000000 (0) result : WERR_BADFILE [2012/08/30 15:27:54.664035, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000048-0000-0000-3f50-babeee0b0000 [2012/08/30 15:27:54.664477, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 48 00 00 00 00 00 00 00 3F 50 BA BE ....H... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:54.664685, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 48 00 00 00 00 00 00 00 3F 50 BA BE ....H... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:54.664878, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/08/30 15:27:54.664998, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (4->3) [2012/08/30 15:27:54.665116, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2012/08/30 15:27:54.665594, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000047-0000-0000-3f50-babeee0b0000 [2012/08/30 15:27:54.666036, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 47 00 00 00 00 00 00 00 3F 50 BA BE ....G... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:54.666234, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 47 00 00 00 00 00 00 00 3F 50 BA BE ....G... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:54.666426, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/08/30 15:27:54.666543, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (3->2) [2012/08/30 15:27:54.666661, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2012/08/30 15:27:54.667137, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) spoolss_GetPrinterData: struct spoolss_GetPrinterData out: struct spoolss_GetPrinterData type : * type : REG_NONE (0) data : * data: ARRAY(1024) [0] : 0x00 (0) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) [4] : 0x00 (0) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) [8] : 0x00 (0) [9] : 0x00 (0) [10] : 0x00 (0) [11] : 0x00 (0) [12] : 0x00 (0) [13] : 0x00 (0) [14] : 0x00 (0) [15] : 0x00 (0) [16] : 0x00 (0) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) [20] : 0x00 (0) [21] : 0x00 (0) [22] : 0x00 (0) [23] : 0x00 (0) [24] : 0x00 (0) [25] : 0x00 (0) [26] : 0x00 (0) [27] : 0x00 (0) [28] : 0x00 (0) [29] : 0x00 (0) [30] : 0x00 (0) [31] : 0x00 (0) [32] : 0x00 (0) [33] : 0x00 (0) [34] : 0x00 (0) [35] : 0x00 (0) [36] : 0x00 (0) [37] : 0x00 (0) [38] : 0x00 (0) [39] : 0x00 (0) [40] : 0x00 (0) [41] : 0x00 (0) [42] : 0x00 (0) [43] : 0x00 (0) [44] : 0x00 (0) [45] : 0x00 (0) [46] : 0x00 (0) [47] : 0x00 (0) [48] : 0x00 (0) [49] : 0x00 (0) [50] : 0x00 (0) [51] : 0x00 (0) [52] : 0x00 (0) [53] : 0x00 (0) [54] : 0x00 (0) [55] : 0x00 (0) [56] : 0x00 (0) [57] : 0x00 (0) [58] : 0x00 (0) [59] : 0x00 (0) [60] : 0x00 (0) [61] : 0x00 (0) [62] : 0x00 (0) [63] : 0x00 (0) [64] : 0x00 (0) [65] : 0x00 (0) [66] : 0x00 (0) [67] : 0x00 (0) [68] : 0x00 (0) [69] : 0x00 (0) [70] : 0x00 (0) [71] : 0x00 (0) [72] : 0x00 (0) [73] : 0x00 (0) [74] : 0x00 (0) [75] : 0x00 (0) [76] : 0x00 (0) [77] : 0x00 (0) [78] : 0x00 (0) [79] : 0x00 (0) [80] : 0x00 (0) [81] : 0x00 (0) [82] : 0x00 (0) [83] : 0x00 (0) [84] : 0x00 (0) [85] : 0x00 (0) [86] : 0x00 (0) [87] : 0x00 (0) [88] : 0x00 (0) [89] : 0x00 (0) [90] : 0x00 (0) [91] : 0x00 (0) [92] : 0x00 (0) [93] : 0x00 (0) [94] : 0x00 (0) [95] : 0x00 (0) [96] : 0x00 (0) [97] : 0x00 (0) [98] : 0x00 (0) [99] : 0x00 (0) [100] : 0x00 (0) [101] : 0x00 (0) [102] : 0x00 (0) [103] : 0x00 (0) [104] : 0x00 (0) [105] : 0x00 (0) [106] : 0x00 (0) [107] : 0x00 (0) [108] : 0x00 (0) [109] : 0x00 (0) [110] : 0x00 (0) [111] : 0x00 (0) [112] : 0x00 (0) [113] : 0x00 (0) [114] : 0x00 (0) [115] : 0x00 (0) [116] : 0x00 (0) [117] : 0x00 (0) [118] : 0x00 (0) [119] : 0x00 (0) [120] : 0x00 (0) [121] : 0x00 (0) [122] : 0x00 (0) [123] : 0x00 (0) [124] : 0x00 (0) [125] : 0x00 (0) [126] : 0x00 (0) [127] : 0x00 (0) [128] : 0x00 (0) [129] : 0x00 (0) [130] : 0x00 (0) [131] : 0x00 (0) [132] : 0x00 (0) [133] : 0x00 (0) [134] : 0x00 (0) [135] : 0x00 (0) [136] : 0x00 (0) [137] : 0x00 (0) [138] : 0x00 (0) [139] : 0x00 (0) [140] : 0x00 (0) [141] : 0x00 (0) [142] : 0x00 (0) [143] : 0x00 (0) [144] : 0x00 (0) [145] : 0x00 (0) [146] : 0x00 (0) [147] : 0x00 (0) [148] : 0x00 (0) [149] : 0x00 (0) [150] : 0x00 (0) [151] : 0x00 (0) [152] : 0x00 (0) [153] : 0x00 (0) [154] : 0x00 (0) [155] : 0x00 (0) [156] : 0x00 (0) [157] : 0x00 (0) [158] : 0x00 (0) [159] : 0x00 (0) [160] : 0x00 (0) [161] : 0x00 (0) [162] : 0x00 (0) [163] : 0x00 (0) [164] : 0x00 (0) [165] : 0x00 (0) [166] : 0x00 (0) [167] : 0x00 (0) [168] : 0x00 (0) [169] : 0x00 (0) [170] : 0x00 (0) [171] : 0x00 (0) [172] : 0x00 (0) [173] : 0x00 (0) [174] : 0x00 (0) [175] : 0x00 (0) [176] : 0x00 (0) [177] : 0x00 (0) [178] : 0x00 (0) [179] : 0x00 (0) [180] : 0x00 (0) [181] : 0x00 (0) [182] : 0x00 (0) [183] : 0x00 (0) [184] : 0x00 (0) [185] : 0x00 (0) [186] : 0x00 (0) [187] : 0x00 (0) [188] : 0x00 (0) [189] : 0x00 (0) [190] : 0x00 (0) [191] : 0x00 (0) [192] : 0x00 (0) [193] : 0x00 (0) [194] : 0x00 (0) [195] : 0x00 (0) [196] : 0x00 (0) [197] : 0x00 (0) [198] : 0x00 (0) [199] : 0x00 (0) [200] : 0x00 (0) [201] : 0x00 (0) [202] : 0x00 (0) [203] : 0x00 (0) [204] : 0x00 (0) [205] : 0x00 (0) [206] : 0x00 (0) [207] : 0x00 (0) [208] : 0x00 (0) [209] : 0x00 (0) [210] : 0x00 (0) [211] : 0x00 (0) [212] : 0x00 (0) [213] : 0x00 (0) [214] : 0x00 (0) [215] : 0x00 (0) [216] : 0x00 (0) [217] : 0x00 (0) [218] : 0x00 (0) [219] : 0x00 (0) [220] : 0x00 (0) [221] : 0x00 (0) [222] : 0x00 (0) [223] : 0x00 (0) [224] : 0x00 (0) [225] : 0x00 (0) [226] : 0x00 (0) [227] : 0x00 (0) [228] : 0x00 (0) [229] : 0x00 (0) [230] : 0x00 (0) [231] : 0x00 (0) [232] : 0x00 (0) [233] : 0x00 (0) [234] : 0x00 (0) [235] : 0x00 (0) [236] : 0x00 (0) [237] : 0x00 (0) [238] : 0x00 (0) [239] : 0x00 (0) [240] : 0x00 (0) [241] : 0x00 (0) [242] : 0x00 (0) [243] : 0x00 (0) [244] : 0x00 (0) [245] : 0x00 (0) [246] : 0x00 (0) [247] : 0x00 (0) [248] : 0x00 (0) [249] : 0x00 (0) [250] : 0x00 (0) [251] : 0x00 (0) [252] : 0x00 (0) [253] : 0x00 (0) [254] : 0x00 (0) [255] : 0x00 (0) [256] : 0x00 (0) [257] : 0x00 (0) [258] : 0x00 (0) [259] : 0x00 (0) [260] : 0x00 (0) [261] : 0x00 (0) [262] : 0x00 (0) [263] : 0x00 (0) [264] : 0x00 (0) [265] : 0x00 (0) [266] : 0x00 (0) [267] : 0x00 (0) [268] : 0x00 (0) [269] : 0x00 (0) [270] : 0x00 (0) [271] : 0x00 (0) [272] : 0x00 (0) [273] : 0x00 (0) [274] : 0x00 (0) [275] : 0x00 (0) [276] : 0x00 (0) [277] : 0x00 (0) [278] : 0x00 (0) [279] : 0x00 (0) [280] : 0x00 (0) [281] : 0x00 (0) [282] : 0x00 (0) [283] : 0x00 (0) [284] : 0x00 (0) [285] : 0x00 (0) [286] : 0x00 (0) [287] : 0x00 (0) [288] : 0x00 (0) [289] : 0x00 (0) [290] : 0x00 (0) [291] : 0x00 (0) [292] : 0x00 (0) [293] : 0x00 (0) [294] : 0x00 (0) [295] : 0x00 (0) [296] : 0x00 (0) [297] : 0x00 (0) [298] : 0x00 (0) [299] : 0x00 (0) [300] : 0x00 (0) [301] : 0x00 (0) [302] : 0x00 (0) [303] : 0x00 (0) [304] : 0x00 (0) [305] : 0x00 (0) [306] : 0x00 (0) [307] : 0x00 (0) [308] : 0x00 (0) [309] : 0x00 (0) [310] : 0x00 (0) [311] : 0x00 (0) [312] : 0x00 (0) [313] : 0x00 (0) [314] : 0x00 (0) [315] : 0x00 (0) [316] : 0x00 (0) [317] : 0x00 (0) [318] : 0x00 (0) [319] : 0x00 (0) [320] : 0x00 (0) [321] : 0x00 (0) [322] : 0x00 (0) [323] : 0x00 (0) [324] : 0x00 (0) [325] : 0x00 (0) [326] : 0x00 (0) [327] : 0x00 (0) [328] : 0x00 (0) [329] : 0x00 (0) [330] : 0x00 (0) [331] : 0x00 (0) [332] : 0x00 (0) [333] : 0x00 (0) [334] : 0x00 (0) [335] : 0x00 (0) [336] : 0x00 (0) [337] : 0x00 (0) [338] : 0x00 (0) [339] : 0x00 (0) [340] : 0x00 (0) [341] : 0x00 (0) [342] : 0x00 (0) [343] : 0x00 (0) [344] : 0x00 (0) [345] : 0x00 (0) [346] : 0x00 (0) [347] : 0x00 (0) [348] : 0x00 (0) [349] : 0x00 (0) [350] : 0x00 (0) [351] : 0x00 (0) [352] : 0x00 (0) [353] : 0x00 (0) [354] : 0x00 (0) [355] : 0x00 (0) [356] : 0x00 (0) [357] : 0x00 (0) [358] : 0x00 (0) [359] : 0x00 (0) [360] : 0x00 (0) [361] : 0x00 (0) [362] : 0x00 (0) [363] : 0x00 (0) [364] : 0x00 (0) [365] : 0x00 (0) [366] : 0x00 (0) [367] : 0x00 (0) [368] : 0x00 (0) [369] : 0x00 (0) [370] : 0x00 (0) [371] : 0x00 (0) [372] : 0x00 (0) [373] : 0x00 (0) [374] : 0x00 (0) [375] : 0x00 (0) [376] : 0x00 (0) [377] : 0x00 (0) [378] : 0x00 (0) [379] : 0x00 (0) [380] : 0x00 (0) [381] : 0x00 (0) [382] : 0x00 (0) [383] : 0x00 (0) [384] : 0x00 (0) [385] : 0x00 (0) [386] : 0x00 (0) [387] : 0x00 (0) [388] : 0x00 (0) [389] : 0x00 (0) [390] : 0x00 (0) [391] : 0x00 (0) [392] : 0x00 (0) [393] : 0x00 (0) [394] : 0x00 (0) [395] : 0x00 (0) [396] : 0x00 (0) [397] : 0x00 (0) [398] : 0x00 (0) [399] : 0x00 (0) [400] : 0x00 (0) [401] : 0x00 (0) [402] : 0x00 (0) [403] : 0x00 (0) [404] : 0x00 (0) [405] : 0x00 (0) [406] : 0x00 (0) [407] : 0x00 (0) [408] : 0x00 (0) [409] : 0x00 (0) [410] : 0x00 (0) [411] : 0x00 (0) [412] : 0x00 (0) [413] : 0x00 (0) [414] : 0x00 (0) [415] : 0x00 (0) [416] : 0x00 (0) [417] : 0x00 (0) [418] : 0x00 (0) [419] : 0x00 (0) [420] : 0x00 (0) [421] : 0x00 (0) [422] : 0x00 (0) [423] : 0x00 (0) [424] : 0x00 (0) [425] : 0x00 (0) [426] : 0x00 (0) [427] : 0x00 (0) [428] : 0x00 (0) [429] : 0x00 (0) [430] : 0x00 (0) [431] : 0x00 (0) [432] : 0x00 (0) [433] : 0x00 (0) [434] : 0x00 (0) [435] : 0x00 (0) [436] : 0x00 (0) [437] : 0x00 (0) [438] : 0x00 (0) [439] : 0x00 (0) [440] : 0x00 (0) [441] : 0x00 (0) [442] : 0x00 (0) [443] : 0x00 (0) [444] : 0x00 (0) [445] : 0x00 (0) [446] : 0x00 (0) [447] : 0x00 (0) [448] : 0x00 (0) [449] : 0x00 (0) [450] : 0x00 (0) [451] : 0x00 (0) [452] : 0x00 (0) [453] : 0x00 (0) [454] : 0x00 (0) [455] : 0x00 (0) [456] : 0x00 (0) [457] : 0x00 (0) [458] : 0x00 (0) [459] : 0x00 (0) [460] : 0x00 (0) [461] : 0x00 (0) [462] : 0x00 (0) [463] : 0x00 (0) [464] : 0x00 (0) [465] : 0x00 (0) [466] : 0x00 (0) [467] : 0x00 (0) [468] : 0x00 (0) [469] : 0x00 (0) [470] : 0x00 (0) [471] : 0x00 (0) [472] : 0x00 (0) [473] : 0x00 (0) [474] : 0x00 (0) [475] : 0x00 (0) [476] : 0x00 (0) [477] : 0x00 (0) [478] : 0x00 (0) [479] : 0x00 (0) [480] : 0x00 (0) [481] : 0x00 (0) [482] : 0x00 (0) [483] : 0x00 (0) [484] : 0x00 (0) [485] : 0x00 (0) [486] : 0x00 (0) [487] : 0x00 (0) [488] : 0x00 (0) [489] : 0x00 (0) [490] : 0x00 (0) [491] : 0x00 (0) [492] : 0x00 (0) [493] : 0x00 (0) [494] : 0x00 (0) [495] : 0x00 (0) [496] : 0x00 (0) [497] : 0x00 (0) [498] : 0x00 (0) [499] : 0x00 (0) [500] : 0x00 (0) [501] : 0x00 (0) [502] : 0x00 (0) [503] : 0x00 (0) [504] : 0x00 (0) [505] : 0x00 (0) [506] : 0x00 (0) [507] : 0x00 (0) [508] : 0x00 (0) [509] : 0x00 (0) [510] : 0x00 (0) [511] : 0x00 (0) [512] : 0x00 (0) [513] : 0x00 (0) [514] : 0x00 (0) [515] : 0x00 (0) [516] : 0x00 (0) [517] : 0x00 (0) [518] : 0x00 (0) [519] : 0x00 (0) [520] : 0x00 (0) [521] : 0x00 (0) [522] : 0x00 (0) [523] : 0x00 (0) [524] : 0x00 (0) [525] : 0x00 (0) [526] : 0x00 (0) [527] : 0x00 (0) [528] : 0x00 (0) [529] : 0x00 (0) [530] : 0x00 (0) [531] : 0x00 (0) [532] : 0x00 (0) [533] : 0x00 (0) [534] : 0x00 (0) [535] : 0x00 (0) [536] : 0x00 (0) [537] : 0x00 (0) [538] : 0x00 (0) [539] : 0x00 (0) [540] : 0x00 (0) [541] : 0x00 (0) [542] : 0x00 (0) [543] : 0x00 (0) [544] : 0x00 (0) [545] : 0x00 (0) [546] : 0x00 (0) [547] : 0x00 (0) [548] : 0x00 (0) [549] : 0x00 (0) [550] : 0x00 (0) [551] : 0x00 (0) [552] : 0x00 (0) [553] : 0x00 (0) [554] : 0x00 (0) [555] : 0x00 (0) [556] : 0x00 (0) [557] : 0x00 (0) [558] : 0x00 (0) [559] : 0x00 (0) [560] : 0x00 (0) [561] : 0x00 (0) [562] : 0x00 (0) [563] : 0x00 (0) [564] : 0x00 (0) [565] : 0x00 (0) [566] : 0x00 (0) [567] : 0x00 (0) [568] : 0x00 (0) [569] : 0x00 (0) [570] : 0x00 (0) [571] : 0x00 (0) [572] : 0x00 (0) [573] : 0x00 (0) [574] : 0x00 (0) [575] : 0x00 (0) [576] : 0x00 (0) [577] : 0x00 (0) [578] : 0x00 (0) [579] : 0x00 (0) [580] : 0x00 (0) [581] : 0x00 (0) [582] : 0x00 (0) [583] : 0x00 (0) [584] : 0x00 (0) [585] : 0x00 (0) [586] : 0x00 (0) [587] : 0x00 (0) [588] : 0x00 (0) [589] : 0x00 (0) [590] : 0x00 (0) [591] : 0x00 (0) [592] : 0x00 (0) [593] : 0x00 (0) [594] : 0x00 (0) [595] : 0x00 (0) [596] : 0x00 (0) [597] : 0x00 (0) [598] : 0x00 (0) [599] : 0x00 (0) [600] : 0x00 (0) [601] : 0x00 (0) [602] : 0x00 (0) [603] : 0x00 (0) [604] : 0x00 (0) [605] : 0x00 (0) [606] : 0x00 (0) [607] : 0x00 (0) [608] : 0x00 (0) [609] : 0x00 (0) [610] : 0x00 (0) [611] : 0x00 (0) [612] : 0x00 (0) [613] : 0x00 (0) [614] : 0x00 (0) [615] : 0x00 (0) [616] : 0x00 (0) [617] : 0x00 (0) [618] : 0x00 (0) [619] : 0x00 (0) [620] : 0x00 (0) [621] : 0x00 (0) [622] : 0x00 (0) [623] : 0x00 (0) [624] : 0x00 (0) [625] : 0x00 (0) [626] : 0x00 (0) [627] : 0x00 (0) [628] : 0x00 (0) [629] : 0x00 (0) [630] : 0x00 (0) [631] : 0x00 (0) [632] : 0x00 (0) [633] : 0x00 (0) [634] : 0x00 (0) [635] : 0x00 (0) [636] : 0x00 (0) [637] : 0x00 (0) [638] : 0x00 (0) [639] : 0x00 (0) [640] : 0x00 (0) [641] : 0x00 (0) [642] : 0x00 (0) [643] : 0x00 (0) [644] : 0x00 (0) [645] : 0x00 (0) [646] : 0x00 (0) [647] : 0x00 (0) [648] : 0x00 (0) [649] : 0x00 (0) [650] : 0x00 (0) [651] : 0x00 (0) [652] : 0x00 (0) [653] : 0x00 (0) [654] : 0x00 (0) [655] : 0x00 (0) [656] : 0x00 (0) [657] : 0x00 (0) [658] : 0x00 (0) [659] : 0x00 (0) [660] : 0x00 (0) [661] : 0x00 (0) [662] : 0x00 (0) [663] : 0x00 (0) [664] : 0x00 (0) [665] : 0x00 (0) [666] : 0x00 (0) [667] : 0x00 (0) [668] : 0x00 (0) [669] : 0x00 (0) [670] : 0x00 (0) [671] : 0x00 (0) [672] : 0x00 (0) [673] : 0x00 (0) [674] : 0x00 (0) [675] : 0x00 (0) [676] : 0x00 (0) [677] : 0x00 (0) [678] : 0x00 (0) [679] : 0x00 (0) [680] : 0x00 (0) [681] : 0x00 (0) [682] : 0x00 (0) [683] : 0x00 (0) [684] : 0x00 (0) [685] : 0x00 (0) [686] : 0x00 (0) [687] : 0x00 (0) [688] : 0x00 (0) [689] : 0x00 (0) [690] : 0x00 (0) [691] : 0x00 (0) [692] : 0x00 (0) [693] : 0x00 (0) [694] : 0x00 (0) [695] : 0x00 (0) [696] : 0x00 (0) [697] : 0x00 (0) [698] : 0x00 (0) [699] : 0x00 (0) [700] : 0x00 (0) [701] : 0x00 (0) [702] : 0x00 (0) [703] : 0x00 (0) [704] : 0x00 (0) [705] : 0x00 (0) [706] : 0x00 (0) [707] : 0x00 (0) [708] : 0x00 (0) [709] : 0x00 (0) [710] : 0x00 (0) [711] : 0x00 (0) [712] : 0x00 (0) [713] : 0x00 (0) [714] : 0x00 (0) [715] : 0x00 (0) [716] : 0x00 (0) [717] : 0x00 (0) [718] : 0x00 (0) [719] : 0x00 (0) [720] : 0x00 (0) [721] : 0x00 (0) [722] : 0x00 (0) [723] : 0x00 (0) [724] : 0x00 (0) [725] : 0x00 (0) [726] : 0x00 (0) [727] : 0x00 (0) [728] : 0x00 (0) [729] : 0x00 (0) [730] : 0x00 (0) [731] : 0x00 (0) [732] : 0x00 (0) [733] : 0x00 (0) [734] : 0x00 (0) [735] : 0x00 (0) [736] : 0x00 (0) [737] : 0x00 (0) [738] : 0x00 (0) [739] : 0x00 (0) [740] : 0x00 (0) [741] : 0x00 (0) [742] : 0x00 (0) [743] : 0x00 (0) [744] : 0x00 (0) [745] : 0x00 (0) [746] : 0x00 (0) [747] : 0x00 (0) [748] : 0x00 (0) [749] : 0x00 (0) [750] : 0x00 (0) [751] : 0x00 (0) [752] : 0x00 (0) [753] : 0x00 (0) [754] : 0x00 (0) [755] : 0x00 (0) [756] : 0x00 (0) [757] : 0x00 (0) [758] : 0x00 (0) [759] : 0x00 (0) [760] : 0x00 (0) [761] : 0x00 (0) [762] : 0x00 (0) [763] : 0x00 (0) [764] : 0x00 (0) [765] : 0x00 (0) [766] : 0x00 (0) [767] : 0x00 (0) [768] : 0x00 (0) [769] : 0x00 (0) [770] : 0x00 (0) [771] : 0x00 (0) [772] : 0x00 (0) [773] : 0x00 (0) [774] : 0x00 (0) [775] : 0x00 (0) [776] : 0x00 (0) [777] : 0x00 (0) [778] : 0x00 (0) [779] : 0x00 (0) [780] : 0x00 (0) [781] : 0x00 (0) [782] : 0x00 (0) [783] : 0x00 (0) [784] : 0x00 (0) [785] : 0x00 (0) [786] : 0x00 (0) [787] : 0x00 (0) [788] : 0x00 (0) [789] : 0x00 (0) [790] : 0x00 (0) [791] : 0x00 (0) [792] : 0x00 (0) [793] : 0x00 (0) [794] : 0x00 (0) [795] : 0x00 (0) [796] : 0x00 (0) [797] : 0x00 (0) [798] : 0x00 (0) [799] : 0x00 (0) [800] : 0x00 (0) [801] : 0x00 (0) [802] : 0x00 (0) [803] : 0x00 (0) [804] : 0x00 (0) [805] : 0x00 (0) [806] : 0x00 (0) [807] : 0x00 (0) [808] : 0x00 (0) [809] : 0x00 (0) [810] : 0x00 (0) [811] : 0x00 (0) [812] : 0x00 (0) [813] : 0x00 (0) [814] : 0x00 (0) [815] : 0x00 (0) [816] : 0x00 (0) [817] : 0x00 (0) [818] : 0x00 (0) [819] : 0x00 (0) [820] : 0x00 (0) [821] : 0x00 (0) [822] : 0x00 (0) [823] : 0x00 (0) [824] : 0x00 (0) [825] : 0x00 (0) [826] : 0x00 (0) [827] : 0x00 (0) [828] : 0x00 (0) [829] : 0x00 (0) [830] : 0x00 (0) [831] : 0x00 (0) [832] : 0x00 (0) [833] : 0x00 (0) [834] : 0x00 (0) [835] : 0x00 (0) [836] : 0x00 (0) [837] : 0x00 (0) [838] : 0x00 (0) [839] : 0x00 (0) [840] : 0x00 (0) [841] : 0x00 (0) [842] : 0x00 (0) [843] : 0x00 (0) [844] : 0x00 (0) [845] : 0x00 (0) [846] : 0x00 (0) [847] : 0x00 (0) [848] : 0x00 (0) [849] : 0x00 (0) [850] : 0x00 (0) [851] : 0x00 (0) [852] : 0x00 (0) [853] : 0x00 (0) [854] : 0x00 (0) [855] : 0x00 (0) [856] : 0x00 (0) [857] : 0x00 (0) [858] : 0x00 (0) [859] : 0x00 (0) [860] : 0x00 (0) [861] : 0x00 (0) [862] : 0x00 (0) [863] : 0x00 (0) [864] : 0x00 (0) [865] : 0x00 (0) [866] : 0x00 (0) [867] : 0x00 (0) [868] : 0x00 (0) [869] : 0x00 (0) [870] : 0x00 (0) [871] : 0x00 (0) [872] : 0x00 (0) [873] : 0x00 (0) [874] : 0x00 (0) [875] : 0x00 (0) [876] : 0x00 (0) [877] : 0x00 (0) [878] : 0x00 (0) [879] : 0x00 (0) [880] : 0x00 (0) [881] : 0x00 (0) [882] : 0x00 (0) [883] : 0x00 (0) [884] : 0x00 (0) [885] : 0x00 (0) [886] : 0x00 (0) [887] : 0x00 (0) [888] : 0x00 (0) [889] : 0x00 (0) [890] : 0x00 (0) [891] : 0x00 (0) [892] : 0x00 (0) [893] : 0x00 (0) [894] : 0x00 (0) [895] : 0x00 (0) [896] : 0x00 (0) [897] : 0x00 (0) [898] : 0x00 (0) [899] : 0x00 (0) [900] : 0x00 (0) [901] : 0x00 (0) [902] : 0x00 (0) [903] : 0x00 (0) [904] : 0x00 (0) [905] : 0x00 (0) [906] : 0x00 (0) [907] : 0x00 (0) [908] : 0x00 (0) [909] : 0x00 (0) [910] : 0x00 (0) [911] : 0x00 (0) [912] : 0x00 (0) [913] : 0x00 (0) [914] : 0x00 (0) [915] : 0x00 (0) [916] : 0x00 (0) [917] : 0x00 (0) [918] : 0x00 (0) [919] : 0x00 (0) [920] : 0x00 (0) [921] : 0x00 (0) [922] : 0x00 (0) [923] : 0x00 (0) [924] : 0x00 (0) [925] : 0x00 (0) [926] : 0x00 (0) [927] : 0x00 (0) [928] : 0x00 (0) [929] : 0x00 (0) [930] : 0x00 (0) [931] : 0x00 (0) [932] : 0x00 (0) [933] : 0x00 (0) [934] : 0x00 (0) [935] : 0x00 (0) [936] : 0x00 (0) [937] : 0x00 (0) [938] : 0x00 (0) [939] : 0x00 (0) [940] : 0x00 (0) [941] : 0x00 (0) [942] : 0x00 (0) [943] : 0x00 (0) [944] : 0x00 (0) [945] : 0x00 (0) [946] : 0x00 (0) [947] : 0x00 (0) [948] : 0x00 (0) [949] : 0x00 (0) [950] : 0x00 (0) [951] : 0x00 (0) [952] : 0x00 (0) [953] : 0x00 (0) [954] : 0x00 (0) [955] : 0x00 (0) [956] : 0x00 (0) [957] : 0x00 (0) [958] : 0x00 (0) [959] : 0x00 (0) [960] : 0x00 (0) [961] : 0x00 (0) [962] : 0x00 (0) [963] : 0x00 (0) [964] : 0x00 (0) [965] : 0x00 (0) [966] : 0x00 (0) [967] : 0x00 (0) [968] : 0x00 (0) [969] : 0x00 (0) [970] : 0x00 (0) [971] : 0x00 (0) [972] : 0x00 (0) [973] : 0x00 (0) [974] : 0x00 (0) [975] : 0x00 (0) [976] : 0x00 (0) [977] : 0x00 (0) [978] : 0x00 (0) [979] : 0x00 (0) [980] : 0x00 (0) [981] : 0x00 (0) [982] : 0x00 (0) [983] : 0x00 (0) [984] : 0x00 (0) [985] : 0x00 (0) [986] : 0x00 (0) [987] : 0x00 (0) [988] : 0x00 (0) [989] : 0x00 (0) [990] : 0x00 (0) [991] : 0x00 (0) [992] : 0x00 (0) [993] : 0x00 (0) [994] : 0x00 (0) [995] : 0x00 (0) [996] : 0x00 (0) [997] : 0x00 (0) [998] : 0x00 (0) [999] : 0x00 (0) [1000] : 0x00 (0) [1001] : 0x00 (0) [1002] : 0x00 (0) [1003] : 0x00 (0) [1004] : 0x00 (0) [1005] : 0x00 (0) [1006] : 0x00 (0) [1007] : 0x00 (0) [1008] : 0x00 (0) [1009] : 0x00 (0) [1010] : 0x00 (0) [1011] : 0x00 (0) [1012] : 0x00 (0) [1013] : 0x00 (0) [1014] : 0x00 (0) [1015] : 0x00 (0) [1016] : 0x00 (0) [1017] : 0x00 (0) [1018] : 0x00 (0) [1019] : 0x00 (0) [1020] : 0x00 (0) [1021] : 0x00 (0) [1022] : 0x00 (0) [1023] : 0x00 (0) needed : * needed : 0x00000000 (0) result : WERR_BADFILE [2012/08/30 15:27:54.745667, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP) api_rpcTNP: called \spoolss successfully [2012/08/30 15:27:54.745812, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 72 [2012/08/30 15:27:54.745947, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) name: \spoolss len: 4280 [2012/08/30 15:27:54.746067, 10] rpc_server/srv_pipe_hnd.c:346(read_from_internal_pipe) read_from_pipe: \spoolss: fault_state = 0 : data_sent_length = 0, p->out_data.rdata.length = 1040. [2012/08/30 15:27:54.746194, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) &r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_RESPONSE (2) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0428 (1064) auth_length : 0x0000 (0) call_id : 0x00000006 (6) u : union dcerpc_payload(case 2) response: struct dcerpc_response alloc_hint : 0x00000410 (1040) context_id : 0x0000 (0) cancel_count : 0x00 (0) _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=1040 [0000] 00 00 00 00 00 04 00 00 00 00 00 00 00 00 00 00 ........ ........ [0010] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0040] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0200] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0210] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0220] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0230] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0240] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0250] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0260] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0270] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0280] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0290] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0300] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0310] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0320] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0330] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0340] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0350] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0360] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0370] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0380] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0390] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0400] 00 00 00 00 00 00 00 00 00 00 00 00 02 00 00 00 ........ ........ [2012/08/30 15:27:54.752886, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) free_pipe_context: destroying talloc pool of size 1460 [2012/08/30 15:27:54.753015, 10] rpc_server/rpc_handles.c:307(close_policy_by_pipe) close_policy_by_pipe: deleted handle list for pipe \winreg [2012/08/30 15:27:54.753147, 10] rpc_server/srv_pipe_hnd.c:788(np_read_recv) Received 1064 bytes. There is no more data outstanding [2012/08/30 15:27:54.753278, 5] smbd/ipc.c:62(copy_trans_params_and_data) copy_trans_params_and_data: params[0..0] data[0..1064] (align 0) [2012/08/30 15:27:54.753398, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:54.753460, 5] lib/util.c:342(show_msg) size=1120 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=1 smb_pid=1080 smb_uid=100 smb_mid=9536 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 1064 (0x428) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 1064 (0x428) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=1065 [2012/08/30 15:27:54.754801, 10] ../lib/util/util.c:415(dump_data) [0000] 00 05 00 02 03 10 00 00 00 28 04 00 00 06 00 00 ........ .(...... [0010] 00 10 04 00 00 00 00 00 00 00 00 00 00 00 04 00 ........ ........ [0020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0040] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [2012/08/30 15:27:54.758077, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 2240 [2012/08/30 15:27:54.758238, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x8c0 [2012/08/30 15:27:54.758358, 3] smbd/process.c:1662(process_smb) Transaction 71 of length 2244 (0 toread) [2012/08/30 15:27:54.758497, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:54.758559, 5] lib/util.c:342(show_msg) size=2240 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=1080 smb_uid=100 smb_mid=9600 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 2156 (0x86C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 2156 (0x86C) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=17760 (0x4560) smb_bcc=2173 [2012/08/30 15:27:54.760444, 10] ../lib/util/util.c:415(dump_data) [0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [0010] 00 05 00 00 03 10 00 00 00 6C 08 00 00 07 00 00 ........ .l...... [0020] 00 54 08 00 00 00 00 35 00 00 00 00 00 40 00 00 .T.....5 .....@.. [0030] 00 00 00 00 00 3F 50 BA BE EE 0B 00 00 00 00 02 .....?P. ........ [0040] 00 0C 00 00 00 00 00 00 00 0C 00 00 00 57 00 69 ........ .....W.i [0050] 00 6E 00 64 00 6F 00 77 00 73 00 20 00 78 00 36 .n.d.o.w .s. .x.6 [0060] 00 34 00 00 00 06 00 00 00 04 00 02 00 00 08 00 .4...... ........ [0070] 00 58 01 3B 00 00 00 00 00 D0 64 3B 00 00 00 00 .X.;.... ..d;.... [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [2012/08/30 15:27:54.762697, 3] smbd/process.c:1467(switch_message) switch message SMBtrans (pid 3054) conn 0x7fd50c02fa20 [2012/08/30 15:27:54.762822, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/08/30 15:27:54.762949, 3] smbd/ipc.c:560(handle_trans) trans <\PIPE\> data=2156 params=0 setup=2 [2012/08/30 15:27:54.763071, 5] smbd/ipc.c:593(handle_trans) calling named_pipe [2012/08/30 15:27:54.763226, 3] smbd/ipc.c:511(named_pipe) named pipe command on <> name [2012/08/30 15:27:54.763344, 5] smbd/ipc.c:434(api_fd_reply) api_fd_reply [2012/08/30 15:27:54.763462, 3] smbd/ipc.c:475(api_fd_reply) Got API command 0x26 on pipe "spoolss" (pnum 4560) [2012/08/30 15:27:54.763613, 10] smbd/ipc.c:477(api_fd_reply) api_fd_reply: p:0x7fd50c02c9d0 max_trans_reply: 4280 [2012/08/30 15:27:54.763734, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 2156 [2012/08/30 15:27:54.763855, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 2156 [2012/08/30 15:27:54.763972, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 2156 [2012/08/30 15:27:54.764090, 10] rpc_server/srv_pipe_hnd.c:50(fill_rpc_header) fill_rpc_header: data_to_copy = 2156, len_needed_to_complete_hdr = 16, receive_len = 0 [2012/08/30 15:27:54.764214, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 16 [2012/08/30 15:27:54.764331, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 2140 [2012/08/30 15:27:54.764448, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 2140 [2012/08/30 15:27:54.764567, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 0 [2012/08/30 15:27:54.764684, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 2140 [2012/08/30 15:27:54.764800, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 2140, incoming data = 2140 [2012/08/30 15:27:54.764924, 10] rpc_server/srv_pipe.c:1877(process_complete_pdu) PDU is in Little Endian format! [2012/08/30 15:27:54.765049, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_REQUEST (0) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x086c (2156) auth_length : 0x0000 (0) call_id : 0x00000007 (7) u : union dcerpc_payload(case 0) request: struct dcerpc_request alloc_hint : 0x00000854 (2132) context_id : 0x0000 (0) opnum : 0x0035 (53) object : union dcerpc_object(case 0) empty: struct dcerpc_empty _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=2132 [0000] 00 00 00 00 40 00 00 00 00 00 00 00 3F 50 BA BE ....@... ....?P.. [0010] EE 0B 00 00 00 00 02 00 0C 00 00 00 00 00 00 00 ........ ........ [0020] 0C 00 00 00 57 00 69 00 6E 00 64 00 6F 00 77 00 ....W.i. n.d.o.w. [0030] 73 00 20 00 78 00 36 00 34 00 00 00 06 00 00 00 s. .x.6. 4....... [0040] 04 00 02 00 00 08 00 00 58 01 3B 00 00 00 00 00 ........ X.;..... [0050] D0 64 3B 00 00 00 00 00 00 00 00 00 00 00 00 00 .d;..... ........ [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0200] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0210] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0220] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0230] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0240] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0250] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0260] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0270] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0280] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0290] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0300] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0310] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0320] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0330] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0340] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0350] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0360] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0370] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0380] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0390] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0400] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0410] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0420] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0430] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0440] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0450] C5 26 00 E3 01 F5 04 00 58 01 3B 00 00 00 00 00 .&...... X.;..... [0460] D0 64 3B 00 00 00 00 00 28 9A 01 00 20 42 02 00 .d;..... (... B.. [0470] 00 00 00 00 00 00 00 00 28 9A 01 00 20 42 02 00 ........ (... B.. [0480] 01 00 00 00 2C 20 00 00 FC 82 29 00 00 00 00 00 ...., .. ..)..... [0490] 90 D0 03 00 E8 62 05 00 00 00 00 00 00 00 00 00 .....b.. ........ [04A0] 90 D0 03 00 E8 62 05 00 01 00 00 00 EA 1F 00 00 .....b.. ........ [04B0] DA 82 29 00 00 00 00 00 E0 8D 05 00 E8 EB 03 00 ..)..... ........ [04C0] 00 00 00 00 00 00 00 00 E0 8D 05 00 E8 EB 03 00 ........ ........ [04D0] 01 00 00 00 B8 1F 00 00 C8 82 29 00 00 00 00 00 ........ ..)..... [04E0] E8 EB 03 00 E0 8D 05 00 00 00 00 00 00 00 00 00 ........ ........ [04F0] E8 EB 03 00 E0 8D 05 00 01 00 00 00 7A 1F 00 00 ........ ....z... [0500] AA 82 29 00 00 00 00 00 28 11 03 00 20 36 04 00 ..)..... (... 6.. [0510] 00 00 00 00 00 00 00 00 28 11 03 00 20 36 04 00 ........ (... 6.. [0520] 01 00 00 00 38 1F 00 00 88 82 29 00 00 00 00 00 ....8... ..)..... [0530] E8 EB 03 00 F0 C6 02 00 00 00 00 00 00 00 00 00 ........ ........ [0540] E8 EB 03 00 F0 C6 02 00 01 00 00 00 F0 1E 00 00 ........ ........ [0550] 60 82 29 00 00 00 00 00 F0 C6 02 00 E8 EB 03 00 `.)..... ........ [0560] 00 00 00 00 00 00 00 00 F0 C6 02 00 E8 EB 03 00 ........ ........ [0570] 01 00 00 00 BE 1E 00 00 4E 82 29 00 00 00 00 00 ........ N.)..... [0580] F0 C6 02 00 E8 EB 03 00 00 00 00 00 00 00 00 00 ........ ........ [0590] F0 C6 02 00 E8 EB 03 00 01 00 00 00 7C 1E 00 00 ........ ....|... [05A0] 2C 82 29 00 00 00 00 00 F0 C6 02 00 00 F4 01 00 ,.)..... ........ [05B0] 00 00 00 00 00 00 00 00 F0 C6 02 00 00 F4 01 00 ........ ........ [05C0] 01 00 00 00 4A 1E 00 00 1A 82 29 00 00 00 00 00 ....J... ..)..... [05D0] 00 F4 01 00 F0 C6 02 00 00 00 00 00 00 00 00 00 ........ ........ [05E0] 00 F4 01 00 F0 C6 02 00 01 00 00 00 10 1E 00 00 ........ ........ [05F0] 00 82 29 00 00 00 00 00 B8 96 06 00 D0 86 08 00 ..)..... ........ [0600] 00 00 00 00 00 00 00 00 B8 96 06 00 D0 86 08 00 ........ ........ [0610] 01 00 00 00 D6 1D 00 00 E6 81 29 00 00 00 00 00 ........ ..)..... [0620] D0 86 08 00 70 2D 0D 00 00 00 00 00 00 00 00 00 ....p-.. ........ [0630] D0 86 08 00 70 2D 0D 00 01 00 00 00 7A 1D 00 00 ....p-.. ....z... [0640] AA 81 29 00 00 00 00 00 20 42 02 00 40 0D 03 00 ..)..... B..@... [0650] 00 00 00 00 00 00 00 00 20 42 02 00 40 0D 03 00 ........ B..@... [0660] 01 00 00 00 40 1D 00 00 90 81 29 00 00 00 00 00 ....@... ..)..... [0670] 70 2D 0D 00 A0 0D 11 00 00 00 00 00 00 00 00 00 p-...... ........ [0680] 70 2D 0D 00 A0 0D 11 00 01 00 00 00 06 1D 00 00 p-...... ........ [0690] 76 81 29 00 00 00 00 00 47 99 01 00 94 AE 03 00 v.)..... G....... [06A0] 00 00 00 00 00 00 00 00 47 99 01 00 94 AE 03 00 ........ G....... [06B0] 01 00 00 00 CC 1C 00 00 5C 81 29 00 00 00 00 00 ........ \.)..... [06C0] 7C BE 01 00 65 05 04 00 00 00 00 00 00 00 00 00 |...e... ........ [06D0] 7C BE 01 00 65 05 04 00 01 00 00 00 92 1C 00 00 |...e... ........ [06E0] 42 81 29 00 00 00 00 00 4A D7 01 00 68 43 04 00 B.)..... J...hC.. [06F0] 00 00 00 00 00 00 00 00 4A D7 01 00 68 43 04 00 ........ J...hC.. [0700] 01 00 00 00 58 1C 00 00 28 81 29 00 00 00 00 00 ....X... (.)..... [0710] 18 F0 01 00 04 75 04 00 00 00 00 00 00 00 00 00 .....u.. ........ [0720] 18 F0 01 00 04 75 04 00 01 00 00 00 20 1C 00 00 .....u.. .... ... [0730] 10 81 29 00 00 00 00 00 79 80 01 00 91 70 03 00 ..)..... y....p.. [0740] 00 00 00 00 00 00 00 00 79 80 01 00 91 70 03 00 ........ y....p.. [0750] 01 00 00 00 E8 1B 00 00 F8 80 29 00 00 00 00 00 ........ ..)..... [0760] 90 D0 03 00 E8 62 05 00 00 00 00 00 00 00 00 00 .....b.. ........ [0770] 90 D0 03 00 E8 62 05 00 01 00 00 00 B0 1B 00 00 .....b.. ........ [0780] E0 80 29 00 00 00 00 00 80 AF 02 00 90 D0 03 00 ..)..... ........ [0790] 00 00 00 00 00 00 00 00 80 AF 02 00 90 D0 03 00 ........ ........ [07A0] 01 00 00 00 78 1B 00 00 C8 80 29 00 00 00 00 00 ....x... ..)..... [07B0] 80 AF 02 00 48 E8 01 00 00 00 00 00 00 00 00 00 ....H... ........ [07C0] 80 AF 02 00 48 E8 01 00 01 00 00 00 40 1B 00 00 ....H... ....@... [07D0] B0 80 29 00 00 00 00 00 A0 F1 04 00 10 FD 06 00 ..)..... ........ [07E0] 00 00 00 00 00 00 00 00 A0 F1 04 00 10 FD 06 00 ........ ........ [07F0] 01 00 00 00 08 1B 00 00 98 80 29 00 00 00 00 00 ........ ..)..... [0800] 88 7E 03 00 A0 F1 04 00 00 00 00 00 00 00 00 00 .~...... ........ [0810] 88 7E 03 00 A0 F1 04 00 01 00 00 00 D0 1A 00 00 .~...... ........ [0820] 80 80 29 00 00 00 00 00 D0 78 02 00 88 7E 03 00 ..)..... .x...~.. [0830] 00 00 00 00 00 00 00 00 D0 78 02 00 88 7E 03 00 ........ .x...~.. [0840] 01 00 00 00 98 1A 00 00 00 08 00 00 03 00 00 00 ........ ........ [0850] 00 00 00 00 .... [2012/08/30 15:27:54.777604, 10] rpc_server/srv_pipe.c:1890(process_complete_pdu) Processing packet type 0 [2012/08/30 15:27:54.777735, 10] rpc_server/srv_pipe.c:1734(dcesrv_auth_request) Checking request auth. [2012/08/30 15:27:54.777859, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) Requested \PIPE\\spoolss [2012/08/30 15:27:54.778005, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) api_rpcTNP: \spoolss op 0x35 - api_rpcTNP: rpc command: SPOOLSS_GETPRINTERDRIVER2 [2012/08/30 15:27:54.778128, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) api_rpc_cmds[53].fn == 0x7fd50aecc260 [2012/08/30 15:27:54.778332, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) spoolss_GetPrinterDriver2: struct spoolss_GetPrinterDriver2 in: struct spoolss_GetPrinterDriver2 handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000040-0000-0000-3f50-babeee0b0000 architecture : * architecture : 'Windows x64' level : 0x00000006 (6) buffer : * buffer : DATA_BLOB length=2048 [0000] 58 01 3B 00 00 00 00 00 D0 64 3B 00 00 00 00 00 X.;..... .d;..... [0010] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0040] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0200] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0210] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0220] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0230] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0240] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0250] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0260] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0270] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0280] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0290] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0300] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0310] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0320] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0330] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0340] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0350] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0360] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0370] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0380] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0390] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0400] 00 00 00 00 00 00 00 00 C5 26 00 E3 01 F5 04 00 ........ .&...... [0410] 58 01 3B 00 00 00 00 00 D0 64 3B 00 00 00 00 00 X.;..... .d;..... [0420] 28 9A 01 00 20 42 02 00 00 00 00 00 00 00 00 00 (... B.. ........ [0430] 28 9A 01 00 20 42 02 00 01 00 00 00 2C 20 00 00 (... B.. ...., .. [0440] FC 82 29 00 00 00 00 00 90 D0 03 00 E8 62 05 00 ..)..... .....b.. [0450] 00 00 00 00 00 00 00 00 90 D0 03 00 E8 62 05 00 ........ .....b.. [0460] 01 00 00 00 EA 1F 00 00 DA 82 29 00 00 00 00 00 ........ ..)..... [0470] E0 8D 05 00 E8 EB 03 00 00 00 00 00 00 00 00 00 ........ ........ [0480] E0 8D 05 00 E8 EB 03 00 01 00 00 00 B8 1F 00 00 ........ ........ [0490] C8 82 29 00 00 00 00 00 E8 EB 03 00 E0 8D 05 00 ..)..... ........ [04A0] 00 00 00 00 00 00 00 00 E8 EB 03 00 E0 8D 05 00 ........ ........ [04B0] 01 00 00 00 7A 1F 00 00 AA 82 29 00 00 00 00 00 ....z... ..)..... [04C0] 28 11 03 00 20 36 04 00 00 00 00 00 00 00 00 00 (... 6.. ........ [04D0] 28 11 03 00 20 36 04 00 01 00 00 00 38 1F 00 00 (... 6.. ....8... [04E0] 88 82 29 00 00 00 00 00 E8 EB 03 00 F0 C6 02 00 ..)..... ........ [04F0] 00 00 00 00 00 00 00 00 E8 EB 03 00 F0 C6 02 00 ........ ........ [0500] 01 00 00 00 F0 1E 00 00 60 82 29 00 00 00 00 00 ........ `.)..... [0510] F0 C6 02 00 E8 EB 03 00 00 00 00 00 00 00 00 00 ........ ........ [0520] F0 C6 02 00 E8 EB 03 00 01 00 00 00 BE 1E 00 00 ........ ........ [0530] 4E 82 29 00 00 00 00 00 F0 C6 02 00 E8 EB 03 00 N.)..... ........ [0540] 00 00 00 00 00 00 00 00 F0 C6 02 00 E8 EB 03 00 ........ ........ [0550] 01 00 00 00 7C 1E 00 00 2C 82 29 00 00 00 00 00 ....|... ,.)..... [0560] F0 C6 02 00 00 F4 01 00 00 00 00 00 00 00 00 00 ........ ........ [0570] F0 C6 02 00 00 F4 01 00 01 00 00 00 4A 1E 00 00 ........ ....J... [0580] 1A 82 29 00 00 00 00 00 00 F4 01 00 F0 C6 02 00 ..)..... ........ [0590] 00 00 00 00 00 00 00 00 00 F4 01 00 F0 C6 02 00 ........ ........ [05A0] 01 00 00 00 10 1E 00 00 00 82 29 00 00 00 00 00 ........ ..)..... [05B0] B8 96 06 00 D0 86 08 00 00 00 00 00 00 00 00 00 ........ ........ [05C0] B8 96 06 00 D0 86 08 00 01 00 00 00 D6 1D 00 00 ........ ........ [05D0] E6 81 29 00 00 00 00 00 D0 86 08 00 70 2D 0D 00 ..)..... ....p-.. [05E0] 00 00 00 00 00 00 00 00 D0 86 08 00 70 2D 0D 00 ........ ....p-.. [05F0] 01 00 00 00 7A 1D 00 00 AA 81 29 00 00 00 00 00 ....z... ..)..... [0600] 20 42 02 00 40 0D 03 00 00 00 00 00 00 00 00 00 B..@... ........ [0610] 20 42 02 00 40 0D 03 00 01 00 00 00 40 1D 00 00 B..@... ....@... [0620] 90 81 29 00 00 00 00 00 70 2D 0D 00 A0 0D 11 00 ..)..... p-...... [0630] 00 00 00 00 00 00 00 00 70 2D 0D 00 A0 0D 11 00 ........ p-...... [0640] 01 00 00 00 06 1D 00 00 76 81 29 00 00 00 00 00 ........ v.)..... [0650] 47 99 01 00 94 AE 03 00 00 00 00 00 00 00 00 00 G....... ........ [0660] 47 99 01 00 94 AE 03 00 01 00 00 00 CC 1C 00 00 G....... ........ [0670] 5C 81 29 00 00 00 00 00 7C BE 01 00 65 05 04 00 \.)..... |...e... [0680] 00 00 00 00 00 00 00 00 7C BE 01 00 65 05 04 00 ........ |...e... [0690] 01 00 00 00 92 1C 00 00 42 81 29 00 00 00 00 00 ........ B.)..... [06A0] 4A D7 01 00 68 43 04 00 00 00 00 00 00 00 00 00 J...hC.. ........ [06B0] 4A D7 01 00 68 43 04 00 01 00 00 00 58 1C 00 00 J...hC.. ....X... [06C0] 28 81 29 00 00 00 00 00 18 F0 01 00 04 75 04 00 (.)..... .....u.. [06D0] 00 00 00 00 00 00 00 00 18 F0 01 00 04 75 04 00 ........ .....u.. [06E0] 01 00 00 00 20 1C 00 00 10 81 29 00 00 00 00 00 .... ... ..)..... [06F0] 79 80 01 00 91 70 03 00 00 00 00 00 00 00 00 00 y....p.. ........ [0700] 79 80 01 00 91 70 03 00 01 00 00 00 E8 1B 00 00 y....p.. ........ [0710] F8 80 29 00 00 00 00 00 90 D0 03 00 E8 62 05 00 ..)..... .....b.. [0720] 00 00 00 00 00 00 00 00 90 D0 03 00 E8 62 05 00 ........ .....b.. [0730] 01 00 00 00 B0 1B 00 00 E0 80 29 00 00 00 00 00 ........ ..)..... [0740] 80 AF 02 00 90 D0 03 00 00 00 00 00 00 00 00 00 ........ ........ [0750] 80 AF 02 00 90 D0 03 00 01 00 00 00 78 1B 00 00 ........ ....x... [0760] C8 80 29 00 00 00 00 00 80 AF 02 00 48 E8 01 00 ..)..... ....H... [0770] 00 00 00 00 00 00 00 00 80 AF 02 00 48 E8 01 00 ........ ....H... [0780] 01 00 00 00 40 1B 00 00 B0 80 29 00 00 00 00 00 ....@... ..)..... [0790] A0 F1 04 00 10 FD 06 00 00 00 00 00 00 00 00 00 ........ ........ [07A0] A0 F1 04 00 10 FD 06 00 01 00 00 00 08 1B 00 00 ........ ........ [07B0] 98 80 29 00 00 00 00 00 88 7E 03 00 A0 F1 04 00 ..)..... .~...... [07C0] 00 00 00 00 00 00 00 00 88 7E 03 00 A0 F1 04 00 ........ .~...... [07D0] 01 00 00 00 D0 1A 00 00 80 80 29 00 00 00 00 00 ........ ..)..... [07E0] D0 78 02 00 88 7E 03 00 00 00 00 00 00 00 00 00 .x...~.. ........ [07F0] D0 78 02 00 88 7E 03 00 01 00 00 00 98 1A 00 00 .x...~.. ........ offered : 0x00000800 (2048) client_major_version : 0x00000003 (3) client_minor_version : 0x00000000 (0) [2012/08/30 15:27:54.788920, 4] rpc_server/spoolss/srv_spoolss_nt.c:5603(_spoolss_GetPrinterDriver2) _spoolss_GetPrinterDriver2 [2012/08/30 15:27:54.789093, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 40 00 00 00 00 00 00 00 3F 50 BA BE ....@... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:54.789305, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 40 00 00 00 00 00 00 00 3F 50 BA BE ....@... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:54.789500, 4] rpc_server/spoolss/srv_spoolss_nt.c:504(get_printer_snum) short name:HP_4515 [2012/08/30 15:27:54.789629, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) Create pipe requested \winreg [2012/08/30 15:27:54.789754, 10] rpc_server/rpc_handles.c:116(init_pipe_handles) init_pipe_handle_list: created handle list for pipe \winreg [2012/08/30 15:27:54.789872, 10] rpc_server/rpc_handles.c:133(init_pipe_handles) init_pipe_handle_list: pipe_handles ref count = 1 for pipe \winreg [2012/08/30 15:27:54.790015, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) Created internal pipe \winreg (pipes_open=0) [2012/08/30 15:27:54.790152, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM in: struct winreg_OpenHKLM system_name : NULL access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2012/08/30 15:27:54.790953, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2012/08/30 15:27:54.791074, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (2->3) [2012/08/30 15:27:54.791195, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM] [2012/08/30 15:27:54.791329, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM] [2012/08/30 15:27:54.791472, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:54.791625, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM] [2012/08/30 15:27:54.791779, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM] [2012/08/30 15:27:54.791912, 10] ../libcli/security/access_check.c:178(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2012/08/30 15:27:54.792036, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[1] [0000] 00 00 00 00 49 00 00 00 00 00 00 00 3F 50 BA BE ....I... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:54.793168, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM out: struct winreg_OpenHKLM handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000049-0000-0000-3f50-babeee0b0000 result : WERR_OK [2012/08/30 15:27:54.793710, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey in: struct winreg_OpenKey parent_handle : * parent_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000049-0000-0000-3f50-babeee0b0000 keyname: struct winreg_String name_len : 0x0088 (136) name_size : 0x0088 (136) name : * name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2012/08/30 15:27:54.795372, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 49 00 00 00 00 00 00 00 3F 50 BA BE ....I... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:54.795620, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2012/08/30 15:27:54.795740, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (3->4) [2012/08/30 15:27:54.795863, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] [2012/08/30 15:27:54.795980, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE] [2012/08/30 15:27:54.796102, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:54.796218, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE] [2012/08/30 15:27:54.796426, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE] [2012/08/30 15:27:54.796562, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2012/08/30 15:27:54.796681, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (4->5) [2012/08/30 15:27:54.796801, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] [2012/08/30 15:27:54.796918, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] [2012/08/30 15:27:54.797038, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:54.797157, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE\Microsoft] [2012/08/30 15:27:54.797291, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft] [2012/08/30 15:27:54.797423, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2012/08/30 15:27:54.797542, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (5->6) [2012/08/30 15:27:54.797662, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] [2012/08/30 15:27:54.797779, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] [2012/08/30 15:27:54.797899, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:54.798016, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] [2012/08/30 15:27:54.798148, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT] [2012/08/30 15:27:54.798279, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2012/08/30 15:27:54.798398, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (6->7) [2012/08/30 15:27:54.798542, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2012/08/30 15:27:54.798659, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2012/08/30 15:27:54.798794, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:54.798910, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b776320 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2012/08/30 15:27:54.799052, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2012/08/30 15:27:54.799171, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (7->8) [2012/08/30 15:27:54.799343, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2012/08/30 15:27:54.799461, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2012/08/30 15:27:54.799615, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:54.799732, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b776320 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2012/08/30 15:27:54.799873, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2012/08/30 15:27:54.799993, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (8->9) [2012/08/30 15:27:54.800116, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2012/08/30 15:27:54.800235, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2012/08/30 15:27:54.800354, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:54.800489, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2012/08/30 15:27:54.800630, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2012/08/30 15:27:54.800766, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [HP_4515] [2012/08/30 15:27:54.800885, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (9->10) [2012/08/30 15:27:54.801006, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:54.801124, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:54.801259, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:54.801376, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:54.801514, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:54.801649, 10] ../libcli/security/access_check.c:178(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2012/08/30 15:27:54.801770, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (10->9) [2012/08/30 15:27:54.801905, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (9->8) [2012/08/30 15:27:54.802031, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (8->7) [2012/08/30 15:27:54.802153, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (7->6) [2012/08/30 15:27:54.802271, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (6->5) [2012/08/30 15:27:54.802409, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (5->4) [2012/08/30 15:27:54.802530, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[2] [0000] 00 00 00 00 4A 00 00 00 00 00 00 00 3F 50 BA BE ....J... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:54.802725, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey out: struct winreg_OpenKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000004a-0000-0000-3f50-babeee0b0000 result : WERR_OK [2012/08/30 15:27:54.803255, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_QueryInfoKey: struct winreg_QueryInfoKey in: struct winreg_QueryInfoKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000004a-0000-0000-3f50-babeee0b0000 classname : * classname: struct winreg_String name_len : 0x0000 (0) name_size : 0x0000 (0) name : NULL [2012/08/30 15:27:54.804005, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 4A 00 00 00 00 00 00 00 3F 50 BA BE ....J... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:54.804201, 10] registry/reg_dispatcher.c:150(fetch_reg_values) fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515' (ops 0x7fd50b775f80) [2012/08/30 15:27:54.804322, 10] registry/reg_backend_db.c:1789(regdb_fetch_values_internal) regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:54.804458, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[0]: name[Attributes] len[4] [2012/08/30 15:27:54.804596, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[1]: name[Datatype] len[8] [2012/08/30 15:27:54.804731, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[2]: name[Default Priority] len[4] [2012/08/30 15:27:54.804851, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[3]: name[Port] len[38] [2012/08/30 15:27:54.804971, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[4]: name[Name] len[16] [2012/08/30 15:27:54.805090, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[5]: name[Print Processor] len[18] [2012/08/30 15:27:54.805209, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[6]: name[Priority] len[4] [2012/08/30 15:27:54.805329, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[7]: name[Security] len[248] [2012/08/30 15:27:54.805449, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[8]: name[Share Name] len[16] [2012/08/30 15:27:54.805568, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[9]: name[StartTime] len[4] [2012/08/30 15:27:54.805719, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[10]: name[UntilTime] len[4] [2012/08/30 15:27:54.805844, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[11]: name[Description] len[26] [2012/08/30 15:27:54.805964, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[12]: name[Printer Driver] len[16] [2012/08/30 15:27:54.806083, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[13]: name[Location] len[2] [2012/08/30 15:27:54.806203, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[14]: name[Parameters] len[2] [2012/08/30 15:27:54.806322, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[15]: name[Separator File] len[2] [2012/08/30 15:27:54.806441, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[16]: name[Status] len[4] [2012/08/30 15:27:54.806577, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[17]: name[ChangeID] len[4] [2012/08/30 15:27:54.806692, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:54.806902, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_QueryInfoKey: struct winreg_QueryInfoKey out: struct winreg_QueryInfoKey classname : * classname: struct winreg_String name_len : 0x0000 (0) name_size : 0x0000 (0) name : NULL num_subkeys : * num_subkeys : 0x00000003 (3) max_subkeylen : * max_subkeylen : 0x00000022 (34) max_classlen : * max_classlen : 0x00000000 (0) num_values : * num_values : 0x00000012 (18) max_valnamelen : * max_valnamelen : 0x00000022 (34) max_valbufsize : * max_valbufsize : 0x000000f8 (248) secdescsize : * secdescsize : 0x00000078 (120) last_changed_time : * last_changed_time : NTTIME(0) result : WERR_OK [2012/08/30 15:27:54.808621, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000004a-0000-0000-3f50-babeee0b0000 enum_index : 0x00000000 (0) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2012/08/30 15:27:54.809918, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 4A 00 00 00 00 00 00 00 3F 50 BA BE ....J... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:54.810116, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:54.810247, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0016 (22) size : 0x0024 (36) name : * name : 'Attributes' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x48 (72) [1] : 0x10 (16) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2012/08/30 15:27:54.811630, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000004a-0000-0000-3f50-babeee0b0000 enum_index : 0x00000001 (1) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2012/08/30 15:27:54.812957, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 4A 00 00 00 00 00 00 00 3F 50 BA BE ....J... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:54.813152, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:54.813273, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0024 (36) name : * name : 'Datatype' type : * type : REG_SZ (1) value : * value: ARRAY(8) [0] : 0x52 (82) [1] : 0x00 (0) [2] : 0x41 (65) [3] : 0x00 (0) [4] : 0x57 (87) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) size : * size : 0x00000008 (8) length : * length : 0x00000008 (8) result : WERR_OK [2012/08/30 15:27:54.814840, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000004a-0000-0000-3f50-babeee0b0000 enum_index : 0x00000002 (2) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2012/08/30 15:27:54.816229, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 4A 00 00 00 00 00 00 00 3F 50 BA BE ....J... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:54.816436, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:54.816564, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0022 (34) size : 0x0024 (36) name : * name : 'Default Priority' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2012/08/30 15:27:54.817889, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000004a-0000-0000-3f50-babeee0b0000 enum_index : 0x00000003 (3) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2012/08/30 15:27:54.819349, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 4A 00 00 00 00 00 00 00 3F 50 BA BE ....J... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:54.819565, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:54.819701, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x000a (10) size : 0x0024 (36) name : * name : 'Port' type : * type : REG_SZ (1) value : * value: ARRAY(38) [0] : 0x53 (83) [1] : 0x00 (0) [2] : 0x61 (97) [3] : 0x00 (0) [4] : 0x6d (109) [5] : 0x00 (0) [6] : 0x62 (98) [7] : 0x00 (0) [8] : 0x61 (97) [9] : 0x00 (0) [10] : 0x20 (32) [11] : 0x00 (0) [12] : 0x50 (80) [13] : 0x00 (0) [14] : 0x72 (114) [15] : 0x00 (0) [16] : 0x69 (105) [17] : 0x00 (0) [18] : 0x6e (110) [19] : 0x00 (0) [20] : 0x74 (116) [21] : 0x00 (0) [22] : 0x65 (101) [23] : 0x00 (0) [24] : 0x72 (114) [25] : 0x00 (0) [26] : 0x20 (32) [27] : 0x00 (0) [28] : 0x50 (80) [29] : 0x00 (0) [30] : 0x6f (111) [31] : 0x00 (0) [32] : 0x72 (114) [33] : 0x00 (0) [34] : 0x74 (116) [35] : 0x00 (0) [36] : 0x00 (0) [37] : 0x00 (0) size : * size : 0x00000026 (38) length : * length : 0x00000026 (38) result : WERR_OK [2012/08/30 15:27:54.823005, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000004a-0000-0000-3f50-babeee0b0000 enum_index : 0x00000004 (4) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2012/08/30 15:27:54.824371, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 4A 00 00 00 00 00 00 00 3F 50 BA BE ....J... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:54.824584, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:54.824706, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x000a (10) size : 0x0024 (36) name : * name : 'Name' type : * type : REG_SZ (1) value : * value: ARRAY(16) [0] : 0x48 (72) [1] : 0x00 (0) [2] : 0x50 (80) [3] : 0x00 (0) [4] : 0x5f (95) [5] : 0x00 (0) [6] : 0x34 (52) [7] : 0x00 (0) [8] : 0x35 (53) [9] : 0x00 (0) [10] : 0x31 (49) [11] : 0x00 (0) [12] : 0x35 (53) [13] : 0x00 (0) [14] : 0x00 (0) [15] : 0x00 (0) size : * size : 0x00000010 (16) length : * length : 0x00000010 (16) result : WERR_OK [2012/08/30 15:27:54.826732, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000004a-0000-0000-3f50-babeee0b0000 enum_index : 0x00000005 (5) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2012/08/30 15:27:54.828054, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 4A 00 00 00 00 00 00 00 3F 50 BA BE ....J... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:54.828252, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:54.828376, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0020 (32) size : 0x0024 (36) name : * name : 'Print Processor' type : * type : REG_SZ (1) value : * value: ARRAY(18) [0] : 0x77 (119) [1] : 0x00 (0) [2] : 0x69 (105) [3] : 0x00 (0) [4] : 0x6e (110) [5] : 0x00 (0) [6] : 0x70 (112) [7] : 0x00 (0) [8] : 0x72 (114) [9] : 0x00 (0) [10] : 0x69 (105) [11] : 0x00 (0) [12] : 0x6e (110) [13] : 0x00 (0) [14] : 0x74 (116) [15] : 0x00 (0) [16] : 0x00 (0) [17] : 0x00 (0) size : * size : 0x00000012 (18) length : * length : 0x00000012 (18) result : WERR_OK [2012/08/30 15:27:54.830549, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000004a-0000-0000-3f50-babeee0b0000 enum_index : 0x00000006 (6) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2012/08/30 15:27:54.832852, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 4A 00 00 00 00 00 00 00 3F 50 BA BE ....J... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:54.833072, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:54.833195, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0024 (36) name : * name : 'Priority' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2012/08/30 15:27:54.834486, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000004a-0000-0000-3f50-babeee0b0000 enum_index : 0x00000007 (7) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2012/08/30 15:27:54.835832, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 4A 00 00 00 00 00 00 00 3F 50 BA BE ....J... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:54.836027, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:54.836149, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0024 (36) name : * name : 'Security' type : * type : REG_BINARY (3) value : * value: ARRAY(248) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x04 (4) [3] : 0x80 (128) [4] : 0x14 (20) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) [8] : 0x24 (36) [9] : 0x00 (0) [10] : 0x00 (0) [11] : 0x00 (0) [12] : 0x00 (0) [13] : 0x00 (0) [14] : 0x00 (0) [15] : 0x00 (0) [16] : 0x34 (52) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) [20] : 0x01 (1) [21] : 0x02 (2) [22] : 0x00 (0) [23] : 0x00 (0) [24] : 0x00 (0) [25] : 0x00 (0) [26] : 0x00 (0) [27] : 0x05 (5) [28] : 0x20 (32) [29] : 0x00 (0) [30] : 0x00 (0) [31] : 0x00 (0) [32] : 0x20 (32) [33] : 0x02 (2) [34] : 0x00 (0) [35] : 0x00 (0) [36] : 0x01 (1) [37] : 0x02 (2) [38] : 0x00 (0) [39] : 0x00 (0) [40] : 0x00 (0) [41] : 0x00 (0) [42] : 0x00 (0) [43] : 0x05 (5) [44] : 0x20 (32) [45] : 0x00 (0) [46] : 0x00 (0) [47] : 0x00 (0) [48] : 0x20 (32) [49] : 0x02 (2) [50] : 0x00 (0) [51] : 0x00 (0) [52] : 0x02 (2) [53] : 0x00 (0) [54] : 0xc4 (196) [55] : 0x00 (0) [56] : 0x07 (7) [57] : 0x00 (0) [58] : 0x00 (0) [59] : 0x00 (0) [60] : 0x00 (0) [61] : 0x02 (2) [62] : 0x14 (20) [63] : 0x00 (0) [64] : 0x08 (8) [65] : 0x00 (0) [66] : 0x02 (2) [67] : 0x20 (32) [68] : 0x01 (1) [69] : 0x01 (1) [70] : 0x00 (0) [71] : 0x00 (0) [72] : 0x00 (0) [73] : 0x00 (0) [74] : 0x00 (0) [75] : 0x01 (1) [76] : 0x00 (0) [77] : 0x00 (0) [78] : 0x00 (0) [79] : 0x00 (0) [80] : 0x00 (0) [81] : 0x09 (9) [82] : 0x24 (36) [83] : 0x00 (0) [84] : 0x0c (12) [85] : 0x00 (0) [86] : 0x0f (15) [87] : 0x10 (16) [88] : 0x01 (1) [89] : 0x05 (5) [90] : 0x00 (0) [91] : 0x00 (0) [92] : 0x00 (0) [93] : 0x00 (0) [94] : 0x00 (0) [95] : 0x05 (5) [96] : 0x15 (21) [97] : 0x00 (0) [98] : 0x00 (0) [99] : 0x00 (0) [100] : 0x1b (27) [101] : 0xea (234) [102] : 0xaf (175) [103] : 0xc2 (194) [104] : 0xc0 (192) [105] : 0x3c (60) [106] : 0x7d (125) [107] : 0xdd (221) [108] : 0x2c (44) [109] : 0x8f (143) [110] : 0x72 (114) [111] : 0xd3 (211) [112] : 0x00 (0) [113] : 0x02 (2) [114] : 0x00 (0) [115] : 0x00 (0) [116] : 0x00 (0) [117] : 0x02 (2) [118] : 0x24 (36) [119] : 0x00 (0) [120] : 0x0c (12) [121] : 0x00 (0) [122] : 0x0f (15) [123] : 0x10 (16) [124] : 0x01 (1) [125] : 0x05 (5) [126] : 0x00 (0) [127] : 0x00 (0) [128] : 0x00 (0) [129] : 0x00 (0) [130] : 0x00 (0) [131] : 0x05 (5) [132] : 0x15 (21) [133] : 0x00 (0) [134] : 0x00 (0) [135] : 0x00 (0) [136] : 0x1b (27) [137] : 0xea (234) [138] : 0xaf (175) [139] : 0xc2 (194) [140] : 0xc0 (192) [141] : 0x3c (60) [142] : 0x7d (125) [143] : 0xdd (221) [144] : 0x2c (44) [145] : 0x8f (143) [146] : 0x72 (114) [147] : 0xd3 (211) [148] : 0x00 (0) [149] : 0x02 (2) [150] : 0x00 (0) [151] : 0x00 (0) [152] : 0x00 (0) [153] : 0x09 (9) [154] : 0x18 (24) [155] : 0x00 (0) [156] : 0x0c (12) [157] : 0x00 (0) [158] : 0x0f (15) [159] : 0x10 (16) [160] : 0x01 (1) [161] : 0x02 (2) [162] : 0x00 (0) [163] : 0x00 (0) [164] : 0x00 (0) [165] : 0x00 (0) [166] : 0x00 (0) [167] : 0x05 (5) [168] : 0x20 (32) [169] : 0x00 (0) [170] : 0x00 (0) [171] : 0x00 (0) [172] : 0x20 (32) [173] : 0x02 (2) [174] : 0x00 (0) [175] : 0x00 (0) [176] : 0x00 (0) [177] : 0x02 (2) [178] : 0x18 (24) [179] : 0x00 (0) [180] : 0x0c (12) [181] : 0x00 (0) [182] : 0x0f (15) [183] : 0x10 (16) [184] : 0x01 (1) [185] : 0x02 (2) [186] : 0x00 (0) [187] : 0x00 (0) [188] : 0x00 (0) [189] : 0x00 (0) [190] : 0x00 (0) [191] : 0x05 (5) [192] : 0x20 (32) [193] : 0x00 (0) [194] : 0x00 (0) [195] : 0x00 (0) [196] : 0x20 (32) [197] : 0x02 (2) [198] : 0x00 (0) [199] : 0x00 (0) [200] : 0x00 (0) [201] : 0x09 (9) [202] : 0x18 (24) [203] : 0x00 (0) [204] : 0x0c (12) [205] : 0x00 (0) [206] : 0x0f (15) [207] : 0x10 (16) [208] : 0x01 (1) [209] : 0x02 (2) [210] : 0x00 (0) [211] : 0x00 (0) [212] : 0x00 (0) [213] : 0x00 (0) [214] : 0x00 (0) [215] : 0x05 (5) [216] : 0x20 (32) [217] : 0x00 (0) [218] : 0x00 (0) [219] : 0x00 (0) [220] : 0x26 (38) [221] : 0x02 (2) [222] : 0x00 (0) [223] : 0x00 (0) [224] : 0x00 (0) [225] : 0x02 (2) [226] : 0x18 (24) [227] : 0x00 (0) [228] : 0x0c (12) [229] : 0x00 (0) [230] : 0x0f (15) [231] : 0x10 (16) [232] : 0x01 (1) [233] : 0x02 (2) [234] : 0x00 (0) [235] : 0x00 (0) [236] : 0x00 (0) [237] : 0x00 (0) [238] : 0x00 (0) [239] : 0x05 (5) [240] : 0x20 (32) [241] : 0x00 (0) [242] : 0x00 (0) [243] : 0x00 (0) [244] : 0x26 (38) [245] : 0x02 (2) [246] : 0x00 (0) [247] : 0x00 (0) size : * size : 0x000000f8 (248) length : * length : 0x000000f8 (248) result : WERR_OK [2012/08/30 15:27:54.852396, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000004a-0000-0000-3f50-babeee0b0000 enum_index : 0x00000008 (8) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2012/08/30 15:27:54.853683, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 4A 00 00 00 00 00 00 00 3F 50 BA BE ....J... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:54.853878, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:54.854002, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0016 (22) size : 0x0024 (36) name : * name : 'Share Name' type : * type : REG_SZ (1) value : * value: ARRAY(16) [0] : 0x48 (72) [1] : 0x00 (0) [2] : 0x50 (80) [3] : 0x00 (0) [4] : 0x5f (95) [5] : 0x00 (0) [6] : 0x34 (52) [7] : 0x00 (0) [8] : 0x35 (53) [9] : 0x00 (0) [10] : 0x31 (49) [11] : 0x00 (0) [12] : 0x35 (53) [13] : 0x00 (0) [14] : 0x00 (0) [15] : 0x00 (0) size : * size : 0x00000010 (16) length : * length : 0x00000010 (16) result : WERR_OK [2012/08/30 15:27:54.856220, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000004a-0000-0000-3f50-babeee0b0000 enum_index : 0x00000009 (9) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2012/08/30 15:27:54.857661, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 4A 00 00 00 00 00 00 00 3F 50 BA BE ....J... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:54.857864, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:54.857989, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0014 (20) size : 0x0024 (36) name : * name : 'StartTime' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x00 (0) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2012/08/30 15:27:54.859367, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000004a-0000-0000-3f50-babeee0b0000 enum_index : 0x0000000a (10) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2012/08/30 15:27:54.860731, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 4A 00 00 00 00 00 00 00 3F 50 BA BE ....J... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:54.860933, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:54.861060, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0014 (20) size : 0x0024 (36) name : * name : 'UntilTime' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x00 (0) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2012/08/30 15:27:54.862381, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000004a-0000-0000-3f50-babeee0b0000 enum_index : 0x0000000b (11) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2012/08/30 15:27:54.863745, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 4A 00 00 00 00 00 00 00 3F 50 BA BE ....J... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:54.863943, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:54.864070, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0018 (24) size : 0x0024 (36) name : * name : 'Description' type : * type : REG_SZ (1) value : * value: ARRAY(26) [0] : 0x63 (99) [1] : 0x00 (0) [2] : 0x75 (117) [3] : 0x00 (0) [4] : 0x70 (112) [5] : 0x00 (0) [6] : 0x73 (115) [7] : 0x00 (0) [8] : 0x20 (32) [9] : 0x00 (0) [10] : 0x70 (112) [11] : 0x00 (0) [12] : 0x72 (114) [13] : 0x00 (0) [14] : 0x69 (105) [15] : 0x00 (0) [16] : 0x6e (110) [17] : 0x00 (0) [18] : 0x74 (116) [19] : 0x00 (0) [20] : 0x65 (101) [21] : 0x00 (0) [22] : 0x72 (114) [23] : 0x00 (0) [24] : 0x00 (0) [25] : 0x00 (0) size : * size : 0x0000001a (26) length : * length : 0x0000001a (26) result : WERR_OK [2012/08/30 15:27:54.866670, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000004a-0000-0000-3f50-babeee0b0000 enum_index : 0x0000000c (12) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2012/08/30 15:27:54.872270, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 4A 00 00 00 00 00 00 00 3F 50 BA BE ....J... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:54.872423, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:54.872521, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x001e (30) size : 0x0024 (36) name : * name : 'Printer Driver' type : * type : REG_SZ (1) value : * value: ARRAY(16) [0] : 0x48 (72) [1] : 0x00 (0) [2] : 0x50 (80) [3] : 0x00 (0) [4] : 0x5f (95) [5] : 0x00 (0) [6] : 0x34 (52) [7] : 0x00 (0) [8] : 0x35 (53) [9] : 0x00 (0) [10] : 0x31 (49) [11] : 0x00 (0) [12] : 0x35 (53) [13] : 0x00 (0) [14] : 0x00 (0) [15] : 0x00 (0) size : * size : 0x00000010 (16) length : * length : 0x00000010 (16) result : WERR_OK [2012/08/30 15:27:54.874063, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000004a-0000-0000-3f50-babeee0b0000 enum_index : 0x0000000d (13) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2012/08/30 15:27:54.875053, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 4A 00 00 00 00 00 00 00 3F 50 BA BE ....J... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:54.875196, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:54.875297, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0024 (36) name : * name : 'Location' type : * type : REG_SZ (1) value : * value: ARRAY(2) [0] : 0x00 (0) [1] : 0x00 (0) size : * size : 0x00000002 (2) length : * length : 0x00000002 (2) result : WERR_OK [2012/08/30 15:27:54.876217, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000004a-0000-0000-3f50-babeee0b0000 enum_index : 0x0000000e (14) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2012/08/30 15:27:54.877366, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 4A 00 00 00 00 00 00 00 3F 50 BA BE ....J... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:54.878488, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:54.879865, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0016 (22) size : 0x0024 (36) name : * name : 'Parameters' type : * type : REG_SZ (1) value : * value: ARRAY(2) [0] : 0x00 (0) [1] : 0x00 (0) size : * size : 0x00000002 (2) length : * length : 0x00000002 (2) result : WERR_OK [2012/08/30 15:27:54.881748, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000004a-0000-0000-3f50-babeee0b0000 enum_index : 0x0000000f (15) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2012/08/30 15:27:54.883558, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 4A 00 00 00 00 00 00 00 3F 50 BA BE ....J... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:54.883918, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:54.884106, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x001e (30) size : 0x0024 (36) name : * name : 'Separator File' type : * type : REG_SZ (1) value : * value: ARRAY(2) [0] : 0x00 (0) [1] : 0x00 (0) size : * size : 0x00000002 (2) length : * length : 0x00000002 (2) result : WERR_OK [2012/08/30 15:27:54.885969, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000004a-0000-0000-3f50-babeee0b0000 enum_index : 0x00000010 (16) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2012/08/30 15:27:54.888004, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 4A 00 00 00 00 00 00 00 3F 50 BA BE ....J... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:54.888299, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:54.888481, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x000e (14) size : 0x0024 (36) name : * name : 'Status' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x00 (0) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2012/08/30 15:27:54.890458, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000004a-0000-0000-3f50-babeee0b0000 enum_index : 0x00000011 (17) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2012/08/30 15:27:54.893230, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 4A 00 00 00 00 00 00 00 3F 50 BA BE ....J... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:54.893476, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:54.893605, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0024 (36) name : * name : 'ChangeID' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x09 (9) [1] : 0x7d (125) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2012/08/30 15:27:54.894957, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000004a-0000-0000-3f50-babeee0b0000 value_name : * value_name: struct winreg_String name_len : 0x0020 (32) name_size : 0x0020 (32) name : * name : 'Default DevMode' type : * type : REG_NONE (0) data : NULL data_size : * data_size : 0x00000000 (0) data_length : * data_length : 0x00000000 (0) [2012/08/30 15:27:54.896210, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 4A 00 00 00 00 00 00 00 3F 50 BA BE ....J... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:54.896407, 7] rpc_server/winreg/srv_winreg_nt.c:262(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:54.896526, 7] rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2012/08/30 15:27:54.896646, 10] rpc_server/winreg/srv_winreg_nt.c:315(_winreg_QueryValue) _winreg_QueryValue: reg_queryvalue failed with: WERR_BADFILE [2012/08/30 15:27:54.896775, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_NONE (0) data : NULL data_size : * data_size : 0x00000000 (0) data_length : * data_length : 0x00000000 (0) result : WERR_BADFILE [2012/08/30 15:27:54.897452, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM in: struct winreg_OpenHKLM system_name : NULL access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2012/08/30 15:27:54.898224, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2012/08/30 15:27:54.898343, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (4->5) [2012/08/30 15:27:54.898464, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM] [2012/08/30 15:27:54.898581, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM] [2012/08/30 15:27:54.898699, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:54.898828, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM] [2012/08/30 15:27:54.898985, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM] [2012/08/30 15:27:54.899118, 10] ../libcli/security/access_check.c:178(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2012/08/30 15:27:54.899239, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[3] [0000] 00 00 00 00 4B 00 00 00 00 00 00 00 3F 50 BA BE ....K... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:54.899441, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM out: struct winreg_OpenHKLM handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000004b-0000-0000-3f50-babeee0b0000 result : WERR_OK [2012/08/30 15:27:54.899975, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey in: struct winreg_OpenKey parent_handle : * parent_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000004b-0000-0000-3f50-babeee0b0000 keyname: struct winreg_String name_len : 0x0088 (136) name_size : 0x0088 (136) name : * name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2012/08/30 15:27:54.901516, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 4B 00 00 00 00 00 00 00 3F 50 BA BE ....K... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:54.901715, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2012/08/30 15:27:54.901834, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (5->6) [2012/08/30 15:27:54.901954, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] [2012/08/30 15:27:54.902071, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE] [2012/08/30 15:27:54.902191, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:54.902324, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE] [2012/08/30 15:27:54.902462, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE] [2012/08/30 15:27:54.902595, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2012/08/30 15:27:54.902715, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (6->7) [2012/08/30 15:27:54.902991, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] [2012/08/30 15:27:54.903112, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] [2012/08/30 15:27:54.903232, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:54.903349, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE\Microsoft] [2012/08/30 15:27:54.903485, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft] [2012/08/30 15:27:54.904399, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2012/08/30 15:27:54.904536, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (7->8) [2012/08/30 15:27:54.904659, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] [2012/08/30 15:27:54.904776, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] [2012/08/30 15:27:54.904895, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:54.905012, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] [2012/08/30 15:27:54.905147, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT] [2012/08/30 15:27:54.905300, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2012/08/30 15:27:54.905420, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (8->9) [2012/08/30 15:27:54.905541, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2012/08/30 15:27:54.905659, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2012/08/30 15:27:54.905783, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:54.905920, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b776320 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2012/08/30 15:27:54.906065, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2012/08/30 15:27:54.906186, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (9->10) [2012/08/30 15:27:54.906308, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2012/08/30 15:27:54.906426, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2012/08/30 15:27:54.906549, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:54.906666, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b776320 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2012/08/30 15:27:54.906810, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2012/08/30 15:27:54.906933, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (10->11) [2012/08/30 15:27:54.907099, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2012/08/30 15:27:54.907238, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2012/08/30 15:27:54.907358, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:54.907474, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2012/08/30 15:27:54.907629, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2012/08/30 15:27:54.907786, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [HP_4515] [2012/08/30 15:27:54.907907, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (11->12) [2012/08/30 15:27:54.908029, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:54.908148, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:54.908278, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:54.908395, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:54.908557, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:54.908695, 10] ../libcli/security/access_check.c:178(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2012/08/30 15:27:54.908820, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (12->11) [2012/08/30 15:27:54.908940, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (11->10) [2012/08/30 15:27:54.909060, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (10->9) [2012/08/30 15:27:54.909216, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (9->8) [2012/08/30 15:27:54.909343, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (8->7) [2012/08/30 15:27:54.909463, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (7->6) [2012/08/30 15:27:54.909589, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[4] [0000] 00 00 00 00 4C 00 00 00 00 00 00 00 3F 50 BA BE ....L... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:54.909787, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey out: struct winreg_OpenKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000004c-0000-0000-3f50-babeee0b0000 result : WERR_OK [2012/08/30 15:27:54.910291, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000004c-0000-0000-3f50-babeee0b0000 value_name : * value_name: struct winreg_String name_len : 0x0012 (18) name_size : 0x0012 (18) name : * name : 'Security' type : * type : REG_NONE (0) data : NULL data_size : * data_size : 0x00000000 (0) data_length : * data_length : 0x00000000 (0) [2012/08/30 15:27:54.911566, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 4C 00 00 00 00 00 00 00 3F 50 BA BE ....L... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:54.911783, 7] rpc_server/winreg/srv_winreg_nt.c:262(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:54.911909, 7] rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2012/08/30 15:27:54.912030, 10] registry/reg_dispatcher.c:150(fetch_reg_values) fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515' (ops 0x7fd50b775f80) [2012/08/30 15:27:54.912162, 10] registry/reg_backend_db.c:1789(regdb_fetch_values_internal) regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:54.912309, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[0]: name[Attributes] len[4] [2012/08/30 15:27:54.912453, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[1]: name[Datatype] len[8] [2012/08/30 15:27:54.912574, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[2]: name[Default Priority] len[4] [2012/08/30 15:27:54.912694, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[3]: name[Port] len[38] [2012/08/30 15:27:54.912819, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[4]: name[Name] len[16] [2012/08/30 15:27:54.912940, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[5]: name[Print Processor] len[18] [2012/08/30 15:27:54.913062, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[6]: name[Priority] len[4] [2012/08/30 15:27:54.913184, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[7]: name[Security] len[248] [2012/08/30 15:27:54.913322, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[8]: name[Share Name] len[16] [2012/08/30 15:27:54.913443, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[9]: name[StartTime] len[4] [2012/08/30 15:27:54.913563, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[10]: name[UntilTime] len[4] [2012/08/30 15:27:54.913686, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[11]: name[Description] len[26] [2012/08/30 15:27:54.913806, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[12]: name[Printer Driver] len[16] [2012/08/30 15:27:54.913926, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[13]: name[Location] len[2] [2012/08/30 15:27:54.914048, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[14]: name[Parameters] len[2] [2012/08/30 15:27:54.914170, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[15]: name[Separator File] len[2] [2012/08/30 15:27:54.914289, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[16]: name[Status] len[4] [2012/08/30 15:27:54.914408, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[17]: name[ChangeID] len[4] [2012/08/30 15:27:54.914533, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_BINARY (3) data : NULL data_size : * data_size : 0x000000f8 (248) data_length : * data_length : 0x00000000 (0) result : WERR_OK [2012/08/30 15:27:54.915216, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000004c-0000-0000-3f50-babeee0b0000 value_name : * value_name: struct winreg_String name_len : 0x0012 (18) name_size : 0x0012 (18) name : * name : 'Security' type : * type : REG_BINARY (3) data : * data: ARRAY(0) data_size : * data_size : 0x000000f8 (248) data_length : * data_length : 0x00000000 (0) [2012/08/30 15:27:54.916612, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 4C 00 00 00 00 00 00 00 3F 50 BA BE ....L... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:54.916817, 7] rpc_server/winreg/srv_winreg_nt.c:262(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:54.916938, 7] rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2012/08/30 15:27:54.917060, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_BINARY (3) data : * data: ARRAY(248) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x04 (4) [3] : 0x80 (128) [4] : 0x14 (20) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) [8] : 0x24 (36) [9] : 0x00 (0) [10] : 0x00 (0) [11] : 0x00 (0) [12] : 0x00 (0) [13] : 0x00 (0) [14] : 0x00 (0) [15] : 0x00 (0) [16] : 0x34 (52) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) [20] : 0x01 (1) [21] : 0x02 (2) [22] : 0x00 (0) [23] : 0x00 (0) [24] : 0x00 (0) [25] : 0x00 (0) [26] : 0x00 (0) [27] : 0x05 (5) [28] : 0x20 (32) [29] : 0x00 (0) [30] : 0x00 (0) [31] : 0x00 (0) [32] : 0x20 (32) [33] : 0x02 (2) [34] : 0x00 (0) [35] : 0x00 (0) [36] : 0x01 (1) [37] : 0x02 (2) [38] : 0x00 (0) [39] : 0x00 (0) [40] : 0x00 (0) [41] : 0x00 (0) [42] : 0x00 (0) [43] : 0x05 (5) [44] : 0x20 (32) [45] : 0x00 (0) [46] : 0x00 (0) [47] : 0x00 (0) [48] : 0x20 (32) [49] : 0x02 (2) [50] : 0x00 (0) [51] : 0x00 (0) [52] : 0x02 (2) [53] : 0x00 (0) [54] : 0xc4 (196) [55] : 0x00 (0) [56] : 0x07 (7) [57] : 0x00 (0) [58] : 0x00 (0) [59] : 0x00 (0) [60] : 0x00 (0) [61] : 0x02 (2) [62] : 0x14 (20) [63] : 0x00 (0) [64] : 0x08 (8) [65] : 0x00 (0) [66] : 0x02 (2) [67] : 0x20 (32) [68] : 0x01 (1) [69] : 0x01 (1) [70] : 0x00 (0) [71] : 0x00 (0) [72] : 0x00 (0) [73] : 0x00 (0) [74] : 0x00 (0) [75] : 0x01 (1) [76] : 0x00 (0) [77] : 0x00 (0) [78] : 0x00 (0) [79] : 0x00 (0) [80] : 0x00 (0) [81] : 0x09 (9) [82] : 0x24 (36) [83] : 0x00 (0) [84] : 0x0c (12) [85] : 0x00 (0) [86] : 0x0f (15) [87] : 0x10 (16) [88] : 0x01 (1) [89] : 0x05 (5) [90] : 0x00 (0) [91] : 0x00 (0) [92] : 0x00 (0) [93] : 0x00 (0) [94] : 0x00 (0) [95] : 0x05 (5) [96] : 0x15 (21) [97] : 0x00 (0) [98] : 0x00 (0) [99] : 0x00 (0) [100] : 0x1b (27) [101] : 0xea (234) [102] : 0xaf (175) [103] : 0xc2 (194) [104] : 0xc0 (192) [105] : 0x3c (60) [106] : 0x7d (125) [107] : 0xdd (221) [108] : 0x2c (44) [109] : 0x8f (143) [110] : 0x72 (114) [111] : 0xd3 (211) [112] : 0x00 (0) [113] : 0x02 (2) [114] : 0x00 (0) [115] : 0x00 (0) [116] : 0x00 (0) [117] : 0x02 (2) [118] : 0x24 (36) [119] : 0x00 (0) [120] : 0x0c (12) [121] : 0x00 (0) [122] : 0x0f (15) [123] : 0x10 (16) [124] : 0x01 (1) [125] : 0x05 (5) [126] : 0x00 (0) [127] : 0x00 (0) [128] : 0x00 (0) [129] : 0x00 (0) [130] : 0x00 (0) [131] : 0x05 (5) [132] : 0x15 (21) [133] : 0x00 (0) [134] : 0x00 (0) [135] : 0x00 (0) [136] : 0x1b (27) [137] : 0xea (234) [138] : 0xaf (175) [139] : 0xc2 (194) [140] : 0xc0 (192) [141] : 0x3c (60) [142] : 0x7d (125) [143] : 0xdd (221) [144] : 0x2c (44) [145] : 0x8f (143) [146] : 0x72 (114) [147] : 0xd3 (211) [148] : 0x00 (0) [149] : 0x02 (2) [150] : 0x00 (0) [151] : 0x00 (0) [152] : 0x00 (0) [153] : 0x09 (9) [154] : 0x18 (24) [155] : 0x00 (0) [156] : 0x0c (12) [157] : 0x00 (0) [158] : 0x0f (15) [159] : 0x10 (16) [160] : 0x01 (1) [161] : 0x02 (2) [162] : 0x00 (0) [163] : 0x00 (0) [164] : 0x00 (0) [165] : 0x00 (0) [166] : 0x00 (0) [167] : 0x05 (5) [168] : 0x20 (32) [169] : 0x00 (0) [170] : 0x00 (0) [171] : 0x00 (0) [172] : 0x20 (32) [173] : 0x02 (2) [174] : 0x00 (0) [175] : 0x00 (0) [176] : 0x00 (0) [177] : 0x02 (2) [178] : 0x18 (24) [179] : 0x00 (0) [180] : 0x0c (12) [181] : 0x00 (0) [182] : 0x0f (15) [183] : 0x10 (16) [184] : 0x01 (1) [185] : 0x02 (2) [186] : 0x00 (0) [187] : 0x00 (0) [188] : 0x00 (0) [189] : 0x00 (0) [190] : 0x00 (0) [191] : 0x05 (5) [192] : 0x20 (32) [193] : 0x00 (0) [194] : 0x00 (0) [195] : 0x00 (0) [196] : 0x20 (32) [197] : 0x02 (2) [198] : 0x00 (0) [199] : 0x00 (0) [200] : 0x00 (0) [201] : 0x09 (9) [202] : 0x18 (24) [203] : 0x00 (0) [204] : 0x0c (12) [205] : 0x00 (0) [206] : 0x0f (15) [207] : 0x10 (16) [208] : 0x01 (1) [209] : 0x02 (2) [210] : 0x00 (0) [211] : 0x00 (0) [212] : 0x00 (0) [213] : 0x00 (0) [214] : 0x00 (0) [215] : 0x05 (5) [216] : 0x20 (32) [217] : 0x00 (0) [218] : 0x00 (0) [219] : 0x00 (0) [220] : 0x26 (38) [221] : 0x02 (2) [222] : 0x00 (0) [223] : 0x00 (0) [224] : 0x00 (0) [225] : 0x02 (2) [226] : 0x18 (24) [227] : 0x00 (0) [228] : 0x0c (12) [229] : 0x00 (0) [230] : 0x0f (15) [231] : 0x10 (16) [232] : 0x01 (1) [233] : 0x02 (2) [234] : 0x00 (0) [235] : 0x00 (0) [236] : 0x00 (0) [237] : 0x00 (0) [238] : 0x00 (0) [239] : 0x05 (5) [240] : 0x20 (32) [241] : 0x00 (0) [242] : 0x00 (0) [243] : 0x00 (0) [244] : 0x26 (38) [245] : 0x02 (2) [246] : 0x00 (0) [247] : 0x00 (0) data_size : * data_size : 0x000000f8 (248) data_length : * data_length : 0x000000f8 (248) result : WERR_OK [2012/08/30 15:27:54.933132, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000004c-0000-0000-3f50-babeee0b0000 [2012/08/30 15:27:54.933586, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 4C 00 00 00 00 00 00 00 3F 50 BA BE ....L... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:54.933800, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 4C 00 00 00 00 00 00 00 3F 50 BA BE ....L... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:54.933993, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/08/30 15:27:54.934134, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (6->5) [2012/08/30 15:27:54.934254, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2012/08/30 15:27:54.934735, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000004b-0000-0000-3f50-babeee0b0000 [2012/08/30 15:27:54.935160, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 4B 00 00 00 00 00 00 00 3F 50 BA BE ....K... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:54.935354, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 4B 00 00 00 00 00 00 00 3F 50 BA BE ....K... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:54.935573, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/08/30 15:27:54.935691, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (5->4) [2012/08/30 15:27:54.935826, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2012/08/30 15:27:54.936307, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000004a-0000-0000-3f50-babeee0b0000 [2012/08/30 15:27:54.936735, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 4A 00 00 00 00 00 00 00 3F 50 BA BE ....J... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:54.936929, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 4A 00 00 00 00 00 00 00 3F 50 BA BE ....J... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:54.937125, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/08/30 15:27:54.937247, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (4->3) [2012/08/30 15:27:54.937365, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2012/08/30 15:27:54.937848, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000049-0000-0000-3f50-babeee0b0000 [2012/08/30 15:27:54.938261, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 49 00 00 00 00 00 00 00 3F 50 BA BE ....I... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:54.938473, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 49 00 00 00 00 00 00 00 3F 50 BA BE ....I... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:54.938666, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/08/30 15:27:54.938784, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (3->2) [2012/08/30 15:27:54.938905, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2012/08/30 15:27:54.939586, 8] rpc_server/spoolss/srv_spoolss_nt.c:5510(construct_printer_driver_info_level) construct_printer_driver_info_level: status: WERR_OK [2012/08/30 15:27:54.939753, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM in: struct winreg_OpenHKLM system_name : NULL access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2012/08/30 15:27:54.940605, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2012/08/30 15:27:54.940747, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (2->3) [2012/08/30 15:27:54.940869, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM] [2012/08/30 15:27:54.940986, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM] [2012/08/30 15:27:54.941104, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:54.941237, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM] [2012/08/30 15:27:54.941400, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM] [2012/08/30 15:27:54.941533, 10] ../libcli/security/access_check.c:178(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2012/08/30 15:27:54.941658, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[1] [0000] 00 00 00 00 4D 00 00 00 00 00 00 00 3F 50 BA BE ....M... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:54.941862, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM out: struct winreg_OpenHKLM handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000004d-0000-0000-3f50-babeee0b0000 result : WERR_OK [2012/08/30 15:27:54.942381, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey in: struct winreg_OpenKey parent_handle : * parent_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000004d-0000-0000-3f50-babeee0b0000 keyname: struct winreg_String name_len : 0x00b4 (180) name_size : 0x00b4 (180) name : * name : 'SYSTEM\CurrentControlSet\Control\Print\Environments\Windows x64\Drivers\Version-3\HP_4515' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2012/08/30 15:27:54.944029, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 4D 00 00 00 00 00 00 00 3F 50 BA BE ....M... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:54.944254, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [SYSTEM] [2012/08/30 15:27:54.944376, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (3->4) [2012/08/30 15:27:54.944497, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM] [2012/08/30 15:27:54.944620, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SYSTEM] [2012/08/30 15:27:54.944741, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:54.944859, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SYSTEM] [2012/08/30 15:27:54.945004, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM] [2012/08/30 15:27:54.945143, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentControlSet] [2012/08/30 15:27:54.945263, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (4->5) [2012/08/30 15:27:54.945385, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet] [2012/08/30 15:27:54.945521, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet] [2012/08/30 15:27:54.945640, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:54.945757, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SYSTEM\CurrentControlSet] [2012/08/30 15:27:54.945916, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM\CurrentControlSet] [2012/08/30 15:27:54.946051, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Control] [2012/08/30 15:27:54.946179, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (5->6) [2012/08/30 15:27:54.946300, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Control] [2012/08/30 15:27:54.946421, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Control] [2012/08/30 15:27:54.946539, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:54.946655, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SYSTEM\CurrentControlSet\Control] [2012/08/30 15:27:54.946808, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM\CurrentControlSet\Control] [2012/08/30 15:27:54.946953, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2012/08/30 15:27:54.947072, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (6->7) [2012/08/30 15:27:54.947192, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Control\Print] [2012/08/30 15:27:54.947327, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Control\Print] [2012/08/30 15:27:54.947446, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:54.947621, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SYSTEM\CurrentControlSet\Control\Print] [2012/08/30 15:27:54.947759, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM\CurrentControlSet\Control\Print] [2012/08/30 15:27:54.947893, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Environments] [2012/08/30 15:27:54.948012, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (7->8) [2012/08/30 15:27:54.948135, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments] [2012/08/30 15:27:54.948252, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments] [2012/08/30 15:27:54.948370, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:54.948520, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments] [2012/08/30 15:27:54.948662, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments] [2012/08/30 15:27:54.948797, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Windows x64] [2012/08/30 15:27:54.948919, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (8->9) [2012/08/30 15:27:54.949039, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows x64] [2012/08/30 15:27:54.949157, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows x64] [2012/08/30 15:27:54.949275, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:54.949408, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows x64] [2012/08/30 15:27:54.949542, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows x64] [2012/08/30 15:27:54.949676, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Drivers] [2012/08/30 15:27:54.949805, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (9->10) [2012/08/30 15:27:54.949926, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows x64\Drivers] [2012/08/30 15:27:54.950043, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows x64\Drivers] [2012/08/30 15:27:54.950162, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:54.950295, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows x64\Drivers] [2012/08/30 15:27:54.950428, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows x64\Drivers] [2012/08/30 15:27:54.950563, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Version-3] [2012/08/30 15:27:54.950700, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (10->11) [2012/08/30 15:27:54.950967, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows x64\Drivers\Version-3] [2012/08/30 15:27:54.951085, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows x64\Drivers\Version-3] [2012/08/30 15:27:54.951204, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:54.951323, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows x64\Drivers\Version-3] [2012/08/30 15:27:54.951457, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows x64\Drivers\Version-3] [2012/08/30 15:27:54.951650, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [HP_4515] [2012/08/30 15:27:54.951770, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (11->12) [2012/08/30 15:27:54.951892, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows x64\Drivers\Version-3\HP_4515] [2012/08/30 15:27:54.952009, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows x64\Drivers\Version-3\HP_4515] [2012/08/30 15:27:54.952146, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:54.952262, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows x64\Drivers\Version-3\HP_4515] [2012/08/30 15:27:54.952394, 10] registry/reg_backend_db.c:1656(regdb_fetch_keys_internal) regdb_fetch_keys: no subkeys found for key [HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows x64\Drivers\Version-3\HP_4515] [2012/08/30 15:27:54.952517, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows x64\Drivers\Version-3\HP_4515] [2012/08/30 15:27:54.952652, 10] ../libcli/security/access_check.c:178(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2012/08/30 15:27:54.952773, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (12->11) [2012/08/30 15:27:54.952892, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (11->10) [2012/08/30 15:27:54.953038, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (10->9) [2012/08/30 15:27:54.953159, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (9->8) [2012/08/30 15:27:54.953277, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (8->7) [2012/08/30 15:27:54.953407, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (7->6) [2012/08/30 15:27:54.953531, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (6->5) [2012/08/30 15:27:54.953649, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (5->4) [2012/08/30 15:27:54.953769, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[2] [0000] 00 00 00 00 4E 00 00 00 00 00 00 00 3F 50 BA BE ....N... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:54.953981, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey out: struct winreg_OpenKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000004e-0000-0000-3f50-babeee0b0000 result : WERR_OK [2012/08/30 15:27:54.954477, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_QueryInfoKey: struct winreg_QueryInfoKey in: struct winreg_QueryInfoKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000004e-0000-0000-3f50-babeee0b0000 classname : * classname: struct winreg_String name_len : 0x0000 (0) name_size : 0x0000 (0) name : NULL [2012/08/30 15:27:54.955243, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 4E 00 00 00 00 00 00 00 3F 50 BA BE ....N... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:54.955440, 10] registry/reg_dispatcher.c:150(fetch_reg_values) fetch_reg_values called for key 'HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows x64\Drivers\Version-3\HP_4515' (ops 0x7fd50b775f80) [2012/08/30 15:27:54.956393, 10] registry/reg_backend_db.c:1789(regdb_fetch_values_internal) regdb_fetch_values: Looking for values of key [HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows x64\Drivers\Version-3\HP_4515] [2012/08/30 15:27:54.956532, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[0]: name[Version] len[4] [2012/08/30 15:27:54.956653, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[1]: name[Driver] len[26] [2012/08/30 15:27:54.956790, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[2]: name[Data File] len[24] [2012/08/30 15:27:54.956910, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[3]: name[Configuration File] len[20] [2012/08/30 15:27:54.957030, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[4]: name[Help File] len[24] [2012/08/30 15:27:54.957239, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[5]: name[Dependent Files] len[188] [2012/08/30 15:27:54.957360, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[6]: name[Monitor] len[0] [2012/08/30 15:27:54.957479, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[7]: name[Datatype] len[8] [2012/08/30 15:27:54.957601, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[8]: name[Previous Names] len[2] [2012/08/30 15:27:54.957728, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[9]: name[DriverDate] len[22] [2012/08/30 15:27:54.957848, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[10]: name[DriverVersion] len[16] [2012/08/30 15:27:54.957971, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[11]: name[Manufacturer] len[0] [2012/08/30 15:27:54.958107, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[12]: name[OEM URL] len[0] [2012/08/30 15:27:54.958226, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[13]: name[HardwareID] len[0] [2012/08/30 15:27:54.958345, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[14]: name[Provider] len[0] [2012/08/30 15:27:54.958480, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[15]: name[Print Processor] len[0] [2012/08/30 15:27:54.958599, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[16]: name[VendorSetup] len[0] [2012/08/30 15:27:54.958719, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[17]: name[Color Profiles] len[2] [2012/08/30 15:27:54.958886, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[18]: name[InfPath] len[0] [2012/08/30 15:27:54.959009, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[19]: name[PrinterDriverAttributes] len[4] [2012/08/30 15:27:54.959128, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[20]: name[CoreDependencies] len[2] [2012/08/30 15:27:54.959248, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[21]: name[MinInboxDriverVerDate] len[22] [2012/08/30 15:27:54.959373, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[22]: name[MinInboxDriverVerVersion] len[16] [2012/08/30 15:27:54.959535, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows x64\Drivers\Version-3\HP_4515] [2012/08/30 15:27:54.959684, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_QueryInfoKey: struct winreg_QueryInfoKey out: struct winreg_QueryInfoKey classname : * classname: struct winreg_String name_len : 0x0000 (0) name_size : 0x0000 (0) name : NULL num_subkeys : * num_subkeys : 0x00000000 (0) max_subkeylen : * max_subkeylen : 0x00000000 (0) max_classlen : * max_classlen : 0x00000000 (0) num_values : * num_values : 0x00000017 (23) max_valnamelen : * max_valnamelen : 0x00000032 (50) max_valbufsize : * max_valbufsize : 0x000000bc (188) secdescsize : * secdescsize : 0x00000078 (120) last_changed_time : * last_changed_time : NTTIME(0) result : WERR_OK [2012/08/30 15:27:54.961191, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000004e-0000-0000-3f50-babeee0b0000 enum_index : 0x00000000 (0) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0034 (52) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000bc (188) length : * length : 0x00000000 (0) [2012/08/30 15:27:54.962534, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 4E 00 00 00 00 00 00 00 3F 50 BA BE ....N... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:54.962731, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows x64\Drivers\Version-3\HP_4515] [2012/08/30 15:27:54.962857, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0010 (16) size : 0x0034 (52) name : * name : 'Version' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x03 (3) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2012/08/30 15:27:54.964237, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000004e-0000-0000-3f50-babeee0b0000 enum_index : 0x00000001 (1) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0034 (52) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000bc (188) length : * length : 0x00000000 (0) [2012/08/30 15:27:54.965553, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 4E 00 00 00 00 00 00 00 3F 50 BA BE ....N... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:54.965748, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows x64\Drivers\Version-3\HP_4515] [2012/08/30 15:27:54.965886, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x000e (14) size : 0x0034 (52) name : * name : 'Driver' type : * type : REG_SZ (1) value : * value: ARRAY(26) [0] : 0x70 (112) [1] : 0x00 (0) [2] : 0x73 (115) [3] : 0x00 (0) [4] : 0x63 (99) [5] : 0x00 (0) [6] : 0x72 (114) [7] : 0x00 (0) [8] : 0x69 (105) [9] : 0x00 (0) [10] : 0x70 (112) [11] : 0x00 (0) [12] : 0x74 (116) [13] : 0x00 (0) [14] : 0x35 (53) [15] : 0x00 (0) [16] : 0x2e (46) [17] : 0x00 (0) [18] : 0x64 (100) [19] : 0x00 (0) [20] : 0x6c (108) [21] : 0x00 (0) [22] : 0x6c (108) [23] : 0x00 (0) [24] : 0x00 (0) [25] : 0x00 (0) size : * size : 0x0000001a (26) length : * length : 0x0000001a (26) result : WERR_OK [2012/08/30 15:27:54.968596, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000004e-0000-0000-3f50-babeee0b0000 enum_index : 0x00000002 (2) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0034 (52) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000bc (188) length : * length : 0x00000000 (0) [2012/08/30 15:27:54.969914, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 4E 00 00 00 00 00 00 00 3F 50 BA BE ....N... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:54.970109, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows x64\Drivers\Version-3\HP_4515] [2012/08/30 15:27:54.970256, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0014 (20) size : 0x0034 (52) name : * name : 'Data File' type : * type : REG_SZ (1) value : * value: ARRAY(24) [0] : 0x48 (72) [1] : 0x00 (0) [2] : 0x50 (80) [3] : 0x00 (0) [4] : 0x5f (95) [5] : 0x00 (0) [6] : 0x34 (52) [7] : 0x00 (0) [8] : 0x35 (53) [9] : 0x00 (0) [10] : 0x31 (49) [11] : 0x00 (0) [12] : 0x35 (53) [13] : 0x00 (0) [14] : 0x2e (46) [15] : 0x00 (0) [16] : 0x70 (112) [17] : 0x00 (0) [18] : 0x70 (112) [19] : 0x00 (0) [20] : 0x64 (100) [21] : 0x00 (0) [22] : 0x00 (0) [23] : 0x00 (0) size : * size : 0x00000018 (24) length : * length : 0x00000018 (24) result : WERR_OK [2012/08/30 15:27:54.972831, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000004e-0000-0000-3f50-babeee0b0000 enum_index : 0x00000003 (3) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0034 (52) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000bc (188) length : * length : 0x00000000 (0) [2012/08/30 15:27:54.974131, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 4E 00 00 00 00 00 00 00 3F 50 BA BE ....N... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:54.974326, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows x64\Drivers\Version-3\HP_4515] [2012/08/30 15:27:54.974448, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0026 (38) size : 0x0034 (52) name : * name : 'Configuration File' type : * type : REG_SZ (1) value : * value: ARRAY(20) [0] : 0x70 (112) [1] : 0x00 (0) [2] : 0x73 (115) [3] : 0x00 (0) [4] : 0x35 (53) [5] : 0x00 (0) [6] : 0x75 (117) [7] : 0x00 (0) [8] : 0x69 (105) [9] : 0x00 (0) [10] : 0x2e (46) [11] : 0x00 (0) [12] : 0x64 (100) [13] : 0x00 (0) [14] : 0x6c (108) [15] : 0x00 (0) [16] : 0x6c (108) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) size : * size : 0x00000014 (20) length : * length : 0x00000014 (20) result : WERR_OK [2012/08/30 15:27:54.977127, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000004e-0000-0000-3f50-babeee0b0000 enum_index : 0x00000004 (4) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0034 (52) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000bc (188) length : * length : 0x00000000 (0) [2012/08/30 15:27:54.978438, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 4E 00 00 00 00 00 00 00 3F 50 BA BE ....N... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:54.978636, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows x64\Drivers\Version-3\HP_4515] [2012/08/30 15:27:54.978758, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0014 (20) size : 0x0034 (52) name : * name : 'Help File' type : * type : REG_SZ (1) value : * value: ARRAY(24) [0] : 0x70 (112) [1] : 0x00 (0) [2] : 0x73 (115) [3] : 0x00 (0) [4] : 0x63 (99) [5] : 0x00 (0) [6] : 0x72 (114) [7] : 0x00 (0) [8] : 0x69 (105) [9] : 0x00 (0) [10] : 0x70 (112) [11] : 0x00 (0) [12] : 0x74 (116) [13] : 0x00 (0) [14] : 0x2e (46) [15] : 0x00 (0) [16] : 0x68 (104) [17] : 0x00 (0) [18] : 0x6c (108) [19] : 0x00 (0) [20] : 0x70 (112) [21] : 0x00 (0) [22] : 0x00 (0) [23] : 0x00 (0) size : * size : 0x00000018 (24) length : * length : 0x00000018 (24) result : WERR_OK [2012/08/30 15:27:54.981459, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000004e-0000-0000-3f50-babeee0b0000 enum_index : 0x00000005 (5) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0034 (52) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000bc (188) length : * length : 0x00000000 (0) [2012/08/30 15:27:54.982778, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 4E 00 00 00 00 00 00 00 3F 50 BA BE ....N... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:54.983004, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows x64\Drivers\Version-3\HP_4515] [2012/08/30 15:27:54.983132, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0020 (32) size : 0x0034 (52) name : * name : 'Dependent Files' type : * type : REG_MULTI_SZ (7) value : * value: ARRAY(188) [0] : 0x70 (112) [1] : 0x00 (0) [2] : 0x73 (115) [3] : 0x00 (0) [4] : 0x63 (99) [5] : 0x00 (0) [6] : 0x72 (114) [7] : 0x00 (0) [8] : 0x69 (105) [9] : 0x00 (0) [10] : 0x70 (112) [11] : 0x00 (0) [12] : 0x74 (116) [13] : 0x00 (0) [14] : 0x35 (53) [15] : 0x00 (0) [16] : 0x2e (46) [17] : 0x00 (0) [18] : 0x64 (100) [19] : 0x00 (0) [20] : 0x6c (108) [21] : 0x00 (0) [22] : 0x6c (108) [23] : 0x00 (0) [24] : 0x00 (0) [25] : 0x00 (0) [26] : 0x48 (72) [27] : 0x00 (0) [28] : 0x50 (80) [29] : 0x00 (0) [30] : 0x5f (95) [31] : 0x00 (0) [32] : 0x34 (52) [33] : 0x00 (0) [34] : 0x35 (53) [35] : 0x00 (0) [36] : 0x31 (49) [37] : 0x00 (0) [38] : 0x35 (53) [39] : 0x00 (0) [40] : 0x2e (46) [41] : 0x00 (0) [42] : 0x70 (112) [43] : 0x00 (0) [44] : 0x70 (112) [45] : 0x00 (0) [46] : 0x64 (100) [47] : 0x00 (0) [48] : 0x00 (0) [49] : 0x00 (0) [50] : 0x70 (112) [51] : 0x00 (0) [52] : 0x73 (115) [53] : 0x00 (0) [54] : 0x35 (53) [55] : 0x00 (0) [56] : 0x75 (117) [57] : 0x00 (0) [58] : 0x69 (105) [59] : 0x00 (0) [60] : 0x2e (46) [61] : 0x00 (0) [62] : 0x64 (100) [63] : 0x00 (0) [64] : 0x6c (108) [65] : 0x00 (0) [66] : 0x6c (108) [67] : 0x00 (0) [68] : 0x00 (0) [69] : 0x00 (0) [70] : 0x70 (112) [71] : 0x00 (0) [72] : 0x73 (115) [73] : 0x00 (0) [74] : 0x63 (99) [75] : 0x00 (0) [76] : 0x72 (114) [77] : 0x00 (0) [78] : 0x69 (105) [79] : 0x00 (0) [80] : 0x70 (112) [81] : 0x00 (0) [82] : 0x74 (116) [83] : 0x00 (0) [84] : 0x2e (46) [85] : 0x00 (0) [86] : 0x68 (104) [87] : 0x00 (0) [88] : 0x6c (108) [89] : 0x00 (0) [90] : 0x70 (112) [91] : 0x00 (0) [92] : 0x00 (0) [93] : 0x00 (0) [94] : 0x70 (112) [95] : 0x00 (0) [96] : 0x73 (115) [97] : 0x00 (0) [98] : 0x63 (99) [99] : 0x00 (0) [100] : 0x72 (114) [101] : 0x00 (0) [102] : 0x69 (105) [103] : 0x00 (0) [104] : 0x70 (112) [105] : 0x00 (0) [106] : 0x74 (116) [107] : 0x00 (0) [108] : 0x2e (46) [109] : 0x00 (0) [110] : 0x6e (110) [111] : 0x00 (0) [112] : 0x74 (116) [113] : 0x00 (0) [114] : 0x66 (102) [115] : 0x00 (0) [116] : 0x00 (0) [117] : 0x00 (0) [118] : 0x63 (99) [119] : 0x00 (0) [120] : 0x75 (117) [121] : 0x00 (0) [122] : 0x70 (112) [123] : 0x00 (0) [124] : 0x73 (115) [125] : 0x00 (0) [126] : 0x36 (54) [127] : 0x00 (0) [128] : 0x2e (46) [129] : 0x00 (0) [130] : 0x69 (105) [131] : 0x00 (0) [132] : 0x6e (110) [133] : 0x00 (0) [134] : 0x69 (105) [135] : 0x00 (0) [136] : 0x00 (0) [137] : 0x00 (0) [138] : 0x63 (99) [139] : 0x00 (0) [140] : 0x75 (117) [141] : 0x00 (0) [142] : 0x70 (112) [143] : 0x00 (0) [144] : 0x73 (115) [145] : 0x00 (0) [146] : 0x70 (112) [147] : 0x00 (0) [148] : 0x73 (115) [149] : 0x00 (0) [150] : 0x36 (54) [151] : 0x00 (0) [152] : 0x2e (46) [153] : 0x00 (0) [154] : 0x64 (100) [155] : 0x00 (0) [156] : 0x6c (108) [157] : 0x00 (0) [158] : 0x6c (108) [159] : 0x00 (0) [160] : 0x00 (0) [161] : 0x00 (0) [162] : 0x63 (99) [163] : 0x00 (0) [164] : 0x75 (117) [165] : 0x00 (0) [166] : 0x70 (112) [167] : 0x00 (0) [168] : 0x73 (115) [169] : 0x00 (0) [170] : 0x75 (117) [171] : 0x00 (0) [172] : 0x69 (105) [173] : 0x00 (0) [174] : 0x36 (54) [175] : 0x00 (0) [176] : 0x2e (46) [177] : 0x00 (0) [178] : 0x64 (100) [179] : 0x00 (0) [180] : 0x6c (108) [181] : 0x00 (0) [182] : 0x6c (108) [183] : 0x00 (0) [184] : 0x00 (0) [185] : 0x00 (0) [186] : 0x00 (0) [187] : 0x00 (0) size : * size : 0x000000bc (188) length : * length : 0x000000bc (188) result : WERR_OK [2012/08/30 15:27:54.996531, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000004e-0000-0000-3f50-babeee0b0000 enum_index : 0x00000006 (6) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0034 (52) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000bc (188) length : * length : 0x00000000 (0) [2012/08/30 15:27:54.997850, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 4E 00 00 00 00 00 00 00 3F 50 BA BE ....N... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:54.998059, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows x64\Drivers\Version-3\HP_4515] [2012/08/30 15:27:54.998188, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0010 (16) size : 0x0034 (52) name : * name : 'Monitor' type : * type : REG_SZ (1) value : * value: ARRAY(0) size : * size : 0x00000000 (0) length : * length : 0x00000000 (0) result : WERR_OK [2012/08/30 15:27:54.999449, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000004e-0000-0000-3f50-babeee0b0000 enum_index : 0x00000007 (7) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0034 (52) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000bc (188) length : * length : 0x00000000 (0) [2012/08/30 15:27:55.000785, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 4E 00 00 00 00 00 00 00 3F 50 BA BE ....N... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:55.000995, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows x64\Drivers\Version-3\HP_4515] [2012/08/30 15:27:55.001122, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0034 (52) name : * name : 'Datatype' type : * type : REG_SZ (1) value : * value: ARRAY(8) [0] : 0x52 (82) [1] : 0x00 (0) [2] : 0x41 (65) [3] : 0x00 (0) [4] : 0x57 (87) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) size : * size : 0x00000008 (8) length : * length : 0x00000008 (8) result : WERR_OK [2012/08/30 15:27:55.002690, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000004e-0000-0000-3f50-babeee0b0000 enum_index : 0x00000008 (8) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0034 (52) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000bc (188) length : * length : 0x00000000 (0) [2012/08/30 15:27:55.004075, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 4E 00 00 00 00 00 00 00 3F 50 BA BE ....N... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:55.004286, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows x64\Drivers\Version-3\HP_4515] [2012/08/30 15:27:55.004410, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x001e (30) size : 0x0034 (52) name : * name : 'Previous Names' type : * type : REG_MULTI_SZ (7) value : * value: ARRAY(2) [0] : 0x00 (0) [1] : 0x00 (0) size : * size : 0x00000002 (2) length : * length : 0x00000002 (2) result : WERR_OK [2012/08/30 15:27:55.005602, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000004e-0000-0000-3f50-babeee0b0000 enum_index : 0x00000009 (9) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0034 (52) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000bc (188) length : * length : 0x00000000 (0) [2012/08/30 15:27:55.006943, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 4E 00 00 00 00 00 00 00 3F 50 BA BE ....N... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:55.007139, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows x64\Drivers\Version-3\HP_4515] [2012/08/30 15:27:55.007255, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0016 (22) size : 0x0034 (52) name : * name : 'DriverDate' type : * type : REG_SZ (1) value : * value: ARRAY(22) [0] : 0x30 (48) [1] : 0x00 (0) [2] : 0x31 (49) [3] : 0x00 (0) [4] : 0x2f (47) [5] : 0x00 (0) [6] : 0x30 (48) [7] : 0x00 (0) [8] : 0x31 (49) [9] : 0x00 (0) [10] : 0x2f (47) [11] : 0x00 (0) [12] : 0x31 (49) [13] : 0x00 (0) [14] : 0x36 (54) [15] : 0x00 (0) [16] : 0x30 (48) [17] : 0x00 (0) [18] : 0x31 (49) [19] : 0x00 (0) [20] : 0x00 (0) [21] : 0x00 (0) size : * size : 0x00000016 (22) length : * length : 0x00000016 (22) result : WERR_OK [2012/08/30 15:27:55.009771, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000004e-0000-0000-3f50-babeee0b0000 enum_index : 0x0000000a (10) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0034 (52) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000bc (188) length : * length : 0x00000000 (0) [2012/08/30 15:27:55.011233, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 4E 00 00 00 00 00 00 00 3F 50 BA BE ....N... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:55.011438, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows x64\Drivers\Version-3\HP_4515] [2012/08/30 15:27:55.012410, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x001c (28) size : 0x0034 (52) name : * name : 'DriverVersion' type : * type : REG_SZ (1) value : * value: ARRAY(16) [0] : 0x30 (48) [1] : 0x00 (0) [2] : 0x2e (46) [3] : 0x00 (0) [4] : 0x30 (48) [5] : 0x00 (0) [6] : 0x2e (46) [7] : 0x00 (0) [8] : 0x30 (48) [9] : 0x00 (0) [10] : 0x2e (46) [11] : 0x00 (0) [12] : 0x30 (48) [13] : 0x00 (0) [14] : 0x00 (0) [15] : 0x00 (0) size : * size : 0x00000010 (16) length : * length : 0x00000010 (16) result : WERR_OK [2012/08/30 15:27:55.014449, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000004e-0000-0000-3f50-babeee0b0000 enum_index : 0x0000000b (11) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0034 (52) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000bc (188) length : * length : 0x00000000 (0) [2012/08/30 15:27:55.015795, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 4E 00 00 00 00 00 00 00 3F 50 BA BE ....N... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:55.016020, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows x64\Drivers\Version-3\HP_4515] [2012/08/30 15:27:55.016145, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x001a (26) size : 0x0034 (52) name : * name : 'Manufacturer' type : * type : REG_SZ (1) value : * value: ARRAY(0) size : * size : 0x00000000 (0) length : * length : 0x00000000 (0) result : WERR_OK [2012/08/30 15:27:55.017343, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000004e-0000-0000-3f50-babeee0b0000 enum_index : 0x0000000c (12) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0034 (52) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000bc (188) length : * length : 0x00000000 (0) [2012/08/30 15:27:55.018637, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 4E 00 00 00 00 00 00 00 3F 50 BA BE ....N... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:55.018832, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows x64\Drivers\Version-3\HP_4515] [2012/08/30 15:27:55.018969, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0010 (16) size : 0x0034 (52) name : * name : 'OEM URL' type : * type : REG_SZ (1) value : * value: ARRAY(0) size : * size : 0x00000000 (0) length : * length : 0x00000000 (0) result : WERR_OK [2012/08/30 15:27:55.020087, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000004e-0000-0000-3f50-babeee0b0000 enum_index : 0x0000000d (13) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0034 (52) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000bc (188) length : * length : 0x00000000 (0) [2012/08/30 15:27:55.021371, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 4E 00 00 00 00 00 00 00 3F 50 BA BE ....N... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:55.021569, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows x64\Drivers\Version-3\HP_4515] [2012/08/30 15:27:55.021689, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0016 (22) size : 0x0034 (52) name : * name : 'HardwareID' type : * type : REG_SZ (1) value : * value: ARRAY(0) size : * size : 0x00000000 (0) length : * length : 0x00000000 (0) result : WERR_OK [2012/08/30 15:27:55.022760, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000004e-0000-0000-3f50-babeee0b0000 enum_index : 0x0000000e (14) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0034 (52) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000bc (188) length : * length : 0x00000000 (0) [2012/08/30 15:27:55.024271, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 4E 00 00 00 00 00 00 00 3F 50 BA BE ....N... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:55.024471, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows x64\Drivers\Version-3\HP_4515] [2012/08/30 15:27:55.024593, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0034 (52) name : * name : 'Provider' type : * type : REG_SZ (1) value : * value: ARRAY(0) size : * size : 0x00000000 (0) length : * length : 0x00000000 (0) result : WERR_OK [2012/08/30 15:27:55.025692, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000004e-0000-0000-3f50-babeee0b0000 enum_index : 0x0000000f (15) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0034 (52) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000bc (188) length : * length : 0x00000000 (0) [2012/08/30 15:27:55.027012, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 4E 00 00 00 00 00 00 00 3F 50 BA BE ....N... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:55.027209, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows x64\Drivers\Version-3\HP_4515] [2012/08/30 15:27:55.027334, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0020 (32) size : 0x0034 (52) name : * name : 'Print Processor' type : * type : REG_SZ (1) value : * value: ARRAY(0) size : * size : 0x00000000 (0) length : * length : 0x00000000 (0) result : WERR_OK [2012/08/30 15:27:55.028473, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000004e-0000-0000-3f50-babeee0b0000 enum_index : 0x00000010 (16) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0034 (52) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000bc (188) length : * length : 0x00000000 (0) [2012/08/30 15:27:55.029794, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 4E 00 00 00 00 00 00 00 3F 50 BA BE ....N... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:55.029992, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows x64\Drivers\Version-3\HP_4515] [2012/08/30 15:27:55.030113, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0018 (24) size : 0x0034 (52) name : * name : 'VendorSetup' type : * type : REG_SZ (1) value : * value: ARRAY(0) size : * size : 0x00000000 (0) length : * length : 0x00000000 (0) result : WERR_OK [2012/08/30 15:27:55.031205, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000004e-0000-0000-3f50-babeee0b0000 enum_index : 0x00000011 (17) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0034 (52) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000bc (188) length : * length : 0x00000000 (0) [2012/08/30 15:27:55.032556, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 4E 00 00 00 00 00 00 00 3F 50 BA BE ....N... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:55.032751, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows x64\Drivers\Version-3\HP_4515] [2012/08/30 15:27:55.032878, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x001e (30) size : 0x0034 (52) name : * name : 'Color Profiles' type : * type : REG_MULTI_SZ (7) value : * value: ARRAY(2) [0] : 0x00 (0) [1] : 0x00 (0) size : * size : 0x00000002 (2) length : * length : 0x00000002 (2) result : WERR_OK [2012/08/30 15:27:55.034061, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000004e-0000-0000-3f50-babeee0b0000 enum_index : 0x00000012 (18) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0034 (52) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000bc (188) length : * length : 0x00000000 (0) [2012/08/30 15:27:55.035554, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 4E 00 00 00 00 00 00 00 3F 50 BA BE ....N... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:55.035762, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows x64\Drivers\Version-3\HP_4515] [2012/08/30 15:27:55.035901, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0010 (16) size : 0x0034 (52) name : * name : 'InfPath' type : * type : REG_SZ (1) value : * value: ARRAY(0) size : * size : 0x00000000 (0) length : * length : 0x00000000 (0) result : WERR_OK [2012/08/30 15:27:55.036979, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000004e-0000-0000-3f50-babeee0b0000 enum_index : 0x00000013 (19) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0034 (52) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000bc (188) length : * length : 0x00000000 (0) [2012/08/30 15:27:55.038280, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 4E 00 00 00 00 00 00 00 3F 50 BA BE ....N... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:55.038476, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows x64\Drivers\Version-3\HP_4515] [2012/08/30 15:27:55.038600, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0030 (48) size : 0x0034 (52) name : * name : 'PrinterDriverAttributes' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x00 (0) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2012/08/30 15:27:55.039986, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000004e-0000-0000-3f50-babeee0b0000 enum_index : 0x00000014 (20) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0034 (52) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000bc (188) length : * length : 0x00000000 (0) [2012/08/30 15:27:55.041319, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 4E 00 00 00 00 00 00 00 3F 50 BA BE ....N... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:55.041521, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows x64\Drivers\Version-3\HP_4515] [2012/08/30 15:27:55.041648, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0022 (34) size : 0x0034 (52) name : * name : 'CoreDependencies' type : * type : REG_MULTI_SZ (7) value : * value: ARRAY(2) [0] : 0x00 (0) [1] : 0x00 (0) size : * size : 0x00000002 (2) length : * length : 0x00000002 (2) result : WERR_OK [2012/08/30 15:27:55.042857, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000004e-0000-0000-3f50-babeee0b0000 enum_index : 0x00000015 (21) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0034 (52) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000bc (188) length : * length : 0x00000000 (0) [2012/08/30 15:27:55.044233, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 4E 00 00 00 00 00 00 00 3F 50 BA BE ....N... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:55.044437, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows x64\Drivers\Version-3\HP_4515] [2012/08/30 15:27:55.044566, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x002c (44) size : 0x0034 (52) name : * name : 'MinInboxDriverVerDate' type : * type : REG_SZ (1) value : * value: ARRAY(22) [0] : 0x30 (48) [1] : 0x00 (0) [2] : 0x31 (49) [3] : 0x00 (0) [4] : 0x2f (47) [5] : 0x00 (0) [6] : 0x30 (48) [7] : 0x00 (0) [8] : 0x31 (49) [9] : 0x00 (0) [10] : 0x2f (47) [11] : 0x00 (0) [12] : 0x31 (49) [13] : 0x00 (0) [14] : 0x36 (54) [15] : 0x00 (0) [16] : 0x30 (48) [17] : 0x00 (0) [18] : 0x31 (49) [19] : 0x00 (0) [20] : 0x00 (0) [21] : 0x00 (0) size : * size : 0x00000016 (22) length : * length : 0x00000016 (22) result : WERR_OK [2012/08/30 15:27:55.047014, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000004e-0000-0000-3f50-babeee0b0000 enum_index : 0x00000016 (22) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0034 (52) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000bc (188) length : * length : 0x00000000 (0) [2012/08/30 15:27:55.048489, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 4E 00 00 00 00 00 00 00 3F 50 BA BE ....N... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:55.048711, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows x64\Drivers\Version-3\HP_4515] [2012/08/30 15:27:55.048835, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0032 (50) size : 0x0034 (52) name : * name : 'MinInboxDriverVerVersion' type : * type : REG_SZ (1) value : * value: ARRAY(16) [0] : 0x30 (48) [1] : 0x00 (0) [2] : 0x2e (46) [3] : 0x00 (0) [4] : 0x30 (48) [5] : 0x00 (0) [6] : 0x2e (46) [7] : 0x00 (0) [8] : 0x30 (48) [9] : 0x00 (0) [10] : 0x2e (46) [11] : 0x00 (0) [12] : 0x30 (48) [13] : 0x00 (0) [14] : 0x00 (0) [15] : 0x00 (0) size : * size : 0x00000010 (16) length : * length : 0x00000010 (16) result : WERR_OK [2012/08/30 15:27:55.051006, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000004e-0000-0000-3f50-babeee0b0000 [2012/08/30 15:27:55.051464, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 4E 00 00 00 00 00 00 00 3F 50 BA BE ....N... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:55.051692, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 4E 00 00 00 00 00 00 00 3F 50 BA BE ....N... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:55.051886, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/08/30 15:27:55.052007, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (4->3) [2012/08/30 15:27:55.052128, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2012/08/30 15:27:55.052622, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000004d-0000-0000-3f50-babeee0b0000 [2012/08/30 15:27:55.053036, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 4D 00 00 00 00 00 00 00 3F 50 BA BE ....M... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:55.053230, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 4D 00 00 00 00 00 00 00 3F 50 BA BE ....M... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:55.053441, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/08/30 15:27:55.053558, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (3->2) [2012/08/30 15:27:55.053676, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2012/08/30 15:27:55.054155, 8] rpc_server/spoolss/srv_spoolss_nt.c:5521(construct_printer_driver_info_level) construct_printer_driver_info_level: status: WERR_OK [2012/08/30 15:27:55.054433, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) spoolss_GetPrinterDriver2: struct spoolss_GetPrinterDriver2 out: struct spoolss_GetPrinterDriver2 info : * info : union spoolss_DriverInfo(case 6) info6: struct spoolss_DriverInfo6 version : SPOOLSS_DRIVER_VERSION_200X (3) driver_name : * driver_name : 'HP_4515' architecture : * architecture : 'Windows x64' driver_path : * driver_path : '\\orange\print$\x64\3\pscript5.dll' data_file : * data_file : '\\orange\print$\x64\3\HP_4515.ppd' config_file : * config_file : '\\orange\print$\x64\3\ps5ui.dll' help_file : * help_file : '\\orange\print$\x64\3\pscript.hlp' dependent_files : * dependent_files: ARRAY(8) [0] : '\\orange\print$\x64\3\pscript5.dll' [1] : '\\orange\print$\x64\3\HP_4515.ppd' [2] : '\\orange\print$\x64\3\ps5ui.dll' [3] : '\\orange\print$\x64\3\pscript.hlp' [4] : '\\orange\print$\x64\3\pscript.ntf' [5] : '\\orange\print$\x64\3\cups6.ini' [6] : '\\orange\print$\x64\3\cupsps6.dll' [7] : '\\orange\print$\x64\3\cupsui6.dll' monitor_name : * monitor_name : '' default_datatype : * default_datatype : 'RAW' previous_names : NULL driver_date : NTTIME(0) driver_version : 0x0000000000000000 (0) manufacturer_name : * manufacturer_name : '' manufacturer_url : * manufacturer_url : '' hardware_id : * hardware_id : '' provider : * provider : '' needed : * needed : 0x000003e0 (992) server_major_version : * server_major_version : 0x00000000 (0) server_minor_version : * server_minor_version : 0x00000000 (0) result : WERR_OK [2012/08/30 15:27:55.057740, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP) api_rpcTNP: called \spoolss successfully [2012/08/30 15:27:55.057871, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 2140 [2012/08/30 15:27:55.058002, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) name: \spoolss len: 4280 [2012/08/30 15:27:55.058124, 10] rpc_server/srv_pipe_hnd.c:346(read_from_internal_pipe) read_from_pipe: \spoolss: fault_state = 0 : data_sent_length = 0, p->out_data.rdata.length = 2072. [2012/08/30 15:27:55.058249, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) &r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_RESPONSE (2) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0830 (2096) auth_length : 0x0000 (0) call_id : 0x00000007 (7) u : union dcerpc_payload(case 2) response: struct dcerpc_response alloc_hint : 0x00000818 (2072) context_id : 0x0000 (0) cancel_count : 0x00 (0) _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=2072 [0000] 08 00 02 00 00 08 00 00 03 00 00 00 F0 07 00 00 ........ ........ [0010] D8 07 00 00 92 07 00 00 4E 07 00 00 0E 07 00 00 ........ N....... [0020] CA 06 00 00 AE 04 00 00 AC 04 00 00 A4 04 00 00 ........ ........ [0030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0040] 00 00 00 00 00 00 00 00 A2 04 00 00 A0 04 00 00 ........ ........ [0050] 9E 04 00 00 9C 04 00 00 00 00 00 00 00 00 00 00 ........ ........ [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0200] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0210] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0220] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0230] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0240] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0250] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0260] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0270] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0280] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0290] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0300] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0310] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0320] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0330] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0340] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0350] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0360] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0370] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0380] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0390] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0400] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0410] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0420] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0430] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0440] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0450] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0460] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0470] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0480] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0490] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04A0] 00 00 00 00 00 00 00 00 00 00 00 00 52 00 41 00 ........ ....R.A. [04B0] 57 00 00 00 00 00 5C 00 5C 00 6F 00 72 00 61 00 W.....\. \.o.r.a. [04C0] 6E 00 67 00 65 00 5C 00 70 00 72 00 69 00 6E 00 n.g.e.\. p.r.i.n. [04D0] 74 00 24 00 5C 00 78 00 36 00 34 00 5C 00 33 00 t.$.\.x. 6.4.\.3. [04E0] 5C 00 70 00 73 00 63 00 72 00 69 00 70 00 74 00 \.p.s.c. r.i.p.t. [04F0] 35 00 2E 00 64 00 6C 00 6C 00 00 00 5C 00 5C 00 5...d.l. l...\.\. [0500] 6F 00 72 00 61 00 6E 00 67 00 65 00 5C 00 70 00 o.r.a.n. g.e.\.p. [0510] 72 00 69 00 6E 00 74 00 24 00 5C 00 78 00 36 00 r.i.n.t. $.\.x.6. [0520] 34 00 5C 00 33 00 5C 00 48 00 50 00 5F 00 34 00 4.\.3.\. H.P._.4. [0530] 35 00 31 00 35 00 2E 00 70 00 70 00 64 00 00 00 5.1.5... p.p.d... [0540] 5C 00 5C 00 6F 00 72 00 61 00 6E 00 67 00 65 00 \.\.o.r. a.n.g.e. [0550] 5C 00 70 00 72 00 69 00 6E 00 74 00 24 00 5C 00 \.p.r.i. n.t.$.\. [0560] 78 00 36 00 34 00 5C 00 33 00 5C 00 70 00 73 00 x.6.4.\. 3.\.p.s. [0570] 35 00 75 00 69 00 2E 00 64 00 6C 00 6C 00 00 00 5.u.i... d.l.l... [0580] 5C 00 5C 00 6F 00 72 00 61 00 6E 00 67 00 65 00 \.\.o.r. a.n.g.e. [0590] 5C 00 70 00 72 00 69 00 6E 00 74 00 24 00 5C 00 \.p.r.i. n.t.$.\. [05A0] 78 00 36 00 34 00 5C 00 33 00 5C 00 70 00 73 00 x.6.4.\. 3.\.p.s. [05B0] 63 00 72 00 69 00 70 00 74 00 2E 00 68 00 6C 00 c.r.i.p. t...h.l. [05C0] 70 00 00 00 5C 00 5C 00 6F 00 72 00 61 00 6E 00 p...\.\. o.r.a.n. [05D0] 67 00 65 00 5C 00 70 00 72 00 69 00 6E 00 74 00 g.e.\.p. r.i.n.t. [05E0] 24 00 5C 00 78 00 36 00 34 00 5C 00 33 00 5C 00 $.\.x.6. 4.\.3.\. [05F0] 70 00 73 00 63 00 72 00 69 00 70 00 74 00 2E 00 p.s.c.r. i.p.t... [0600] 6E 00 74 00 66 00 00 00 5C 00 5C 00 6F 00 72 00 n.t.f... \.\.o.r. [0610] 61 00 6E 00 67 00 65 00 5C 00 70 00 72 00 69 00 a.n.g.e. \.p.r.i. [0620] 6E 00 74 00 24 00 5C 00 78 00 36 00 34 00 5C 00 n.t.$.\. x.6.4.\. [0630] 33 00 5C 00 63 00 75 00 70 00 73 00 36 00 2E 00 3.\.c.u. p.s.6... [0640] 69 00 6E 00 69 00 00 00 5C 00 5C 00 6F 00 72 00 i.n.i... \.\.o.r. [0650] 61 00 6E 00 67 00 65 00 5C 00 70 00 72 00 69 00 a.n.g.e. \.p.r.i. [0660] 6E 00 74 00 24 00 5C 00 78 00 36 00 34 00 5C 00 n.t.$.\. x.6.4.\. [0670] 33 00 5C 00 63 00 75 00 70 00 73 00 70 00 73 00 3.\.c.u. p.s.p.s. [0680] 36 00 2E 00 64 00 6C 00 6C 00 00 00 5C 00 5C 00 6...d.l. l...\.\. [0690] 6F 00 72 00 61 00 6E 00 67 00 65 00 5C 00 70 00 o.r.a.n. g.e.\.p. [06A0] 72 00 69 00 6E 00 74 00 24 00 5C 00 78 00 36 00 r.i.n.t. $.\.x.6. [06B0] 34 00 5C 00 33 00 5C 00 63 00 75 00 70 00 73 00 4.\.3.\. c.u.p.s. [06C0] 75 00 69 00 36 00 2E 00 64 00 6C 00 6C 00 00 00 u.i.6... d.l.l... [06D0] 00 00 5C 00 5C 00 6F 00 72 00 61 00 6E 00 67 00 ..\.\.o. r.a.n.g. [06E0] 65 00 5C 00 70 00 72 00 69 00 6E 00 74 00 24 00 e.\.p.r. i.n.t.$. [06F0] 5C 00 78 00 36 00 34 00 5C 00 33 00 5C 00 70 00 \.x.6.4. \.3.\.p. [0700] 73 00 63 00 72 00 69 00 70 00 74 00 2E 00 68 00 s.c.r.i. p.t...h. [0710] 6C 00 70 00 00 00 5C 00 5C 00 6F 00 72 00 61 00 l.p...\. \.o.r.a. [0720] 6E 00 67 00 65 00 5C 00 70 00 72 00 69 00 6E 00 n.g.e.\. p.r.i.n. [0730] 74 00 24 00 5C 00 78 00 36 00 34 00 5C 00 33 00 t.$.\.x. 6.4.\.3. [0740] 5C 00 70 00 73 00 35 00 75 00 69 00 2E 00 64 00 \.p.s.5. u.i...d. [0750] 6C 00 6C 00 00 00 5C 00 5C 00 6F 00 72 00 61 00 l.l...\. \.o.r.a. [0760] 6E 00 67 00 65 00 5C 00 70 00 72 00 69 00 6E 00 n.g.e.\. p.r.i.n. [0770] 74 00 24 00 5C 00 78 00 36 00 34 00 5C 00 33 00 t.$.\.x. 6.4.\.3. [0780] 5C 00 48 00 50 00 5F 00 34 00 35 00 31 00 35 00 \.H.P._. 4.5.1.5. [0790] 2E 00 70 00 70 00 64 00 00 00 5C 00 5C 00 6F 00 ..p.p.d. ..\.\.o. [07A0] 72 00 61 00 6E 00 67 00 65 00 5C 00 70 00 72 00 r.a.n.g. e.\.p.r. [07B0] 69 00 6E 00 74 00 24 00 5C 00 78 00 36 00 34 00 i.n.t.$. \.x.6.4. [07C0] 5C 00 33 00 5C 00 70 00 73 00 63 00 72 00 69 00 \.3.\.p. s.c.r.i. [07D0] 70 00 74 00 35 00 2E 00 64 00 6C 00 6C 00 00 00 p.t.5... d.l.l... [07E0] 57 00 69 00 6E 00 64 00 6F 00 77 00 73 00 20 00 W.i.n.d. o.w.s. . [07F0] 78 00 36 00 34 00 00 00 48 00 50 00 5F 00 34 00 x.6.4... H.P._.4. [0800] 35 00 31 00 35 00 00 00 E0 03 00 00 00 00 00 00 5.1.5... ........ [0810] 00 00 00 00 00 00 00 00 ........ [2012/08/30 15:27:55.070619, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) free_pipe_context: destroying talloc pool of size 2234 [2012/08/30 15:27:55.070756, 10] rpc_server/rpc_handles.c:307(close_policy_by_pipe) close_policy_by_pipe: deleted handle list for pipe \winreg [2012/08/30 15:27:55.070893, 10] rpc_server/srv_pipe_hnd.c:788(np_read_recv) Received 2096 bytes. There is no more data outstanding [2012/08/30 15:27:55.071015, 5] smbd/ipc.c:62(copy_trans_params_and_data) copy_trans_params_and_data: params[0..0] data[0..2096] (align 0) [2012/08/30 15:27:55.071138, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:55.071199, 5] lib/util.c:342(show_msg) size=2152 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=1 smb_pid=1080 smb_uid=100 smb_mid=9600 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 2096 (0x830) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 2096 (0x830) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=2097 [2012/08/30 15:27:55.076254, 10] ../lib/util/util.c:415(dump_data) [0000] 00 05 00 02 03 10 00 00 00 30 08 00 00 07 00 00 ........ .0...... [0010] 00 18 08 00 00 00 00 00 00 08 00 02 00 00 08 00 ........ ........ [0020] 00 03 00 00 00 F0 07 00 00 D8 07 00 00 92 07 00 ........ ........ [0030] 00 4E 07 00 00 0E 07 00 00 CA 06 00 00 AE 04 00 .N...... ........ [0040] 00 AC 04 00 00 A4 04 00 00 00 00 00 00 00 00 00 ........ ........ [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0060] 00 A2 04 00 00 A0 04 00 00 9E 04 00 00 9C 04 00 ........ ........ [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [2012/08/30 15:27:55.080455, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 82 [2012/08/30 15:27:55.080584, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x52 [2012/08/30 15:27:55.080681, 3] smbd/process.c:1662(process_smb) Transaction 72 of length 86 (0 toread) [2012/08/30 15:27:55.080801, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:55.080842, 5] lib/util.c:342(show_msg) size=82 smb_com=0x75 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=0 smb_pid=65279 smb_uid=100 smb_mid=9664 smt_wct=4 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 82 (0x52) smb_vwv[ 2]= 8 (0x8) smb_vwv[ 3]= 1 (0x1) smb_bcc=39 [2012/08/30 15:27:55.084106, 10] ../lib/util/util.c:415(dump_data) [0000] 00 5C 00 5C 00 4F 00 52 00 41 00 4E 00 47 00 45 .\.\.O.R .A.N.G.E [0010] 00 5C 00 50 00 52 00 49 00 4E 00 54 00 24 00 00 .\.P.R.I .N.T.$.. [0020] 00 3F 3F 3F 3F 3F 00 .?????. [2012/08/30 15:27:55.084514, 3] smbd/process.c:1467(switch_message) switch message SMBtconX (pid 3054) conn 0x0 [2012/08/30 15:27:55.084698, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2012/08/30 15:27:55.084897, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2012/08/30 15:27:55.085082, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2012/08/30 15:27:55.085361, 5] smbd/uid.c:400(change_to_root_user) change_to_root_user: now uid=(0,0) gid=(0,0) [2012/08/30 15:27:55.085557, 4] smbd/reply.c:794(reply_tcon_and_X) Client requested device type [?????] for share [PRINT$] [2012/08/30 15:27:55.085757, 5] smbd/service.c:1354(make_connection) making a connection to 'normal' service print$ [2012/08/30 15:27:55.085946, 3] lib/access.c:338(allow_access) Allowed connection from 192.168.30.50 (192.168.30.50) [2012/08/30 15:27:55.086163, 3] ../libcli/security/dom_sid.c:208(dom_sid_parse_endp) string_to_sid: SID root is not in a valid format [2012/08/30 15:27:55.086349, 10] passdb/lookup_sid.c:76(lookup_name) lookup_name: ACR\root => domain=[ACR], name=[root] [2012/08/30 15:27:55.086529, 10] passdb/lookup_sid.c:77(lookup_name) lookup_name: flags = 0x073 [2012/08/30 15:27:55.086710, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2012/08/30 15:27:55.086888, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2012/08/30 15:27:55.087068, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2012/08/30 15:27:55.087259, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2012/08/30 15:27:55.087461, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2012/08/30 15:27:55.087791, 5] lib/smbldap.c:1439(smbldap_search_ext) smbldap_search_ext: base => [dc=acr,dc=lab], filter => [(&(uid=root)(objectclass=sambaSamAccount))], scope => [2] [2012/08/30 15:27:55.091724, 4] passdb/pdb_ldap.c:1581(ldapsam_getsampwnam) ldapsam_getsampwnam: Unable to locate user [root] count=0 [2012/08/30 15:27:55.092021, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2012/08/30 15:27:55.092235, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2012/08/30 15:27:55.092449, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2012/08/30 15:27:55.092626, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2012/08/30 15:27:55.092820, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2012/08/30 15:27:55.093005, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2012/08/30 15:27:55.093280, 5] lib/smbldap.c:1439(smbldap_search_ext) smbldap_search_ext: base => [dc=acr,dc=lab], filter => [(&(objectClass=sambaGroupMapping)(|(displayName=root)(cn=root)))], scope => [2] [2012/08/30 15:27:55.101837, 4] passdb/pdb_ldap.c:2543(ldapsam_getgroup) ldapsam_getgroup: Did not find group, filter was (&(objectClass=sambaGroupMapping)(|(displayName=root)(cn=root))) [2012/08/30 15:27:55.102215, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2012/08/30 15:27:55.102349, 10] passdb/lookup_sid.c:76(lookup_name) lookup_name: Unix User\root => domain=[Unix User], name=[root] [2012/08/30 15:27:55.102467, 10] passdb/lookup_sid.c:77(lookup_name) lookup_name: flags = 0x073 [2012/08/30 15:27:55.102595, 5] lib/username.c:171(Get_Pwnam_alloc) Finding user root [2012/08/30 15:27:55.102712, 5] lib/username.c:116(Get_Pwnam_internals) Trying _Get_Pwnam(), username as lowercase is root [2012/08/30 15:27:55.102831, 5] lib/username.c:149(Get_Pwnam_internals) Get_Pwnam_internals did find user [root]! [2012/08/30 15:27:55.102952, 10] smbd/share_access.c:241(user_ok_token) user_ok_token: share print$ is ok for unix user administrator [2012/08/30 15:27:55.103117, 5] lib/username.c:171(Get_Pwnam_alloc) Finding user administrator [2012/08/30 15:27:55.103249, 5] lib/username.c:116(Get_Pwnam_internals) Trying _Get_Pwnam(), username as lowercase is administrator [2012/08/30 15:27:55.103368, 5] lib/username.c:149(Get_Pwnam_internals) Get_Pwnam_internals did find user [administrator]! [2012/08/30 15:27:55.103493, 10] smbd/service.c:162(set_conn_connectpath) set_conn_connectpath: service print$, connectpath = /var/lib/samba/printers [2012/08/30 15:27:55.103624, 3] smbd/service.c:872(make_connection_snum) Connect path is '/var/lib/samba/printers' for service [print$] [2012/08/30 15:27:55.103758, 10] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0x10000000 to 0x001f01ff [2012/08/30 15:27:55.104763, 10] ../libcli/security/access_check.c:178(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0x101f01ff, remaining = 0x101f01ff [2012/08/30 15:27:55.104888, 3] smbd/vfs.c:102(vfs_init_default) Initialising default vfs hooks [2012/08/30 15:27:55.105005, 3] smbd/vfs.c:128(vfs_init_custom) Initialising custom vfs hooks from [/[Default VFS]/] [2012/08/30 15:27:55.105123, 10] smbd/vfs.c:53(vfs_find_backend_entry) vfs_find_backend_entry called for /[Default VFS]/ Successfully loaded vfs module [/[Default VFS]/] with the new modules system [2012/08/30 15:27:55.105329, 5] smbd/connection.c:134(claim_connection) claiming [print$] [2012/08/30 15:27:55.105491, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key EE0B0000FFFFFFFF00D9 [2012/08/30 15:27:55.105626, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fd50c00dd00 [2012/08/30 15:27:55.105770, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key EE0B0000FFFFFFFF00D9 [2012/08/30 15:27:55.106040, 10] smbd/service.c:162(set_conn_connectpath) set_conn_connectpath: service print$, connectpath = /var/lib/samba/printers [2012/08/30 15:27:55.106164, 3] ../libcli/security/dom_sid.c:208(dom_sid_parse_endp) string_to_sid: SID root is not in a valid format [2012/08/30 15:27:55.106284, 10] passdb/lookup_sid.c:76(lookup_name) lookup_name: ACR\root => domain=[ACR], name=[root] [2012/08/30 15:27:55.106401, 10] passdb/lookup_sid.c:77(lookup_name) lookup_name: flags = 0x073 [2012/08/30 15:27:55.112685, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2012/08/30 15:27:55.112834, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2012/08/30 15:27:55.113007, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2012/08/30 15:27:55.113136, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2012/08/30 15:27:55.113262, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2012/08/30 15:27:55.113471, 5] lib/smbldap.c:1439(smbldap_search_ext) smbldap_search_ext: base => [dc=acr,dc=lab], filter => [(&(uid=root)(objectclass=sambaSamAccount))], scope => [2] [2012/08/30 15:27:55.114698, 4] passdb/pdb_ldap.c:1581(ldapsam_getsampwnam) ldapsam_getsampwnam: Unable to locate user [root] count=0 [2012/08/30 15:27:55.114877, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2012/08/30 15:27:55.114998, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2012/08/30 15:27:55.115116, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2012/08/30 15:27:55.115240, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2012/08/30 15:27:55.115548, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2012/08/30 15:27:55.115723, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2012/08/30 15:27:55.115914, 5] lib/smbldap.c:1439(smbldap_search_ext) smbldap_search_ext: base => [dc=acr,dc=lab], filter => [(&(objectClass=sambaGroupMapping)(|(displayName=root)(cn=root)))], scope => [2] [2012/08/30 15:27:55.117597, 4] passdb/pdb_ldap.c:2543(ldapsam_getgroup) ldapsam_getgroup: Did not find group, filter was (&(objectClass=sambaGroupMapping)(|(displayName=root)(cn=root))) [2012/08/30 15:27:55.117789, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2012/08/30 15:27:55.117914, 10] passdb/lookup_sid.c:76(lookup_name) lookup_name: Unix User\root => domain=[Unix User], name=[root] [2012/08/30 15:27:55.118032, 10] passdb/lookup_sid.c:77(lookup_name) lookup_name: flags = 0x073 [2012/08/30 15:27:55.118191, 5] lib/username.c:171(Get_Pwnam_alloc) Finding user root [2012/08/30 15:27:55.118309, 5] lib/username.c:116(Get_Pwnam_internals) Trying _Get_Pwnam(), username as lowercase is root [2012/08/30 15:27:55.118428, 5] lib/username.c:149(Get_Pwnam_internals) Get_Pwnam_internals did find user [root]! [2012/08/30 15:27:55.118549, 10] smbd/share_access.c:241(user_ok_token) user_ok_token: share print$ is ok for unix user administrator [2012/08/30 15:27:55.118669, 10] smbd/share_access.c:286(is_share_read_only_for_token) is_share_read_only_for_user: share print$ is read-write for unix user administrator [2012/08/30 15:27:55.118808, 10] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0x10000000 to 0x001f01ff [2012/08/30 15:27:55.118934, 10] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0x10000000 to 0x001f01ff [2012/08/30 15:27:55.119074, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (10000, 513) - sec_ctx_stack_ndx = 0 [2012/08/30 15:27:55.119349, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (14): SID[ 0]: S-1-5-21-3266308635-3715972288-3547500332-1001 SID[ 1]: S-1-5-21-3266308635-3715972288-3547500332-513 SID[ 2]: S-1-5-21-3266308635-3715972288-3547500332-512 SID[ 3]: S-1-5-21-3266308635-3715972288-3547500332-514 SID[ 4]: S-1-5-21-3266308635-3715972288-3547500332-515 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-10000 SID[ 10]: S-1-22-2-513 SID[ 11]: S-1-22-2-512 SID[ 12]: S-1-22-2-514 SID[ 13]: S-1-22-2-515 Privileges (0x 1FFFFFF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Privilege[ 8]: SeSecurityPrivilege Privilege[ 9]: SeSystemtimePrivilege Privilege[ 10]: SeShutdownPrivilege Privilege[ 11]: SeDebugPrivilege Privilege[ 12]: SeSystemEnvironmentPrivilege Privilege[ 13]: SeSystemProfilePrivilege Privilege[ 14]: SeProfileSingleProcessPrivilege Privilege[ 15]: SeIncreaseBasePriorityPrivilege Privilege[ 16]: SeLoadDriverPrivilege Privilege[ 17]: SeCreatePagefilePrivilege Privilege[ 18]: SeIncreaseQuotaPrivilege Privilege[ 19]: SeChangeNotifyPrivilege Privilege[ 20]: SeUndockPrivilege Privilege[ 21]: SeManageVolumePrivilege Privilege[ 22]: SeImpersonatePrivilege Privilege[ 23]: SeCreateGlobalPrivilege Privilege[ 24]: SeEnableDelegationPrivilege Rights (0x 0): [2012/08/30 15:27:55.123141, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 10000 Primary group is 513 and contains 4 supplementary groups Group[ 0]: 513 Group[ 1]: 512 Group[ 2]: 514 Group[ 3]: 515 [2012/08/30 15:27:55.131756, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,10000), gid=(0,513) [2012/08/30 15:27:55.131908, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2012/08/30 15:27:55.132107, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2012/08/30 15:27:55.132225, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2012/08/30 15:27:55.132409, 5] smbd/uid.c:400(change_to_root_user) change_to_root_user: now uid=(0,0) gid=(0,0) [2012/08/30 15:27:55.132538, 10] smbd/service.c:162(set_conn_connectpath) set_conn_connectpath: service print$, connectpath = /var/lib/samba/printers [2012/08/30 15:27:55.132705, 10] modules/vfs_default.c:160(vfswrap_fs_capabilities) vfswrap_fs_capabilities: timestamp resolution of sec available on share print$, directory /var/lib/samba/printers [2012/08/30 15:27:55.132826, 1] smbd/service.c:1114(make_connection_snum) panama (192.168.30.50) connect to service print$ initially as user administrator (uid=10000, gid=513) (pid 3054) [2012/08/30 15:27:55.132976, 3] smbd/reply.c:871(reply_tcon_and_X) tconX service=PRINT$ [2012/08/30 15:27:55.143612, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 88 [2012/08/30 15:27:55.143821, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x58 [2012/08/30 15:27:55.143941, 3] smbd/process.c:1662(process_smb) Transaction 73 of length 92 (0 toread) [2012/08/30 15:27:55.144060, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:55.144122, 5] lib/util.c:342(show_msg) size=88 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=1080 smb_uid=100 smb_mid=9728 smt_wct=15 smb_vwv[ 0]= 20 (0x14) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 2 (0x2) smb_vwv[ 3]= 40 (0x28) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 20 (0x14) smb_vwv[10]= 68 (0x44) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 1 (0x1) smb_vwv[14]= 5 (0x5) smb_bcc=23 [2012/08/30 15:27:55.145778, 10] ../lib/util/util.c:415(dump_data) [0000] 00 00 00 EC 03 00 00 00 00 5C 00 78 00 36 00 34 ........ .\.x.6.4 [0010] 00 5C 00 33 00 00 00 .\.3... [2012/08/30 15:27:55.145987, 3] smbd/process.c:1467(switch_message) switch message SMBtrans2 (pid 3054) conn 0x7fd50c011730 [2012/08/30 15:27:55.146113, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (10000, 513) - sec_ctx_stack_ndx = 0 [2012/08/30 15:27:55.146257, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (14): SID[ 0]: S-1-5-21-3266308635-3715972288-3547500332-1001 SID[ 1]: S-1-5-21-3266308635-3715972288-3547500332-513 SID[ 2]: S-1-5-21-3266308635-3715972288-3547500332-512 SID[ 3]: S-1-5-21-3266308635-3715972288-3547500332-514 SID[ 4]: S-1-5-21-3266308635-3715972288-3547500332-515 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-10000 SID[ 10]: S-1-22-2-513 SID[ 11]: S-1-22-2-512 SID[ 12]: S-1-22-2-514 SID[ 13]: S-1-22-2-515 Privileges (0x 1FFFFFF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Privilege[ 8]: SeSecurityPrivilege Privilege[ 9]: SeSystemtimePrivilege Privilege[ 10]: SeShutdownPrivilege Privilege[ 11]: SeDebugPrivilege Privilege[ 12]: SeSystemEnvironmentPrivilege Privilege[ 13]: SeSystemProfilePrivilege Privilege[ 14]: SeProfileSingleProcessPrivilege Privilege[ 15]: SeIncreaseBasePriorityPrivilege Privilege[ 16]: SeLoadDriverPrivilege Privilege[ 17]: SeCreatePagefilePrivilege Privilege[ 18]: SeIncreaseQuotaPrivilege Privilege[ 19]: SeChangeNotifyPrivilege Privilege[ 20]: SeUndockPrivilege Privilege[ 21]: SeManageVolumePrivilege Privilege[ 22]: SeImpersonatePrivilege Privilege[ 23]: SeCreateGlobalPrivilege Privilege[ 24]: SeEnableDelegationPrivilege Rights (0x 0): [2012/08/30 15:27:55.148872, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 10000 Primary group is 513 and contains 4 supplementary groups Group[ 0]: 513 Group[ 1]: 512 Group[ 2]: 514 Group[ 3]: 515 [2012/08/30 15:27:55.149286, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,10000), gid=(0,513) [2012/08/30 15:27:55.149408, 4] smbd/vfs.c:780(vfs_ChDir) vfs_ChDir to /var/lib/samba/printers [2012/08/30 15:27:55.149562, 3] smbd/trans2.c:5111(call_trans2qfilepathinfo) call_trans2qfilepathinfo: TRANSACT2_QPATHINFO: level = 1004 [2012/08/30 15:27:55.149861, 5] smbd/filename.c:257(unix_convert) unix_convert called on file "x64/3" [2012/08/30 15:27:55.150020, 10] smbd/statcache.c:244(stat_cache_lookup) stat_cache_lookup: lookup failed for name [X64/3] [2012/08/30 15:27:55.150138, 10] smbd/statcache.c:244(stat_cache_lookup) stat_cache_lookup: lookup failed for name [X64] [2012/08/30 15:27:55.150256, 5] smbd/filename.c:416(unix_convert) unix_convert begin: name = x64/3, dirpath = , start = x64/3 [2012/08/30 15:27:55.150383, 5] smbd/statcache.c:143(stat_cache_add) stat_cache_add: Added entry (7fd50c00d2b0:size 5) X64/3 -> x64/3 [2012/08/30 15:27:55.150501, 5] smbd/filename.c:439(unix_convert) conversion of base_name finished x64/3 -> x64/3 [2012/08/30 15:27:55.150641, 3] smbd/vfs.c:905(check_reduced_name) check_reduced_name [x64/3] [/var/lib/samba/printers] [2012/08/30 15:27:55.150778, 10] smbd/vfs.c:969(check_reduced_name) check_reduced_name realpath [x64/3] -> [/var/lib/samba/printers/x64/3] [2012/08/30 15:27:55.150899, 3] smbd/vfs.c:1039(check_reduced_name) check_reduced_name: x64/3 reduced to /var/lib/samba/printers/x64/3 [2012/08/30 15:27:55.151026, 10] smbd/files.c:705(file_name_hash) file_name_hash: /var/lib/samba/printers/x64/3 hash 0xc724eb9f [2012/08/30 15:27:55.151258, 10] locking/locking.c:1026(fetch_share_mode_unlocked) fetch_share_mode_unlocked: no share_mode record around (file not open) [2012/08/30 15:27:55.151428, 3] smbd/trans2.c:5255(call_trans2qfilepathinfo) call_trans2qfilepathinfo x64/3 (fnum = -1) level=1004 call=5 total_data=0 [2012/08/30 15:27:55.156731, 5] smbd/trans2.c:4223(smbd_do_qfilepathinfo) smbd_do_qfilepathinfo: x64/3 (fnum = -1) level=1004 max_data=40 [2012/08/30 15:27:55.156904, 8] smbd/dosmode.c:621(dos_mode) dos_mode: x64/3 [2012/08/30 15:27:55.157049, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning d [2012/08/30 15:27:55.157169, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning d [2012/08/30 15:27:55.157337, 10] smbd/trans2.c:4452(smbd_do_qfilepathinfo) smbd_do_qfilepathinfo: SMB_FILE_BASIC_INFORMATION [2012/08/30 15:27:55.157456, 5] smbd/trans2.c:4462(smbd_do_qfilepathinfo) SMB_QFBI - create: Wed Aug 15 16:54:38 2012 access: Tue Aug 21 16:18:45 2012 write: Wed Aug 15 16:54:38 2012 change: Wed Aug 15 16:54:38 2012 mode: 10 [2012/08/30 15:27:55.157813, 9] smbd/trans2.c:935(send_trans2_replies) t2_rep: params_sent_thistime = 2, data_sent_thistime = 40, useable_space = 131010 [2012/08/30 15:27:55.157933, 9] smbd/trans2.c:937(send_trans2_replies) t2_rep: params_to_send = 2, data_to_send = 40, paramsize = 2, datasize = 40 [2012/08/30 15:27:55.158050, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:55.158112, 5] lib/util.c:342(show_msg) size=100 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=2 smb_pid=1080 smb_uid=100 smb_mid=9728 smt_wct=10 smb_vwv[ 0]= 2 (0x2) smb_vwv[ 1]= 40 (0x28) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 2 (0x2) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 40 (0x28) smb_vwv[ 7]= 60 (0x3C) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=45 [2012/08/30 15:27:55.159629, 10] ../lib/util/util.c:415(dump_data) [0000] 00 00 00 00 00 D2 15 EE 2E 28 7B CD 01 49 86 25 ........ .({..I.% [0010] 2A DA 7F CD 01 D2 15 EE 2E 28 7B CD 01 D2 15 EE *....... .({..... [0020] 2E 28 7B CD 01 10 00 00 00 00 00 00 00 .({..... ..... [2012/08/30 15:27:55.163642, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 88 [2012/08/30 15:27:55.163887, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x58 [2012/08/30 15:27:55.164027, 3] smbd/process.c:1662(process_smb) Transaction 74 of length 92 (0 toread) [2012/08/30 15:27:55.164147, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:55.164208, 5] lib/util.c:342(show_msg) size=88 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=1080 smb_uid=100 smb_mid=9792 smt_wct=15 smb_vwv[ 0]= 20 (0x14) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 2 (0x2) smb_vwv[ 3]= 24 (0x18) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 20 (0x14) smb_vwv[10]= 68 (0x44) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 1 (0x1) smb_vwv[14]= 5 (0x5) smb_bcc=23 [2012/08/30 15:27:55.165877, 10] ../lib/util/util.c:415(dump_data) [0000] 00 00 00 ED 03 00 00 00 00 5C 00 78 00 36 00 34 ........ .\.x.6.4 [0010] 00 5C 00 33 00 00 00 .\.3... [2012/08/30 15:27:55.166079, 3] smbd/process.c:1467(switch_message) switch message SMBtrans2 (pid 3054) conn 0x7fd50c011730 [2012/08/30 15:27:55.166201, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/08/30 15:27:55.166335, 3] smbd/trans2.c:5111(call_trans2qfilepathinfo) call_trans2qfilepathinfo: TRANSACT2_QPATHINFO: level = 1005 [2012/08/30 15:27:55.166467, 5] smbd/filename.c:257(unix_convert) unix_convert called on file "x64/3" [2012/08/30 15:27:55.166608, 10] smbd/statcache.c:283(stat_cache_lookup) stat_cache_lookup: lookup succeeded for name [X64/3] -> [x64/3] [2012/08/30 15:27:55.166734, 3] smbd/vfs.c:905(check_reduced_name) check_reduced_name [x64/3] [/var/lib/samba/printers] [2012/08/30 15:27:55.166863, 10] smbd/vfs.c:969(check_reduced_name) check_reduced_name realpath [x64/3] -> [/var/lib/samba/printers/x64/3] [2012/08/30 15:27:55.166985, 3] smbd/vfs.c:1039(check_reduced_name) check_reduced_name: x64/3 reduced to /var/lib/samba/printers/x64/3 [2012/08/30 15:27:55.167112, 10] smbd/files.c:705(file_name_hash) file_name_hash: /var/lib/samba/printers/x64/3 hash 0xc724eb9f [2012/08/30 15:27:55.167244, 10] locking/locking.c:1026(fetch_share_mode_unlocked) fetch_share_mode_unlocked: no share_mode record around (file not open) [2012/08/30 15:27:55.171642, 3] smbd/trans2.c:5255(call_trans2qfilepathinfo) call_trans2qfilepathinfo x64/3 (fnum = -1) level=1005 call=5 total_data=0 [2012/08/30 15:27:55.171838, 5] smbd/trans2.c:4223(smbd_do_qfilepathinfo) smbd_do_qfilepathinfo: x64/3 (fnum = -1) level=1005 max_data=24 [2012/08/30 15:27:55.171978, 8] smbd/dosmode.c:621(dos_mode) dos_mode: x64/3 [2012/08/30 15:27:55.172098, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning d [2012/08/30 15:27:55.172217, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning d [2012/08/30 15:27:55.172358, 10] smbd/trans2.c:4473(smbd_do_qfilepathinfo) smbd_do_qfilepathinfo: SMB_FILE_STANDARD_INFORMATION [2012/08/30 15:27:55.172479, 9] smbd/trans2.c:935(send_trans2_replies) t2_rep: params_sent_thistime = 2, data_sent_thistime = 24, useable_space = 131010 [2012/08/30 15:27:55.172597, 9] smbd/trans2.c:937(send_trans2_replies) t2_rep: params_to_send = 2, data_to_send = 24, paramsize = 2, datasize = 24 [2012/08/30 15:27:55.172717, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:55.172774, 5] lib/util.c:342(show_msg) size=84 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=2 smb_pid=1080 smb_uid=100 smb_mid=9792 smt_wct=10 smb_vwv[ 0]= 2 (0x2) smb_vwv[ 1]= 24 (0x18) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 2 (0x2) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 24 (0x18) smb_vwv[ 7]= 60 (0x3C) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=29 [2012/08/30 15:27:55.174174, 10] ../lib/util/util.c:415(dump_data) [0000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0010] 00 00 00 00 00 01 00 00 00 00 01 00 00 ........ ..... [2012/08/30 15:27:55.177064, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 120 [2012/08/30 15:27:55.177295, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x78 [2012/08/30 15:27:55.177421, 3] smbd/process.c:1662(process_smb) Transaction 75 of length 124 (0 toread) [2012/08/30 15:27:55.177542, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:55.177605, 5] lib/util.c:342(show_msg) size=120 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=1080 smb_uid=100 smb_mid=9856 smt_wct=15 smb_vwv[ 0]= 52 (0x34) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 10 (0xA) smb_vwv[ 3]=16384 (0x4000) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 52 (0x34) smb_vwv[10]= 68 (0x44) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 1 (0x1) smb_vwv[14]= 1 (0x1) smb_bcc=55 [2012/08/30 15:27:55.179449, 10] ../lib/util/util.c:415(dump_data) [0000] 00 00 00 16 00 56 05 07 00 04 01 00 00 00 00 5C .....V.. .......\ [0010] 00 78 00 36 00 34 00 5C 00 33 00 5C 00 70 00 73 .x.6.4.\ .3.\.p.s [0020] 00 63 00 72 00 69 00 70 00 74 00 35 00 2E 00 64 .c.r.i.p .t.5...d [0030] 00 6C 00 6C 00 00 00 .l.l... [2012/08/30 15:27:55.184688, 3] smbd/process.c:1467(switch_message) switch message SMBtrans2 (pid 3054) conn 0x7fd50c011730 [2012/08/30 15:27:55.184827, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/08/30 15:27:55.184981, 3] smbd/trans2.c:2286(call_trans2findfirst) call_trans2findfirst: dirtype = 16, maxentries = 1366, close_after_first=1, close_if_end = 1 requires_resume_key = 1 level = 0x104, max_data_bytes = 16384 [2012/08/30 15:27:55.185149, 5] smbd/filename.c:257(unix_convert) unix_convert called on file "x64/3/pscript5.dll" [2012/08/30 15:27:55.185272, 10] smbd/statcache.c:244(stat_cache_lookup) stat_cache_lookup: lookup failed for name [X64/3/PSCRIPT5.DLL] [2012/08/30 15:27:55.185391, 10] smbd/statcache.c:283(stat_cache_lookup) stat_cache_lookup: lookup succeeded for name [X64/3] -> [x64/3] [2012/08/30 15:27:55.185533, 5] smbd/filename.c:416(unix_convert) unix_convert begin: name = x64/3/pscript5.dll, dirpath = x64/3, start = pscript5.dll [2012/08/30 15:27:55.185658, 5] smbd/statcache.c:143(stat_cache_add) stat_cache_add: Added entry (7fd50c00d2c0:size 12) X64/3/PSCRIPT5.DLL -> x64/3/pscript5.dll [2012/08/30 15:27:55.186312, 5] smbd/filename.c:439(unix_convert) conversion of base_name finished x64/3/pscript5.dll -> x64/3/pscript5.dll [2012/08/30 15:27:55.186438, 3] smbd/vfs.c:905(check_reduced_name) check_reduced_name [x64/3/pscript5.dll] [/var/lib/samba/printers] [2012/08/30 15:27:55.186588, 10] smbd/vfs.c:969(check_reduced_name) check_reduced_name realpath [x64/3/pscript5.dll] -> [/var/lib/samba/printers/x64/3/pscript5.dll] [2012/08/30 15:27:55.186706, 3] smbd/vfs.c:1039(check_reduced_name) check_reduced_name: x64/3/pscript5.dll reduced to /var/lib/samba/printers/x64/3/pscript5.dll [2012/08/30 15:27:55.186825, 5] smbd/trans2.c:2371(call_trans2findfirst) dir=x64/3, mask = pscript5.dll [2012/08/30 15:27:55.186971, 5] smbd/dir.c:439(dptr_create) dptr_create dir=x64/3 [2012/08/30 15:27:55.187089, 3] smbd/vfs.c:905(check_reduced_name) check_reduced_name [x64/3] [/var/lib/samba/printers] [2012/08/30 15:27:55.187213, 10] smbd/vfs.c:969(check_reduced_name) check_reduced_name realpath [x64/3] -> [/var/lib/samba/printers/x64/3] [2012/08/30 15:27:55.187333, 3] smbd/vfs.c:1039(check_reduced_name) check_reduced_name: x64/3 reduced to /var/lib/samba/printers/x64/3 [2012/08/30 15:27:55.187501, 3] smbd/dir.c:578(dptr_create) creating new dirptr 256 for path x64/3, expect_close = 1 [2012/08/30 15:27:55.187638, 4] smbd/trans2.c:2439(call_trans2findfirst) dptr_num is 256, wcard = pscript5.dll, attr = 22 [2012/08/30 15:27:55.187788, 8] smbd/trans2.c:2448(call_trans2findfirst) dirpath= dontdescend=<> [2012/08/30 15:27:55.187942, 6] smbd/dir.c:969(smbd_dirptr_get_entry) smbd_dirptr_get_entry: dirptr 0x7fd50c019f50 now at offset -1 [2012/08/30 15:27:55.188143, 8] smbd/dosmode.c:621(dos_mode) dos_mode: x64/3/pscript5.dll [2012/08/30 15:27:55.188263, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning a [2012/08/30 15:27:55.188392, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning a [2012/08/30 15:27:55.188622, 10] locking/locking.c:1026(fetch_share_mode_unlocked) fetch_share_mode_unlocked: no share_mode record around (file not open) [2012/08/30 15:27:55.188743, 3] smbd/dir.c:1041(smbd_dirptr_get_entry) smbd_dirptr_get_entry mask=[pscript5.dll] found x64/3/pscript5.dll fname=pscript5.dll (pscript5.dll) [2012/08/30 15:27:55.188911, 10] smbd/trans2.c:1572(smbd_marshall_dir_entry) smbd_marshall_dir_entry: space_remaining = 16384 [2012/08/30 15:27:55.189029, 10] smbd/trans2.c:1721(smbd_marshall_dir_entry) smbd_marshall_dir_entry: SMB_FIND_FILE_BOTH_DIRECTORY_INFO [2012/08/30 15:27:55.189176, 5] smbd/trans2.c:2505(call_trans2findfirst) call_trans2findfirst - (2) closing dptr_num 256 [2012/08/30 15:27:55.189294, 4] smbd/dir.c:257(dptr_close_internal) closing dptr key 256 [2012/08/30 15:27:55.189429, 9] smbd/trans2.c:935(send_trans2_replies) t2_rep: params_sent_thistime = 10, data_sent_thistime = 120, useable_space = 131010 [2012/08/30 15:27:55.189565, 9] smbd/trans2.c:937(send_trans2_replies) t2_rep: params_to_send = 10, data_to_send = 120, paramsize = 10, datasize = 120 [2012/08/30 15:27:55.189682, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:55.189744, 5] lib/util.c:342(show_msg) size=188 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=2 smb_pid=1080 smb_uid=100 smb_mid=9856 smt_wct=10 smb_vwv[ 0]= 10 (0xA) smb_vwv[ 1]= 120 (0x78) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 10 (0xA) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 120 (0x78) smb_vwv[ 7]= 68 (0x44) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=133 [2012/08/30 15:27:55.191116, 10] ../lib/util/util.c:415(dump_data) [0000] 00 FD FF 01 00 01 00 00 00 00 00 00 00 78 00 00 ........ .....x.. [0010] 00 00 00 00 00 B0 91 B7 2E 28 7B CD 01 BF 47 1F ........ .({...G. [0020] CC E3 86 CD 01 B0 91 B7 2E 28 7B CD 01 B0 91 B7 ........ .({..... [0030] 2E 28 7B CD 01 00 48 08 00 00 00 00 00 00 00 10 .({...H. ........ [0040] 00 00 00 00 00 20 00 00 00 18 00 00 00 00 00 00 ..... .. ........ [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0060] 00 00 00 00 00 00 00 00 00 00 00 70 00 73 00 63 ........ ...p.s.c [0070] 00 72 00 69 00 70 00 74 00 35 00 2E 00 64 00 6C .r.i.p.t .5...d.l [0080] 00 6C 00 00 00 .l... [2012/08/30 15:27:55.199482, 4] smbd/trans2.c:2549(call_trans2findfirst) SMBtrans2 mask=pscript5.dll directory=x64/3 dirtype=22 numentries=1 [2012/08/30 15:27:55.877369, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 128 [2012/08/30 15:27:55.877582, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x80 [2012/08/30 15:27:55.877693, 3] smbd/process.c:1662(process_smb) Transaction 76 of length 132 (0 toread) [2012/08/30 15:27:55.877813, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:55.877875, 5] lib/util.c:342(show_msg) size=128 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=1080 smb_uid=100 smb_mid=9920 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 44 (0x2C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 44 (0x2C) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=17760 (0x4560) smb_bcc=61 [2012/08/30 15:27:55.879836, 10] ../lib/util/util.c:415(dump_data) [0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [0010] 00 05 00 00 03 10 00 00 00 2C 00 00 00 08 00 00 ........ .,...... [0020] 00 14 00 00 00 00 00 1D 00 00 00 00 00 40 00 00 ........ .....@.. [0030] 00 00 00 00 00 3F 50 BA BE EE 0B 00 00 .....?P. ..... [2012/08/30 15:27:55.880192, 3] smbd/process.c:1467(switch_message) switch message SMBtrans (pid 3054) conn 0x7fd50c02fa20 [2012/08/30 15:27:55.880323, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (10000, 513) - sec_ctx_stack_ndx = 0 [2012/08/30 15:27:55.880446, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (14): SID[ 0]: S-1-5-21-3266308635-3715972288-3547500332-1001 SID[ 1]: S-1-5-21-3266308635-3715972288-3547500332-513 SID[ 2]: S-1-5-21-3266308635-3715972288-3547500332-512 SID[ 3]: S-1-5-21-3266308635-3715972288-3547500332-514 SID[ 4]: S-1-5-21-3266308635-3715972288-3547500332-515 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-10000 SID[ 10]: S-1-22-2-513 SID[ 11]: S-1-22-2-512 SID[ 12]: S-1-22-2-514 SID[ 13]: S-1-22-2-515 Privileges (0x 1FFFFFF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Privilege[ 8]: SeSecurityPrivilege Privilege[ 9]: SeSystemtimePrivilege Privilege[ 10]: SeShutdownPrivilege Privilege[ 11]: SeDebugPrivilege Privilege[ 12]: SeSystemEnvironmentPrivilege Privilege[ 13]: SeSystemProfilePrivilege Privilege[ 14]: SeProfileSingleProcessPrivilege Privilege[ 15]: SeIncreaseBasePriorityPrivilege Privilege[ 16]: SeLoadDriverPrivilege Privilege[ 17]: SeCreatePagefilePrivilege Privilege[ 18]: SeIncreaseQuotaPrivilege Privilege[ 19]: SeChangeNotifyPrivilege Privilege[ 20]: SeUndockPrivilege Privilege[ 21]: SeManageVolumePrivilege Privilege[ 22]: SeImpersonatePrivilege Privilege[ 23]: SeCreateGlobalPrivilege Privilege[ 24]: SeEnableDelegationPrivilege Rights (0x 0): [2012/08/30 15:27:55.882943, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 10000 Primary group is 513 and contains 4 supplementary groups Group[ 0]: 513 Group[ 1]: 512 Group[ 2]: 514 Group[ 3]: 515 [2012/08/30 15:27:55.883409, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,10000), gid=(0,513) [2012/08/30 15:27:55.883656, 4] smbd/vfs.c:780(vfs_ChDir) vfs_ChDir to /tmp [2012/08/30 15:27:55.883797, 3] smbd/ipc.c:560(handle_trans) trans <\PIPE\> data=44 params=0 setup=2 [2012/08/30 15:27:55.883918, 5] smbd/ipc.c:593(handle_trans) calling named_pipe [2012/08/30 15:27:55.884035, 3] smbd/ipc.c:511(named_pipe) named pipe command on <> name [2012/08/30 15:27:55.884153, 5] smbd/ipc.c:434(api_fd_reply) api_fd_reply [2012/08/30 15:27:55.884271, 3] smbd/ipc.c:475(api_fd_reply) Got API command 0x26 on pipe "spoolss" (pnum 4560) [2012/08/30 15:27:55.884392, 10] smbd/ipc.c:477(api_fd_reply) api_fd_reply: p:0x7fd50c02c9d0 max_trans_reply: 4280 [2012/08/30 15:27:55.884512, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 44 [2012/08/30 15:27:55.884631, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 44 [2012/08/30 15:27:55.884750, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 44 [2012/08/30 15:27:55.884868, 10] rpc_server/srv_pipe_hnd.c:50(fill_rpc_header) fill_rpc_header: data_to_copy = 44, len_needed_to_complete_hdr = 16, receive_len = 0 [2012/08/30 15:27:55.884987, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 16 [2012/08/30 15:27:55.885104, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 28 [2012/08/30 15:27:55.885222, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 28 [2012/08/30 15:27:55.885343, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 0 [2012/08/30 15:27:55.885461, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 28 [2012/08/30 15:27:55.885579, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 28, incoming data = 28 [2012/08/30 15:27:55.885767, 10] rpc_server/srv_pipe.c:1877(process_complete_pdu) PDU is in Little Endian format! [2012/08/30 15:27:55.885959, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_REQUEST (0) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x002c (44) auth_length : 0x0000 (0) call_id : 0x00000008 (8) u : union dcerpc_payload(case 0) request: struct dcerpc_request alloc_hint : 0x00000014 (20) context_id : 0x0000 (0) opnum : 0x001d (29) object : union dcerpc_object(case 0) empty: struct dcerpc_empty _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=20 [0000] 00 00 00 00 40 00 00 00 00 00 00 00 3F 50 BA BE ....@... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:55.887609, 10] rpc_server/srv_pipe.c:1890(process_complete_pdu) Processing packet type 0 [2012/08/30 15:27:55.887732, 10] rpc_server/srv_pipe.c:1734(dcesrv_auth_request) Checking request auth. [2012/08/30 15:27:55.887852, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) Requested \PIPE\\spoolss [2012/08/30 15:27:55.887975, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) api_rpcTNP: \spoolss op 0x1d - api_rpcTNP: rpc command: SPOOLSS_CLOSEPRINTER [2012/08/30 15:27:55.888095, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) api_rpc_cmds[29].fn == 0x7fd50aed00b0 [2012/08/30 15:27:55.888217, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) spoolss_ClosePrinter: struct spoolss_ClosePrinter in: struct spoolss_ClosePrinter handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000040-0000-0000-3f50-babeee0b0000 [2012/08/30 15:27:55.888632, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 40 00 00 00 00 00 00 00 3F 50 BA BE ....@... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:55.888830, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 40 00 00 00 00 00 00 00 3F 50 BA BE ....@... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:55.889071, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 40 00 00 00 00 00 00 00 3F 50 BA BE ....@... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:55.889264, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/08/30 15:27:55.889382, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) spoolss_ClosePrinter: struct spoolss_ClosePrinter out: struct spoolss_ClosePrinter handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2012/08/30 15:27:55.889853, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP) api_rpcTNP: called \spoolss successfully [2012/08/30 15:27:55.889973, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 28 [2012/08/30 15:27:55.890106, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) name: \spoolss len: 4280 [2012/08/30 15:27:55.890225, 10] rpc_server/srv_pipe_hnd.c:346(read_from_internal_pipe) read_from_pipe: \spoolss: fault_state = 0 : data_sent_length = 0, p->out_data.rdata.length = 24. [2012/08/30 15:27:55.890349, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) &r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_RESPONSE (2) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0030 (48) auth_length : 0x0000 (0) call_id : 0x00000008 (8) u : union dcerpc_payload(case 2) response: struct dcerpc_response alloc_hint : 0x00000018 (24) context_id : 0x0000 (0) cancel_count : 0x00 (0) _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=24 [0000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0010] 00 00 00 00 00 00 00 00 ........ [2012/08/30 15:27:55.891818, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) free_pipe_context: destroying talloc pool of size 29 [2012/08/30 15:27:55.891945, 10] rpc_server/srv_pipe_hnd.c:788(np_read_recv) Received 48 bytes. There is no more data outstanding [2012/08/30 15:27:55.892070, 5] smbd/ipc.c:62(copy_trans_params_and_data) copy_trans_params_and_data: params[0..0] data[0..48] (align 0) [2012/08/30 15:27:55.892190, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:55.892404, 5] lib/util.c:342(show_msg) size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=1 smb_pid=1080 smb_uid=100 smb_mid=9920 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [2012/08/30 15:27:55.893733, 10] ../lib/util/util.c:415(dump_data) [0000] 00 05 00 02 03 10 00 00 00 30 00 00 00 08 00 00 ........ .0...... [0010] 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0030] 00 . [2012/08/30 15:27:55.894218, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 128 [2012/08/30 15:27:55.894354, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x80 [2012/08/30 15:27:55.894472, 3] smbd/process.c:1662(process_smb) Transaction 77 of length 132 (0 toread) [2012/08/30 15:27:55.894601, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:55.894663, 5] lib/util.c:342(show_msg) size=128 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=1080 smb_uid=100 smb_mid=9985 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 44 (0x2C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4136 (0x1028) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 44 (0x2C) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=17759 (0x455F) smb_bcc=61 [2012/08/30 15:27:55.896404, 10] ../lib/util/util.c:415(dump_data) [0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [0010] 00 05 00 00 03 10 00 00 00 2C 00 00 00 04 00 00 ........ .,...... [0020] 00 14 00 00 00 00 00 1D 00 00 00 00 00 39 00 00 ........ .....9.. [0030] 00 00 00 00 00 3F 50 B9 BE EE 0B 00 00 .....?P. ..... [2012/08/30 15:27:55.896747, 3] smbd/process.c:1467(switch_message) switch message SMBtrans (pid 3054) conn 0x7fd50c02fa20 [2012/08/30 15:27:55.896868, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/08/30 15:27:55.896998, 3] smbd/ipc.c:560(handle_trans) trans <\PIPE\> data=44 params=0 setup=2 [2012/08/30 15:27:55.897120, 5] smbd/ipc.c:593(handle_trans) calling named_pipe [2012/08/30 15:27:55.897385, 3] smbd/ipc.c:511(named_pipe) named pipe command on <> name [2012/08/30 15:27:55.897514, 5] smbd/ipc.c:434(api_fd_reply) api_fd_reply [2012/08/30 15:27:55.897632, 3] smbd/ipc.c:475(api_fd_reply) Got API command 0x26 on pipe "spoolss" (pnum 455f) [2012/08/30 15:27:55.897752, 10] smbd/ipc.c:477(api_fd_reply) api_fd_reply: p:0x7fd50c02ba70 max_trans_reply: 4136 [2012/08/30 15:27:55.897872, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 44 [2012/08/30 15:27:55.898116, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 44 [2012/08/30 15:27:55.898238, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 44 [2012/08/30 15:27:55.898357, 10] rpc_server/srv_pipe_hnd.c:50(fill_rpc_header) fill_rpc_header: data_to_copy = 44, len_needed_to_complete_hdr = 16, receive_len = 0 [2012/08/30 15:27:55.898630, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 16 [2012/08/30 15:27:55.898765, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 28 [2012/08/30 15:27:55.898916, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 28 [2012/08/30 15:27:55.899047, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 0 [2012/08/30 15:27:55.899165, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 28 [2012/08/30 15:27:55.899285, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 28, incoming data = 28 [2012/08/30 15:27:55.899405, 10] rpc_server/srv_pipe.c:1877(process_complete_pdu) PDU is in Little Endian format! [2012/08/30 15:27:55.900342, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_REQUEST (0) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x002c (44) auth_length : 0x0000 (0) call_id : 0x00000004 (4) u : union dcerpc_payload(case 0) request: struct dcerpc_request alloc_hint : 0x00000014 (20) context_id : 0x0000 (0) opnum : 0x001d (29) object : union dcerpc_object(case 0) empty: struct dcerpc_empty _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=20 [0000] 00 00 00 00 39 00 00 00 00 00 00 00 3F 50 B9 BE ....9... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:55.901852, 10] rpc_server/srv_pipe.c:1890(process_complete_pdu) Processing packet type 0 [2012/08/30 15:27:55.901976, 10] rpc_server/srv_pipe.c:1734(dcesrv_auth_request) Checking request auth. [2012/08/30 15:27:55.902099, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) Requested \PIPE\\spoolss [2012/08/30 15:27:55.902222, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) api_rpcTNP: \spoolss op 0x1d - api_rpcTNP: rpc command: SPOOLSS_CLOSEPRINTER [2012/08/30 15:27:55.902342, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) api_rpc_cmds[29].fn == 0x7fd50aed00b0 [2012/08/30 15:27:55.902463, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) spoolss_ClosePrinter: struct spoolss_ClosePrinter in: struct spoolss_ClosePrinter handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000039-0000-0000-3f50-b9beee0b0000 [2012/08/30 15:27:55.902894, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 39 00 00 00 00 00 00 00 3F 50 B9 BE ....9... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:55.903092, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 39 00 00 00 00 00 00 00 3F 50 B9 BE ....9... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:55.903331, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 39 00 00 00 00 00 00 00 3F 50 B9 BE ....9... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:55.903567, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/08/30 15:27:55.903699, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) spoolss_ClosePrinter: struct spoolss_ClosePrinter out: struct spoolss_ClosePrinter handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2012/08/30 15:27:55.904183, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP) api_rpcTNP: called \spoolss successfully [2012/08/30 15:27:55.904308, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 28 [2012/08/30 15:27:55.904444, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) name: \spoolss len: 4136 [2012/08/30 15:27:55.904563, 10] rpc_server/srv_pipe_hnd.c:346(read_from_internal_pipe) read_from_pipe: \spoolss: fault_state = 0 : data_sent_length = 0, p->out_data.rdata.length = 24. [2012/08/30 15:27:55.904689, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) &r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_RESPONSE (2) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0030 (48) auth_length : 0x0000 (0) call_id : 0x00000004 (4) u : union dcerpc_payload(case 2) response: struct dcerpc_response alloc_hint : 0x00000018 (24) context_id : 0x0000 (0) cancel_count : 0x00 (0) _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=24 [0000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0010] 00 00 00 00 00 00 00 00 ........ [2012/08/30 15:27:55.906054, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) free_pipe_context: destroying talloc pool of size 29 [2012/08/30 15:27:55.906180, 10] rpc_server/srv_pipe_hnd.c:788(np_read_recv) Received 48 bytes. There is no more data outstanding [2012/08/30 15:27:55.906303, 5] smbd/ipc.c:62(copy_trans_params_and_data) copy_trans_params_and_data: params[0..0] data[0..48] (align 0) [2012/08/30 15:27:55.906423, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:55.906485, 5] lib/util.c:342(show_msg) size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=1 smb_pid=1080 smb_uid=100 smb_mid=9985 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [2012/08/30 15:27:55.907911, 10] ../lib/util/util.c:415(dump_data) [0000] 00 05 00 02 03 10 00 00 00 30 00 00 00 04 00 00 ........ .0...... [0010] 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0030] 00 . [2012/08/30 15:27:55.908571, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 41 [2012/08/30 15:27:55.908723, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x29 [2012/08/30 15:27:55.908842, 3] smbd/process.c:1662(process_smb) Transaction 78 of length 45 (0 toread) [2012/08/30 15:27:55.908961, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:55.909024, 5] lib/util.c:342(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=100 smb_mid=10048 smt_wct=3 smb_vwv[ 0]=17760 (0x4560) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2012/08/30 15:27:55.910019, 10] ../lib/util/util.c:415(dump_data) [2012/08/30 15:27:55.910087, 3] smbd/process.c:1467(switch_message) switch message SMBclose (pid 3054) conn 0x7fd50c02fa20 [2012/08/30 15:27:55.910207, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/08/30 15:27:55.910328, 3] smbd/reply.c:4848(reply_close) close fd=-1 fnum=17760 (numopen=3) [2012/08/30 15:27:55.910449, 6] smbd/close.c:532(set_close_write_time) close_write_time: Sun Feb 7 01:28:15 2106 [2012/08/30 15:27:55.910591, 5] smbd/files.c:482(file_free) freed files structure 17760 (2 used) [2012/08/30 15:27:55.910713, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:55.910776, 5] lib/util.c:342(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=1 smb_pid=65279 smb_uid=100 smb_mid=10048 smt_wct=0 smb_bcc=0 [2012/08/30 15:27:55.911798, 10] ../lib/util/util.c:415(dump_data) [2012/08/30 15:27:55.913235, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 41 [2012/08/30 15:27:55.913406, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x29 [2012/08/30 15:27:55.913526, 3] smbd/process.c:1662(process_smb) Transaction 79 of length 45 (0 toread) [2012/08/30 15:27:55.913643, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:55.913704, 5] lib/util.c:342(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=100 smb_mid=10112 smt_wct=3 smb_vwv[ 0]=17759 (0x455F) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2012/08/30 15:27:55.914657, 10] ../lib/util/util.c:415(dump_data) [2012/08/30 15:27:55.914721, 3] smbd/process.c:1467(switch_message) switch message SMBclose (pid 3054) conn 0x7fd50c02fa20 [2012/08/30 15:27:55.914840, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/08/30 15:27:55.914961, 3] smbd/reply.c:4848(reply_close) close fd=-1 fnum=17759 (numopen=2) [2012/08/30 15:27:55.918820, 6] smbd/close.c:532(set_close_write_time) close_write_time: Sun Feb 7 01:28:15 2106 [2012/08/30 15:27:55.919181, 5] smbd/files.c:482(file_free) freed files structure 17759 (1 used) [2012/08/30 15:27:55.919342, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:55.919433, 5] lib/util.c:342(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=1 smb_pid=65279 smb_uid=100 smb_mid=10112 smt_wct=0 smb_bcc=0 [2012/08/30 15:27:55.920026, 10] ../lib/util/util.c:415(dump_data) [2012/08/30 15:27:57.248860, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 102 [2012/08/30 15:27:57.249077, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x66 [2012/08/30 15:27:57.249198, 3] smbd/process.c:1662(process_smb) Transaction 80 of length 106 (0 toread) [2012/08/30 15:27:57.249330, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:57.249392, 5] lib/util.c:342(show_msg) size=102 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=1080 smb_uid=100 smb_mid=10176 smt_wct=24 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 4096 (0x1000) smb_vwv[ 3]= 4096 (0x1000) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]=40704 (0x9F00) smb_vwv[ 8]= 4609 (0x1201) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 1792 (0x700) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 256 (0x100) smb_vwv[18]= 0 (0x0) smb_vwv[19]=16384 (0x4000) smb_vwv[20]=16384 (0x4000) smb_vwv[21]= 512 (0x200) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 768 (0x300) smb_bcc=19 [2012/08/30 15:27:57.251742, 10] ../lib/util/util.c:415(dump_data) [0000] 00 5C 00 73 00 70 00 6F 00 6F 00 6C 00 73 00 73 .\.s.p.o .o.l.s.s [0010] 00 00 00 ... [2012/08/30 15:27:57.251974, 3] smbd/process.c:1467(switch_message) switch message SMBntcreateX (pid 3054) conn 0x7fd50c02fa20 [2012/08/30 15:27:57.252096, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/08/30 15:27:57.252221, 10] smbd/nttrans.c:500(reply_ntcreate_and_X) reply_ntcreate_and_X: flags = 0x10, access_mask = 0x12019f file_attributes = 0x0, share_access = 0x7, create_disposition = 0x1 create_options = 0x400040 root_dir_fid = 0x0, fname = spoolss [2012/08/30 15:27:57.252344, 4] smbd/nttrans.c:288(nt_open_pipe) nt_open_pipe: Opening pipe \spoolss. [2012/08/30 15:27:57.252469, 5] smbd/files.c:140(file_new) allocated file structure 13665, fnum = 17761 (2 used) [2012/08/30 15:27:57.252593, 10] smbd/files.c:705(file_name_hash) file_name_hash: /tmp/spoolss hash 0x7d4e46e5 [2012/08/30 15:27:57.252717, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) Create pipe requested \spoolss [2012/08/30 15:27:57.252842, 10] rpc_server/rpc_handles.c:133(init_pipe_handles) init_pipe_handle_list: pipe_handles ref count = 2 for pipe \spoolss [2012/08/30 15:27:57.252973, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) Created internal pipe \spoolss (pipes_open=0) [2012/08/30 15:27:57.253095, 5] smbd/nttrans.c:377(do_ntcreate_pipe_open) do_ntcreate_pipe_open: open pipe = \spoolss [2012/08/30 15:27:57.254085, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 224 [2012/08/30 15:27:57.254232, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0xe0 [2012/08/30 15:27:57.254545, 3] smbd/process.c:1662(process_smb) Transaction 81 of length 228 (0 toread) [2012/08/30 15:27:57.254667, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:57.254741, 5] lib/util.c:342(show_msg) size=224 smb_com=0x2f smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=100 smb_mid=10240 smt_wct=14 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]=17761 (0x4561) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]=65535 (0xFFFF) smb_vwv[ 6]=65535 (0xFFFF) smb_vwv[ 7]= 8 (0x8) smb_vwv[ 8]= 160 (0xA0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 160 (0xA0) smb_vwv[11]= 64 (0x40) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_bcc=161 [2012/08/30 15:27:57.256372, 10] ../lib/util/util.c:415(dump_data) [0000] EE 05 00 0B 03 10 00 00 00 A0 00 00 00 02 00 00 ........ ........ [0010] 00 B8 10 B8 10 00 00 00 00 03 00 00 00 00 00 01 ........ ........ [0020] 00 78 56 34 12 34 12 CD AB EF 00 01 23 45 67 89 .xV4.4.. ....#Eg. [0030] AB 01 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 ......]. ........ [0040] 00 2B 10 48 60 02 00 00 00 01 00 01 00 78 56 34 .+.H`... .....xV4 [0050] 12 34 12 CD AB EF 00 01 23 45 67 89 AB 01 00 00 .4...... #Eg..... [0060] 00 33 05 71 71 BA BE 37 49 83 19 B5 DB EF 9C CC .3.qq..7 I....... [0070] 36 01 00 00 00 02 00 01 00 78 56 34 12 34 12 CD 6....... .xV4.4.. [0080] AB EF 00 01 23 45 67 89 AB 01 00 00 00 2C 1C B7 ....#Eg. .....,.. [0090] 6C 12 98 40 45 03 00 00 00 00 00 00 00 01 00 00 l..@E... ........ [00A0] 00 . [2012/08/30 15:27:57.257230, 3] smbd/process.c:1467(switch_message) switch message SMBwriteX (pid 3054) conn 0x7fd50c02fa20 [2012/08/30 15:27:57.257359, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/08/30 15:27:57.257481, 6] smbd/pipes.c:300(reply_pipe_write_and_X) reply_pipe_write_and_X: 4561 name: spoolss len: 160 [2012/08/30 15:27:57.257603, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 160 [2012/08/30 15:27:57.257724, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 160 [2012/08/30 15:27:57.257842, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 160 [2012/08/30 15:27:57.257965, 10] rpc_server/srv_pipe_hnd.c:50(fill_rpc_header) fill_rpc_header: data_to_copy = 160, len_needed_to_complete_hdr = 16, receive_len = 0 [2012/08/30 15:27:57.258085, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 16 [2012/08/30 15:27:57.258202, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 144 [2012/08/30 15:27:57.258359, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 144 [2012/08/30 15:27:57.258488, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 0 [2012/08/30 15:27:57.258605, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 144 [2012/08/30 15:27:57.258723, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 144, incoming data = 144 [2012/08/30 15:27:57.258845, 10] rpc_server/srv_pipe.c:1877(process_complete_pdu) PDU is in Little Endian format! [2012/08/30 15:27:57.258973, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_BIND (11) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x00a0 (160) auth_length : 0x0000 (0) call_id : 0x00000002 (2) u : union dcerpc_payload(case 11) bind: struct dcerpc_bind max_xmit_frag : 0x10b8 (4280) max_recv_frag : 0x10b8 (4280) assoc_group_id : 0x00000000 (0) num_contexts : 0x03 (3) ctx_list: ARRAY(3) ctx_list: struct dcerpc_ctx_list context_id : 0x0000 (0) num_transfer_syntaxes : 0x01 (1) abstract_syntax: struct ndr_syntax_id uuid : 12345678-1234-abcd-ef00-0123456789ab if_version : 0x00000001 (1) transfer_syntaxes: ARRAY(1) transfer_syntaxes: struct ndr_syntax_id uuid : 8a885d04-1ceb-11c9-9fe8-08002b104860 if_version : 0x00000002 (2) ctx_list: struct dcerpc_ctx_list context_id : 0x0001 (1) num_transfer_syntaxes : 0x01 (1) abstract_syntax: struct ndr_syntax_id uuid : 12345678-1234-abcd-ef00-0123456789ab if_version : 0x00000001 (1) transfer_syntaxes: ARRAY(1) transfer_syntaxes: struct ndr_syntax_id uuid : 71710533-beba-4937-8319-b5dbef9ccc36 if_version : 0x00000001 (1) ctx_list: struct dcerpc_ctx_list context_id : 0x0002 (2) num_transfer_syntaxes : 0x01 (1) abstract_syntax: struct ndr_syntax_id uuid : 12345678-1234-abcd-ef00-0123456789ab if_version : 0x00000001 (1) transfer_syntaxes: ARRAY(1) transfer_syntaxes: struct ndr_syntax_id uuid : 6cb71c2c-9812-4540-0300-000000000000 if_version : 0x00000001 (1) auth_info : DATA_BLOB length=0 [2012/08/30 15:27:57.262295, 10] rpc_server/srv_pipe.c:1890(process_complete_pdu) Processing packet type 11 [2012/08/30 15:27:57.262425, 3] rpc_server/srv_pipe.c:889(api_pipe_bind_req) api_pipe_bind_req: \PIPE\spoolss -> \PIPE\spoolss [2012/08/30 15:27:57.262544, 5] rpc_server/srv_pipe.c:923(api_pipe_bind_req) api_pipe_bind_req: make response. 923 [2012/08/30 15:27:57.262698, 3] rpc_server/srv_pipe.c:339(check_bind_req) check_bind_req for \spoolss [2012/08/30 15:27:57.262822, 3] rpc_server/srv_pipe.c:346(check_bind_req) check_bind_req: \PIPE\spoolss -> \PIPE\spoolss [2012/08/30 15:27:57.262993, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) &r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_BIND_ACK (12) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0044 (68) auth_length : 0x0000 (0) call_id : 0x00000002 (2) u : union dcerpc_payload(case 12) bind_ack: struct dcerpc_bind_ack max_xmit_frag : 0x10b8 (4280) max_recv_frag : 0x10b8 (4280) assoc_group_id : 0x000053f0 (21488) secondary_address_size : 0x000e (14) secondary_address : '\PIPE\spoolss' _pad1 : DATA_BLOB length=0 num_results : 0x01 (1) ctx_list: ARRAY(1) ctx_list: struct dcerpc_ack_ctx result : 0x0000 (0) reason : 0x0000 (0) syntax: struct ndr_syntax_id uuid : 8a885d04-1ceb-11c9-9fe8-08002b104860 if_version : 0x00000002 (2) auth_info : DATA_BLOB length=0 [2012/08/30 15:27:57.264882, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 144 [2012/08/30 15:27:57.265012, 3] smbd/pipes.c:361(pipe_write_andx_done) writeX-IPC nwritten=160 [2012/08/30 15:27:57.266027, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 59 [2012/08/30 15:27:57.266314, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x3b [2012/08/30 15:27:57.266433, 3] smbd/process.c:1662(process_smb) Transaction 82 of length 63 (0 toread) [2012/08/30 15:27:57.266554, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:57.266616, 5] lib/util.c:342(show_msg) size=59 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=100 smb_mid=10304 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]=17761 (0x4561) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 1024 (0x400) smb_vwv[ 6]= 1024 (0x400) smb_vwv[ 7]=65535 (0xFFFF) smb_vwv[ 8]=65535 (0xFFFF) smb_vwv[ 9]= 1024 (0x400) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=0 [2012/08/30 15:27:57.268124, 10] ../lib/util/util.c:415(dump_data) [2012/08/30 15:27:57.268190, 3] smbd/process.c:1467(switch_message) switch message SMBreadX (pid 3054) conn 0x7fd50c02fa20 [2012/08/30 15:27:57.268309, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/08/30 15:27:57.268430, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) name: \spoolss len: 1024 [2012/08/30 15:27:57.268578, 10] rpc_server/srv_pipe_hnd.c:325(read_from_internal_pipe) read_from_pipe: \spoolss: current_pdu_len = 68, current_pdu_sent = 0 returning 68 bytes. [2012/08/30 15:27:57.268701, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) free_pipe_context: destroying talloc pool of size 29 [2012/08/30 15:27:57.268826, 10] rpc_server/srv_pipe_hnd.c:788(np_read_recv) Received 68 bytes. There is no more data outstanding [2012/08/30 15:27:57.268944, 3] smbd/pipes.c:485(pipe_read_andx_done) readX-IPC min=1024 max=1024 nread=68 [2012/08/30 15:27:57.269895, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 292 [2012/08/30 15:27:57.270037, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x124 [2012/08/30 15:27:57.270156, 3] smbd/process.c:1662(process_smb) Transaction 83 of length 296 (0 toread) [2012/08/30 15:27:57.270322, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:57.270384, 5] lib/util.c:342(show_msg) size=292 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=1080 smb_uid=100 smb_mid=10368 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 208 (0xD0) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 208 (0xD0) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=17761 (0x4561) smb_bcc=225 [2012/08/30 15:27:57.272565, 10] ../lib/util/util.c:415(dump_data) [0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [0010] 00 05 00 00 03 10 00 00 00 D0 00 00 00 02 00 00 ........ ........ [0020] 00 B8 00 00 00 00 00 45 00 00 00 02 00 11 00 00 .......E ........ [0030] 00 00 00 00 00 11 00 00 00 5C 00 5C 00 6F 00 72 ........ .\.\.o.r [0040] 00 61 00 6E 00 67 00 65 00 5C 00 48 00 50 00 5F .a.n.g.e .\.H.P._ [0050] 00 34 00 35 00 31 00 35 00 00 00 00 00 00 00 00 .4.5.1.5 ........ [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 ........ ........ [0070] 00 01 00 00 00 04 00 02 00 28 00 00 00 08 00 02 ........ .(...... [0080] 00 0C 00 02 00 B1 1D 00 00 03 00 00 00 00 00 00 ........ ........ [0090] 00 09 00 00 00 07 00 00 00 00 00 00 00 07 00 00 ........ ........ [00A0] 00 50 00 41 00 4E 00 41 00 4D 00 41 00 00 00 00 .P.A.N.A .M.A.... [00B0] 00 12 00 00 00 00 00 00 00 12 00 00 00 41 00 43 ........ .....A.C [00C0] 00 52 00 5C 00 61 00 64 00 6D 00 69 00 6E 00 69 .R.\.a.d .m.i.n.i [00D0] 00 73 00 74 00 72 00 61 00 74 00 6F 00 72 00 00 .s.t.r.a .t.o.r.. [00E0] 00 . [2012/08/30 15:27:57.273672, 3] smbd/process.c:1467(switch_message) switch message SMBtrans (pid 3054) conn 0x7fd50c02fa20 [2012/08/30 15:27:57.273792, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/08/30 15:27:57.273920, 3] smbd/ipc.c:560(handle_trans) trans <\PIPE\> data=208 params=0 setup=2 [2012/08/30 15:27:57.274048, 5] smbd/ipc.c:593(handle_trans) calling named_pipe [2012/08/30 15:27:57.274189, 3] smbd/ipc.c:511(named_pipe) named pipe command on <> name [2012/08/30 15:27:57.274307, 5] smbd/ipc.c:434(api_fd_reply) api_fd_reply [2012/08/30 15:27:57.274424, 3] smbd/ipc.c:475(api_fd_reply) Got API command 0x26 on pipe "spoolss" (pnum 4561) [2012/08/30 15:27:57.274545, 10] smbd/ipc.c:477(api_fd_reply) api_fd_reply: p:0x7fd50c02ba70 max_trans_reply: 1024 [2012/08/30 15:27:57.274664, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 208 [2012/08/30 15:27:57.274785, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 208 [2012/08/30 15:27:57.274902, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 208 [2012/08/30 15:27:57.275020, 10] rpc_server/srv_pipe_hnd.c:50(fill_rpc_header) fill_rpc_header: data_to_copy = 208, len_needed_to_complete_hdr = 16, receive_len = 0 [2012/08/30 15:27:57.275143, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 16 [2012/08/30 15:27:57.275260, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 192 [2012/08/30 15:27:57.275373, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 192 [2012/08/30 15:27:57.275574, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 0 [2012/08/30 15:27:57.275692, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 192 [2012/08/30 15:27:57.275809, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 192, incoming data = 192 [2012/08/30 15:27:57.275928, 10] rpc_server/srv_pipe.c:1877(process_complete_pdu) PDU is in Little Endian format! [2012/08/30 15:27:57.276052, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_REQUEST (0) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x00d0 (208) auth_length : 0x0000 (0) call_id : 0x00000002 (2) u : union dcerpc_payload(case 0) request: struct dcerpc_request alloc_hint : 0x000000b8 (184) context_id : 0x0000 (0) opnum : 0x0045 (69) object : union dcerpc_object(case 0) empty: struct dcerpc_empty _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=184 [0000] 00 00 02 00 11 00 00 00 00 00 00 00 11 00 00 00 ........ ........ [0010] 5C 00 5C 00 6F 00 72 00 61 00 6E 00 67 00 65 00 \.\.o.r. a.n.g.e. [0020] 5C 00 48 00 50 00 5F 00 34 00 35 00 31 00 35 00 \.H.P._. 4.5.1.5. [0030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0040] 00 00 00 00 01 00 00 00 01 00 00 00 04 00 02 00 ........ ........ [0050] 28 00 00 00 08 00 02 00 0C 00 02 00 B1 1D 00 00 (....... ........ [0060] 03 00 00 00 00 00 00 00 09 00 00 00 07 00 00 00 ........ ........ [0070] 00 00 00 00 07 00 00 00 50 00 41 00 4E 00 41 00 ........ P.A.N.A. [0080] 4D 00 41 00 00 00 00 00 12 00 00 00 00 00 00 00 M.A..... ........ [0090] 12 00 00 00 41 00 43 00 52 00 5C 00 61 00 64 00 ....A.C. R.\.a.d. [00A0] 6D 00 69 00 6E 00 69 00 73 00 74 00 72 00 61 00 m.i.n.i. s.t.r.a. [00B0] 74 00 6F 00 72 00 00 00 t.o.r... [2012/08/30 15:27:57.278510, 10] rpc_server/srv_pipe.c:1890(process_complete_pdu) Processing packet type 0 [2012/08/30 15:27:57.278634, 10] rpc_server/srv_pipe.c:1734(dcesrv_auth_request) Checking request auth. [2012/08/30 15:27:57.278753, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) Requested \PIPE\\spoolss [2012/08/30 15:27:57.278876, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) api_rpcTNP: \spoolss op 0x45 - api_rpcTNP: rpc command: SPOOLSS_OPENPRINTEREX [2012/08/30 15:27:57.278999, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) api_rpc_cmds[69].fn == 0x7fd50aec9b10 [2012/08/30 15:27:57.279123, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) spoolss_OpenPrinterEx: struct spoolss_OpenPrinterEx in: struct spoolss_OpenPrinterEx printername : * printername : '\\orange\HP_4515' datatype : NULL devmode_ctr: struct spoolss_DevmodeContainer _ndr_size : 0x00000000 (0) devmode : NULL access_mask : 0x00000000 (0) 0: SERVER_ACCESS_ADMINISTER 0: SERVER_ACCESS_ENUMERATE 0: PRINTER_ACCESS_ADMINISTER 0: PRINTER_ACCESS_USE 0: JOB_ACCESS_ADMINISTER 0: JOB_ACCESS_READ level : 0x00000001 (1) userlevel : union spoolss_UserLevel(case 1) level1 : * level1: struct spoolss_UserLevel1 size : 0x00000028 (40) client : * client : 'PANAMA' user : * user : 'ACR\administrator' build : 0x00001db1 (7601) major : UNKNOWN_ENUM_VALUE (3) minor : SPOOLSS_MINOR_VERSION_0 (0) processor : PROCESSOR_ARCHITECTURE_AMD64 (9) checking name: \\orange\HP_4515 [2012/08/30 15:27:57.281044, 10] rpc_server/spoolss/srv_spoolss_nt.c:752(open_printer_hnd) open_printer_hnd: name [\\orange\HP_4515] [2012/08/30 15:27:57.281177, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[2] [0000] 00 00 00 00 4F 00 00 00 00 00 00 00 3F 50 BD BE ....O... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:57.281373, 3] rpc_server/spoolss/srv_spoolss_nt.c:521(set_printer_hnd_printertype) Setting printer type=\\orange\HP_4515 Printer is a printer [2012/08/30 15:27:57.281560, 4] rpc_server/spoolss/srv_spoolss_nt.c:581(set_printer_hnd_name) Setting printer name=\\orange\HP_4515 (len=16) searching for [HP_4515] [2012/08/30 15:27:57.281773, 10] lib/gencache.c:183(gencache_set_data_blob) Adding cache entry with key = PRINTERNAME/HP_4515 and timeout = Thu Aug 30 15:32:57 2012 (300 seconds ahead) set_printer_hnd_name: Printer found: HP_4515 -> HP_4515 [2012/08/30 15:27:57.282062, 5] rpc_server/spoolss/srv_spoolss_nt.c:788(open_printer_hnd) 2 printer handles active [2012/08/30 15:27:57.282189, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 4F 00 00 00 00 00 00 00 3F 50 BD BE ....O... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:57.282389, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 4F 00 00 00 00 00 00 00 3F 50 BD BE ....O... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:57.282588, 4] rpc_server/spoolss/srv_spoolss_nt.c:504(get_printer_snum) short name:HP_4515 [2012/08/30 15:27:57.282735, 3] lib/access.c:338(allow_access) Allowed connection from 192.168.30.50 (192.168.30.50) [2012/08/30 15:27:57.286514, 3] ../libcli/security/dom_sid.c:208(dom_sid_parse_endp) string_to_sid: SID root is not in a valid format [2012/08/30 15:27:57.286728, 10] passdb/lookup_sid.c:76(lookup_name) lookup_name: ACR\root => domain=[ACR], name=[root] [2012/08/30 15:27:57.286848, 10] passdb/lookup_sid.c:77(lookup_name) lookup_name: flags = 0x073 [2012/08/30 15:27:57.286969, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(10000, 513) : sec_ctx_stack_ndx = 1 [2012/08/30 15:27:57.287093, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(100) : conn_ctx_stack_ndx = 0 [2012/08/30 15:27:57.287235, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2012/08/30 15:27:57.287353, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2012/08/30 15:27:57.287470, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2012/08/30 15:27:57.287774, 5] lib/smbldap.c:1439(smbldap_search_ext) smbldap_search_ext: base => [dc=acr,dc=lab], filter => [(&(uid=root)(objectclass=sambaSamAccount))], scope => [2] [2012/08/30 15:27:57.288978, 4] passdb/pdb_ldap.c:1581(ldapsam_getsampwnam) ldapsam_getsampwnam: Unable to locate user [root] count=0 [2012/08/30 15:27:57.289193, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (10000, 513) - sec_ctx_stack_ndx = 0 [2012/08/30 15:27:57.289322, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(10000, 513) : sec_ctx_stack_ndx = 1 [2012/08/30 15:27:57.289450, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(100) : conn_ctx_stack_ndx = 0 [2012/08/30 15:27:57.289569, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2012/08/30 15:27:57.289687, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2012/08/30 15:27:57.289822, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2012/08/30 15:27:57.290014, 5] lib/smbldap.c:1439(smbldap_search_ext) smbldap_search_ext: base => [dc=acr,dc=lab], filter => [(&(objectClass=sambaGroupMapping)(|(displayName=root)(cn=root)))], scope => [2] [2012/08/30 15:27:57.291878, 4] passdb/pdb_ldap.c:2543(ldapsam_getgroup) ldapsam_getgroup: Did not find group, filter was (&(objectClass=sambaGroupMapping)(|(displayName=root)(cn=root))) [2012/08/30 15:27:57.292072, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (10000, 513) - sec_ctx_stack_ndx = 0 [2012/08/30 15:27:57.292197, 10] passdb/lookup_sid.c:76(lookup_name) lookup_name: Unix User\root => domain=[Unix User], name=[root] [2012/08/30 15:27:57.292316, 10] passdb/lookup_sid.c:77(lookup_name) lookup_name: flags = 0x073 [2012/08/30 15:27:57.292444, 5] lib/username.c:171(Get_Pwnam_alloc) Finding user root [2012/08/30 15:27:57.292578, 5] lib/username.c:116(Get_Pwnam_internals) Trying _Get_Pwnam(), username as lowercase is root [2012/08/30 15:27:57.292699, 5] lib/username.c:149(Get_Pwnam_internals) Get_Pwnam_internals did find user [root]! [2012/08/30 15:27:57.292819, 10] smbd/share_access.c:241(user_ok_token) user_ok_token: share HP_4515 is ok for unix user administrator [2012/08/30 15:27:57.292940, 4] rpc_server/spoolss/srv_spoolss_nt.c:1923(_spoolss_OpenPrinterEx) Setting printer access = PRINTER_ACCESS_USE [2012/08/30 15:27:57.293060, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) Create pipe requested \winreg [2012/08/30 15:27:57.293187, 10] rpc_server/rpc_handles.c:116(init_pipe_handles) init_pipe_handle_list: created handle list for pipe \winreg [2012/08/30 15:27:57.293304, 10] rpc_server/rpc_handles.c:133(init_pipe_handles) init_pipe_handle_list: pipe_handles ref count = 1 for pipe \winreg [2012/08/30 15:27:57.293427, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) Created internal pipe \winreg (pipes_open=0) [2012/08/30 15:27:57.293560, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM in: struct winreg_OpenHKLM system_name : NULL access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2012/08/30 15:27:57.294362, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2012/08/30 15:27:57.294485, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (2->3) [2012/08/30 15:27:57.294647, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM] [2012/08/30 15:27:57.294783, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM] [2012/08/30 15:27:57.294901, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:57.295017, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM] [2012/08/30 15:27:57.295167, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM] [2012/08/30 15:27:57.295306, 10] ../libcli/security/access_check.c:178(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2012/08/30 15:27:57.295429, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[1] [0000] 00 00 00 00 50 00 00 00 00 00 00 00 3F 50 BD BE ....P... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:57.295659, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM out: struct winreg_OpenHKLM handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000050-0000-0000-3f50-bdbeee0b0000 result : WERR_OK [2012/08/30 15:27:57.296167, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey in: struct winreg_OpenKey parent_handle : * parent_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000050-0000-0000-3f50-bdbeee0b0000 keyname: struct winreg_String name_len : 0x0088 (136) name_size : 0x0088 (136) name : * name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2012/08/30 15:27:57.297739, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 50 00 00 00 00 00 00 00 3F 50 BD BE ....P... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:57.297961, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2012/08/30 15:27:57.298090, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (3->4) [2012/08/30 15:27:57.298212, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] [2012/08/30 15:27:57.298330, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE] [2012/08/30 15:27:57.298468, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:57.298601, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE] [2012/08/30 15:27:57.298756, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE] [2012/08/30 15:27:57.298893, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2012/08/30 15:27:57.299016, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (4->5) [2012/08/30 15:27:57.299138, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] [2012/08/30 15:27:57.299256, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] [2012/08/30 15:27:57.299376, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:57.299533, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE\Microsoft] [2012/08/30 15:27:57.299684, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft] [2012/08/30 15:27:57.299819, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2012/08/30 15:27:57.299941, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (5->6) [2012/08/30 15:27:57.300068, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] [2012/08/30 15:27:57.300185, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] [2012/08/30 15:27:57.300305, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:57.300422, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] [2012/08/30 15:27:57.300558, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT] [2012/08/30 15:27:57.300714, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2012/08/30 15:27:57.300839, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (6->7) [2012/08/30 15:27:57.301862, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2012/08/30 15:27:57.301984, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2012/08/30 15:27:57.302103, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:57.302242, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b776320 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2012/08/30 15:27:57.302389, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2012/08/30 15:27:57.302655, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (7->8) [2012/08/30 15:27:57.302776, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2012/08/30 15:27:57.302911, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2012/08/30 15:27:57.303030, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:57.303156, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b776320 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2012/08/30 15:27:57.303293, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2012/08/30 15:27:57.303431, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (8->9) [2012/08/30 15:27:57.303585, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2012/08/30 15:27:57.303706, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2012/08/30 15:27:57.303825, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:57.303945, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2012/08/30 15:27:57.304082, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2012/08/30 15:27:57.304217, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [HP_4515] [2012/08/30 15:27:57.304336, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (9->10) [2012/08/30 15:27:57.304461, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:57.304578, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:57.304697, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:57.304815, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:57.304954, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:57.305092, 10] ../libcli/security/access_check.c:178(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2012/08/30 15:27:57.305214, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (10->9) [2012/08/30 15:27:57.305332, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (9->8) [2012/08/30 15:27:57.305451, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (8->7) [2012/08/30 15:27:57.305573, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (7->6) [2012/08/30 15:27:57.305691, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (6->5) [2012/08/30 15:27:57.305810, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (5->4) [2012/08/30 15:27:57.305929, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[2] [0000] 00 00 00 00 51 00 00 00 00 00 00 00 3F 50 BD BE ....Q... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:57.306144, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey out: struct winreg_OpenKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000051-0000-0000-3f50-bdbeee0b0000 result : WERR_OK [2012/08/30 15:27:57.306684, 2] rpc_client/cli_winreg_spoolss.c:898(winreg_create_printer) winreg_create_printer: Skipping, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515 already exists [2012/08/30 15:27:57.306822, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000051-0000-0000-3f50-bdbeee0b0000 [2012/08/30 15:27:57.307243, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 51 00 00 00 00 00 00 00 3F 50 BD BE ....Q... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:57.307441, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 51 00 00 00 00 00 00 00 3F 50 BD BE ....Q... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:57.307875, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/08/30 15:27:57.307999, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (4->3) [2012/08/30 15:27:57.308118, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2012/08/30 15:27:57.308608, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000050-0000-0000-3f50-bdbeee0b0000 [2012/08/30 15:27:57.309072, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 50 00 00 00 00 00 00 00 3F 50 BD BE ....P... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:57.309273, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 50 00 00 00 00 00 00 00 3F 50 BD BE ....P... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:57.309471, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/08/30 15:27:57.309592, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (3->2) [2012/08/30 15:27:57.309712, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2012/08/30 15:27:57.310223, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) spoolss_OpenPrinterEx: struct spoolss_OpenPrinterEx out: struct spoolss_OpenPrinterEx handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000004f-0000-0000-3f50-bdbeee0b0000 result : WERR_OK [2012/08/30 15:27:57.310721, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP) api_rpcTNP: called \spoolss successfully [2012/08/30 15:27:57.310848, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 192 [2012/08/30 15:27:57.311000, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) name: \spoolss len: 1024 [2012/08/30 15:27:57.311132, 10] rpc_server/srv_pipe_hnd.c:346(read_from_internal_pipe) read_from_pipe: \spoolss: fault_state = 0 : data_sent_length = 0, p->out_data.rdata.length = 24. [2012/08/30 15:27:57.311258, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) &r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_RESPONSE (2) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0030 (48) auth_length : 0x0000 (0) call_id : 0x00000002 (2) u : union dcerpc_payload(case 2) response: struct dcerpc_response alloc_hint : 0x00000018 (24) context_id : 0x0000 (0) cancel_count : 0x00 (0) _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=24 [0000] 00 00 00 00 4F 00 00 00 00 00 00 00 3F 50 BD BE ....O... ....?P.. [0010] EE 0B 00 00 00 00 00 00 ........ [2012/08/30 15:27:57.312680, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) free_pipe_context: destroying talloc pool of size 1460 [2012/08/30 15:27:57.312802, 10] rpc_server/rpc_handles.c:307(close_policy_by_pipe) close_policy_by_pipe: deleted handle list for pipe \winreg [2012/08/30 15:27:57.312930, 10] rpc_server/srv_pipe_hnd.c:788(np_read_recv) Received 48 bytes. There is no more data outstanding [2012/08/30 15:27:57.313067, 5] smbd/ipc.c:62(copy_trans_params_and_data) copy_trans_params_and_data: params[0..0] data[0..48] (align 0) [2012/08/30 15:27:57.314229, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:57.314314, 5] lib/util.c:342(show_msg) size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=1 smb_pid=1080 smb_uid=100 smb_mid=10368 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [2012/08/30 15:27:57.315857, 10] ../lib/util/util.c:415(dump_data) [0000] 00 05 00 02 03 10 00 00 00 30 00 00 00 02 00 00 ........ .0...... [0010] 00 18 00 00 00 00 00 00 00 00 00 00 00 4F 00 00 ........ .....O.. [0020] 00 00 00 00 00 3F 50 BD BE EE 0B 00 00 00 00 00 .....?P. ........ [0030] 00 . [2012/08/30 15:27:57.319405, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 188 [2012/08/30 15:27:57.319872, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0xbc [2012/08/30 15:27:57.320015, 3] smbd/process.c:1662(process_smb) Transaction 84 of length 192 (0 toread) [2012/08/30 15:27:57.320140, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:57.320201, 5] lib/util.c:342(show_msg) size=188 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=1080 smb_uid=100 smb_mid=10432 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 104 (0x68) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 104 (0x68) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=17761 (0x4561) smb_bcc=121 [2012/08/30 15:27:57.321923, 10] ../lib/util/util.c:415(dump_data) [0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [0010] 00 05 00 00 03 10 00 00 00 68 00 00 00 03 00 00 ........ .h...... [0020] 00 50 00 00 00 00 00 35 00 00 00 00 00 4F 00 00 .P.....5 .....O.. [0030] 00 00 00 00 00 3F 50 BD BE EE 0B 00 00 00 00 02 .....?P. ........ [0040] 00 0C 00 00 00 00 00 00 00 0C 00 00 00 57 00 69 ........ .....W.i [0050] 00 6E 00 64 00 6F 00 77 00 73 00 20 00 78 00 36 .n.d.o.w .s. .x.6 [0060] 00 34 00 00 00 06 00 00 00 00 00 00 00 00 00 00 .4...... ........ [0070] 00 FF FF FF FF FF FF FF FF ........ . [2012/08/30 15:27:57.322578, 3] smbd/process.c:1467(switch_message) switch message SMBtrans (pid 3054) conn 0x7fd50c02fa20 [2012/08/30 15:27:57.322701, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/08/30 15:27:57.322827, 3] smbd/ipc.c:560(handle_trans) trans <\PIPE\> data=104 params=0 setup=2 [2012/08/30 15:27:57.322948, 5] smbd/ipc.c:593(handle_trans) calling named_pipe [2012/08/30 15:27:57.323064, 3] smbd/ipc.c:511(named_pipe) named pipe command on <> name [2012/08/30 15:27:57.323182, 5] smbd/ipc.c:434(api_fd_reply) api_fd_reply [2012/08/30 15:27:57.323332, 3] smbd/ipc.c:475(api_fd_reply) Got API command 0x26 on pipe "spoolss" (pnum 4561) [2012/08/30 15:27:57.323451, 10] smbd/ipc.c:477(api_fd_reply) api_fd_reply: p:0x7fd50c02ba70 max_trans_reply: 1024 [2012/08/30 15:27:57.323619, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 104 [2012/08/30 15:27:57.323742, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 104 [2012/08/30 15:27:57.323859, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 104 [2012/08/30 15:27:57.323979, 10] rpc_server/srv_pipe_hnd.c:50(fill_rpc_header) fill_rpc_header: data_to_copy = 104, len_needed_to_complete_hdr = 16, receive_len = 0 [2012/08/30 15:27:57.324101, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 16 [2012/08/30 15:27:57.324220, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 88 [2012/08/30 15:27:57.324339, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 88 [2012/08/30 15:27:57.324458, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 0 [2012/08/30 15:27:57.324575, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 88 [2012/08/30 15:27:57.324691, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 88, incoming data = 88 [2012/08/30 15:27:57.324822, 10] rpc_server/srv_pipe.c:1877(process_complete_pdu) PDU is in Little Endian format! [2012/08/30 15:27:57.324952, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_REQUEST (0) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0068 (104) auth_length : 0x0000 (0) call_id : 0x00000003 (3) u : union dcerpc_payload(case 0) request: struct dcerpc_request alloc_hint : 0x00000050 (80) context_id : 0x0000 (0) opnum : 0x0035 (53) object : union dcerpc_object(case 0) empty: struct dcerpc_empty _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=80 [0000] 00 00 00 00 4F 00 00 00 00 00 00 00 3F 50 BD BE ....O... ....?P.. [0010] EE 0B 00 00 00 00 02 00 0C 00 00 00 00 00 00 00 ........ ........ [0020] 0C 00 00 00 57 00 69 00 6E 00 64 00 6F 00 77 00 ....W.i. n.d.o.w. [0030] 73 00 20 00 78 00 36 00 34 00 00 00 06 00 00 00 s. .x.6. 4....... [0040] 00 00 00 00 00 00 00 00 FF FF FF FF FF FF FF FF ........ ........ [2012/08/30 15:27:57.326917, 10] rpc_server/srv_pipe.c:1890(process_complete_pdu) Processing packet type 0 [2012/08/30 15:27:57.327044, 10] rpc_server/srv_pipe.c:1734(dcesrv_auth_request) Checking request auth. [2012/08/30 15:27:57.327187, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) Requested \PIPE\\spoolss [2012/08/30 15:27:57.327310, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) api_rpcTNP: \spoolss op 0x35 - api_rpcTNP: rpc command: SPOOLSS_GETPRINTERDRIVER2 [2012/08/30 15:27:57.327430, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) api_rpc_cmds[53].fn == 0x7fd50aecc260 [2012/08/30 15:27:57.327612, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) spoolss_GetPrinterDriver2: struct spoolss_GetPrinterDriver2 in: struct spoolss_GetPrinterDriver2 handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000004f-0000-0000-3f50-bdbeee0b0000 architecture : * architecture : 'Windows x64' level : 0x00000006 (6) buffer : NULL offered : 0x00000000 (0) client_major_version : 0xffffffff (4294967295) client_minor_version : 0xffffffff (4294967295) [2012/08/30 15:27:57.328439, 4] rpc_server/spoolss/srv_spoolss_nt.c:5603(_spoolss_GetPrinterDriver2) _spoolss_GetPrinterDriver2 [2012/08/30 15:27:57.328579, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 4F 00 00 00 00 00 00 00 3F 50 BD BE ....O... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:57.328798, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 4F 00 00 00 00 00 00 00 3F 50 BD BE ....O... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:57.328992, 4] rpc_server/spoolss/srv_spoolss_nt.c:504(get_printer_snum) short name:HP_4515 [2012/08/30 15:27:57.329120, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) Create pipe requested \winreg [2012/08/30 15:27:57.329260, 10] rpc_server/rpc_handles.c:116(init_pipe_handles) init_pipe_handle_list: created handle list for pipe \winreg [2012/08/30 15:27:57.329378, 10] rpc_server/rpc_handles.c:133(init_pipe_handles) init_pipe_handle_list: pipe_handles ref count = 1 for pipe \winreg [2012/08/30 15:27:57.329502, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) Created internal pipe \winreg (pipes_open=0) [2012/08/30 15:27:57.329634, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM in: struct winreg_OpenHKLM system_name : NULL access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2012/08/30 15:27:57.330438, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2012/08/30 15:27:57.330558, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (2->3) [2012/08/30 15:27:57.330678, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM] [2012/08/30 15:27:57.330813, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM] [2012/08/30 15:27:57.330938, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:57.331054, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM] [2012/08/30 15:27:57.331197, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM] [2012/08/30 15:27:57.331332, 10] ../libcli/security/access_check.c:178(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2012/08/30 15:27:57.331472, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[1] [0000] 00 00 00 00 52 00 00 00 00 00 00 00 3F 50 BD BE ....R... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:57.331720, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM out: struct winreg_OpenHKLM handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000052-0000-0000-3f50-bdbeee0b0000 result : WERR_OK [2012/08/30 15:27:57.332218, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey in: struct winreg_OpenKey parent_handle : * parent_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000052-0000-0000-3f50-bdbeee0b0000 keyname: struct winreg_String name_len : 0x0088 (136) name_size : 0x0088 (136) name : * name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2012/08/30 15:27:57.333754, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 52 00 00 00 00 00 00 00 3F 50 BD BE ....R... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:57.333950, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2012/08/30 15:27:57.334086, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (3->4) [2012/08/30 15:27:57.334231, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] [2012/08/30 15:27:57.334347, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE] [2012/08/30 15:27:57.334465, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:57.334583, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE] [2012/08/30 15:27:57.334723, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE] [2012/08/30 15:27:57.334856, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2012/08/30 15:27:57.334981, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (4->5) [2012/08/30 15:27:57.335119, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] [2012/08/30 15:27:57.335236, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] [2012/08/30 15:27:57.335353, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:57.335469, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE\Microsoft] [2012/08/30 15:27:57.335631, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft] [2012/08/30 15:27:57.335763, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2012/08/30 15:27:57.335881, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (5->6) [2012/08/30 15:27:57.336001, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] [2012/08/30 15:27:57.336120, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] [2012/08/30 15:27:57.336238, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:57.336355, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] [2012/08/30 15:27:57.336487, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT] [2012/08/30 15:27:57.336622, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2012/08/30 15:27:57.336740, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (6->7) [2012/08/30 15:27:57.336861, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2012/08/30 15:27:57.336977, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2012/08/30 15:27:57.337095, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:57.337231, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b776320 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2012/08/30 15:27:57.337379, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2012/08/30 15:27:57.337500, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (7->8) [2012/08/30 15:27:57.337621, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2012/08/30 15:27:57.337777, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2012/08/30 15:27:57.337897, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:57.338165, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b776320 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2012/08/30 15:27:57.338308, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2012/08/30 15:27:57.338447, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (8->9) [2012/08/30 15:27:57.338589, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2012/08/30 15:27:57.338708, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2012/08/30 15:27:57.338829, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:57.338959, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2012/08/30 15:27:57.339225, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2012/08/30 15:27:57.339364, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [HP_4515] [2012/08/30 15:27:57.339557, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (9->10) [2012/08/30 15:27:57.339689, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:57.339807, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:57.339942, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:57.340059, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:57.340198, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:57.340334, 10] ../libcli/security/access_check.c:178(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2012/08/30 15:27:57.340457, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (10->9) [2012/08/30 15:27:57.340597, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (9->8) [2012/08/30 15:27:57.340717, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (8->7) [2012/08/30 15:27:57.340836, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (7->6) [2012/08/30 15:27:57.340959, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (6->5) [2012/08/30 15:27:57.341081, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (5->4) [2012/08/30 15:27:57.341200, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[2] [0000] 00 00 00 00 53 00 00 00 00 00 00 00 3F 50 BD BE ....S... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:57.341397, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey out: struct winreg_OpenKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000053-0000-0000-3f50-bdbeee0b0000 result : WERR_OK [2012/08/30 15:27:57.341902, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_QueryInfoKey: struct winreg_QueryInfoKey in: struct winreg_QueryInfoKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000053-0000-0000-3f50-bdbeee0b0000 classname : * classname: struct winreg_String name_len : 0x0000 (0) name_size : 0x0000 (0) name : NULL [2012/08/30 15:27:57.342679, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 53 00 00 00 00 00 00 00 3F 50 BD BE ....S... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:57.342885, 10] registry/reg_dispatcher.c:150(fetch_reg_values) fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515' (ops 0x7fd50b775f80) [2012/08/30 15:27:57.343005, 10] registry/reg_backend_db.c:1789(regdb_fetch_values_internal) regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:57.343144, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[0]: name[Attributes] len[4] [2012/08/30 15:27:57.343282, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[1]: name[Datatype] len[8] [2012/08/30 15:27:57.343403, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[2]: name[Default Priority] len[4] [2012/08/30 15:27:57.343559, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[3]: name[Port] len[38] [2012/08/30 15:27:57.343692, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[4]: name[Name] len[16] [2012/08/30 15:27:57.343811, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[5]: name[Print Processor] len[18] [2012/08/30 15:27:57.343931, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[6]: name[Priority] len[4] [2012/08/30 15:27:57.344053, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[7]: name[Security] len[248] [2012/08/30 15:27:57.344172, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[8]: name[Share Name] len[16] [2012/08/30 15:27:57.344292, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[9]: name[StartTime] len[4] [2012/08/30 15:27:57.344411, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[10]: name[UntilTime] len[4] [2012/08/30 15:27:57.344533, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[11]: name[Description] len[26] [2012/08/30 15:27:57.344655, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[12]: name[Printer Driver] len[16] [2012/08/30 15:27:57.344774, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[13]: name[Location] len[2] [2012/08/30 15:27:57.344896, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[14]: name[Parameters] len[2] [2012/08/30 15:27:57.345016, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[15]: name[Separator File] len[2] [2012/08/30 15:27:57.345135, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[16]: name[Status] len[4] [2012/08/30 15:27:57.345257, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[17]: name[ChangeID] len[4] [2012/08/30 15:27:57.345376, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:57.345513, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_QueryInfoKey: struct winreg_QueryInfoKey out: struct winreg_QueryInfoKey classname : * classname: struct winreg_String name_len : 0x0000 (0) name_size : 0x0000 (0) name : NULL num_subkeys : * num_subkeys : 0x00000003 (3) max_subkeylen : * max_subkeylen : 0x00000022 (34) max_classlen : * max_classlen : 0x00000000 (0) num_values : * num_values : 0x00000012 (18) max_valnamelen : * max_valnamelen : 0x00000022 (34) max_valbufsize : * max_valbufsize : 0x000000f8 (248) secdescsize : * secdescsize : 0x00000078 (120) last_changed_time : * last_changed_time : NTTIME(0) result : WERR_OK [2012/08/30 15:27:57.347050, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000053-0000-0000-3f50-bdbeee0b0000 enum_index : 0x00000000 (0) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2012/08/30 15:27:57.348401, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 53 00 00 00 00 00 00 00 3F 50 BD BE ....S... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:57.348597, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:57.348735, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0016 (22) size : 0x0024 (36) name : * name : 'Attributes' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x48 (72) [1] : 0x10 (16) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2012/08/30 15:27:57.350197, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000053-0000-0000-3f50-bdbeee0b0000 enum_index : 0x00000001 (1) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2012/08/30 15:27:57.352308, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 53 00 00 00 00 00 00 00 3F 50 BD BE ....S... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:57.352513, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:57.352635, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0024 (36) name : * name : 'Datatype' type : * type : REG_SZ (1) value : * value: ARRAY(8) [0] : 0x52 (82) [1] : 0x00 (0) [2] : 0x41 (65) [3] : 0x00 (0) [4] : 0x57 (87) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) size : * size : 0x00000008 (8) length : * length : 0x00000008 (8) result : WERR_OK [2012/08/30 15:27:57.354226, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000053-0000-0000-3f50-bdbeee0b0000 enum_index : 0x00000002 (2) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2012/08/30 15:27:57.355616, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 53 00 00 00 00 00 00 00 3F 50 BD BE ....S... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:57.355815, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:57.355953, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0022 (34) size : 0x0024 (36) name : * name : 'Default Priority' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2012/08/30 15:27:57.357268, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000053-0000-0000-3f50-bdbeee0b0000 enum_index : 0x00000003 (3) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2012/08/30 15:27:57.358575, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 53 00 00 00 00 00 00 00 3F 50 BD BE ....S... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:57.358770, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:57.358908, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x000a (10) size : 0x0024 (36) name : * name : 'Port' type : * type : REG_SZ (1) value : * value: ARRAY(38) [0] : 0x53 (83) [1] : 0x00 (0) [2] : 0x61 (97) [3] : 0x00 (0) [4] : 0x6d (109) [5] : 0x00 (0) [6] : 0x62 (98) [7] : 0x00 (0) [8] : 0x61 (97) [9] : 0x00 (0) [10] : 0x20 (32) [11] : 0x00 (0) [12] : 0x50 (80) [13] : 0x00 (0) [14] : 0x72 (114) [15] : 0x00 (0) [16] : 0x69 (105) [17] : 0x00 (0) [18] : 0x6e (110) [19] : 0x00 (0) [20] : 0x74 (116) [21] : 0x00 (0) [22] : 0x65 (101) [23] : 0x00 (0) [24] : 0x72 (114) [25] : 0x00 (0) [26] : 0x20 (32) [27] : 0x00 (0) [28] : 0x50 (80) [29] : 0x00 (0) [30] : 0x6f (111) [31] : 0x00 (0) [32] : 0x72 (114) [33] : 0x00 (0) [34] : 0x74 (116) [35] : 0x00 (0) [36] : 0x00 (0) [37] : 0x00 (0) size : * size : 0x00000026 (38) length : * length : 0x00000026 (38) result : WERR_OK [2012/08/30 15:27:57.362363, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000053-0000-0000-3f50-bdbeee0b0000 enum_index : 0x00000004 (4) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2012/08/30 15:27:57.363907, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 53 00 00 00 00 00 00 00 3F 50 BD BE ....S... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:57.364166, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:57.364294, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x000a (10) size : 0x0024 (36) name : * name : 'Name' type : * type : REG_SZ (1) value : * value: ARRAY(16) [0] : 0x48 (72) [1] : 0x00 (0) [2] : 0x50 (80) [3] : 0x00 (0) [4] : 0x5f (95) [5] : 0x00 (0) [6] : 0x34 (52) [7] : 0x00 (0) [8] : 0x35 (53) [9] : 0x00 (0) [10] : 0x31 (49) [11] : 0x00 (0) [12] : 0x35 (53) [13] : 0x00 (0) [14] : 0x00 (0) [15] : 0x00 (0) size : * size : 0x00000010 (16) length : * length : 0x00000010 (16) result : WERR_OK [2012/08/30 15:27:57.366321, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000053-0000-0000-3f50-bdbeee0b0000 enum_index : 0x00000005 (5) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2012/08/30 15:27:57.367674, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 53 00 00 00 00 00 00 00 3F 50 BD BE ....S... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:57.367869, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:57.368014, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0020 (32) size : 0x0024 (36) name : * name : 'Print Processor' type : * type : REG_SZ (1) value : * value: ARRAY(18) [0] : 0x77 (119) [1] : 0x00 (0) [2] : 0x69 (105) [3] : 0x00 (0) [4] : 0x6e (110) [5] : 0x00 (0) [6] : 0x70 (112) [7] : 0x00 (0) [8] : 0x72 (114) [9] : 0x00 (0) [10] : 0x69 (105) [11] : 0x00 (0) [12] : 0x6e (110) [13] : 0x00 (0) [14] : 0x74 (116) [15] : 0x00 (0) [16] : 0x00 (0) [17] : 0x00 (0) size : * size : 0x00000012 (18) length : * length : 0x00000012 (18) result : WERR_OK [2012/08/30 15:27:57.370213, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000053-0000-0000-3f50-bdbeee0b0000 enum_index : 0x00000006 (6) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2012/08/30 15:27:57.371556, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 53 00 00 00 00 00 00 00 3F 50 BD BE ....S... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:57.371772, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:57.371899, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0024 (36) name : * name : 'Priority' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2012/08/30 15:27:57.373227, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000053-0000-0000-3f50-bdbeee0b0000 enum_index : 0x00000007 (7) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2012/08/30 15:27:57.374712, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 53 00 00 00 00 00 00 00 3F 50 BD BE ....S... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:57.374913, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:57.375054, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0024 (36) name : * name : 'Security' type : * type : REG_BINARY (3) value : * value: ARRAY(248) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x04 (4) [3] : 0x80 (128) [4] : 0x14 (20) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) [8] : 0x24 (36) [9] : 0x00 (0) [10] : 0x00 (0) [11] : 0x00 (0) [12] : 0x00 (0) [13] : 0x00 (0) [14] : 0x00 (0) [15] : 0x00 (0) [16] : 0x34 (52) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) [20] : 0x01 (1) [21] : 0x02 (2) [22] : 0x00 (0) [23] : 0x00 (0) [24] : 0x00 (0) [25] : 0x00 (0) [26] : 0x00 (0) [27] : 0x05 (5) [28] : 0x20 (32) [29] : 0x00 (0) [30] : 0x00 (0) [31] : 0x00 (0) [32] : 0x20 (32) [33] : 0x02 (2) [34] : 0x00 (0) [35] : 0x00 (0) [36] : 0x01 (1) [37] : 0x02 (2) [38] : 0x00 (0) [39] : 0x00 (0) [40] : 0x00 (0) [41] : 0x00 (0) [42] : 0x00 (0) [43] : 0x05 (5) [44] : 0x20 (32) [45] : 0x00 (0) [46] : 0x00 (0) [47] : 0x00 (0) [48] : 0x20 (32) [49] : 0x02 (2) [50] : 0x00 (0) [51] : 0x00 (0) [52] : 0x02 (2) [53] : 0x00 (0) [54] : 0xc4 (196) [55] : 0x00 (0) [56] : 0x07 (7) [57] : 0x00 (0) [58] : 0x00 (0) [59] : 0x00 (0) [60] : 0x00 (0) [61] : 0x02 (2) [62] : 0x14 (20) [63] : 0x00 (0) [64] : 0x08 (8) [65] : 0x00 (0) [66] : 0x02 (2) [67] : 0x20 (32) [68] : 0x01 (1) [69] : 0x01 (1) [70] : 0x00 (0) [71] : 0x00 (0) [72] : 0x00 (0) [73] : 0x00 (0) [74] : 0x00 (0) [75] : 0x01 (1) [76] : 0x00 (0) [77] : 0x00 (0) [78] : 0x00 (0) [79] : 0x00 (0) [80] : 0x00 (0) [81] : 0x09 (9) [82] : 0x24 (36) [83] : 0x00 (0) [84] : 0x0c (12) [85] : 0x00 (0) [86] : 0x0f (15) [87] : 0x10 (16) [88] : 0x01 (1) [89] : 0x05 (5) [90] : 0x00 (0) [91] : 0x00 (0) [92] : 0x00 (0) [93] : 0x00 (0) [94] : 0x00 (0) [95] : 0x05 (5) [96] : 0x15 (21) [97] : 0x00 (0) [98] : 0x00 (0) [99] : 0x00 (0) [100] : 0x1b (27) [101] : 0xea (234) [102] : 0xaf (175) [103] : 0xc2 (194) [104] : 0xc0 (192) [105] : 0x3c (60) [106] : 0x7d (125) [107] : 0xdd (221) [108] : 0x2c (44) [109] : 0x8f (143) [110] : 0x72 (114) [111] : 0xd3 (211) [112] : 0x00 (0) [113] : 0x02 (2) [114] : 0x00 (0) [115] : 0x00 (0) [116] : 0x00 (0) [117] : 0x02 (2) [118] : 0x24 (36) [119] : 0x00 (0) [120] : 0x0c (12) [121] : 0x00 (0) [122] : 0x0f (15) [123] : 0x10 (16) [124] : 0x01 (1) [125] : 0x05 (5) [126] : 0x00 (0) [127] : 0x00 (0) [128] : 0x00 (0) [129] : 0x00 (0) [130] : 0x00 (0) [131] : 0x05 (5) [132] : 0x15 (21) [133] : 0x00 (0) [134] : 0x00 (0) [135] : 0x00 (0) [136] : 0x1b (27) [137] : 0xea (234) [138] : 0xaf (175) [139] : 0xc2 (194) [140] : 0xc0 (192) [141] : 0x3c (60) [142] : 0x7d (125) [143] : 0xdd (221) [144] : 0x2c (44) [145] : 0x8f (143) [146] : 0x72 (114) [147] : 0xd3 (211) [148] : 0x00 (0) [149] : 0x02 (2) [150] : 0x00 (0) [151] : 0x00 (0) [152] : 0x00 (0) [153] : 0x09 (9) [154] : 0x18 (24) [155] : 0x00 (0) [156] : 0x0c (12) [157] : 0x00 (0) [158] : 0x0f (15) [159] : 0x10 (16) [160] : 0x01 (1) [161] : 0x02 (2) [162] : 0x00 (0) [163] : 0x00 (0) [164] : 0x00 (0) [165] : 0x00 (0) [166] : 0x00 (0) [167] : 0x05 (5) [168] : 0x20 (32) [169] : 0x00 (0) [170] : 0x00 (0) [171] : 0x00 (0) [172] : 0x20 (32) [173] : 0x02 (2) [174] : 0x00 (0) [175] : 0x00 (0) [176] : 0x00 (0) [177] : 0x02 (2) [178] : 0x18 (24) [179] : 0x00 (0) [180] : 0x0c (12) [181] : 0x00 (0) [182] : 0x0f (15) [183] : 0x10 (16) [184] : 0x01 (1) [185] : 0x02 (2) [186] : 0x00 (0) [187] : 0x00 (0) [188] : 0x00 (0) [189] : 0x00 (0) [190] : 0x00 (0) [191] : 0x05 (5) [192] : 0x20 (32) [193] : 0x00 (0) [194] : 0x00 (0) [195] : 0x00 (0) [196] : 0x20 (32) [197] : 0x02 (2) [198] : 0x00 (0) [199] : 0x00 (0) [200] : 0x00 (0) [201] : 0x09 (9) [202] : 0x18 (24) [203] : 0x00 (0) [204] : 0x0c (12) [205] : 0x00 (0) [206] : 0x0f (15) [207] : 0x10 (16) [208] : 0x01 (1) [209] : 0x02 (2) [210] : 0x00 (0) [211] : 0x00 (0) [212] : 0x00 (0) [213] : 0x00 (0) [214] : 0x00 (0) [215] : 0x05 (5) [216] : 0x20 (32) [217] : 0x00 (0) [218] : 0x00 (0) [219] : 0x00 (0) [220] : 0x26 (38) [221] : 0x02 (2) [222] : 0x00 (0) [223] : 0x00 (0) [224] : 0x00 (0) [225] : 0x02 (2) [226] : 0x18 (24) [227] : 0x00 (0) [228] : 0x0c (12) [229] : 0x00 (0) [230] : 0x0f (15) [231] : 0x10 (16) [232] : 0x01 (1) [233] : 0x02 (2) [234] : 0x00 (0) [235] : 0x00 (0) [236] : 0x00 (0) [237] : 0x00 (0) [238] : 0x00 (0) [239] : 0x05 (5) [240] : 0x20 (32) [241] : 0x00 (0) [242] : 0x00 (0) [243] : 0x00 (0) [244] : 0x26 (38) [245] : 0x02 (2) [246] : 0x00 (0) [247] : 0x00 (0) size : * size : 0x000000f8 (248) length : * length : 0x000000f8 (248) result : WERR_OK [2012/08/30 15:27:57.391557, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000053-0000-0000-3f50-bdbeee0b0000 enum_index : 0x00000008 (8) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2012/08/30 15:27:57.392900, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 53 00 00 00 00 00 00 00 3F 50 BD BE ....S... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:57.393097, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:57.393237, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0016 (22) size : 0x0024 (36) name : * name : 'Share Name' type : * type : REG_SZ (1) value : * value: ARRAY(16) [0] : 0x48 (72) [1] : 0x00 (0) [2] : 0x50 (80) [3] : 0x00 (0) [4] : 0x5f (95) [5] : 0x00 (0) [6] : 0x34 (52) [7] : 0x00 (0) [8] : 0x35 (53) [9] : 0x00 (0) [10] : 0x31 (49) [11] : 0x00 (0) [12] : 0x35 (53) [13] : 0x00 (0) [14] : 0x00 (0) [15] : 0x00 (0) size : * size : 0x00000010 (16) length : * length : 0x00000010 (16) result : WERR_OK [2012/08/30 15:27:57.395308, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000053-0000-0000-3f50-bdbeee0b0000 enum_index : 0x00000009 (9) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2012/08/30 15:27:57.396623, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 53 00 00 00 00 00 00 00 3F 50 BD BE ....S... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:57.396822, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:57.396943, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0014 (20) size : 0x0024 (36) name : * name : 'StartTime' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x00 (0) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2012/08/30 15:27:57.398446, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000053-0000-0000-3f50-bdbeee0b0000 enum_index : 0x0000000a (10) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2012/08/30 15:27:57.399801, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 53 00 00 00 00 00 00 00 3F 50 BD BE ....S... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:57.400015, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:57.400137, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0014 (20) size : 0x0024 (36) name : * name : 'UntilTime' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x00 (0) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2012/08/30 15:27:57.402167, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000053-0000-0000-3f50-bdbeee0b0000 enum_index : 0x0000000b (11) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2012/08/30 15:27:57.403553, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 53 00 00 00 00 00 00 00 3F 50 BD BE ....S... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:57.403776, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:57.403898, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0018 (24) size : 0x0024 (36) name : * name : 'Description' type : * type : REG_SZ (1) value : * value: ARRAY(26) [0] : 0x63 (99) [1] : 0x00 (0) [2] : 0x75 (117) [3] : 0x00 (0) [4] : 0x70 (112) [5] : 0x00 (0) [6] : 0x73 (115) [7] : 0x00 (0) [8] : 0x20 (32) [9] : 0x00 (0) [10] : 0x70 (112) [11] : 0x00 (0) [12] : 0x72 (114) [13] : 0x00 (0) [14] : 0x69 (105) [15] : 0x00 (0) [16] : 0x6e (110) [17] : 0x00 (0) [18] : 0x74 (116) [19] : 0x00 (0) [20] : 0x65 (101) [21] : 0x00 (0) [22] : 0x72 (114) [23] : 0x00 (0) [24] : 0x00 (0) [25] : 0x00 (0) size : * size : 0x0000001a (26) length : * length : 0x0000001a (26) result : WERR_OK [2012/08/30 15:27:57.406595, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000053-0000-0000-3f50-bdbeee0b0000 enum_index : 0x0000000c (12) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2012/08/30 15:27:57.407938, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 53 00 00 00 00 00 00 00 3F 50 BD BE ....S... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:57.408135, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:57.408277, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x001e (30) size : 0x0024 (36) name : * name : 'Printer Driver' type : * type : REG_SZ (1) value : * value: ARRAY(16) [0] : 0x48 (72) [1] : 0x00 (0) [2] : 0x50 (80) [3] : 0x00 (0) [4] : 0x5f (95) [5] : 0x00 (0) [6] : 0x34 (52) [7] : 0x00 (0) [8] : 0x35 (53) [9] : 0x00 (0) [10] : 0x31 (49) [11] : 0x00 (0) [12] : 0x35 (53) [13] : 0x00 (0) [14] : 0x00 (0) [15] : 0x00 (0) size : * size : 0x00000010 (16) length : * length : 0x00000010 (16) result : WERR_OK [2012/08/30 15:27:57.410379, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000053-0000-0000-3f50-bdbeee0b0000 enum_index : 0x0000000d (13) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2012/08/30 15:27:57.411877, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 53 00 00 00 00 00 00 00 3F 50 BD BE ....S... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:57.412089, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:57.412211, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0024 (36) name : * name : 'Location' type : * type : REG_SZ (1) value : * value: ARRAY(2) [0] : 0x00 (0) [1] : 0x00 (0) size : * size : 0x00000002 (2) length : * length : 0x00000002 (2) result : WERR_OK [2012/08/30 15:27:57.413441, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000053-0000-0000-3f50-bdbeee0b0000 enum_index : 0x0000000e (14) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2012/08/30 15:27:57.414831, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 53 00 00 00 00 00 00 00 3F 50 BD BE ....S... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:57.415031, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:57.415153, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0016 (22) size : 0x0024 (36) name : * name : 'Parameters' type : * type : REG_SZ (1) value : * value: ARRAY(2) [0] : 0x00 (0) [1] : 0x00 (0) size : * size : 0x00000002 (2) length : * length : 0x00000002 (2) result : WERR_OK [2012/08/30 15:27:57.416422, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000053-0000-0000-3f50-bdbeee0b0000 enum_index : 0x0000000f (15) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2012/08/30 15:27:57.417749, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 53 00 00 00 00 00 00 00 3F 50 BD BE ....S... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:57.417950, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:57.418072, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x001e (30) size : 0x0024 (36) name : * name : 'Separator File' type : * type : REG_SZ (1) value : * value: ARRAY(2) [0] : 0x00 (0) [1] : 0x00 (0) size : * size : 0x00000002 (2) length : * length : 0x00000002 (2) result : WERR_OK [2012/08/30 15:27:57.419326, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000053-0000-0000-3f50-bdbeee0b0000 enum_index : 0x00000010 (16) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2012/08/30 15:27:57.420695, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 53 00 00 00 00 00 00 00 3F 50 BD BE ....S... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:57.420896, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:57.421021, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x000e (14) size : 0x0024 (36) name : * name : 'Status' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x00 (0) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2012/08/30 15:27:57.422545, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000053-0000-0000-3f50-bdbeee0b0000 enum_index : 0x00000011 (17) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2012/08/30 15:27:57.423929, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 53 00 00 00 00 00 00 00 3F 50 BD BE ....S... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:57.424151, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:57.424277, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0024 (36) name : * name : 'ChangeID' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x09 (9) [1] : 0x7d (125) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2012/08/30 15:27:57.425674, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000053-0000-0000-3f50-bdbeee0b0000 value_name : * value_name: struct winreg_String name_len : 0x0020 (32) name_size : 0x0020 (32) name : * name : 'Default DevMode' type : * type : REG_NONE (0) data : NULL data_size : * data_size : 0x00000000 (0) data_length : * data_length : 0x00000000 (0) [2012/08/30 15:27:57.426960, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 53 00 00 00 00 00 00 00 3F 50 BD BE ....S... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:57.427159, 7] rpc_server/winreg/srv_winreg_nt.c:262(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:57.427280, 7] rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2012/08/30 15:27:57.427400, 10] rpc_server/winreg/srv_winreg_nt.c:315(_winreg_QueryValue) _winreg_QueryValue: reg_queryvalue failed with: WERR_BADFILE [2012/08/30 15:27:57.427570, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_NONE (0) data : NULL data_size : * data_size : 0x00000000 (0) data_length : * data_length : 0x00000000 (0) result : WERR_BADFILE [2012/08/30 15:27:57.428244, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM in: struct winreg_OpenHKLM system_name : NULL access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2012/08/30 15:27:57.429043, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2012/08/30 15:27:57.429166, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (4->5) [2012/08/30 15:27:57.429286, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM] [2012/08/30 15:27:57.429403, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM] [2012/08/30 15:27:57.429537, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:57.429653, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM] [2012/08/30 15:27:57.429795, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM] [2012/08/30 15:27:57.429931, 10] ../libcli/security/access_check.c:178(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2012/08/30 15:27:57.430052, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[3] [0000] 00 00 00 00 54 00 00 00 00 00 00 00 3F 50 BD BE ....T... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:57.430257, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM out: struct winreg_OpenHKLM handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000054-0000-0000-3f50-bdbeee0b0000 result : WERR_OK [2012/08/30 15:27:57.430783, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey in: struct winreg_OpenKey parent_handle : * parent_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000054-0000-0000-3f50-bdbeee0b0000 keyname: struct winreg_String name_len : 0x0088 (136) name_size : 0x0088 (136) name : * name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2012/08/30 15:27:57.432388, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 54 00 00 00 00 00 00 00 3F 50 BD BE ....T... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:57.432593, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2012/08/30 15:27:57.432712, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (5->6) [2012/08/30 15:27:57.432832, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] [2012/08/30 15:27:57.432960, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE] [2012/08/30 15:27:57.433085, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:57.433201, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE] [2012/08/30 15:27:57.433355, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE] [2012/08/30 15:27:57.433488, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2012/08/30 15:27:57.433606, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (6->7) [2012/08/30 15:27:57.433729, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] [2012/08/30 15:27:57.433846, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] [2012/08/30 15:27:57.433964, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:57.434080, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE\Microsoft] [2012/08/30 15:27:57.434216, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft] [2012/08/30 15:27:57.434513, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2012/08/30 15:27:57.434649, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (7->8) [2012/08/30 15:27:57.434770, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] [2012/08/30 15:27:57.434888, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] [2012/08/30 15:27:57.435008, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:57.435142, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] [2012/08/30 15:27:57.435277, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT] [2012/08/30 15:27:57.435410, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2012/08/30 15:27:57.435581, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (8->9) [2012/08/30 15:27:57.435703, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2012/08/30 15:27:57.435823, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2012/08/30 15:27:57.435941, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:57.436058, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b776320 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2012/08/30 15:27:57.436218, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2012/08/30 15:27:57.436339, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (9->10) [2012/08/30 15:27:57.436460, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2012/08/30 15:27:57.436581, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2012/08/30 15:27:57.436725, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:57.436842, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b776320 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2012/08/30 15:27:57.436997, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2012/08/30 15:27:57.437117, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (10->11) [2012/08/30 15:27:57.437238, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2012/08/30 15:27:57.437367, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2012/08/30 15:27:57.437492, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:57.437609, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2012/08/30 15:27:57.437758, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2012/08/30 15:27:57.437900, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [HP_4515] [2012/08/30 15:27:57.438020, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (11->12) [2012/08/30 15:27:57.438159, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:57.438278, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:57.438447, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:57.438567, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:57.438705, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:57.438841, 10] ../libcli/security/access_check.c:178(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2012/08/30 15:27:57.438965, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (12->11) [2012/08/30 15:27:57.439084, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (11->10) [2012/08/30 15:27:57.439205, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (10->9) [2012/08/30 15:27:57.439335, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (9->8) [2012/08/30 15:27:57.439459, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (8->7) [2012/08/30 15:27:57.439608, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (7->6) [2012/08/30 15:27:57.439732, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[4] [0000] 00 00 00 00 55 00 00 00 00 00 00 00 3F 50 BD BE ....U... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:57.439929, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey out: struct winreg_OpenKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000055-0000-0000-3f50-bdbeee0b0000 result : WERR_OK [2012/08/30 15:27:57.440429, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000055-0000-0000-3f50-bdbeee0b0000 value_name : * value_name: struct winreg_String name_len : 0x0012 (18) name_size : 0x0012 (18) name : * name : 'Security' type : * type : REG_NONE (0) data : NULL data_size : * data_size : 0x00000000 (0) data_length : * data_length : 0x00000000 (0) [2012/08/30 15:27:57.441646, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 55 00 00 00 00 00 00 00 3F 50 BD BE ....U... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:57.441848, 7] rpc_server/winreg/srv_winreg_nt.c:262(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:57.441967, 7] rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2012/08/30 15:27:57.442102, 10] registry/reg_dispatcher.c:150(fetch_reg_values) fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515' (ops 0x7fd50b775f80) [2012/08/30 15:27:57.442238, 10] registry/reg_backend_db.c:1789(regdb_fetch_values_internal) regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:57.442383, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[0]: name[Attributes] len[4] [2012/08/30 15:27:57.442520, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[1]: name[Datatype] len[8] [2012/08/30 15:27:57.442640, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[2]: name[Default Priority] len[4] [2012/08/30 15:27:57.442760, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[3]: name[Port] len[38] [2012/08/30 15:27:57.442882, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[4]: name[Name] len[16] [2012/08/30 15:27:57.443004, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[5]: name[Print Processor] len[18] [2012/08/30 15:27:57.443124, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[6]: name[Priority] len[4] [2012/08/30 15:27:57.443276, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[7]: name[Security] len[248] [2012/08/30 15:27:57.443397, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[8]: name[Share Name] len[16] [2012/08/30 15:27:57.443627, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[9]: name[StartTime] len[4] [2012/08/30 15:27:57.443752, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[10]: name[UntilTime] len[4] [2012/08/30 15:27:57.443874, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[11]: name[Description] len[26] [2012/08/30 15:27:57.444015, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[12]: name[Printer Driver] len[16] [2012/08/30 15:27:57.444137, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[13]: name[Location] len[2] [2012/08/30 15:27:57.444266, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[14]: name[Parameters] len[2] [2012/08/30 15:27:57.444406, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[15]: name[Separator File] len[2] [2012/08/30 15:27:57.444527, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[16]: name[Status] len[4] [2012/08/30 15:27:57.444649, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[17]: name[ChangeID] len[4] [2012/08/30 15:27:57.444777, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_BINARY (3) data : NULL data_size : * data_size : 0x000000f8 (248) data_length : * data_length : 0x00000000 (0) result : WERR_OK [2012/08/30 15:27:57.445464, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000055-0000-0000-3f50-bdbeee0b0000 value_name : * value_name: struct winreg_String name_len : 0x0012 (18) name_size : 0x0012 (18) name : * name : 'Security' type : * type : REG_BINARY (3) data : * data: ARRAY(0) data_size : * data_size : 0x000000f8 (248) data_length : * data_length : 0x00000000 (0) [2012/08/30 15:27:57.446884, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 55 00 00 00 00 00 00 00 3F 50 BD BE ....U... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:57.447083, 7] rpc_server/winreg/srv_winreg_nt.c:262(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:57.447203, 7] rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2012/08/30 15:27:57.447345, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_BINARY (3) data : * data: ARRAY(248) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x04 (4) [3] : 0x80 (128) [4] : 0x14 (20) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) [8] : 0x24 (36) [9] : 0x00 (0) [10] : 0x00 (0) [11] : 0x00 (0) [12] : 0x00 (0) [13] : 0x00 (0) [14] : 0x00 (0) [15] : 0x00 (0) [16] : 0x34 (52) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) [20] : 0x01 (1) [21] : 0x02 (2) [22] : 0x00 (0) [23] : 0x00 (0) [24] : 0x00 (0) [25] : 0x00 (0) [26] : 0x00 (0) [27] : 0x05 (5) [28] : 0x20 (32) [29] : 0x00 (0) [30] : 0x00 (0) [31] : 0x00 (0) [32] : 0x20 (32) [33] : 0x02 (2) [34] : 0x00 (0) [35] : 0x00 (0) [36] : 0x01 (1) [37] : 0x02 (2) [38] : 0x00 (0) [39] : 0x00 (0) [40] : 0x00 (0) [41] : 0x00 (0) [42] : 0x00 (0) [43] : 0x05 (5) [44] : 0x20 (32) [45] : 0x00 (0) [46] : 0x00 (0) [47] : 0x00 (0) [48] : 0x20 (32) [49] : 0x02 (2) [50] : 0x00 (0) [51] : 0x00 (0) [52] : 0x02 (2) [53] : 0x00 (0) [54] : 0xc4 (196) [55] : 0x00 (0) [56] : 0x07 (7) [57] : 0x00 (0) [58] : 0x00 (0) [59] : 0x00 (0) [60] : 0x00 (0) [61] : 0x02 (2) [62] : 0x14 (20) [63] : 0x00 (0) [64] : 0x08 (8) [65] : 0x00 (0) [66] : 0x02 (2) [67] : 0x20 (32) [68] : 0x01 (1) [69] : 0x01 (1) [70] : 0x00 (0) [71] : 0x00 (0) [72] : 0x00 (0) [73] : 0x00 (0) [74] : 0x00 (0) [75] : 0x01 (1) [76] : 0x00 (0) [77] : 0x00 (0) [78] : 0x00 (0) [79] : 0x00 (0) [80] : 0x00 (0) [81] : 0x09 (9) [82] : 0x24 (36) [83] : 0x00 (0) [84] : 0x0c (12) [85] : 0x00 (0) [86] : 0x0f (15) [87] : 0x10 (16) [88] : 0x01 (1) [89] : 0x05 (5) [90] : 0x00 (0) [91] : 0x00 (0) [92] : 0x00 (0) [93] : 0x00 (0) [94] : 0x00 (0) [95] : 0x05 (5) [96] : 0x15 (21) [97] : 0x00 (0) [98] : 0x00 (0) [99] : 0x00 (0) [100] : 0x1b (27) [101] : 0xea (234) [102] : 0xaf (175) [103] : 0xc2 (194) [104] : 0xc0 (192) [105] : 0x3c (60) [106] : 0x7d (125) [107] : 0xdd (221) [108] : 0x2c (44) [109] : 0x8f (143) [110] : 0x72 (114) [111] : 0xd3 (211) [112] : 0x00 (0) [113] : 0x02 (2) [114] : 0x00 (0) [115] : 0x00 (0) [116] : 0x00 (0) [117] : 0x02 (2) [118] : 0x24 (36) [119] : 0x00 (0) [120] : 0x0c (12) [121] : 0x00 (0) [122] : 0x0f (15) [123] : 0x10 (16) [124] : 0x01 (1) [125] : 0x05 (5) [126] : 0x00 (0) [127] : 0x00 (0) [128] : 0x00 (0) [129] : 0x00 (0) [130] : 0x00 (0) [131] : 0x05 (5) [132] : 0x15 (21) [133] : 0x00 (0) [134] : 0x00 (0) [135] : 0x00 (0) [136] : 0x1b (27) [137] : 0xea (234) [138] : 0xaf (175) [139] : 0xc2 (194) [140] : 0xc0 (192) [141] : 0x3c (60) [142] : 0x7d (125) [143] : 0xdd (221) [144] : 0x2c (44) [145] : 0x8f (143) [146] : 0x72 (114) [147] : 0xd3 (211) [148] : 0x00 (0) [149] : 0x02 (2) [150] : 0x00 (0) [151] : 0x00 (0) [152] : 0x00 (0) [153] : 0x09 (9) [154] : 0x18 (24) [155] : 0x00 (0) [156] : 0x0c (12) [157] : 0x00 (0) [158] : 0x0f (15) [159] : 0x10 (16) [160] : 0x01 (1) [161] : 0x02 (2) [162] : 0x00 (0) [163] : 0x00 (0) [164] : 0x00 (0) [165] : 0x00 (0) [166] : 0x00 (0) [167] : 0x05 (5) [168] : 0x20 (32) [169] : 0x00 (0) [170] : 0x00 (0) [171] : 0x00 (0) [172] : 0x20 (32) [173] : 0x02 (2) [174] : 0x00 (0) [175] : 0x00 (0) [176] : 0x00 (0) [177] : 0x02 (2) [178] : 0x18 (24) [179] : 0x00 (0) [180] : 0x0c (12) [181] : 0x00 (0) [182] : 0x0f (15) [183] : 0x10 (16) [184] : 0x01 (1) [185] : 0x02 (2) [186] : 0x00 (0) [187] : 0x00 (0) [188] : 0x00 (0) [189] : 0x00 (0) [190] : 0x00 (0) [191] : 0x05 (5) [192] : 0x20 (32) [193] : 0x00 (0) [194] : 0x00 (0) [195] : 0x00 (0) [196] : 0x20 (32) [197] : 0x02 (2) [198] : 0x00 (0) [199] : 0x00 (0) [200] : 0x00 (0) [201] : 0x09 (9) [202] : 0x18 (24) [203] : 0x00 (0) [204] : 0x0c (12) [205] : 0x00 (0) [206] : 0x0f (15) [207] : 0x10 (16) [208] : 0x01 (1) [209] : 0x02 (2) [210] : 0x00 (0) [211] : 0x00 (0) [212] : 0x00 (0) [213] : 0x00 (0) [214] : 0x00 (0) [215] : 0x05 (5) [216] : 0x20 (32) [217] : 0x00 (0) [218] : 0x00 (0) [219] : 0x00 (0) [220] : 0x26 (38) [221] : 0x02 (2) [222] : 0x00 (0) [223] : 0x00 (0) [224] : 0x00 (0) [225] : 0x02 (2) [226] : 0x18 (24) [227] : 0x00 (0) [228] : 0x0c (12) [229] : 0x00 (0) [230] : 0x0f (15) [231] : 0x10 (16) [232] : 0x01 (1) [233] : 0x02 (2) [234] : 0x00 (0) [235] : 0x00 (0) [236] : 0x00 (0) [237] : 0x00 (0) [238] : 0x00 (0) [239] : 0x05 (5) [240] : 0x20 (32) [241] : 0x00 (0) [242] : 0x00 (0) [243] : 0x00 (0) [244] : 0x26 (38) [245] : 0x02 (2) [246] : 0x00 (0) [247] : 0x00 (0) data_size : * data_size : 0x000000f8 (248) data_length : * data_length : 0x000000f8 (248) result : WERR_OK [2012/08/30 15:27:57.463549, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000055-0000-0000-3f50-bdbeee0b0000 [2012/08/30 15:27:57.464004, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 55 00 00 00 00 00 00 00 3F 50 BD BE ....U... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:57.464203, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 55 00 00 00 00 00 00 00 3F 50 BD BE ....U... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:57.464401, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/08/30 15:27:57.464528, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (6->5) [2012/08/30 15:27:57.464661, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2012/08/30 15:27:57.465157, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000054-0000-0000-3f50-bdbeee0b0000 [2012/08/30 15:27:57.465573, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 54 00 00 00 00 00 00 00 3F 50 BD BE ....T... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:57.465769, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 54 00 00 00 00 00 00 00 3F 50 BD BE ....T... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:57.466005, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/08/30 15:27:57.466126, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (5->4) [2012/08/30 15:27:57.466248, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2012/08/30 15:27:57.466748, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000053-0000-0000-3f50-bdbeee0b0000 [2012/08/30 15:27:57.467176, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 53 00 00 00 00 00 00 00 3F 50 BD BE ....S... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:57.467370, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 53 00 00 00 00 00 00 00 3F 50 BD BE ....S... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:57.467715, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/08/30 15:27:57.467837, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (4->3) [2012/08/30 15:27:57.467958, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2012/08/30 15:27:57.468465, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000052-0000-0000-3f50-bdbeee0b0000 [2012/08/30 15:27:57.468895, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 52 00 00 00 00 00 00 00 3F 50 BD BE ....R... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:57.469106, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 52 00 00 00 00 00 00 00 3F 50 BD BE ....R... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:57.469299, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/08/30 15:27:57.469417, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (3->2) [2012/08/30 15:27:57.469537, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2012/08/30 15:27:57.470163, 8] rpc_server/spoolss/srv_spoolss_nt.c:5510(construct_printer_driver_info_level) construct_printer_driver_info_level: status: WERR_OK [2012/08/30 15:27:57.470301, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM in: struct winreg_OpenHKLM system_name : NULL access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2012/08/30 15:27:57.471072, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2012/08/30 15:27:57.471208, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (2->3) [2012/08/30 15:27:57.471329, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM] [2012/08/30 15:27:57.471445, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM] [2012/08/30 15:27:57.471611, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:57.471728, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM] [2012/08/30 15:27:57.471872, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM] [2012/08/30 15:27:57.472007, 10] ../libcli/security/access_check.c:178(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2012/08/30 15:27:57.472128, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[1] [0000] 00 00 00 00 56 00 00 00 00 00 00 00 3F 50 BD BE ....V... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:57.472325, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM out: struct winreg_OpenHKLM handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000056-0000-0000-3f50-bdbeee0b0000 result : WERR_OK [2012/08/30 15:27:57.472814, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey in: struct winreg_OpenKey parent_handle : * parent_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000056-0000-0000-3f50-bdbeee0b0000 keyname: struct winreg_String name_len : 0x00b4 (180) name_size : 0x00b4 (180) name : * name : 'SYSTEM\CurrentControlSet\Control\Print\Environments\Windows x64\Drivers\Version-3\HP_4515' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2012/08/30 15:27:57.474502, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 56 00 00 00 00 00 00 00 3F 50 BD BE ....V... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:57.474727, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [SYSTEM] [2012/08/30 15:27:57.474846, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (3->4) [2012/08/30 15:27:57.474967, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM] [2012/08/30 15:27:57.475087, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SYSTEM] [2012/08/30 15:27:57.475205, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:57.475325, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SYSTEM] [2012/08/30 15:27:57.475464, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM] [2012/08/30 15:27:57.475626, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentControlSet] [2012/08/30 15:27:57.475749, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (4->5) [2012/08/30 15:27:57.475870, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet] [2012/08/30 15:27:57.476014, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet] [2012/08/30 15:27:57.476137, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:57.476254, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SYSTEM\CurrentControlSet] [2012/08/30 15:27:57.476391, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM\CurrentControlSet] [2012/08/30 15:27:57.476527, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Control] [2012/08/30 15:27:57.476646, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (5->6) [2012/08/30 15:27:57.476767, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Control] [2012/08/30 15:27:57.476901, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Control] [2012/08/30 15:27:57.477020, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:57.477139, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SYSTEM\CurrentControlSet\Control] [2012/08/30 15:27:57.477292, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM\CurrentControlSet\Control] [2012/08/30 15:27:57.477425, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2012/08/30 15:27:57.477544, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (6->7) [2012/08/30 15:27:57.477668, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Control\Print] [2012/08/30 15:27:57.477785, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Control\Print] [2012/08/30 15:27:57.477926, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:57.478046, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SYSTEM\CurrentControlSet\Control\Print] [2012/08/30 15:27:57.478184, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM\CurrentControlSet\Control\Print] [2012/08/30 15:27:57.478320, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Environments] [2012/08/30 15:27:57.478458, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (7->8) [2012/08/30 15:27:57.478582, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments] [2012/08/30 15:27:57.478708, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments] [2012/08/30 15:27:57.478830, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:57.478946, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments] [2012/08/30 15:27:57.479084, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments] [2012/08/30 15:27:57.479224, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Windows x64] [2012/08/30 15:27:57.479344, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (8->9) [2012/08/30 15:27:57.479466, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows x64] [2012/08/30 15:27:57.480391, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows x64] [2012/08/30 15:27:57.480511, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:57.480627, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows x64] [2012/08/30 15:27:57.480779, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows x64] [2012/08/30 15:27:57.480914, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Drivers] [2012/08/30 15:27:57.481035, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (9->10) [2012/08/30 15:27:57.481161, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows x64\Drivers] [2012/08/30 15:27:57.481281, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows x64\Drivers] [2012/08/30 15:27:57.481401, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:57.481520, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows x64\Drivers] [2012/08/30 15:27:57.481656, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows x64\Drivers] [2012/08/30 15:27:57.481792, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Version-3] [2012/08/30 15:27:57.481929, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (10->11) [2012/08/30 15:27:57.482052, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows x64\Drivers\Version-3] [2012/08/30 15:27:57.482172, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows x64\Drivers\Version-3] [2012/08/30 15:27:57.482311, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:57.482428, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows x64\Drivers\Version-3] [2012/08/30 15:27:57.482718, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows x64\Drivers\Version-3] [2012/08/30 15:27:57.482881, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [HP_4515] [2012/08/30 15:27:57.483001, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (11->12) [2012/08/30 15:27:57.483141, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows x64\Drivers\Version-3\HP_4515] [2012/08/30 15:27:57.483276, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows x64\Drivers\Version-3\HP_4515] [2012/08/30 15:27:57.483396, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:57.483564, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows x64\Drivers\Version-3\HP_4515] [2012/08/30 15:27:57.483709, 10] registry/reg_backend_db.c:1656(regdb_fetch_keys_internal) regdb_fetch_keys: no subkeys found for key [HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows x64\Drivers\Version-3\HP_4515] [2012/08/30 15:27:57.483830, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows x64\Drivers\Version-3\HP_4515] [2012/08/30 15:27:57.483982, 10] ../libcli/security/access_check.c:178(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2012/08/30 15:27:57.484104, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (12->11) [2012/08/30 15:27:57.484223, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (11->10) [2012/08/30 15:27:57.484353, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (10->9) [2012/08/30 15:27:57.484480, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (9->8) [2012/08/30 15:27:57.484599, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (8->7) [2012/08/30 15:27:57.484720, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (7->6) [2012/08/30 15:27:57.484839, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (6->5) [2012/08/30 15:27:57.484957, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (5->4) [2012/08/30 15:27:57.485077, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[2] [0000] 00 00 00 00 57 00 00 00 00 00 00 00 3F 50 BD BE ....W... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:57.485278, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey out: struct winreg_OpenKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000057-0000-0000-3f50-bdbeee0b0000 result : WERR_OK [2012/08/30 15:27:57.485789, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_QueryInfoKey: struct winreg_QueryInfoKey in: struct winreg_QueryInfoKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000057-0000-0000-3f50-bdbeee0b0000 classname : * classname: struct winreg_String name_len : 0x0000 (0) name_size : 0x0000 (0) name : NULL [2012/08/30 15:27:57.486507, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 57 00 00 00 00 00 00 00 3F 50 BD BE ....W... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:57.486766, 10] registry/reg_dispatcher.c:150(fetch_reg_values) fetch_reg_values called for key 'HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows x64\Drivers\Version-3\HP_4515' (ops 0x7fd50b775f80) [2012/08/30 15:27:57.486887, 10] registry/reg_backend_db.c:1789(regdb_fetch_values_internal) regdb_fetch_values: Looking for values of key [HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows x64\Drivers\Version-3\HP_4515] [2012/08/30 15:27:57.487024, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[0]: name[Version] len[4] [2012/08/30 15:27:57.487149, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[1]: name[Driver] len[26] [2012/08/30 15:27:57.487269, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[2]: name[Data File] len[24] [2012/08/30 15:27:57.487389, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[3]: name[Configuration File] len[20] [2012/08/30 15:27:57.487556, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[4]: name[Help File] len[24] [2012/08/30 15:27:57.487686, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[5]: name[Dependent Files] len[188] [2012/08/30 15:27:57.487829, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[6]: name[Monitor] len[0] [2012/08/30 15:27:57.487950, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[7]: name[Datatype] len[8] [2012/08/30 15:27:57.488070, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[8]: name[Previous Names] len[2] [2012/08/30 15:27:57.488221, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[9]: name[DriverDate] len[22] [2012/08/30 15:27:57.488341, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[10]: name[DriverVersion] len[16] [2012/08/30 15:27:57.488461, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[11]: name[Manufacturer] len[0] [2012/08/30 15:27:57.488580, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[12]: name[OEM URL] len[0] [2012/08/30 15:27:57.488716, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[13]: name[HardwareID] len[0] [2012/08/30 15:27:57.488837, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[14]: name[Provider] len[0] [2012/08/30 15:27:57.488998, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[15]: name[Print Processor] len[0] [2012/08/30 15:27:57.489118, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[16]: name[VendorSetup] len[0] [2012/08/30 15:27:57.489289, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[17]: name[Color Profiles] len[2] [2012/08/30 15:27:57.489428, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[18]: name[InfPath] len[0] [2012/08/30 15:27:57.489548, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[19]: name[PrinterDriverAttributes] len[4] [2012/08/30 15:27:57.489701, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[20]: name[CoreDependencies] len[2] [2012/08/30 15:27:57.489822, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[21]: name[MinInboxDriverVerDate] len[22] [2012/08/30 15:27:57.489942, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[22]: name[MinInboxDriverVerVersion] len[16] [2012/08/30 15:27:57.490063, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows x64\Drivers\Version-3\HP_4515] [2012/08/30 15:27:57.490211, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_QueryInfoKey: struct winreg_QueryInfoKey out: struct winreg_QueryInfoKey classname : * classname: struct winreg_String name_len : 0x0000 (0) name_size : 0x0000 (0) name : NULL num_subkeys : * num_subkeys : 0x00000000 (0) max_subkeylen : * max_subkeylen : 0x00000000 (0) max_classlen : * max_classlen : 0x00000000 (0) num_values : * num_values : 0x00000017 (23) max_valnamelen : * max_valnamelen : 0x00000032 (50) max_valbufsize : * max_valbufsize : 0x000000bc (188) secdescsize : * secdescsize : 0x00000078 (120) last_changed_time : * last_changed_time : NTTIME(0) result : WERR_OK [2012/08/30 15:27:57.491803, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000057-0000-0000-3f50-bdbeee0b0000 enum_index : 0x00000000 (0) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0034 (52) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000bc (188) length : * length : 0x00000000 (0) [2012/08/30 15:27:57.493142, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 57 00 00 00 00 00 00 00 3F 50 BD BE ....W... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:57.493352, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows x64\Drivers\Version-3\HP_4515] [2012/08/30 15:27:57.493480, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0010 (16) size : 0x0034 (52) name : * name : 'Version' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x03 (3) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2012/08/30 15:27:57.495020, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000057-0000-0000-3f50-bdbeee0b0000 enum_index : 0x00000001 (1) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0034 (52) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000bc (188) length : * length : 0x00000000 (0) [2012/08/30 15:27:57.496391, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 57 00 00 00 00 00 00 00 3F 50 BD BE ....W... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:57.496588, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows x64\Drivers\Version-3\HP_4515] [2012/08/30 15:27:57.496712, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x000e (14) size : 0x0034 (52) name : * name : 'Driver' type : * type : REG_SZ (1) value : * value: ARRAY(26) [0] : 0x70 (112) [1] : 0x00 (0) [2] : 0x73 (115) [3] : 0x00 (0) [4] : 0x63 (99) [5] : 0x00 (0) [6] : 0x72 (114) [7] : 0x00 (0) [8] : 0x69 (105) [9] : 0x00 (0) [10] : 0x70 (112) [11] : 0x00 (0) [12] : 0x74 (116) [13] : 0x00 (0) [14] : 0x35 (53) [15] : 0x00 (0) [16] : 0x2e (46) [17] : 0x00 (0) [18] : 0x64 (100) [19] : 0x00 (0) [20] : 0x6c (108) [21] : 0x00 (0) [22] : 0x6c (108) [23] : 0x00 (0) [24] : 0x00 (0) [25] : 0x00 (0) size : * size : 0x0000001a (26) length : * length : 0x0000001a (26) result : WERR_OK [2012/08/30 15:27:57.499456, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000057-0000-0000-3f50-bdbeee0b0000 enum_index : 0x00000002 (2) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0034 (52) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000bc (188) length : * length : 0x00000000 (0) [2012/08/30 15:27:57.500815, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 57 00 00 00 00 00 00 00 3F 50 BD BE ....W... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:57.501013, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows x64\Drivers\Version-3\HP_4515] [2012/08/30 15:27:57.501136, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0014 (20) size : 0x0034 (52) name : * name : 'Data File' type : * type : REG_SZ (1) value : * value: ARRAY(24) [0] : 0x48 (72) [1] : 0x00 (0) [2] : 0x50 (80) [3] : 0x00 (0) [4] : 0x5f (95) [5] : 0x00 (0) [6] : 0x34 (52) [7] : 0x00 (0) [8] : 0x35 (53) [9] : 0x00 (0) [10] : 0x31 (49) [11] : 0x00 (0) [12] : 0x35 (53) [13] : 0x00 (0) [14] : 0x2e (46) [15] : 0x00 (0) [16] : 0x70 (112) [17] : 0x00 (0) [18] : 0x70 (112) [19] : 0x00 (0) [20] : 0x64 (100) [21] : 0x00 (0) [22] : 0x00 (0) [23] : 0x00 (0) size : * size : 0x00000018 (24) length : * length : 0x00000018 (24) result : WERR_OK [2012/08/30 15:27:57.503702, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000057-0000-0000-3f50-bdbeee0b0000 enum_index : 0x00000003 (3) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0034 (52) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000bc (188) length : * length : 0x00000000 (0) [2012/08/30 15:27:57.505023, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 57 00 00 00 00 00 00 00 3F 50 BD BE ....W... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:57.505218, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows x64\Drivers\Version-3\HP_4515] [2012/08/30 15:27:57.505342, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0026 (38) size : 0x0034 (52) name : * name : 'Configuration File' type : * type : REG_SZ (1) value : * value: ARRAY(20) [0] : 0x70 (112) [1] : 0x00 (0) [2] : 0x73 (115) [3] : 0x00 (0) [4] : 0x35 (53) [5] : 0x00 (0) [6] : 0x75 (117) [7] : 0x00 (0) [8] : 0x69 (105) [9] : 0x00 (0) [10] : 0x2e (46) [11] : 0x00 (0) [12] : 0x64 (100) [13] : 0x00 (0) [14] : 0x6c (108) [15] : 0x00 (0) [16] : 0x6c (108) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) size : * size : 0x00000014 (20) length : * length : 0x00000014 (20) result : WERR_OK [2012/08/30 15:27:57.507807, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000057-0000-0000-3f50-bdbeee0b0000 enum_index : 0x00000004 (4) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0034 (52) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000bc (188) length : * length : 0x00000000 (0) [2012/08/30 15:27:57.509150, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 57 00 00 00 00 00 00 00 3F 50 BD BE ....W... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:57.509354, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows x64\Drivers\Version-3\HP_4515] [2012/08/30 15:27:57.509480, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0014 (20) size : 0x0034 (52) name : * name : 'Help File' type : * type : REG_SZ (1) value : * value: ARRAY(24) [0] : 0x70 (112) [1] : 0x00 (0) [2] : 0x73 (115) [3] : 0x00 (0) [4] : 0x63 (99) [5] : 0x00 (0) [6] : 0x72 (114) [7] : 0x00 (0) [8] : 0x69 (105) [9] : 0x00 (0) [10] : 0x70 (112) [11] : 0x00 (0) [12] : 0x74 (116) [13] : 0x00 (0) [14] : 0x2e (46) [15] : 0x00 (0) [16] : 0x68 (104) [17] : 0x00 (0) [18] : 0x6c (108) [19] : 0x00 (0) [20] : 0x70 (112) [21] : 0x00 (0) [22] : 0x00 (0) [23] : 0x00 (0) size : * size : 0x00000018 (24) length : * length : 0x00000018 (24) result : WERR_OK [2012/08/30 15:27:57.512132, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000057-0000-0000-3f50-bdbeee0b0000 enum_index : 0x00000005 (5) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0034 (52) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000bc (188) length : * length : 0x00000000 (0) [2012/08/30 15:27:57.513473, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 57 00 00 00 00 00 00 00 3F 50 BD BE ....W... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:57.513678, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows x64\Drivers\Version-3\HP_4515] [2012/08/30 15:27:57.513804, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0020 (32) size : 0x0034 (52) name : * name : 'Dependent Files' type : * type : REG_MULTI_SZ (7) value : * value: ARRAY(188) [0] : 0x70 (112) [1] : 0x00 (0) [2] : 0x73 (115) [3] : 0x00 (0) [4] : 0x63 (99) [5] : 0x00 (0) [6] : 0x72 (114) [7] : 0x00 (0) [8] : 0x69 (105) [9] : 0x00 (0) [10] : 0x70 (112) [11] : 0x00 (0) [12] : 0x74 (116) [13] : 0x00 (0) [14] : 0x35 (53) [15] : 0x00 (0) [16] : 0x2e (46) [17] : 0x00 (0) [18] : 0x64 (100) [19] : 0x00 (0) [20] : 0x6c (108) [21] : 0x00 (0) [22] : 0x6c (108) [23] : 0x00 (0) [24] : 0x00 (0) [25] : 0x00 (0) [26] : 0x48 (72) [27] : 0x00 (0) [28] : 0x50 (80) [29] : 0x00 (0) [30] : 0x5f (95) [31] : 0x00 (0) [32] : 0x34 (52) [33] : 0x00 (0) [34] : 0x35 (53) [35] : 0x00 (0) [36] : 0x31 (49) [37] : 0x00 (0) [38] : 0x35 (53) [39] : 0x00 (0) [40] : 0x2e (46) [41] : 0x00 (0) [42] : 0x70 (112) [43] : 0x00 (0) [44] : 0x70 (112) [45] : 0x00 (0) [46] : 0x64 (100) [47] : 0x00 (0) [48] : 0x00 (0) [49] : 0x00 (0) [50] : 0x70 (112) [51] : 0x00 (0) [52] : 0x73 (115) [53] : 0x00 (0) [54] : 0x35 (53) [55] : 0x00 (0) [56] : 0x75 (117) [57] : 0x00 (0) [58] : 0x69 (105) [59] : 0x00 (0) [60] : 0x2e (46) [61] : 0x00 (0) [62] : 0x64 (100) [63] : 0x00 (0) [64] : 0x6c (108) [65] : 0x00 (0) [66] : 0x6c (108) [67] : 0x00 (0) [68] : 0x00 (0) [69] : 0x00 (0) [70] : 0x70 (112) [71] : 0x00 (0) [72] : 0x73 (115) [73] : 0x00 (0) [74] : 0x63 (99) [75] : 0x00 (0) [76] : 0x72 (114) [77] : 0x00 (0) [78] : 0x69 (105) [79] : 0x00 (0) [80] : 0x70 (112) [81] : 0x00 (0) [82] : 0x74 (116) [83] : 0x00 (0) [84] : 0x2e (46) [85] : 0x00 (0) [86] : 0x68 (104) [87] : 0x00 (0) [88] : 0x6c (108) [89] : 0x00 (0) [90] : 0x70 (112) [91] : 0x00 (0) [92] : 0x00 (0) [93] : 0x00 (0) [94] : 0x70 (112) [95] : 0x00 (0) [96] : 0x73 (115) [97] : 0x00 (0) [98] : 0x63 (99) [99] : 0x00 (0) [100] : 0x72 (114) [101] : 0x00 (0) [102] : 0x69 (105) [103] : 0x00 (0) [104] : 0x70 (112) [105] : 0x00 (0) [106] : 0x74 (116) [107] : 0x00 (0) [108] : 0x2e (46) [109] : 0x00 (0) [110] : 0x6e (110) [111] : 0x00 (0) [112] : 0x74 (116) [113] : 0x00 (0) [114] : 0x66 (102) [115] : 0x00 (0) [116] : 0x00 (0) [117] : 0x00 (0) [118] : 0x63 (99) [119] : 0x00 (0) [120] : 0x75 (117) [121] : 0x00 (0) [122] : 0x70 (112) [123] : 0x00 (0) [124] : 0x73 (115) [125] : 0x00 (0) [126] : 0x36 (54) [127] : 0x00 (0) [128] : 0x2e (46) [129] : 0x00 (0) [130] : 0x69 (105) [131] : 0x00 (0) [132] : 0x6e (110) [133] : 0x00 (0) [134] : 0x69 (105) [135] : 0x00 (0) [136] : 0x00 (0) [137] : 0x00 (0) [138] : 0x63 (99) [139] : 0x00 (0) [140] : 0x75 (117) [141] : 0x00 (0) [142] : 0x70 (112) [143] : 0x00 (0) [144] : 0x73 (115) [145] : 0x00 (0) [146] : 0x70 (112) [147] : 0x00 (0) [148] : 0x73 (115) [149] : 0x00 (0) [150] : 0x36 (54) [151] : 0x00 (0) [152] : 0x2e (46) [153] : 0x00 (0) [154] : 0x64 (100) [155] : 0x00 (0) [156] : 0x6c (108) [157] : 0x00 (0) [158] : 0x6c (108) [159] : 0x00 (0) [160] : 0x00 (0) [161] : 0x00 (0) [162] : 0x63 (99) [163] : 0x00 (0) [164] : 0x75 (117) [165] : 0x00 (0) [166] : 0x70 (112) [167] : 0x00 (0) [168] : 0x73 (115) [169] : 0x00 (0) [170] : 0x75 (117) [171] : 0x00 (0) [172] : 0x69 (105) [173] : 0x00 (0) [174] : 0x36 (54) [175] : 0x00 (0) [176] : 0x2e (46) [177] : 0x00 (0) [178] : 0x64 (100) [179] : 0x00 (0) [180] : 0x6c (108) [181] : 0x00 (0) [182] : 0x6c (108) [183] : 0x00 (0) [184] : 0x00 (0) [185] : 0x00 (0) [186] : 0x00 (0) [187] : 0x00 (0) size : * size : 0x000000bc (188) length : * length : 0x000000bc (188) result : WERR_OK [2012/08/30 15:27:57.526477, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000057-0000-0000-3f50-bdbeee0b0000 enum_index : 0x00000006 (6) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0034 (52) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000bc (188) length : * length : 0x00000000 (0) [2012/08/30 15:27:57.527826, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 57 00 00 00 00 00 00 00 3F 50 BD BE ....W... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:57.528041, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows x64\Drivers\Version-3\HP_4515] [2012/08/30 15:27:57.528189, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0010 (16) size : 0x0034 (52) name : * name : 'Monitor' type : * type : REG_SZ (1) value : * value: ARRAY(0) size : * size : 0x00000000 (0) length : * length : 0x00000000 (0) result : WERR_OK [2012/08/30 15:27:57.529268, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000057-0000-0000-3f50-bdbeee0b0000 enum_index : 0x00000007 (7) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0034 (52) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000bc (188) length : * length : 0x00000000 (0) [2012/08/30 15:27:57.530749, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 57 00 00 00 00 00 00 00 3F 50 BD BE ....W... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:57.530945, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows x64\Drivers\Version-3\HP_4515] [2012/08/30 15:27:57.531066, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0034 (52) name : * name : 'Datatype' type : * type : REG_SZ (1) value : * value: ARRAY(8) [0] : 0x52 (82) [1] : 0x00 (0) [2] : 0x41 (65) [3] : 0x00 (0) [4] : 0x57 (87) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) size : * size : 0x00000008 (8) length : * length : 0x00000008 (8) result : WERR_OK [2012/08/30 15:27:57.532696, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000057-0000-0000-3f50-bdbeee0b0000 enum_index : 0x00000008 (8) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0034 (52) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000bc (188) length : * length : 0x00000000 (0) [2012/08/30 15:27:57.534042, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 57 00 00 00 00 00 00 00 3F 50 BD BE ....W... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:57.534249, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows x64\Drivers\Version-3\HP_4515] [2012/08/30 15:27:57.534372, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x001e (30) size : 0x0034 (52) name : * name : 'Previous Names' type : * type : REG_MULTI_SZ (7) value : * value: ARRAY(2) [0] : 0x00 (0) [1] : 0x00 (0) size : * size : 0x00000002 (2) length : * length : 0x00000002 (2) result : WERR_OK [2012/08/30 15:27:57.536387, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000057-0000-0000-3f50-bdbeee0b0000 enum_index : 0x00000009 (9) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0034 (52) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000bc (188) length : * length : 0x00000000 (0) [2012/08/30 15:27:57.537690, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 57 00 00 00 00 00 00 00 3F 50 BD BE ....W... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:57.537885, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows x64\Drivers\Version-3\HP_4515] [2012/08/30 15:27:57.538005, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0016 (22) size : 0x0034 (52) name : * name : 'DriverDate' type : * type : REG_SZ (1) value : * value: ARRAY(22) [0] : 0x30 (48) [1] : 0x00 (0) [2] : 0x31 (49) [3] : 0x00 (0) [4] : 0x2f (47) [5] : 0x00 (0) [6] : 0x30 (48) [7] : 0x00 (0) [8] : 0x31 (49) [9] : 0x00 (0) [10] : 0x2f (47) [11] : 0x00 (0) [12] : 0x31 (49) [13] : 0x00 (0) [14] : 0x36 (54) [15] : 0x00 (0) [16] : 0x30 (48) [17] : 0x00 (0) [18] : 0x31 (49) [19] : 0x00 (0) [20] : 0x00 (0) [21] : 0x00 (0) size : * size : 0x00000016 (22) length : * length : 0x00000016 (22) result : WERR_OK [2012/08/30 15:27:57.540519, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000057-0000-0000-3f50-bdbeee0b0000 enum_index : 0x0000000a (10) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0034 (52) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000bc (188) length : * length : 0x00000000 (0) [2012/08/30 15:27:57.541836, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 57 00 00 00 00 00 00 00 3F 50 BD BE ....W... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:57.542051, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows x64\Drivers\Version-3\HP_4515] [2012/08/30 15:27:57.542176, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x001c (28) size : 0x0034 (52) name : * name : 'DriverVersion' type : * type : REG_SZ (1) value : * value: ARRAY(16) [0] : 0x30 (48) [1] : 0x00 (0) [2] : 0x2e (46) [3] : 0x00 (0) [4] : 0x30 (48) [5] : 0x00 (0) [6] : 0x2e (46) [7] : 0x00 (0) [8] : 0x30 (48) [9] : 0x00 (0) [10] : 0x2e (46) [11] : 0x00 (0) [12] : 0x30 (48) [13] : 0x00 (0) [14] : 0x00 (0) [15] : 0x00 (0) size : * size : 0x00000010 (16) length : * length : 0x00000010 (16) result : WERR_OK [2012/08/30 15:27:57.544455, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000057-0000-0000-3f50-bdbeee0b0000 enum_index : 0x0000000b (11) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0034 (52) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000bc (188) length : * length : 0x00000000 (0) [2012/08/30 15:27:57.545771, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 57 00 00 00 00 00 00 00 3F 50 BD BE ....W... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:57.545990, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows x64\Drivers\Version-3\HP_4515] [2012/08/30 15:27:57.546115, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x001a (26) size : 0x0034 (52) name : * name : 'Manufacturer' type : * type : REG_SZ (1) value : * value: ARRAY(0) size : * size : 0x00000000 (0) length : * length : 0x00000000 (0) result : WERR_OK [2012/08/30 15:27:57.547244, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000057-0000-0000-3f50-bdbeee0b0000 enum_index : 0x0000000c (12) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0034 (52) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000bc (188) length : * length : 0x00000000 (0) [2012/08/30 15:27:57.548665, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 57 00 00 00 00 00 00 00 3F 50 BD BE ....W... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:57.548870, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows x64\Drivers\Version-3\HP_4515] [2012/08/30 15:27:57.549015, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0010 (16) size : 0x0034 (52) name : * name : 'OEM URL' type : * type : REG_SZ (1) value : * value: ARRAY(0) size : * size : 0x00000000 (0) length : * length : 0x00000000 (0) result : WERR_OK [2012/08/30 15:27:57.550120, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000057-0000-0000-3f50-bdbeee0b0000 enum_index : 0x0000000d (13) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0034 (52) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000bc (188) length : * length : 0x00000000 (0) [2012/08/30 15:27:57.551620, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 57 00 00 00 00 00 00 00 3F 50 BD BE ....W... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:57.551837, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows x64\Drivers\Version-3\HP_4515] [2012/08/30 15:27:57.551960, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0016 (22) size : 0x0034 (52) name : * name : 'HardwareID' type : * type : REG_SZ (1) value : * value: ARRAY(0) size : * size : 0x00000000 (0) length : * length : 0x00000000 (0) result : WERR_OK [2012/08/30 15:27:57.553071, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000057-0000-0000-3f50-bdbeee0b0000 enum_index : 0x0000000e (14) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0034 (52) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000bc (188) length : * length : 0x00000000 (0) [2012/08/30 15:27:57.554521, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 57 00 00 00 00 00 00 00 3F 50 BD BE ....W... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:57.554716, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows x64\Drivers\Version-3\HP_4515] [2012/08/30 15:27:57.554837, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0034 (52) name : * name : 'Provider' type : * type : REG_SZ (1) value : * value: ARRAY(0) size : * size : 0x00000000 (0) length : * length : 0x00000000 (0) result : WERR_OK [2012/08/30 15:27:57.555942, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000057-0000-0000-3f50-bdbeee0b0000 enum_index : 0x0000000f (15) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0034 (52) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000bc (188) length : * length : 0x00000000 (0) [2012/08/30 15:27:57.557307, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 57 00 00 00 00 00 00 00 3F 50 BD BE ....W... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:57.557514, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows x64\Drivers\Version-3\HP_4515] [2012/08/30 15:27:57.557656, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0020 (32) size : 0x0034 (52) name : * name : 'Print Processor' type : * type : REG_SZ (1) value : * value: ARRAY(0) size : * size : 0x00000000 (0) length : * length : 0x00000000 (0) result : WERR_OK [2012/08/30 15:27:57.558884, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000057-0000-0000-3f50-bdbeee0b0000 enum_index : 0x00000010 (16) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0034 (52) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000bc (188) length : * length : 0x00000000 (0) [2012/08/30 15:27:57.560260, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 57 00 00 00 00 00 00 00 3F 50 BD BE ....W... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:57.560478, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows x64\Drivers\Version-3\HP_4515] [2012/08/30 15:27:57.560600, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0018 (24) size : 0x0034 (52) name : * name : 'VendorSetup' type : * type : REG_SZ (1) value : * value: ARRAY(0) size : * size : 0x00000000 (0) length : * length : 0x00000000 (0) result : WERR_OK [2012/08/30 15:27:57.561702, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000057-0000-0000-3f50-bdbeee0b0000 enum_index : 0x00000011 (17) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0034 (52) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000bc (188) length : * length : 0x00000000 (0) [2012/08/30 15:27:57.563214, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 57 00 00 00 00 00 00 00 3F 50 BD BE ....W... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:57.563410, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows x64\Drivers\Version-3\HP_4515] [2012/08/30 15:27:57.563564, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x001e (30) size : 0x0034 (52) name : * name : 'Color Profiles' type : * type : REG_MULTI_SZ (7) value : * value: ARRAY(2) [0] : 0x00 (0) [1] : 0x00 (0) size : * size : 0x00000002 (2) length : * length : 0x00000002 (2) result : WERR_OK [2012/08/30 15:27:57.564771, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000057-0000-0000-3f50-bdbeee0b0000 enum_index : 0x00000012 (18) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0034 (52) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000bc (188) length : * length : 0x00000000 (0) [2012/08/30 15:27:57.566089, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 57 00 00 00 00 00 00 00 3F 50 BD BE ....W... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:57.566446, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows x64\Drivers\Version-3\HP_4515] [2012/08/30 15:27:57.566576, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0010 (16) size : 0x0034 (52) name : * name : 'InfPath' type : * type : REG_SZ (1) value : * value: ARRAY(0) size : * size : 0x00000000 (0) length : * length : 0x00000000 (0) result : WERR_OK [2012/08/30 15:27:57.567697, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000057-0000-0000-3f50-bdbeee0b0000 enum_index : 0x00000013 (19) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0034 (52) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000bc (188) length : * length : 0x00000000 (0) [2012/08/30 15:27:57.569009, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 57 00 00 00 00 00 00 00 3F 50 BD BE ....W... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:57.569220, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows x64\Drivers\Version-3\HP_4515] [2012/08/30 15:27:57.569342, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0030 (48) size : 0x0034 (52) name : * name : 'PrinterDriverAttributes' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x00 (0) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2012/08/30 15:27:57.570811, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000057-0000-0000-3f50-bdbeee0b0000 enum_index : 0x00000014 (20) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0034 (52) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000bc (188) length : * length : 0x00000000 (0) [2012/08/30 15:27:57.572186, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 57 00 00 00 00 00 00 00 3F 50 BD BE ....W... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:57.572384, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows x64\Drivers\Version-3\HP_4515] [2012/08/30 15:27:57.572509, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0022 (34) size : 0x0034 (52) name : * name : 'CoreDependencies' type : * type : REG_MULTI_SZ (7) value : * value: ARRAY(2) [0] : 0x00 (0) [1] : 0x00 (0) size : * size : 0x00000002 (2) length : * length : 0x00000002 (2) result : WERR_OK [2012/08/30 15:27:57.573717, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000057-0000-0000-3f50-bdbeee0b0000 enum_index : 0x00000015 (21) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0034 (52) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000bc (188) length : * length : 0x00000000 (0) [2012/08/30 15:27:57.575076, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 57 00 00 00 00 00 00 00 3F 50 BD BE ....W... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:57.575294, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows x64\Drivers\Version-3\HP_4515] [2012/08/30 15:27:57.575421, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x002c (44) size : 0x0034 (52) name : * name : 'MinInboxDriverVerDate' type : * type : REG_SZ (1) value : * value: ARRAY(22) [0] : 0x30 (48) [1] : 0x00 (0) [2] : 0x31 (49) [3] : 0x00 (0) [4] : 0x2f (47) [5] : 0x00 (0) [6] : 0x30 (48) [7] : 0x00 (0) [8] : 0x31 (49) [9] : 0x00 (0) [10] : 0x2f (47) [11] : 0x00 (0) [12] : 0x31 (49) [13] : 0x00 (0) [14] : 0x36 (54) [15] : 0x00 (0) [16] : 0x30 (48) [17] : 0x00 (0) [18] : 0x31 (49) [19] : 0x00 (0) [20] : 0x00 (0) [21] : 0x00 (0) size : * size : 0x00000016 (22) length : * length : 0x00000016 (22) result : WERR_OK [2012/08/30 15:27:57.577963, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000057-0000-0000-3f50-bdbeee0b0000 enum_index : 0x00000016 (22) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0034 (52) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000bc (188) length : * length : 0x00000000 (0) [2012/08/30 15:27:57.579467, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 57 00 00 00 00 00 00 00 3F 50 BD BE ....W... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:57.579682, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows x64\Drivers\Version-3\HP_4515] [2012/08/30 15:27:57.579807, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0032 (50) size : 0x0034 (52) name : * name : 'MinInboxDriverVerVersion' type : * type : REG_SZ (1) value : * value: ARRAY(16) [0] : 0x30 (48) [1] : 0x00 (0) [2] : 0x2e (46) [3] : 0x00 (0) [4] : 0x30 (48) [5] : 0x00 (0) [6] : 0x2e (46) [7] : 0x00 (0) [8] : 0x30 (48) [9] : 0x00 (0) [10] : 0x2e (46) [11] : 0x00 (0) [12] : 0x30 (48) [13] : 0x00 (0) [14] : 0x00 (0) [15] : 0x00 (0) size : * size : 0x00000010 (16) length : * length : 0x00000010 (16) result : WERR_OK [2012/08/30 15:27:57.581887, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000057-0000-0000-3f50-bdbeee0b0000 [2012/08/30 15:27:57.582451, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 57 00 00 00 00 00 00 00 3F 50 BD BE ....W... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:57.582647, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 57 00 00 00 00 00 00 00 3F 50 BD BE ....W... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:57.582840, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/08/30 15:27:57.582961, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (4->3) [2012/08/30 15:27:57.583079, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2012/08/30 15:27:57.583623, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000056-0000-0000-3f50-bdbeee0b0000 [2012/08/30 15:27:57.584033, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 56 00 00 00 00 00 00 00 3F 50 BD BE ....V... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:57.584244, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 56 00 00 00 00 00 00 00 3F 50 BD BE ....V... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:57.584445, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/08/30 15:27:57.584562, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (3->2) [2012/08/30 15:27:57.584680, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2012/08/30 15:27:57.585158, 8] rpc_server/spoolss/srv_spoolss_nt.c:5521(construct_printer_driver_info_level) construct_printer_driver_info_level: status: WERR_OK [2012/08/30 15:27:57.585325, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) spoolss_GetPrinterDriver2: struct spoolss_GetPrinterDriver2 out: struct spoolss_GetPrinterDriver2 info : NULL needed : * needed : 0x000003e0 (992) server_major_version : * server_major_version : 0x00000000 (0) server_minor_version : * server_minor_version : 0x00000000 (0) result : WERR_INSUFFICIENT_BUFFER [2012/08/30 15:27:57.585979, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP) api_rpcTNP: called \spoolss successfully [2012/08/30 15:27:57.586106, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 88 [2012/08/30 15:27:57.586236, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) name: \spoolss len: 1024 [2012/08/30 15:27:57.586354, 10] rpc_server/srv_pipe_hnd.c:346(read_from_internal_pipe) read_from_pipe: \spoolss: fault_state = 0 : data_sent_length = 0, p->out_data.rdata.length = 20. [2012/08/30 15:27:57.586478, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) &r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_RESPONSE (2) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x002c (44) auth_length : 0x0000 (0) call_id : 0x00000003 (3) u : union dcerpc_payload(case 2) response: struct dcerpc_response alloc_hint : 0x00000014 (20) context_id : 0x0000 (0) cancel_count : 0x00 (0) _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=20 [0000] 00 00 00 00 E0 03 00 00 00 00 00 00 00 00 00 00 ........ ........ [0010] 7A 00 00 00 z... [2012/08/30 15:27:57.587882, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) free_pipe_context: destroying talloc pool of size 2234 [2012/08/30 15:27:57.588005, 10] rpc_server/rpc_handles.c:307(close_policy_by_pipe) close_policy_by_pipe: deleted handle list for pipe \winreg [2012/08/30 15:27:57.588150, 10] rpc_server/srv_pipe_hnd.c:788(np_read_recv) Received 44 bytes. There is no more data outstanding [2012/08/30 15:27:57.588271, 5] smbd/ipc.c:62(copy_trans_params_and_data) copy_trans_params_and_data: params[0..0] data[0..44] (align 0) [2012/08/30 15:27:57.588389, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:57.588451, 5] lib/util.c:342(show_msg) size=100 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=1 smb_pid=1080 smb_uid=100 smb_mid=10432 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 44 (0x2C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 44 (0x2C) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=45 [2012/08/30 15:27:57.590034, 10] ../lib/util/util.c:415(dump_data) [0000] 00 05 00 02 03 10 00 00 00 2C 00 00 00 03 00 00 ........ .,...... [0010] 00 14 00 00 00 00 00 00 00 00 00 00 00 E0 03 00 ........ ........ [0020] 00 00 00 00 00 00 00 00 00 7A 00 00 00 ........ .z... [2012/08/30 15:27:57.592827, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 1856 [2012/08/30 15:27:57.593012, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x740 [2012/08/30 15:27:57.593132, 3] smbd/process.c:1662(process_smb) Transaction 85 of length 1860 (0 toread) [2012/08/30 15:27:57.593329, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:57.593399, 5] lib/util.c:342(show_msg) size=1856 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=1080 smb_uid=100 smb_mid=10496 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 1772 (0x6EC) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 1772 (0x6EC) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=17761 (0x4561) smb_bcc=1789 [2012/08/30 15:27:57.595220, 10] ../lib/util/util.c:415(dump_data) [0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [0010] 00 05 00 00 03 10 00 00 00 EC 06 00 00 04 00 00 ........ ........ [0020] 00 D4 06 00 00 00 00 35 00 00 00 00 00 4F 00 00 .......5 .....O.. [0030] 00 00 00 00 00 3F 50 BD BE EE 0B 00 00 00 00 02 .....?P. ........ [0040] 00 0C 00 00 00 00 00 00 00 0C 00 00 00 57 00 69 ........ .....W.i [0050] 00 6E 00 64 00 6F 00 77 00 73 00 20 00 78 00 36 .n.d.o.w .s. .x.6 [0060] 00 34 00 00 00 06 00 00 00 04 00 02 00 80 06 00 .4...... ........ [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [2012/08/30 15:27:57.598454, 3] smbd/process.c:1467(switch_message) switch message SMBtrans (pid 3054) conn 0x7fd50c02fa20 [2012/08/30 15:27:57.598601, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/08/30 15:27:57.598730, 3] smbd/ipc.c:560(handle_trans) trans <\PIPE\> data=1772 params=0 setup=2 [2012/08/30 15:27:57.598851, 5] smbd/ipc.c:593(handle_trans) calling named_pipe [2012/08/30 15:27:57.598967, 3] smbd/ipc.c:511(named_pipe) named pipe command on <> name [2012/08/30 15:27:57.599102, 5] smbd/ipc.c:434(api_fd_reply) api_fd_reply [2012/08/30 15:27:57.599412, 3] smbd/ipc.c:475(api_fd_reply) Got API command 0x26 on pipe "spoolss" (pnum 4561) [2012/08/30 15:27:57.599555, 10] smbd/ipc.c:477(api_fd_reply) api_fd_reply: p:0x7fd50c02ba70 max_trans_reply: 1024 [2012/08/30 15:27:57.599684, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 1772 [2012/08/30 15:27:57.599805, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 1772 [2012/08/30 15:27:57.599922, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 1772 [2012/08/30 15:27:57.600057, 10] rpc_server/srv_pipe_hnd.c:50(fill_rpc_header) fill_rpc_header: data_to_copy = 1772, len_needed_to_complete_hdr = 16, receive_len = 0 [2012/08/30 15:27:57.600175, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 16 [2012/08/30 15:27:57.600291, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 1756 [2012/08/30 15:27:57.600407, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 1756 [2012/08/30 15:27:57.600526, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 0 [2012/08/30 15:27:57.600643, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 1756 [2012/08/30 15:27:57.600759, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 1756, incoming data = 1756 [2012/08/30 15:27:57.600877, 10] rpc_server/srv_pipe.c:1877(process_complete_pdu) PDU is in Little Endian format! [2012/08/30 15:27:57.601003, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_REQUEST (0) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x06ec (1772) auth_length : 0x0000 (0) call_id : 0x00000004 (4) u : union dcerpc_payload(case 0) request: struct dcerpc_request alloc_hint : 0x000006d4 (1748) context_id : 0x0000 (0) opnum : 0x0035 (53) object : union dcerpc_object(case 0) empty: struct dcerpc_empty _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=1748 [0000] 00 00 00 00 4F 00 00 00 00 00 00 00 3F 50 BD BE ....O... ....?P.. [0010] EE 0B 00 00 00 00 02 00 0C 00 00 00 00 00 00 00 ........ ........ [0020] 0C 00 00 00 57 00 69 00 6E 00 64 00 6F 00 77 00 ....W.i. n.d.o.w. [0030] 73 00 20 00 78 00 36 00 34 00 00 00 06 00 00 00 s. .x.6. 4....... [0040] 04 00 02 00 80 06 00 00 00 00 00 00 00 00 00 00 ........ ........ [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0200] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0210] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0220] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0230] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0240] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0250] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0260] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0270] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0280] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0290] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0300] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0310] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0320] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0330] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0340] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0350] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0360] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0370] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0380] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0390] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0400] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0410] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0420] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0430] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0440] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0450] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0460] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0470] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0480] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0490] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0500] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0510] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0520] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0530] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0540] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0550] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0560] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0570] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0580] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0590] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0600] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0610] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0620] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0630] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0640] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0650] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0660] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0670] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0680] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0690] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06C0] 00 00 00 00 00 00 00 00 80 06 00 00 FF FF FF FF ........ ........ [06D0] FF FF FF FF .... [2012/08/30 15:27:57.611408, 10] rpc_server/srv_pipe.c:1890(process_complete_pdu) Processing packet type 0 [2012/08/30 15:27:57.611687, 10] rpc_server/srv_pipe.c:1734(dcesrv_auth_request) Checking request auth. [2012/08/30 15:27:57.611812, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) Requested \PIPE\\spoolss [2012/08/30 15:27:57.611936, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) api_rpcTNP: \spoolss op 0x35 - api_rpcTNP: rpc command: SPOOLSS_GETPRINTERDRIVER2 [2012/08/30 15:27:57.612056, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) api_rpc_cmds[53].fn == 0x7fd50aecc260 [2012/08/30 15:27:57.612200, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) spoolss_GetPrinterDriver2: struct spoolss_GetPrinterDriver2 in: struct spoolss_GetPrinterDriver2 handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000004f-0000-0000-3f50-bdbeee0b0000 architecture : * architecture : 'Windows x64' level : 0x00000006 (6) buffer : * buffer : DATA_BLOB length=1664 [0000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0010] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0040] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0200] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0210] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0220] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0230] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0240] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0250] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0260] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0270] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0280] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0290] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0300] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0310] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0320] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0330] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0340] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0350] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0360] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0370] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0380] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0390] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0400] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0410] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0420] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0430] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0440] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0450] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0460] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0470] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0480] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0490] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0500] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0510] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0520] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0530] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0540] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0550] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0560] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0570] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0580] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0590] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0600] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0610] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0620] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0630] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0640] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0650] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0660] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0670] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ offered : 0x00000680 (1664) client_major_version : 0xffffffff (4294967295) client_minor_version : 0xffffffff (4294967295) [2012/08/30 15:27:57.621213, 4] rpc_server/spoolss/srv_spoolss_nt.c:5603(_spoolss_GetPrinterDriver2) _spoolss_GetPrinterDriver2 [2012/08/30 15:27:57.621368, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 4F 00 00 00 00 00 00 00 3F 50 BD BE ....O... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:57.621569, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 4F 00 00 00 00 00 00 00 3F 50 BD BE ....O... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:57.621763, 4] rpc_server/spoolss/srv_spoolss_nt.c:504(get_printer_snum) short name:HP_4515 [2012/08/30 15:27:57.621895, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) Create pipe requested \winreg [2012/08/30 15:27:57.622019, 10] rpc_server/rpc_handles.c:116(init_pipe_handles) init_pipe_handle_list: created handle list for pipe \winreg [2012/08/30 15:27:57.622138, 10] rpc_server/rpc_handles.c:133(init_pipe_handles) init_pipe_handle_list: pipe_handles ref count = 1 for pipe \winreg [2012/08/30 15:27:57.622290, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) Created internal pipe \winreg (pipes_open=0) [2012/08/30 15:27:57.622426, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM in: struct winreg_OpenHKLM system_name : NULL access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2012/08/30 15:27:57.623178, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2012/08/30 15:27:57.623313, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (2->3) [2012/08/30 15:27:57.623434, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM] [2012/08/30 15:27:57.623575, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM] [2012/08/30 15:27:57.623697, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:57.623825, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM] [2012/08/30 15:27:57.623971, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM] [2012/08/30 15:27:57.624105, 10] ../libcli/security/access_check.c:178(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2012/08/30 15:27:57.624227, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[1] [0000] 00 00 00 00 58 00 00 00 00 00 00 00 3F 50 BD BE ....X... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:57.624425, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM out: struct winreg_OpenHKLM handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000058-0000-0000-3f50-bdbeee0b0000 result : WERR_OK [2012/08/30 15:27:57.624914, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey in: struct winreg_OpenKey parent_handle : * parent_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000058-0000-0000-3f50-bdbeee0b0000 keyname: struct winreg_String name_len : 0x0088 (136) name_size : 0x0088 (136) name : * name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2012/08/30 15:27:57.626677, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 58 00 00 00 00 00 00 00 3F 50 BD BE ....X... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:57.626890, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2012/08/30 15:27:57.627009, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (3->4) [2012/08/30 15:27:57.627130, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] [2012/08/30 15:27:57.627247, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE] [2012/08/30 15:27:57.627366, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:57.627586, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE] [2012/08/30 15:27:57.627726, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE] [2012/08/30 15:27:57.627859, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2012/08/30 15:27:57.627978, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (4->5) [2012/08/30 15:27:57.628098, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] [2012/08/30 15:27:57.628220, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] [2012/08/30 15:27:57.628339, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:57.628455, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE\Microsoft] [2012/08/30 15:27:57.628610, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft] [2012/08/30 15:27:57.628742, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2012/08/30 15:27:57.628861, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (5->6) [2012/08/30 15:27:57.628981, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] [2012/08/30 15:27:57.629099, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] [2012/08/30 15:27:57.629217, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:57.629334, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] [2012/08/30 15:27:57.629466, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT] [2012/08/30 15:27:57.629618, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2012/08/30 15:27:57.629737, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (6->7) [2012/08/30 15:27:57.629858, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2012/08/30 15:27:57.629974, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2012/08/30 15:27:57.630093, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:57.630241, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b776320 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2012/08/30 15:27:57.630388, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2012/08/30 15:27:57.630509, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (7->8) [2012/08/30 15:27:57.630649, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2012/08/30 15:27:57.630768, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2012/08/30 15:27:57.630887, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:57.631023, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b776320 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2012/08/30 15:27:57.631160, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2012/08/30 15:27:57.631279, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (8->9) [2012/08/30 15:27:57.631400, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2012/08/30 15:27:57.631564, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2012/08/30 15:27:57.631693, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:57.631810, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2012/08/30 15:27:57.631952, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2012/08/30 15:27:57.632089, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [HP_4515] [2012/08/30 15:27:57.632209, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (9->10) [2012/08/30 15:27:57.632331, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:57.632450, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:57.632587, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:57.632703, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:57.632842, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:57.632978, 10] ../libcli/security/access_check.c:178(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2012/08/30 15:27:57.633099, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (10->9) [2012/08/30 15:27:57.633218, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (9->8) [2012/08/30 15:27:57.633336, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (8->7) [2012/08/30 15:27:57.633455, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (7->6) [2012/08/30 15:27:57.633575, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (6->5) [2012/08/30 15:27:57.633694, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (5->4) [2012/08/30 15:27:57.633813, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[2] [0000] 00 00 00 00 59 00 00 00 00 00 00 00 3F 50 BD BE ....Y... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:57.634025, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey out: struct winreg_OpenKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000059-0000-0000-3f50-bdbeee0b0000 result : WERR_OK [2012/08/30 15:27:57.634536, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_QueryInfoKey: struct winreg_QueryInfoKey in: struct winreg_QueryInfoKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000059-0000-0000-3f50-bdbeee0b0000 classname : * classname: struct winreg_String name_len : 0x0000 (0) name_size : 0x0000 (0) name : NULL [2012/08/30 15:27:57.635261, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 59 00 00 00 00 00 00 00 3F 50 BD BE ....Y... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:57.635459, 10] registry/reg_dispatcher.c:150(fetch_reg_values) fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515' (ops 0x7fd50b775f80) [2012/08/30 15:27:57.635633, 10] registry/reg_backend_db.c:1789(regdb_fetch_values_internal) regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:57.635798, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[0]: name[Attributes] len[4] [2012/08/30 15:27:57.635920, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[1]: name[Datatype] len[8] [2012/08/30 15:27:57.636039, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[2]: name[Default Priority] len[4] [2012/08/30 15:27:57.636159, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[3]: name[Port] len[38] [2012/08/30 15:27:57.636278, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[4]: name[Name] len[16] [2012/08/30 15:27:57.636398, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[5]: name[Print Processor] len[18] [2012/08/30 15:27:57.636570, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[6]: name[Priority] len[4] [2012/08/30 15:27:57.636714, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[7]: name[Security] len[248] [2012/08/30 15:27:57.636834, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[8]: name[Share Name] len[16] [2012/08/30 15:27:57.636953, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[9]: name[StartTime] len[4] [2012/08/30 15:27:57.637072, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[10]: name[UntilTime] len[4] [2012/08/30 15:27:57.637191, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[11]: name[Description] len[26] [2012/08/30 15:27:57.637310, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[12]: name[Printer Driver] len[16] [2012/08/30 15:27:57.637430, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[13]: name[Location] len[2] [2012/08/30 15:27:57.637554, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[14]: name[Parameters] len[2] [2012/08/30 15:27:57.637674, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[15]: name[Separator File] len[2] [2012/08/30 15:27:57.637793, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[16]: name[Status] len[4] [2012/08/30 15:27:57.637912, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[17]: name[ChangeID] len[4] [2012/08/30 15:27:57.638182, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:57.638319, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_QueryInfoKey: struct winreg_QueryInfoKey out: struct winreg_QueryInfoKey classname : * classname: struct winreg_String name_len : 0x0000 (0) name_size : 0x0000 (0) name : NULL num_subkeys : * num_subkeys : 0x00000003 (3) max_subkeylen : * max_subkeylen : 0x00000022 (34) max_classlen : * max_classlen : 0x00000000 (0) num_values : * num_values : 0x00000012 (18) max_valnamelen : * max_valnamelen : 0x00000022 (34) max_valbufsize : * max_valbufsize : 0x000000f8 (248) secdescsize : * secdescsize : 0x00000078 (120) last_changed_time : * last_changed_time : NTTIME(0) result : WERR_OK [2012/08/30 15:27:57.639873, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000059-0000-0000-3f50-bdbeee0b0000 enum_index : 0x00000000 (0) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2012/08/30 15:27:57.641169, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 59 00 00 00 00 00 00 00 3F 50 BD BE ....Y... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:57.641365, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:57.641487, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0016 (22) size : 0x0024 (36) name : * name : 'Attributes' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x48 (72) [1] : 0x10 (16) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2012/08/30 15:27:57.642832, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000059-0000-0000-3f50-bdbeee0b0000 enum_index : 0x00000001 (1) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2012/08/30 15:27:57.644165, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 59 00 00 00 00 00 00 00 3F 50 BD BE ....Y... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:57.644360, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:57.644480, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0024 (36) name : * name : 'Datatype' type : * type : REG_SZ (1) value : * value: ARRAY(8) [0] : 0x52 (82) [1] : 0x00 (0) [2] : 0x41 (65) [3] : 0x00 (0) [4] : 0x57 (87) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) size : * size : 0x00000008 (8) length : * length : 0x00000008 (8) result : WERR_OK [2012/08/30 15:27:57.646057, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000059-0000-0000-3f50-bdbeee0b0000 enum_index : 0x00000002 (2) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2012/08/30 15:27:57.647333, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 59 00 00 00 00 00 00 00 3F 50 BD BE ....Y... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:57.647557, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:57.647704, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0022 (34) size : 0x0024 (36) name : * name : 'Default Priority' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2012/08/30 15:27:57.649000, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000059-0000-0000-3f50-bdbeee0b0000 enum_index : 0x00000003 (3) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2012/08/30 15:27:57.650454, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 59 00 00 00 00 00 00 00 3F 50 BD BE ....Y... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:57.650650, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:57.650770, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x000a (10) size : 0x0024 (36) name : * name : 'Port' type : * type : REG_SZ (1) value : * value: ARRAY(38) [0] : 0x53 (83) [1] : 0x00 (0) [2] : 0x61 (97) [3] : 0x00 (0) [4] : 0x6d (109) [5] : 0x00 (0) [6] : 0x62 (98) [7] : 0x00 (0) [8] : 0x61 (97) [9] : 0x00 (0) [10] : 0x20 (32) [11] : 0x00 (0) [12] : 0x50 (80) [13] : 0x00 (0) [14] : 0x72 (114) [15] : 0x00 (0) [16] : 0x69 (105) [17] : 0x00 (0) [18] : 0x6e (110) [19] : 0x00 (0) [20] : 0x74 (116) [21] : 0x00 (0) [22] : 0x65 (101) [23] : 0x00 (0) [24] : 0x72 (114) [25] : 0x00 (0) [26] : 0x20 (32) [27] : 0x00 (0) [28] : 0x50 (80) [29] : 0x00 (0) [30] : 0x6f (111) [31] : 0x00 (0) [32] : 0x72 (114) [33] : 0x00 (0) [34] : 0x74 (116) [35] : 0x00 (0) [36] : 0x00 (0) [37] : 0x00 (0) size : * size : 0x00000026 (38) length : * length : 0x00000026 (38) result : WERR_OK [2012/08/30 15:27:57.654138, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000059-0000-0000-3f50-bdbeee0b0000 enum_index : 0x00000004 (4) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2012/08/30 15:27:57.655428, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 59 00 00 00 00 00 00 00 3F 50 BD BE ....Y... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:57.655650, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:57.655772, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x000a (10) size : 0x0024 (36) name : * name : 'Name' type : * type : REG_SZ (1) value : * value: ARRAY(16) [0] : 0x48 (72) [1] : 0x00 (0) [2] : 0x50 (80) [3] : 0x00 (0) [4] : 0x5f (95) [5] : 0x00 (0) [6] : 0x34 (52) [7] : 0x00 (0) [8] : 0x35 (53) [9] : 0x00 (0) [10] : 0x31 (49) [11] : 0x00 (0) [12] : 0x35 (53) [13] : 0x00 (0) [14] : 0x00 (0) [15] : 0x00 (0) size : * size : 0x00000010 (16) length : * length : 0x00000010 (16) result : WERR_OK [2012/08/30 15:27:57.657820, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000059-0000-0000-3f50-bdbeee0b0000 enum_index : 0x00000005 (5) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2012/08/30 15:27:57.659129, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 59 00 00 00 00 00 00 00 3F 50 BD BE ....Y... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:57.659324, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:57.659445, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0020 (32) size : 0x0024 (36) name : * name : 'Print Processor' type : * type : REG_SZ (1) value : * value: ARRAY(18) [0] : 0x77 (119) [1] : 0x00 (0) [2] : 0x69 (105) [3] : 0x00 (0) [4] : 0x6e (110) [5] : 0x00 (0) [6] : 0x70 (112) [7] : 0x00 (0) [8] : 0x72 (114) [9] : 0x00 (0) [10] : 0x69 (105) [11] : 0x00 (0) [12] : 0x6e (110) [13] : 0x00 (0) [14] : 0x74 (116) [15] : 0x00 (0) [16] : 0x00 (0) [17] : 0x00 (0) size : * size : 0x00000012 (18) length : * length : 0x00000012 (18) result : WERR_OK [2012/08/30 15:27:57.662382, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000059-0000-0000-3f50-bdbeee0b0000 enum_index : 0x00000006 (6) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2012/08/30 15:27:57.663858, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 59 00 00 00 00 00 00 00 3F 50 BD BE ....Y... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:57.664053, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:57.664190, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0024 (36) name : * name : 'Priority' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2012/08/30 15:27:57.665508, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000059-0000-0000-3f50-bdbeee0b0000 enum_index : 0x00000007 (7) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2012/08/30 15:27:57.666843, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 59 00 00 00 00 00 00 00 3F 50 BD BE ....Y... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:57.667041, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:57.667166, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0024 (36) name : * name : 'Security' type : * type : REG_BINARY (3) value : * value: ARRAY(248) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x04 (4) [3] : 0x80 (128) [4] : 0x14 (20) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) [8] : 0x24 (36) [9] : 0x00 (0) [10] : 0x00 (0) [11] : 0x00 (0) [12] : 0x00 (0) [13] : 0x00 (0) [14] : 0x00 (0) [15] : 0x00 (0) [16] : 0x34 (52) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) [20] : 0x01 (1) [21] : 0x02 (2) [22] : 0x00 (0) [23] : 0x00 (0) [24] : 0x00 (0) [25] : 0x00 (0) [26] : 0x00 (0) [27] : 0x05 (5) [28] : 0x20 (32) [29] : 0x00 (0) [30] : 0x00 (0) [31] : 0x00 (0) [32] : 0x20 (32) [33] : 0x02 (2) [34] : 0x00 (0) [35] : 0x00 (0) [36] : 0x01 (1) [37] : 0x02 (2) [38] : 0x00 (0) [39] : 0x00 (0) [40] : 0x00 (0) [41] : 0x00 (0) [42] : 0x00 (0) [43] : 0x05 (5) [44] : 0x20 (32) [45] : 0x00 (0) [46] : 0x00 (0) [47] : 0x00 (0) [48] : 0x20 (32) [49] : 0x02 (2) [50] : 0x00 (0) [51] : 0x00 (0) [52] : 0x02 (2) [53] : 0x00 (0) [54] : 0xc4 (196) [55] : 0x00 (0) [56] : 0x07 (7) [57] : 0x00 (0) [58] : 0x00 (0) [59] : 0x00 (0) [60] : 0x00 (0) [61] : 0x02 (2) [62] : 0x14 (20) [63] : 0x00 (0) [64] : 0x08 (8) [65] : 0x00 (0) [66] : 0x02 (2) [67] : 0x20 (32) [68] : 0x01 (1) [69] : 0x01 (1) [70] : 0x00 (0) [71] : 0x00 (0) [72] : 0x00 (0) [73] : 0x00 (0) [74] : 0x00 (0) [75] : 0x01 (1) [76] : 0x00 (0) [77] : 0x00 (0) [78] : 0x00 (0) [79] : 0x00 (0) [80] : 0x00 (0) [81] : 0x09 (9) [82] : 0x24 (36) [83] : 0x00 (0) [84] : 0x0c (12) [85] : 0x00 (0) [86] : 0x0f (15) [87] : 0x10 (16) [88] : 0x01 (1) [89] : 0x05 (5) [90] : 0x00 (0) [91] : 0x00 (0) [92] : 0x00 (0) [93] : 0x00 (0) [94] : 0x00 (0) [95] : 0x05 (5) [96] : 0x15 (21) [97] : 0x00 (0) [98] : 0x00 (0) [99] : 0x00 (0) [100] : 0x1b (27) [101] : 0xea (234) [102] : 0xaf (175) [103] : 0xc2 (194) [104] : 0xc0 (192) [105] : 0x3c (60) [106] : 0x7d (125) [107] : 0xdd (221) [108] : 0x2c (44) [109] : 0x8f (143) [110] : 0x72 (114) [111] : 0xd3 (211) [112] : 0x00 (0) [113] : 0x02 (2) [114] : 0x00 (0) [115] : 0x00 (0) [116] : 0x00 (0) [117] : 0x02 (2) [118] : 0x24 (36) [119] : 0x00 (0) [120] : 0x0c (12) [121] : 0x00 (0) [122] : 0x0f (15) [123] : 0x10 (16) [124] : 0x01 (1) [125] : 0x05 (5) [126] : 0x00 (0) [127] : 0x00 (0) [128] : 0x00 (0) [129] : 0x00 (0) [130] : 0x00 (0) [131] : 0x05 (5) [132] : 0x15 (21) [133] : 0x00 (0) [134] : 0x00 (0) [135] : 0x00 (0) [136] : 0x1b (27) [137] : 0xea (234) [138] : 0xaf (175) [139] : 0xc2 (194) [140] : 0xc0 (192) [141] : 0x3c (60) [142] : 0x7d (125) [143] : 0xdd (221) [144] : 0x2c (44) [145] : 0x8f (143) [146] : 0x72 (114) [147] : 0xd3 (211) [148] : 0x00 (0) [149] : 0x02 (2) [150] : 0x00 (0) [151] : 0x00 (0) [152] : 0x00 (0) [153] : 0x09 (9) [154] : 0x18 (24) [155] : 0x00 (0) [156] : 0x0c (12) [157] : 0x00 (0) [158] : 0x0f (15) [159] : 0x10 (16) [160] : 0x01 (1) [161] : 0x02 (2) [162] : 0x00 (0) [163] : 0x00 (0) [164] : 0x00 (0) [165] : 0x00 (0) [166] : 0x00 (0) [167] : 0x05 (5) [168] : 0x20 (32) [169] : 0x00 (0) [170] : 0x00 (0) [171] : 0x00 (0) [172] : 0x20 (32) [173] : 0x02 (2) [174] : 0x00 (0) [175] : 0x00 (0) [176] : 0x00 (0) [177] : 0x02 (2) [178] : 0x18 (24) [179] : 0x00 (0) [180] : 0x0c (12) [181] : 0x00 (0) [182] : 0x0f (15) [183] : 0x10 (16) [184] : 0x01 (1) [185] : 0x02 (2) [186] : 0x00 (0) [187] : 0x00 (0) [188] : 0x00 (0) [189] : 0x00 (0) [190] : 0x00 (0) [191] : 0x05 (5) [192] : 0x20 (32) [193] : 0x00 (0) [194] : 0x00 (0) [195] : 0x00 (0) [196] : 0x20 (32) [197] : 0x02 (2) [198] : 0x00 (0) [199] : 0x00 (0) [200] : 0x00 (0) [201] : 0x09 (9) [202] : 0x18 (24) [203] : 0x00 (0) [204] : 0x0c (12) [205] : 0x00 (0) [206] : 0x0f (15) [207] : 0x10 (16) [208] : 0x01 (1) [209] : 0x02 (2) [210] : 0x00 (0) [211] : 0x00 (0) [212] : 0x00 (0) [213] : 0x00 (0) [214] : 0x00 (0) [215] : 0x05 (5) [216] : 0x20 (32) [217] : 0x00 (0) [218] : 0x00 (0) [219] : 0x00 (0) [220] : 0x26 (38) [221] : 0x02 (2) [222] : 0x00 (0) [223] : 0x00 (0) [224] : 0x00 (0) [225] : 0x02 (2) [226] : 0x18 (24) [227] : 0x00 (0) [228] : 0x0c (12) [229] : 0x00 (0) [230] : 0x0f (15) [231] : 0x10 (16) [232] : 0x01 (1) [233] : 0x02 (2) [234] : 0x00 (0) [235] : 0x00 (0) [236] : 0x00 (0) [237] : 0x00 (0) [238] : 0x00 (0) [239] : 0x05 (5) [240] : 0x20 (32) [241] : 0x00 (0) [242] : 0x00 (0) [243] : 0x00 (0) [244] : 0x26 (38) [245] : 0x02 (2) [246] : 0x00 (0) [247] : 0x00 (0) size : * size : 0x000000f8 (248) length : * length : 0x000000f8 (248) result : WERR_OK [2012/08/30 15:27:57.683265, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000059-0000-0000-3f50-bdbeee0b0000 enum_index : 0x00000008 (8) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2012/08/30 15:27:57.684621, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 59 00 00 00 00 00 00 00 3F 50 BD BE ....Y... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:57.684818, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:57.684943, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0016 (22) size : 0x0024 (36) name : * name : 'Share Name' type : * type : REG_SZ (1) value : * value: ARRAY(16) [0] : 0x48 (72) [1] : 0x00 (0) [2] : 0x50 (80) [3] : 0x00 (0) [4] : 0x5f (95) [5] : 0x00 (0) [6] : 0x34 (52) [7] : 0x00 (0) [8] : 0x35 (53) [9] : 0x00 (0) [10] : 0x31 (49) [11] : 0x00 (0) [12] : 0x35 (53) [13] : 0x00 (0) [14] : 0x00 (0) [15] : 0x00 (0) size : * size : 0x00000010 (16) length : * length : 0x00000010 (16) result : WERR_OK [2012/08/30 15:27:57.687093, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000059-0000-0000-3f50-bdbeee0b0000 enum_index : 0x00000009 (9) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2012/08/30 15:27:57.688433, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 59 00 00 00 00 00 00 00 3F 50 BD BE ....Y... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:57.688646, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:57.688768, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0014 (20) size : 0x0024 (36) name : * name : 'StartTime' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x00 (0) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2012/08/30 15:27:57.690184, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000059-0000-0000-3f50-bdbeee0b0000 enum_index : 0x0000000a (10) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2012/08/30 15:27:57.691513, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 59 00 00 00 00 00 00 00 3F 50 BD BE ....Y... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:57.691830, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:57.691956, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0014 (20) size : 0x0024 (36) name : * name : 'UntilTime' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x00 (0) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2012/08/30 15:27:57.694571, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000059-0000-0000-3f50-bdbeee0b0000 enum_index : 0x0000000b (11) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2012/08/30 15:27:57.695933, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 59 00 00 00 00 00 00 00 3F 50 BD BE ....Y... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:57.696138, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:57.696265, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0018 (24) size : 0x0024 (36) name : * name : 'Description' type : * type : REG_SZ (1) value : * value: ARRAY(26) [0] : 0x63 (99) [1] : 0x00 (0) [2] : 0x75 (117) [3] : 0x00 (0) [4] : 0x70 (112) [5] : 0x00 (0) [6] : 0x73 (115) [7] : 0x00 (0) [8] : 0x20 (32) [9] : 0x00 (0) [10] : 0x70 (112) [11] : 0x00 (0) [12] : 0x72 (114) [13] : 0x00 (0) [14] : 0x69 (105) [15] : 0x00 (0) [16] : 0x6e (110) [17] : 0x00 (0) [18] : 0x74 (116) [19] : 0x00 (0) [20] : 0x65 (101) [21] : 0x00 (0) [22] : 0x72 (114) [23] : 0x00 (0) [24] : 0x00 (0) [25] : 0x00 (0) size : * size : 0x0000001a (26) length : * length : 0x0000001a (26) result : WERR_OK [2012/08/30 15:27:57.707852, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000059-0000-0000-3f50-bdbeee0b0000 enum_index : 0x0000000c (12) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2012/08/30 15:27:57.709373, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 59 00 00 00 00 00 00 00 3F 50 BD BE ....Y... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:57.709589, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:57.709736, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x001e (30) size : 0x0024 (36) name : * name : 'Printer Driver' type : * type : REG_SZ (1) value : * value: ARRAY(16) [0] : 0x48 (72) [1] : 0x00 (0) [2] : 0x50 (80) [3] : 0x00 (0) [4] : 0x5f (95) [5] : 0x00 (0) [6] : 0x34 (52) [7] : 0x00 (0) [8] : 0x35 (53) [9] : 0x00 (0) [10] : 0x31 (49) [11] : 0x00 (0) [12] : 0x35 (53) [13] : 0x00 (0) [14] : 0x00 (0) [15] : 0x00 (0) size : * size : 0x00000010 (16) length : * length : 0x00000010 (16) result : WERR_OK [2012/08/30 15:27:57.711996, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000059-0000-0000-3f50-bdbeee0b0000 enum_index : 0x0000000d (13) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2012/08/30 15:27:57.713417, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 59 00 00 00 00 00 00 00 3F 50 BD BE ....Y... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:57.713623, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:57.713752, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0024 (36) name : * name : 'Location' type : * type : REG_SZ (1) value : * value: ARRAY(2) [0] : 0x00 (0) [1] : 0x00 (0) size : * size : 0x00000002 (2) length : * length : 0x00000002 (2) result : WERR_OK [2012/08/30 15:27:57.715072, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000059-0000-0000-3f50-bdbeee0b0000 enum_index : 0x0000000e (14) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2012/08/30 15:27:57.716507, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 59 00 00 00 00 00 00 00 3F 50 BD BE ....Y... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:57.716718, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:57.716843, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0016 (22) size : 0x0024 (36) name : * name : 'Parameters' type : * type : REG_SZ (1) value : * value: ARRAY(2) [0] : 0x00 (0) [1] : 0x00 (0) size : * size : 0x00000002 (2) length : * length : 0x00000002 (2) result : WERR_OK [2012/08/30 15:27:57.718042, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000059-0000-0000-3f50-bdbeee0b0000 enum_index : 0x0000000f (15) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2012/08/30 15:27:57.719733, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 59 00 00 00 00 00 00 00 3F 50 BD BE ....Y... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:57.719930, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:57.720069, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x001e (30) size : 0x0024 (36) name : * name : 'Separator File' type : * type : REG_SZ (1) value : * value: ARRAY(2) [0] : 0x00 (0) [1] : 0x00 (0) size : * size : 0x00000002 (2) length : * length : 0x00000002 (2) result : WERR_OK [2012/08/30 15:27:57.721291, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000059-0000-0000-3f50-bdbeee0b0000 enum_index : 0x00000010 (16) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2012/08/30 15:27:57.722772, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 59 00 00 00 00 00 00 00 3F 50 BD BE ....Y... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:57.722967, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:57.723088, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x000e (14) size : 0x0024 (36) name : * name : 'Status' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x00 (0) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2012/08/30 15:27:57.724435, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000059-0000-0000-3f50-bdbeee0b0000 enum_index : 0x00000011 (17) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2012/08/30 15:27:57.725783, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 59 00 00 00 00 00 00 00 3F 50 BD BE ....Y... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:57.726019, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:57.726141, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0024 (36) name : * name : 'ChangeID' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x09 (9) [1] : 0x7d (125) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2012/08/30 15:27:57.727684, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000059-0000-0000-3f50-bdbeee0b0000 value_name : * value_name: struct winreg_String name_len : 0x0020 (32) name_size : 0x0020 (32) name : * name : 'Default DevMode' type : * type : REG_NONE (0) data : NULL data_size : * data_size : 0x00000000 (0) data_length : * data_length : 0x00000000 (0) [2012/08/30 15:27:57.728874, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 59 00 00 00 00 00 00 00 3F 50 BD BE ....Y... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:57.729074, 7] rpc_server/winreg/srv_winreg_nt.c:262(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:57.729193, 7] rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2012/08/30 15:27:57.729448, 10] rpc_server/winreg/srv_winreg_nt.c:315(_winreg_QueryValue) _winreg_QueryValue: reg_queryvalue failed with: WERR_BADFILE [2012/08/30 15:27:57.729587, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_NONE (0) data : NULL data_size : * data_size : 0x00000000 (0) data_length : * data_length : 0x00000000 (0) result : WERR_BADFILE [2012/08/30 15:27:57.730274, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM in: struct winreg_OpenHKLM system_name : NULL access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2012/08/30 15:27:57.731054, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2012/08/30 15:27:57.731175, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (4->5) [2012/08/30 15:27:57.731295, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM] [2012/08/30 15:27:57.731429, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM] [2012/08/30 15:27:57.731583, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:57.731718, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM] [2012/08/30 15:27:57.731861, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM] [2012/08/30 15:27:57.731994, 10] ../libcli/security/access_check.c:178(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2012/08/30 15:27:57.732116, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[3] [0000] 00 00 00 00 5A 00 00 00 00 00 00 00 3F 50 BD BE ....Z... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:57.732312, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM out: struct winreg_OpenHKLM handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000005a-0000-0000-3f50-bdbeee0b0000 result : WERR_OK [2012/08/30 15:27:57.732813, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey in: struct winreg_OpenKey parent_handle : * parent_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000005a-0000-0000-3f50-bdbeee0b0000 keyname: struct winreg_String name_len : 0x0088 (136) name_size : 0x0088 (136) name : * name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2012/08/30 15:27:57.734482, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 5A 00 00 00 00 00 00 00 3F 50 BD BE ....Z... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:57.734680, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2012/08/30 15:27:57.734799, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (5->6) [2012/08/30 15:27:57.734945, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] [2012/08/30 15:27:57.735062, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE] [2012/08/30 15:27:57.735181, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:57.735297, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE] [2012/08/30 15:27:57.735436, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE] [2012/08/30 15:27:57.735606, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2012/08/30 15:27:57.735726, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (6->7) [2012/08/30 15:27:57.735846, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] [2012/08/30 15:27:57.735966, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] [2012/08/30 15:27:57.736084, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:57.736199, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE\Microsoft] [2012/08/30 15:27:57.736333, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft] [2012/08/30 15:27:57.736466, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2012/08/30 15:27:57.736586, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (7->8) [2012/08/30 15:27:57.736708, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] [2012/08/30 15:27:57.736826, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] [2012/08/30 15:27:57.736946, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:57.737063, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] [2012/08/30 15:27:57.737196, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT] [2012/08/30 15:27:57.737328, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2012/08/30 15:27:57.737447, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (8->9) [2012/08/30 15:27:57.737570, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2012/08/30 15:27:57.737687, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2012/08/30 15:27:57.737805, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:57.737957, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b776320 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2012/08/30 15:27:57.738118, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2012/08/30 15:27:57.738238, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (9->10) [2012/08/30 15:27:57.738359, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2012/08/30 15:27:57.738477, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2012/08/30 15:27:57.738596, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:57.738712, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b776320 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2012/08/30 15:27:57.738857, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2012/08/30 15:27:57.738977, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (10->11) [2012/08/30 15:27:57.739116, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2012/08/30 15:27:57.739251, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2012/08/30 15:27:57.739364, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:57.740387, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2012/08/30 15:27:57.740527, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2012/08/30 15:27:57.740663, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [HP_4515] [2012/08/30 15:27:57.740807, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (11->12) [2012/08/30 15:27:57.740930, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:57.741049, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:57.741169, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:57.741285, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:57.741427, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:57.741563, 10] ../libcli/security/access_check.c:178(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2012/08/30 15:27:57.741685, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (12->11) [2012/08/30 15:27:57.741822, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (11->10) [2012/08/30 15:27:57.741941, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (10->9) [2012/08/30 15:27:57.742060, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (9->8) [2012/08/30 15:27:57.742179, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (8->7) [2012/08/30 15:27:57.742299, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (7->6) [2012/08/30 15:27:57.742421, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[4] [0000] 00 00 00 00 5B 00 00 00 00 00 00 00 3F 50 BD BE ....[... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:57.742648, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey out: struct winreg_OpenKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000005b-0000-0000-3f50-bdbeee0b0000 result : WERR_OK [2012/08/30 15:27:57.743160, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000005b-0000-0000-3f50-bdbeee0b0000 value_name : * value_name: struct winreg_String name_len : 0x0012 (18) name_size : 0x0012 (18) name : * name : 'Security' type : * type : REG_NONE (0) data : NULL data_size : * data_size : 0x00000000 (0) data_length : * data_length : 0x00000000 (0) [2012/08/30 15:27:57.744397, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 5B 00 00 00 00 00 00 00 3F 50 BD BE ....[... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:57.744598, 7] rpc_server/winreg/srv_winreg_nt.c:262(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:57.744718, 7] rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2012/08/30 15:27:57.744841, 10] registry/reg_dispatcher.c:150(fetch_reg_values) fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515' (ops 0x7fd50b775f80) [2012/08/30 15:27:57.744962, 10] registry/reg_backend_db.c:1789(regdb_fetch_values_internal) regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:57.745109, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[0]: name[Attributes] len[4] [2012/08/30 15:27:57.745231, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[1]: name[Datatype] len[8] [2012/08/30 15:27:57.745351, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[2]: name[Default Priority] len[4] [2012/08/30 15:27:57.745471, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[3]: name[Port] len[38] [2012/08/30 15:27:57.745590, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[4]: name[Name] len[16] [2012/08/30 15:27:57.745709, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[5]: name[Print Processor] len[18] [2012/08/30 15:27:57.745828, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[6]: name[Priority] len[4] [2012/08/30 15:27:57.745952, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[7]: name[Security] len[248] [2012/08/30 15:27:57.746071, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[8]: name[Share Name] len[16] [2012/08/30 15:27:57.746190, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[9]: name[StartTime] len[4] [2012/08/30 15:27:57.746309, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[10]: name[UntilTime] len[4] [2012/08/30 15:27:57.746575, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[11]: name[Description] len[26] [2012/08/30 15:27:57.746695, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[12]: name[Printer Driver] len[16] [2012/08/30 15:27:57.746813, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[13]: name[Location] len[2] [2012/08/30 15:27:57.746932, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[14]: name[Parameters] len[2] [2012/08/30 15:27:57.747078, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[15]: name[Separator File] len[2] [2012/08/30 15:27:57.747198, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[16]: name[Status] len[4] [2012/08/30 15:27:57.747317, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[17]: name[ChangeID] len[4] [2012/08/30 15:27:57.747437, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_BINARY (3) data : NULL data_size : * data_size : 0x000000f8 (248) data_length : * data_length : 0x00000000 (0) result : WERR_OK [2012/08/30 15:27:57.748151, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000005b-0000-0000-3f50-bdbeee0b0000 value_name : * value_name: struct winreg_String name_len : 0x0012 (18) name_size : 0x0012 (18) name : * name : 'Security' type : * type : REG_BINARY (3) data : * data: ARRAY(0) data_size : * data_size : 0x000000f8 (248) data_length : * data_length : 0x00000000 (0) [2012/08/30 15:27:57.749381, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 5B 00 00 00 00 00 00 00 3F 50 BD BE ....[... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:57.749578, 7] rpc_server/winreg/srv_winreg_nt.c:262(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:57.749697, 7] rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2012/08/30 15:27:57.749819, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_BINARY (3) data : * data: ARRAY(248) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x04 (4) [3] : 0x80 (128) [4] : 0x14 (20) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) [8] : 0x24 (36) [9] : 0x00 (0) [10] : 0x00 (0) [11] : 0x00 (0) [12] : 0x00 (0) [13] : 0x00 (0) [14] : 0x00 (0) [15] : 0x00 (0) [16] : 0x34 (52) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) [20] : 0x01 (1) [21] : 0x02 (2) [22] : 0x00 (0) [23] : 0x00 (0) [24] : 0x00 (0) [25] : 0x00 (0) [26] : 0x00 (0) [27] : 0x05 (5) [28] : 0x20 (32) [29] : 0x00 (0) [30] : 0x00 (0) [31] : 0x00 (0) [32] : 0x20 (32) [33] : 0x02 (2) [34] : 0x00 (0) [35] : 0x00 (0) [36] : 0x01 (1) [37] : 0x02 (2) [38] : 0x00 (0) [39] : 0x00 (0) [40] : 0x00 (0) [41] : 0x00 (0) [42] : 0x00 (0) [43] : 0x05 (5) [44] : 0x20 (32) [45] : 0x00 (0) [46] : 0x00 (0) [47] : 0x00 (0) [48] : 0x20 (32) [49] : 0x02 (2) [50] : 0x00 (0) [51] : 0x00 (0) [52] : 0x02 (2) [53] : 0x00 (0) [54] : 0xc4 (196) [55] : 0x00 (0) [56] : 0x07 (7) [57] : 0x00 (0) [58] : 0x00 (0) [59] : 0x00 (0) [60] : 0x00 (0) [61] : 0x02 (2) [62] : 0x14 (20) [63] : 0x00 (0) [64] : 0x08 (8) [65] : 0x00 (0) [66] : 0x02 (2) [67] : 0x20 (32) [68] : 0x01 (1) [69] : 0x01 (1) [70] : 0x00 (0) [71] : 0x00 (0) [72] : 0x00 (0) [73] : 0x00 (0) [74] : 0x00 (0) [75] : 0x01 (1) [76] : 0x00 (0) [77] : 0x00 (0) [78] : 0x00 (0) [79] : 0x00 (0) [80] : 0x00 (0) [81] : 0x09 (9) [82] : 0x24 (36) [83] : 0x00 (0) [84] : 0x0c (12) [85] : 0x00 (0) [86] : 0x0f (15) [87] : 0x10 (16) [88] : 0x01 (1) [89] : 0x05 (5) [90] : 0x00 (0) [91] : 0x00 (0) [92] : 0x00 (0) [93] : 0x00 (0) [94] : 0x00 (0) [95] : 0x05 (5) [96] : 0x15 (21) [97] : 0x00 (0) [98] : 0x00 (0) [99] : 0x00 (0) [100] : 0x1b (27) [101] : 0xea (234) [102] : 0xaf (175) [103] : 0xc2 (194) [104] : 0xc0 (192) [105] : 0x3c (60) [106] : 0x7d (125) [107] : 0xdd (221) [108] : 0x2c (44) [109] : 0x8f (143) [110] : 0x72 (114) [111] : 0xd3 (211) [112] : 0x00 (0) [113] : 0x02 (2) [114] : 0x00 (0) [115] : 0x00 (0) [116] : 0x00 (0) [117] : 0x02 (2) [118] : 0x24 (36) [119] : 0x00 (0) [120] : 0x0c (12) [121] : 0x00 (0) [122] : 0x0f (15) [123] : 0x10 (16) [124] : 0x01 (1) [125] : 0x05 (5) [126] : 0x00 (0) [127] : 0x00 (0) [128] : 0x00 (0) [129] : 0x00 (0) [130] : 0x00 (0) [131] : 0x05 (5) [132] : 0x15 (21) [133] : 0x00 (0) [134] : 0x00 (0) [135] : 0x00 (0) [136] : 0x1b (27) [137] : 0xea (234) [138] : 0xaf (175) [139] : 0xc2 (194) [140] : 0xc0 (192) [141] : 0x3c (60) [142] : 0x7d (125) [143] : 0xdd (221) [144] : 0x2c (44) [145] : 0x8f (143) [146] : 0x72 (114) [147] : 0xd3 (211) [148] : 0x00 (0) [149] : 0x02 (2) [150] : 0x00 (0) [151] : 0x00 (0) [152] : 0x00 (0) [153] : 0x09 (9) [154] : 0x18 (24) [155] : 0x00 (0) [156] : 0x0c (12) [157] : 0x00 (0) [158] : 0x0f (15) [159] : 0x10 (16) [160] : 0x01 (1) [161] : 0x02 (2) [162] : 0x00 (0) [163] : 0x00 (0) [164] : 0x00 (0) [165] : 0x00 (0) [166] : 0x00 (0) [167] : 0x05 (5) [168] : 0x20 (32) [169] : 0x00 (0) [170] : 0x00 (0) [171] : 0x00 (0) [172] : 0x20 (32) [173] : 0x02 (2) [174] : 0x00 (0) [175] : 0x00 (0) [176] : 0x00 (0) [177] : 0x02 (2) [178] : 0x18 (24) [179] : 0x00 (0) [180] : 0x0c (12) [181] : 0x00 (0) [182] : 0x0f (15) [183] : 0x10 (16) [184] : 0x01 (1) [185] : 0x02 (2) [186] : 0x00 (0) [187] : 0x00 (0) [188] : 0x00 (0) [189] : 0x00 (0) [190] : 0x00 (0) [191] : 0x05 (5) [192] : 0x20 (32) [193] : 0x00 (0) [194] : 0x00 (0) [195] : 0x00 (0) [196] : 0x20 (32) [197] : 0x02 (2) [198] : 0x00 (0) [199] : 0x00 (0) [200] : 0x00 (0) [201] : 0x09 (9) [202] : 0x18 (24) [203] : 0x00 (0) [204] : 0x0c (12) [205] : 0x00 (0) [206] : 0x0f (15) [207] : 0x10 (16) [208] : 0x01 (1) [209] : 0x02 (2) [210] : 0x00 (0) [211] : 0x00 (0) [212] : 0x00 (0) [213] : 0x00 (0) [214] : 0x00 (0) [215] : 0x05 (5) [216] : 0x20 (32) [217] : 0x00 (0) [218] : 0x00 (0) [219] : 0x00 (0) [220] : 0x26 (38) [221] : 0x02 (2) [222] : 0x00 (0) [223] : 0x00 (0) [224] : 0x00 (0) [225] : 0x02 (2) [226] : 0x18 (24) [227] : 0x00 (0) [228] : 0x0c (12) [229] : 0x00 (0) [230] : 0x0f (15) [231] : 0x10 (16) [232] : 0x01 (1) [233] : 0x02 (2) [234] : 0x00 (0) [235] : 0x00 (0) [236] : 0x00 (0) [237] : 0x00 (0) [238] : 0x00 (0) [239] : 0x05 (5) [240] : 0x20 (32) [241] : 0x00 (0) [242] : 0x00 (0) [243] : 0x00 (0) [244] : 0x26 (38) [245] : 0x02 (2) [246] : 0x00 (0) [247] : 0x00 (0) data_size : * data_size : 0x000000f8 (248) data_length : * data_length : 0x000000f8 (248) result : WERR_OK [2012/08/30 15:27:57.765624, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000005b-0000-0000-3f50-bdbeee0b0000 [2012/08/30 15:27:57.766061, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 5B 00 00 00 00 00 00 00 3F 50 BD BE ....[... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:57.766281, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 5B 00 00 00 00 00 00 00 3F 50 BD BE ....[... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:57.766476, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/08/30 15:27:57.766600, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (6->5) [2012/08/30 15:27:57.766721, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2012/08/30 15:27:57.767200, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000005a-0000-0000-3f50-bdbeee0b0000 [2012/08/30 15:27:57.767641, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 5A 00 00 00 00 00 00 00 3F 50 BD BE ....Z... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:57.767854, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 5A 00 00 00 00 00 00 00 3F 50 BD BE ....Z... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:57.768050, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/08/30 15:27:57.768168, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (5->4) [2012/08/30 15:27:57.768296, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2012/08/30 15:27:57.768777, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000059-0000-0000-3f50-bdbeee0b0000 [2012/08/30 15:27:57.769188, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 59 00 00 00 00 00 00 00 3F 50 BD BE ....Y... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:57.769383, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 59 00 00 00 00 00 00 00 3F 50 BD BE ....Y... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:57.769577, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/08/30 15:27:57.769699, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (4->3) [2012/08/30 15:27:57.769820, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2012/08/30 15:27:57.770454, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000058-0000-0000-3f50-bdbeee0b0000 [2012/08/30 15:27:57.770883, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 58 00 00 00 00 00 00 00 3F 50 BD BE ....X... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:57.771094, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 58 00 00 00 00 00 00 00 3F 50 BD BE ....X... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:57.771288, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/08/30 15:27:57.771405, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (3->2) [2012/08/30 15:27:57.771551, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2012/08/30 15:27:57.772042, 8] rpc_server/spoolss/srv_spoolss_nt.c:5510(construct_printer_driver_info_level) construct_printer_driver_info_level: status: WERR_OK [2012/08/30 15:27:57.772173, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM in: struct winreg_OpenHKLM system_name : NULL access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2012/08/30 15:27:57.772927, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2012/08/30 15:27:57.773050, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (2->3) [2012/08/30 15:27:57.773170, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM] [2012/08/30 15:27:57.773286, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM] [2012/08/30 15:27:57.773404, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:57.773537, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM] [2012/08/30 15:27:57.773677, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM] [2012/08/30 15:27:57.773809, 10] ../libcli/security/access_check.c:178(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2012/08/30 15:27:57.773930, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[1] [0000] 00 00 00 00 5C 00 00 00 00 00 00 00 3F 50 BD BE ....\... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:57.774168, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM out: struct winreg_OpenHKLM handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000005c-0000-0000-3f50-bdbeee0b0000 result : WERR_OK [2012/08/30 15:27:57.774663, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey in: struct winreg_OpenKey parent_handle : * parent_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000005c-0000-0000-3f50-bdbeee0b0000 keyname: struct winreg_String name_len : 0x00b4 (180) name_size : 0x00b4 (180) name : * name : 'SYSTEM\CurrentControlSet\Control\Print\Environments\Windows x64\Drivers\Version-3\HP_4515' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2012/08/30 15:27:57.776347, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 5C 00 00 00 00 00 00 00 3F 50 BD BE ....\... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:57.776551, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [SYSTEM] [2012/08/30 15:27:57.776671, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (3->4) [2012/08/30 15:27:57.776829, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM] [2012/08/30 15:27:57.776948, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SYSTEM] [2012/08/30 15:27:57.777086, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:57.777204, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SYSTEM] [2012/08/30 15:27:57.777348, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM] [2012/08/30 15:27:57.777482, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentControlSet] [2012/08/30 15:27:57.777601, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (4->5) [2012/08/30 15:27:57.777725, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet] [2012/08/30 15:27:57.777842, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet] [2012/08/30 15:27:57.777985, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:57.778105, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SYSTEM\CurrentControlSet] [2012/08/30 15:27:57.778241, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM\CurrentControlSet] [2012/08/30 15:27:57.778391, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Control] [2012/08/30 15:27:57.778511, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (5->6) [2012/08/30 15:27:57.778632, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Control] [2012/08/30 15:27:57.778749, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Control] [2012/08/30 15:27:57.778867, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:57.778984, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SYSTEM\CurrentControlSet\Control] [2012/08/30 15:27:57.779140, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM\CurrentControlSet\Control] [2012/08/30 15:27:57.779274, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2012/08/30 15:27:57.779393, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (6->7) [2012/08/30 15:27:57.779540, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Control\Print] [2012/08/30 15:27:57.779668, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Control\Print] [2012/08/30 15:27:57.779786, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:57.779903, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SYSTEM\CurrentControlSet\Control\Print] [2012/08/30 15:27:57.780041, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM\CurrentControlSet\Control\Print] [2012/08/30 15:27:57.780209, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Environments] [2012/08/30 15:27:57.780328, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (7->8) [2012/08/30 15:27:57.780449, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments] [2012/08/30 15:27:57.780567, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments] [2012/08/30 15:27:57.780693, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:57.780809, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments] [2012/08/30 15:27:57.780944, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments] [2012/08/30 15:27:57.781078, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Windows x64] [2012/08/30 15:27:57.781200, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (8->9) [2012/08/30 15:27:57.781322, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows x64] [2012/08/30 15:27:57.781441, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows x64] [2012/08/30 15:27:57.781561, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:57.781679, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows x64] [2012/08/30 15:27:57.781819, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows x64] [2012/08/30 15:27:57.782120, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Drivers] [2012/08/30 15:27:57.782240, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (9->10) [2012/08/30 15:27:57.782364, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows x64\Drivers] [2012/08/30 15:27:57.782482, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows x64\Drivers] [2012/08/30 15:27:57.782601, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:57.782718, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows x64\Drivers] [2012/08/30 15:27:57.782870, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows x64\Drivers] [2012/08/30 15:27:57.783006, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Version-3] [2012/08/30 15:27:57.783126, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (10->11) [2012/08/30 15:27:57.783248, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows x64\Drivers\Version-3] [2012/08/30 15:27:57.783370, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows x64\Drivers\Version-3] [2012/08/30 15:27:57.783491, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:57.783689, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows x64\Drivers\Version-3] [2012/08/30 15:27:57.783832, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows x64\Drivers\Version-3] [2012/08/30 15:27:57.783970, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [HP_4515] [2012/08/30 15:27:57.784092, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (11->12) [2012/08/30 15:27:57.784224, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows x64\Drivers\Version-3\HP_4515] [2012/08/30 15:27:57.784344, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows x64\Drivers\Version-3\HP_4515] [2012/08/30 15:27:57.784470, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:57.784588, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows x64\Drivers\Version-3\HP_4515] [2012/08/30 15:27:57.784725, 10] registry/reg_backend_db.c:1656(regdb_fetch_keys_internal) regdb_fetch_keys: no subkeys found for key [HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows x64\Drivers\Version-3\HP_4515] [2012/08/30 15:27:57.784846, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows x64\Drivers\Version-3\HP_4515] [2012/08/30 15:27:57.784983, 10] ../libcli/security/access_check.c:178(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2012/08/30 15:27:57.785105, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (12->11) [2012/08/30 15:27:57.785225, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (11->10) [2012/08/30 15:27:57.785343, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (10->9) [2012/08/30 15:27:57.785485, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (9->8) [2012/08/30 15:27:57.785606, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (8->7) [2012/08/30 15:27:57.785725, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (7->6) [2012/08/30 15:27:57.785843, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (6->5) [2012/08/30 15:27:57.786001, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (5->4) [2012/08/30 15:27:57.786123, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[2] [0000] 00 00 00 00 5D 00 00 00 00 00 00 00 3F 50 BD BE ....]... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:57.786321, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey out: struct winreg_OpenKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000005d-0000-0000-3f50-bdbeee0b0000 result : WERR_OK [2012/08/30 15:27:57.786838, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_QueryInfoKey: struct winreg_QueryInfoKey in: struct winreg_QueryInfoKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000005d-0000-0000-3f50-bdbeee0b0000 classname : * classname: struct winreg_String name_len : 0x0000 (0) name_size : 0x0000 (0) name : NULL [2012/08/30 15:27:57.787594, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 5D 00 00 00 00 00 00 00 3F 50 BD BE ....]... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:57.787791, 10] registry/reg_dispatcher.c:150(fetch_reg_values) fetch_reg_values called for key 'HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows x64\Drivers\Version-3\HP_4515' (ops 0x7fd50b775f80) [2012/08/30 15:27:57.787919, 10] registry/reg_backend_db.c:1789(regdb_fetch_values_internal) regdb_fetch_values: Looking for values of key [HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows x64\Drivers\Version-3\HP_4515] [2012/08/30 15:27:57.788059, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[0]: name[Version] len[4] [2012/08/30 15:27:57.788180, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[1]: name[Driver] len[26] [2012/08/30 15:27:57.788299, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[2]: name[Data File] len[24] [2012/08/30 15:27:57.788418, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[3]: name[Configuration File] len[20] [2012/08/30 15:27:57.788540, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[4]: name[Help File] len[24] [2012/08/30 15:27:57.788660, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[5]: name[Dependent Files] len[188] [2012/08/30 15:27:57.788778, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[6]: name[Monitor] len[0] [2012/08/30 15:27:57.788898, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[7]: name[Datatype] len[8] [2012/08/30 15:27:57.789016, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[8]: name[Previous Names] len[2] [2012/08/30 15:27:57.789136, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[9]: name[DriverDate] len[22] [2012/08/30 15:27:57.789256, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[10]: name[DriverVersion] len[16] [2012/08/30 15:27:57.789377, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[11]: name[Manufacturer] len[0] [2012/08/30 15:27:57.789497, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[12]: name[OEM URL] len[0] [2012/08/30 15:27:57.789735, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[13]: name[HardwareID] len[0] [2012/08/30 15:27:57.789868, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[14]: name[Provider] len[0] [2012/08/30 15:27:57.789988, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[15]: name[Print Processor] len[0] [2012/08/30 15:27:57.790106, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[16]: name[VendorSetup] len[0] [2012/08/30 15:27:57.790225, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[17]: name[Color Profiles] len[2] [2012/08/30 15:27:57.790344, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[18]: name[InfPath] len[0] [2012/08/30 15:27:57.790464, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[19]: name[PrinterDriverAttributes] len[4] [2012/08/30 15:27:57.790602, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[20]: name[CoreDependencies] len[2] [2012/08/30 15:27:57.790722, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[21]: name[MinInboxDriverVerDate] len[22] [2012/08/30 15:27:57.790841, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[22]: name[MinInboxDriverVerVersion] len[16] [2012/08/30 15:27:57.790962, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows x64\Drivers\Version-3\HP_4515] [2012/08/30 15:27:57.791102, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_QueryInfoKey: struct winreg_QueryInfoKey out: struct winreg_QueryInfoKey classname : * classname: struct winreg_String name_len : 0x0000 (0) name_size : 0x0000 (0) name : NULL num_subkeys : * num_subkeys : 0x00000000 (0) max_subkeylen : * max_subkeylen : 0x00000000 (0) max_classlen : * max_classlen : 0x00000000 (0) num_values : * num_values : 0x00000017 (23) max_valnamelen : * max_valnamelen : 0x00000032 (50) max_valbufsize : * max_valbufsize : 0x000000bc (188) secdescsize : * secdescsize : 0x00000078 (120) last_changed_time : * last_changed_time : NTTIME(0) result : WERR_OK [2012/08/30 15:27:57.792670, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000005d-0000-0000-3f50-bdbeee0b0000 enum_index : 0x00000000 (0) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0034 (52) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000bc (188) length : * length : 0x00000000 (0) [2012/08/30 15:27:57.794124, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 5D 00 00 00 00 00 00 00 3F 50 BD BE ....]... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:57.794326, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows x64\Drivers\Version-3\HP_4515] [2012/08/30 15:27:57.794453, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0010 (16) size : 0x0034 (52) name : * name : 'Version' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x03 (3) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2012/08/30 15:27:57.795805, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000005d-0000-0000-3f50-bdbeee0b0000 enum_index : 0x00000001 (1) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0034 (52) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000bc (188) length : * length : 0x00000000 (0) [2012/08/30 15:27:57.797111, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 5D 00 00 00 00 00 00 00 3F 50 BD BE ....]... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:57.797307, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows x64\Drivers\Version-3\HP_4515] [2012/08/30 15:27:57.797431, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x000e (14) size : 0x0034 (52) name : * name : 'Driver' type : * type : REG_SZ (1) value : * value: ARRAY(26) [0] : 0x70 (112) [1] : 0x00 (0) [2] : 0x73 (115) [3] : 0x00 (0) [4] : 0x63 (99) [5] : 0x00 (0) [6] : 0x72 (114) [7] : 0x00 (0) [8] : 0x69 (105) [9] : 0x00 (0) [10] : 0x70 (112) [11] : 0x00 (0) [12] : 0x74 (116) [13] : 0x00 (0) [14] : 0x35 (53) [15] : 0x00 (0) [16] : 0x2e (46) [17] : 0x00 (0) [18] : 0x64 (100) [19] : 0x00 (0) [20] : 0x6c (108) [21] : 0x00 (0) [22] : 0x6c (108) [23] : 0x00 (0) [24] : 0x00 (0) [25] : 0x00 (0) size : * size : 0x0000001a (26) length : * length : 0x0000001a (26) result : WERR_OK [2012/08/30 15:27:57.800101, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000005d-0000-0000-3f50-bdbeee0b0000 enum_index : 0x00000002 (2) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0034 (52) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000bc (188) length : * length : 0x00000000 (0) [2012/08/30 15:27:57.801430, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 5D 00 00 00 00 00 00 00 3F 50 BD BE ....]... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:57.801626, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows x64\Drivers\Version-3\HP_4515] [2012/08/30 15:27:57.801770, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0014 (20) size : 0x0034 (52) name : * name : 'Data File' type : * type : REG_SZ (1) value : * value: ARRAY(24) [0] : 0x48 (72) [1] : 0x00 (0) [2] : 0x50 (80) [3] : 0x00 (0) [4] : 0x5f (95) [5] : 0x00 (0) [6] : 0x34 (52) [7] : 0x00 (0) [8] : 0x35 (53) [9] : 0x00 (0) [10] : 0x31 (49) [11] : 0x00 (0) [12] : 0x35 (53) [13] : 0x00 (0) [14] : 0x2e (46) [15] : 0x00 (0) [16] : 0x70 (112) [17] : 0x00 (0) [18] : 0x70 (112) [19] : 0x00 (0) [20] : 0x64 (100) [21] : 0x00 (0) [22] : 0x00 (0) [23] : 0x00 (0) size : * size : 0x00000018 (24) length : * length : 0x00000018 (24) result : WERR_OK [2012/08/30 15:27:57.805086, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000005d-0000-0000-3f50-bdbeee0b0000 enum_index : 0x00000003 (3) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0034 (52) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000bc (188) length : * length : 0x00000000 (0) [2012/08/30 15:27:57.806381, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 5D 00 00 00 00 00 00 00 3F 50 BD BE ....]... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:57.806723, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows x64\Drivers\Version-3\HP_4515] [2012/08/30 15:27:57.806845, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0026 (38) size : 0x0034 (52) name : * name : 'Configuration File' type : * type : REG_SZ (1) value : * value: ARRAY(20) [0] : 0x70 (112) [1] : 0x00 (0) [2] : 0x73 (115) [3] : 0x00 (0) [4] : 0x35 (53) [5] : 0x00 (0) [6] : 0x75 (117) [7] : 0x00 (0) [8] : 0x69 (105) [9] : 0x00 (0) [10] : 0x2e (46) [11] : 0x00 (0) [12] : 0x64 (100) [13] : 0x00 (0) [14] : 0x6c (108) [15] : 0x00 (0) [16] : 0x6c (108) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) size : * size : 0x00000014 (20) length : * length : 0x00000014 (20) result : WERR_OK [2012/08/30 15:27:57.809192, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000005d-0000-0000-3f50-bdbeee0b0000 enum_index : 0x00000004 (4) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0034 (52) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000bc (188) length : * length : 0x00000000 (0) [2012/08/30 15:27:57.810552, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 5D 00 00 00 00 00 00 00 3F 50 BD BE ....]... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:57.810759, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows x64\Drivers\Version-3\HP_4515] [2012/08/30 15:27:57.810886, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0014 (20) size : 0x0034 (52) name : * name : 'Help File' type : * type : REG_SZ (1) value : * value: ARRAY(24) [0] : 0x70 (112) [1] : 0x00 (0) [2] : 0x73 (115) [3] : 0x00 (0) [4] : 0x63 (99) [5] : 0x00 (0) [6] : 0x72 (114) [7] : 0x00 (0) [8] : 0x69 (105) [9] : 0x00 (0) [10] : 0x70 (112) [11] : 0x00 (0) [12] : 0x74 (116) [13] : 0x00 (0) [14] : 0x2e (46) [15] : 0x00 (0) [16] : 0x68 (104) [17] : 0x00 (0) [18] : 0x6c (108) [19] : 0x00 (0) [20] : 0x70 (112) [21] : 0x00 (0) [22] : 0x00 (0) [23] : 0x00 (0) size : * size : 0x00000018 (24) length : * length : 0x00000018 (24) result : WERR_OK [2012/08/30 15:27:57.813400, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000005d-0000-0000-3f50-bdbeee0b0000 enum_index : 0x00000005 (5) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0034 (52) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000bc (188) length : * length : 0x00000000 (0) [2012/08/30 15:27:57.814722, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 5D 00 00 00 00 00 00 00 3F 50 BD BE ....]... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:57.814917, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows x64\Drivers\Version-3\HP_4515] [2012/08/30 15:27:57.815038, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0020 (32) size : 0x0034 (52) name : * name : 'Dependent Files' type : * type : REG_MULTI_SZ (7) value : * value: ARRAY(188) [0] : 0x70 (112) [1] : 0x00 (0) [2] : 0x73 (115) [3] : 0x00 (0) [4] : 0x63 (99) [5] : 0x00 (0) [6] : 0x72 (114) [7] : 0x00 (0) [8] : 0x69 (105) [9] : 0x00 (0) [10] : 0x70 (112) [11] : 0x00 (0) [12] : 0x74 (116) [13] : 0x00 (0) [14] : 0x35 (53) [15] : 0x00 (0) [16] : 0x2e (46) [17] : 0x00 (0) [18] : 0x64 (100) [19] : 0x00 (0) [20] : 0x6c (108) [21] : 0x00 (0) [22] : 0x6c (108) [23] : 0x00 (0) [24] : 0x00 (0) [25] : 0x00 (0) [26] : 0x48 (72) [27] : 0x00 (0) [28] : 0x50 (80) [29] : 0x00 (0) [30] : 0x5f (95) [31] : 0x00 (0) [32] : 0x34 (52) [33] : 0x00 (0) [34] : 0x35 (53) [35] : 0x00 (0) [36] : 0x31 (49) [37] : 0x00 (0) [38] : 0x35 (53) [39] : 0x00 (0) [40] : 0x2e (46) [41] : 0x00 (0) [42] : 0x70 (112) [43] : 0x00 (0) [44] : 0x70 (112) [45] : 0x00 (0) [46] : 0x64 (100) [47] : 0x00 (0) [48] : 0x00 (0) [49] : 0x00 (0) [50] : 0x70 (112) [51] : 0x00 (0) [52] : 0x73 (115) [53] : 0x00 (0) [54] : 0x35 (53) [55] : 0x00 (0) [56] : 0x75 (117) [57] : 0x00 (0) [58] : 0x69 (105) [59] : 0x00 (0) [60] : 0x2e (46) [61] : 0x00 (0) [62] : 0x64 (100) [63] : 0x00 (0) [64] : 0x6c (108) [65] : 0x00 (0) [66] : 0x6c (108) [67] : 0x00 (0) [68] : 0x00 (0) [69] : 0x00 (0) [70] : 0x70 (112) [71] : 0x00 (0) [72] : 0x73 (115) [73] : 0x00 (0) [74] : 0x63 (99) [75] : 0x00 (0) [76] : 0x72 (114) [77] : 0x00 (0) [78] : 0x69 (105) [79] : 0x00 (0) [80] : 0x70 (112) [81] : 0x00 (0) [82] : 0x74 (116) [83] : 0x00 (0) [84] : 0x2e (46) [85] : 0x00 (0) [86] : 0x68 (104) [87] : 0x00 (0) [88] : 0x6c (108) [89] : 0x00 (0) [90] : 0x70 (112) [91] : 0x00 (0) [92] : 0x00 (0) [93] : 0x00 (0) [94] : 0x70 (112) [95] : 0x00 (0) [96] : 0x73 (115) [97] : 0x00 (0) [98] : 0x63 (99) [99] : 0x00 (0) [100] : 0x72 (114) [101] : 0x00 (0) [102] : 0x69 (105) [103] : 0x00 (0) [104] : 0x70 (112) [105] : 0x00 (0) [106] : 0x74 (116) [107] : 0x00 (0) [108] : 0x2e (46) [109] : 0x00 (0) [110] : 0x6e (110) [111] : 0x00 (0) [112] : 0x74 (116) [113] : 0x00 (0) [114] : 0x66 (102) [115] : 0x00 (0) [116] : 0x00 (0) [117] : 0x00 (0) [118] : 0x63 (99) [119] : 0x00 (0) [120] : 0x75 (117) [121] : 0x00 (0) [122] : 0x70 (112) [123] : 0x00 (0) [124] : 0x73 (115) [125] : 0x00 (0) [126] : 0x36 (54) [127] : 0x00 (0) [128] : 0x2e (46) [129] : 0x00 (0) [130] : 0x69 (105) [131] : 0x00 (0) [132] : 0x6e (110) [133] : 0x00 (0) [134] : 0x69 (105) [135] : 0x00 (0) [136] : 0x00 (0) [137] : 0x00 (0) [138] : 0x63 (99) [139] : 0x00 (0) [140] : 0x75 (117) [141] : 0x00 (0) [142] : 0x70 (112) [143] : 0x00 (0) [144] : 0x73 (115) [145] : 0x00 (0) [146] : 0x70 (112) [147] : 0x00 (0) [148] : 0x73 (115) [149] : 0x00 (0) [150] : 0x36 (54) [151] : 0x00 (0) [152] : 0x2e (46) [153] : 0x00 (0) [154] : 0x64 (100) [155] : 0x00 (0) [156] : 0x6c (108) [157] : 0x00 (0) [158] : 0x6c (108) [159] : 0x00 (0) [160] : 0x00 (0) [161] : 0x00 (0) [162] : 0x63 (99) [163] : 0x00 (0) [164] : 0x75 (117) [165] : 0x00 (0) [166] : 0x70 (112) [167] : 0x00 (0) [168] : 0x73 (115) [169] : 0x00 (0) [170] : 0x75 (117) [171] : 0x00 (0) [172] : 0x69 (105) [173] : 0x00 (0) [174] : 0x36 (54) [175] : 0x00 (0) [176] : 0x2e (46) [177] : 0x00 (0) [178] : 0x64 (100) [179] : 0x00 (0) [180] : 0x6c (108) [181] : 0x00 (0) [182] : 0x6c (108) [183] : 0x00 (0) [184] : 0x00 (0) [185] : 0x00 (0) [186] : 0x00 (0) [187] : 0x00 (0) size : * size : 0x000000bc (188) length : * length : 0x000000bc (188) result : WERR_OK [2012/08/30 15:27:57.827530, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000005d-0000-0000-3f50-bdbeee0b0000 enum_index : 0x00000006 (6) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0034 (52) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000bc (188) length : * length : 0x00000000 (0) [2012/08/30 15:27:57.828845, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 5D 00 00 00 00 00 00 00 3F 50 BD BE ....]... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:57.829043, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows x64\Drivers\Version-3\HP_4515] [2012/08/30 15:27:57.829166, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0010 (16) size : 0x0034 (52) name : * name : 'Monitor' type : * type : REG_SZ (1) value : * value: ARRAY(0) size : * size : 0x00000000 (0) length : * length : 0x00000000 (0) result : WERR_OK [2012/08/30 15:27:57.830366, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000005d-0000-0000-3f50-bdbeee0b0000 enum_index : 0x00000007 (7) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0034 (52) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000bc (188) length : * length : 0x00000000 (0) [2012/08/30 15:27:57.831727, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 5D 00 00 00 00 00 00 00 3F 50 BD BE ....]... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:57.831921, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows x64\Drivers\Version-3\HP_4515] [2012/08/30 15:27:57.832060, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0034 (52) name : * name : 'Datatype' type : * type : REG_SZ (1) value : * value: ARRAY(8) [0] : 0x52 (82) [1] : 0x00 (0) [2] : 0x41 (65) [3] : 0x00 (0) [4] : 0x57 (87) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) size : * size : 0x00000008 (8) length : * length : 0x00000008 (8) result : WERR_OK [2012/08/30 15:27:57.833575, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000005d-0000-0000-3f50-bdbeee0b0000 enum_index : 0x00000008 (8) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0034 (52) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000bc (188) length : * length : 0x00000000 (0) [2012/08/30 15:27:57.834876, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 5D 00 00 00 00 00 00 00 3F 50 BD BE ....]... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:57.835070, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows x64\Drivers\Version-3\HP_4515] [2012/08/30 15:27:57.835213, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x001e (30) size : 0x0034 (52) name : * name : 'Previous Names' type : * type : REG_MULTI_SZ (7) value : * value: ARRAY(2) [0] : 0x00 (0) [1] : 0x00 (0) size : * size : 0x00000002 (2) length : * length : 0x00000002 (2) result : WERR_OK [2012/08/30 15:27:57.836424, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000005d-0000-0000-3f50-bdbeee0b0000 enum_index : 0x00000009 (9) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0034 (52) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000bc (188) length : * length : 0x00000000 (0) [2012/08/30 15:27:57.837731, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 5D 00 00 00 00 00 00 00 3F 50 BD BE ....]... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:57.837928, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows x64\Drivers\Version-3\HP_4515] [2012/08/30 15:27:57.838052, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0016 (22) size : 0x0034 (52) name : * name : 'DriverDate' type : * type : REG_SZ (1) value : * value: ARRAY(22) [0] : 0x30 (48) [1] : 0x00 (0) [2] : 0x31 (49) [3] : 0x00 (0) [4] : 0x2f (47) [5] : 0x00 (0) [6] : 0x30 (48) [7] : 0x00 (0) [8] : 0x31 (49) [9] : 0x00 (0) [10] : 0x2f (47) [11] : 0x00 (0) [12] : 0x31 (49) [13] : 0x00 (0) [14] : 0x36 (54) [15] : 0x00 (0) [16] : 0x30 (48) [17] : 0x00 (0) [18] : 0x31 (49) [19] : 0x00 (0) [20] : 0x00 (0) [21] : 0x00 (0) size : * size : 0x00000016 (22) length : * length : 0x00000016 (22) result : WERR_OK [2012/08/30 15:27:57.840470, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000005d-0000-0000-3f50-bdbeee0b0000 enum_index : 0x0000000a (10) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0034 (52) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000bc (188) length : * length : 0x00000000 (0) [2012/08/30 15:27:57.841766, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 5D 00 00 00 00 00 00 00 3F 50 BD BE ....]... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:57.842109, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows x64\Drivers\Version-3\HP_4515] [2012/08/30 15:27:57.842232, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x001c (28) size : 0x0034 (52) name : * name : 'DriverVersion' type : * type : REG_SZ (1) value : * value: ARRAY(16) [0] : 0x30 (48) [1] : 0x00 (0) [2] : 0x2e (46) [3] : 0x00 (0) [4] : 0x30 (48) [5] : 0x00 (0) [6] : 0x2e (46) [7] : 0x00 (0) [8] : 0x30 (48) [9] : 0x00 (0) [10] : 0x2e (46) [11] : 0x00 (0) [12] : 0x30 (48) [13] : 0x00 (0) [14] : 0x00 (0) [15] : 0x00 (0) size : * size : 0x00000010 (16) length : * length : 0x00000010 (16) result : WERR_OK [2012/08/30 15:27:57.844272, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000005d-0000-0000-3f50-bdbeee0b0000 enum_index : 0x0000000b (11) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0034 (52) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000bc (188) length : * length : 0x00000000 (0) [2012/08/30 15:27:57.845551, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 5D 00 00 00 00 00 00 00 3F 50 BD BE ....]... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:57.845746, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows x64\Drivers\Version-3\HP_4515] [2012/08/30 15:27:57.845867, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x001a (26) size : 0x0034 (52) name : * name : 'Manufacturer' type : * type : REG_SZ (1) value : * value: ARRAY(0) size : * size : 0x00000000 (0) length : * length : 0x00000000 (0) result : WERR_OK [2012/08/30 15:27:57.846957, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000005d-0000-0000-3f50-bdbeee0b0000 enum_index : 0x0000000c (12) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0034 (52) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000bc (188) length : * length : 0x00000000 (0) [2012/08/30 15:27:57.848267, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 5D 00 00 00 00 00 00 00 3F 50 BD BE ....]... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:57.848470, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows x64\Drivers\Version-3\HP_4515] [2012/08/30 15:27:57.848608, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0010 (16) size : 0x0034 (52) name : * name : 'OEM URL' type : * type : REG_SZ (1) value : * value: ARRAY(0) size : * size : 0x00000000 (0) length : * length : 0x00000000 (0) result : WERR_OK [2012/08/30 15:27:57.849671, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000005d-0000-0000-3f50-bdbeee0b0000 enum_index : 0x0000000d (13) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0034 (52) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000bc (188) length : * length : 0x00000000 (0) [2012/08/30 15:27:57.850973, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 5D 00 00 00 00 00 00 00 3F 50 BD BE ....]... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:57.851170, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows x64\Drivers\Version-3\HP_4515] [2012/08/30 15:27:57.851291, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0016 (22) size : 0x0034 (52) name : * name : 'HardwareID' type : * type : REG_SZ (1) value : * value: ARRAY(0) size : * size : 0x00000000 (0) length : * length : 0x00000000 (0) result : WERR_OK [2012/08/30 15:27:57.852373, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000005d-0000-0000-3f50-bdbeee0b0000 enum_index : 0x0000000e (14) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0034 (52) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000bc (188) length : * length : 0x00000000 (0) [2012/08/30 15:27:57.853657, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 5D 00 00 00 00 00 00 00 3F 50 BD BE ....]... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:57.854016, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows x64\Drivers\Version-3\HP_4515] [2012/08/30 15:27:57.854139, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0034 (52) name : * name : 'Provider' type : * type : REG_SZ (1) value : * value: ARRAY(0) size : * size : 0x00000000 (0) length : * length : 0x00000000 (0) result : WERR_OK [2012/08/30 15:27:57.855233, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000005d-0000-0000-3f50-bdbeee0b0000 enum_index : 0x0000000f (15) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0034 (52) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000bc (188) length : * length : 0x00000000 (0) [2012/08/30 15:27:57.856571, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 5D 00 00 00 00 00 00 00 3F 50 BD BE ....]... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:57.856766, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows x64\Drivers\Version-3\HP_4515] [2012/08/30 15:27:57.856893, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0020 (32) size : 0x0034 (52) name : * name : 'Print Processor' type : * type : REG_SZ (1) value : * value: ARRAY(0) size : * size : 0x00000000 (0) length : * length : 0x00000000 (0) result : WERR_OK [2012/08/30 15:27:57.858027, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000005d-0000-0000-3f50-bdbeee0b0000 enum_index : 0x00000010 (16) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0034 (52) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000bc (188) length : * length : 0x00000000 (0) [2012/08/30 15:27:57.859306, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 5D 00 00 00 00 00 00 00 3F 50 BD BE ....]... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:57.859553, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows x64\Drivers\Version-3\HP_4515] [2012/08/30 15:27:57.859685, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0018 (24) size : 0x0034 (52) name : * name : 'VendorSetup' type : * type : REG_SZ (1) value : * value: ARRAY(0) size : * size : 0x00000000 (0) length : * length : 0x00000000 (0) result : WERR_OK [2012/08/30 15:27:57.860773, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000005d-0000-0000-3f50-bdbeee0b0000 enum_index : 0x00000011 (17) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0034 (52) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000bc (188) length : * length : 0x00000000 (0) [2012/08/30 15:27:57.862095, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 5D 00 00 00 00 00 00 00 3F 50 BD BE ....]... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:57.862297, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows x64\Drivers\Version-3\HP_4515] [2012/08/30 15:27:57.862420, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x001e (30) size : 0x0034 (52) name : * name : 'Color Profiles' type : * type : REG_MULTI_SZ (7) value : * value: ARRAY(2) [0] : 0x00 (0) [1] : 0x00 (0) size : * size : 0x00000002 (2) length : * length : 0x00000002 (2) result : WERR_OK [2012/08/30 15:27:57.864398, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000005d-0000-0000-3f50-bdbeee0b0000 enum_index : 0x00000012 (18) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0034 (52) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000bc (188) length : * length : 0x00000000 (0) [2012/08/30 15:27:57.865689, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 5D 00 00 00 00 00 00 00 3F 50 BD BE ....]... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:57.865884, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows x64\Drivers\Version-3\HP_4515] [2012/08/30 15:27:57.866024, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0010 (16) size : 0x0034 (52) name : * name : 'InfPath' type : * type : REG_SZ (1) value : * value: ARRAY(0) size : * size : 0x00000000 (0) length : * length : 0x00000000 (0) result : WERR_OK [2012/08/30 15:27:57.867260, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000005d-0000-0000-3f50-bdbeee0b0000 enum_index : 0x00000013 (19) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0034 (52) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000bc (188) length : * length : 0x00000000 (0) [2012/08/30 15:27:57.868580, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 5D 00 00 00 00 00 00 00 3F 50 BD BE ....]... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:57.868785, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows x64\Drivers\Version-3\HP_4515] [2012/08/30 15:27:57.868913, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0030 (48) size : 0x0034 (52) name : * name : 'PrinterDriverAttributes' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x00 (0) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2012/08/30 15:27:57.870238, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000005d-0000-0000-3f50-bdbeee0b0000 enum_index : 0x00000014 (20) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0034 (52) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000bc (188) length : * length : 0x00000000 (0) [2012/08/30 15:27:57.871617, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 5D 00 00 00 00 00 00 00 3F 50 BD BE ....]... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:57.871815, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows x64\Drivers\Version-3\HP_4515] [2012/08/30 15:27:57.871941, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0022 (34) size : 0x0034 (52) name : * name : 'CoreDependencies' type : * type : REG_MULTI_SZ (7) value : * value: ARRAY(2) [0] : 0x00 (0) [1] : 0x00 (0) size : * size : 0x00000002 (2) length : * length : 0x00000002 (2) result : WERR_OK [2012/08/30 15:27:57.873162, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000005d-0000-0000-3f50-bdbeee0b0000 enum_index : 0x00000015 (21) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0034 (52) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000bc (188) length : * length : 0x00000000 (0) [2012/08/30 15:27:57.874500, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 5D 00 00 00 00 00 00 00 3F 50 BD BE ....]... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:57.874698, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows x64\Drivers\Version-3\HP_4515] [2012/08/30 15:27:57.874823, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x002c (44) size : 0x0034 (52) name : * name : 'MinInboxDriverVerDate' type : * type : REG_SZ (1) value : * value: ARRAY(22) [0] : 0x30 (48) [1] : 0x00 (0) [2] : 0x31 (49) [3] : 0x00 (0) [4] : 0x2f (47) [5] : 0x00 (0) [6] : 0x30 (48) [7] : 0x00 (0) [8] : 0x31 (49) [9] : 0x00 (0) [10] : 0x2f (47) [11] : 0x00 (0) [12] : 0x31 (49) [13] : 0x00 (0) [14] : 0x36 (54) [15] : 0x00 (0) [16] : 0x30 (48) [17] : 0x00 (0) [18] : 0x31 (49) [19] : 0x00 (0) [20] : 0x00 (0) [21] : 0x00 (0) size : * size : 0x00000016 (22) length : * length : 0x00000016 (22) result : WERR_OK [2012/08/30 15:27:57.877301, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000005d-0000-0000-3f50-bdbeee0b0000 enum_index : 0x00000016 (22) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0034 (52) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000bc (188) length : * length : 0x00000000 (0) [2012/08/30 15:27:57.878763, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 5D 00 00 00 00 00 00 00 3F 50 BD BE ....]... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:57.878958, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows x64\Drivers\Version-3\HP_4515] [2012/08/30 15:27:57.879080, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0032 (50) size : 0x0034 (52) name : * name : 'MinInboxDriverVerVersion' type : * type : REG_SZ (1) value : * value: ARRAY(16) [0] : 0x30 (48) [1] : 0x00 (0) [2] : 0x2e (46) [3] : 0x00 (0) [4] : 0x30 (48) [5] : 0x00 (0) [6] : 0x2e (46) [7] : 0x00 (0) [8] : 0x30 (48) [9] : 0x00 (0) [10] : 0x2e (46) [11] : 0x00 (0) [12] : 0x30 (48) [13] : 0x00 (0) [14] : 0x00 (0) [15] : 0x00 (0) size : * size : 0x00000010 (16) length : * length : 0x00000010 (16) result : WERR_OK [2012/08/30 15:27:57.881160, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000005d-0000-0000-3f50-bdbeee0b0000 [2012/08/30 15:27:57.881576, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 5D 00 00 00 00 00 00 00 3F 50 BD BE ....]... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:57.881771, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 5D 00 00 00 00 00 00 00 3F 50 BD BE ....]... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:57.881964, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/08/30 15:27:57.882085, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (4->3) [2012/08/30 15:27:57.882205, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2012/08/30 15:27:57.882722, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000005c-0000-0000-3f50-bdbeee0b0000 [2012/08/30 15:27:57.883133, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 5C 00 00 00 00 00 00 00 3F 50 BD BE ....\... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:57.883327, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 5C 00 00 00 00 00 00 00 3F 50 BD BE ....\... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:57.883559, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/08/30 15:27:57.883688, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (3->2) [2012/08/30 15:27:57.883813, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2012/08/30 15:27:57.884289, 8] rpc_server/spoolss/srv_spoolss_nt.c:5521(construct_printer_driver_info_level) construct_printer_driver_info_level: status: WERR_OK [2012/08/30 15:27:57.884461, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) spoolss_GetPrinterDriver2: struct spoolss_GetPrinterDriver2 out: struct spoolss_GetPrinterDriver2 info : * info : union spoolss_DriverInfo(case 6) info6: struct spoolss_DriverInfo6 version : SPOOLSS_DRIVER_VERSION_200X (3) driver_name : * driver_name : 'HP_4515' architecture : * architecture : 'Windows x64' driver_path : * driver_path : '\\orange\print$\x64\3\pscript5.dll' data_file : * data_file : '\\orange\print$\x64\3\HP_4515.ppd' config_file : * config_file : '\\orange\print$\x64\3\ps5ui.dll' help_file : * help_file : '\\orange\print$\x64\3\pscript.hlp' dependent_files : * dependent_files: ARRAY(8) [0] : '\\orange\print$\x64\3\pscript5.dll' [1] : '\\orange\print$\x64\3\HP_4515.ppd' [2] : '\\orange\print$\x64\3\ps5ui.dll' [3] : '\\orange\print$\x64\3\pscript.hlp' [4] : '\\orange\print$\x64\3\pscript.ntf' [5] : '\\orange\print$\x64\3\cups6.ini' [6] : '\\orange\print$\x64\3\cupsps6.dll' [7] : '\\orange\print$\x64\3\cupsui6.dll' monitor_name : * monitor_name : '' default_datatype : * default_datatype : 'RAW' previous_names : NULL driver_date : NTTIME(0) driver_version : 0x0000000000000000 (0) manufacturer_name : * manufacturer_name : '' manufacturer_url : * manufacturer_url : '' hardware_id : * hardware_id : '' provider : * provider : '' needed : * needed : 0x000003e0 (992) server_major_version : * server_major_version : 0x00000000 (0) server_minor_version : * server_minor_version : 0x00000000 (0) result : WERR_OK [2012/08/30 15:27:57.887605, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP) api_rpcTNP: called \spoolss successfully [2012/08/30 15:27:57.887737, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 1756 [2012/08/30 15:27:57.887875, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) name: \spoolss len: 1024 [2012/08/30 15:27:57.887995, 10] rpc_server/srv_pipe_hnd.c:346(read_from_internal_pipe) read_from_pipe: \spoolss: fault_state = 0 : data_sent_length = 0, p->out_data.rdata.length = 1688. [2012/08/30 15:27:57.888120, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) &r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_RESPONSE (2) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x06b0 (1712) auth_length : 0x0000 (0) call_id : 0x00000004 (4) u : union dcerpc_payload(case 2) response: struct dcerpc_response alloc_hint : 0x00000698 (1688) context_id : 0x0000 (0) cancel_count : 0x00 (0) _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=1688 [0000] 08 00 02 00 80 06 00 00 03 00 00 00 70 06 00 00 ........ ....p... [0010] 58 06 00 00 12 06 00 00 CE 05 00 00 8E 05 00 00 X....... ........ [0020] 4A 05 00 00 2E 03 00 00 2C 03 00 00 24 03 00 00 J....... ,...$... [0030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0040] 00 00 00 00 00 00 00 00 22 03 00 00 20 03 00 00 ........ "... ... [0050] 1E 03 00 00 1C 03 00 00 00 00 00 00 00 00 00 00 ........ ........ [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0200] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0210] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0220] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0230] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0240] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0250] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0260] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0270] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0280] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0290] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0300] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0310] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0320] 00 00 00 00 00 00 00 00 00 00 00 00 52 00 41 00 ........ ....R.A. [0330] 57 00 00 00 00 00 5C 00 5C 00 6F 00 72 00 61 00 W.....\. \.o.r.a. [0340] 6E 00 67 00 65 00 5C 00 70 00 72 00 69 00 6E 00 n.g.e.\. p.r.i.n. [0350] 74 00 24 00 5C 00 78 00 36 00 34 00 5C 00 33 00 t.$.\.x. 6.4.\.3. [0360] 5C 00 70 00 73 00 63 00 72 00 69 00 70 00 74 00 \.p.s.c. r.i.p.t. [0370] 35 00 2E 00 64 00 6C 00 6C 00 00 00 5C 00 5C 00 5...d.l. l...\.\. [0380] 6F 00 72 00 61 00 6E 00 67 00 65 00 5C 00 70 00 o.r.a.n. g.e.\.p. [0390] 72 00 69 00 6E 00 74 00 24 00 5C 00 78 00 36 00 r.i.n.t. $.\.x.6. [03A0] 34 00 5C 00 33 00 5C 00 48 00 50 00 5F 00 34 00 4.\.3.\. H.P._.4. [03B0] 35 00 31 00 35 00 2E 00 70 00 70 00 64 00 00 00 5.1.5... p.p.d... [03C0] 5C 00 5C 00 6F 00 72 00 61 00 6E 00 67 00 65 00 \.\.o.r. a.n.g.e. [03D0] 5C 00 70 00 72 00 69 00 6E 00 74 00 24 00 5C 00 \.p.r.i. n.t.$.\. [03E0] 78 00 36 00 34 00 5C 00 33 00 5C 00 70 00 73 00 x.6.4.\. 3.\.p.s. [03F0] 35 00 75 00 69 00 2E 00 64 00 6C 00 6C 00 00 00 5.u.i... d.l.l... [0400] 5C 00 5C 00 6F 00 72 00 61 00 6E 00 67 00 65 00 \.\.o.r. a.n.g.e. [0410] 5C 00 70 00 72 00 69 00 6E 00 74 00 24 00 5C 00 \.p.r.i. n.t.$.\. [0420] 78 00 36 00 34 00 5C 00 33 00 5C 00 70 00 73 00 x.6.4.\. 3.\.p.s. [0430] 63 00 72 00 69 00 70 00 74 00 2E 00 68 00 6C 00 c.r.i.p. t...h.l. [0440] 70 00 00 00 5C 00 5C 00 6F 00 72 00 61 00 6E 00 p...\.\. o.r.a.n. [0450] 67 00 65 00 5C 00 70 00 72 00 69 00 6E 00 74 00 g.e.\.p. r.i.n.t. [0460] 24 00 5C 00 78 00 36 00 34 00 5C 00 33 00 5C 00 $.\.x.6. 4.\.3.\. [0470] 70 00 73 00 63 00 72 00 69 00 70 00 74 00 2E 00 p.s.c.r. i.p.t... [0480] 6E 00 74 00 66 00 00 00 5C 00 5C 00 6F 00 72 00 n.t.f... \.\.o.r. [0490] 61 00 6E 00 67 00 65 00 5C 00 70 00 72 00 69 00 a.n.g.e. \.p.r.i. [04A0] 6E 00 74 00 24 00 5C 00 78 00 36 00 34 00 5C 00 n.t.$.\. x.6.4.\. [04B0] 33 00 5C 00 63 00 75 00 70 00 73 00 36 00 2E 00 3.\.c.u. p.s.6... [04C0] 69 00 6E 00 69 00 00 00 5C 00 5C 00 6F 00 72 00 i.n.i... \.\.o.r. [04D0] 61 00 6E 00 67 00 65 00 5C 00 70 00 72 00 69 00 a.n.g.e. \.p.r.i. [04E0] 6E 00 74 00 24 00 5C 00 78 00 36 00 34 00 5C 00 n.t.$.\. x.6.4.\. [04F0] 33 00 5C 00 63 00 75 00 70 00 73 00 70 00 73 00 3.\.c.u. p.s.p.s. [0500] 36 00 2E 00 64 00 6C 00 6C 00 00 00 5C 00 5C 00 6...d.l. l...\.\. [0510] 6F 00 72 00 61 00 6E 00 67 00 65 00 5C 00 70 00 o.r.a.n. g.e.\.p. [0520] 72 00 69 00 6E 00 74 00 24 00 5C 00 78 00 36 00 r.i.n.t. $.\.x.6. [0530] 34 00 5C 00 33 00 5C 00 63 00 75 00 70 00 73 00 4.\.3.\. c.u.p.s. [0540] 75 00 69 00 36 00 2E 00 64 00 6C 00 6C 00 00 00 u.i.6... d.l.l... [0550] 00 00 5C 00 5C 00 6F 00 72 00 61 00 6E 00 67 00 ..\.\.o. r.a.n.g. [0560] 65 00 5C 00 70 00 72 00 69 00 6E 00 74 00 24 00 e.\.p.r. i.n.t.$. [0570] 5C 00 78 00 36 00 34 00 5C 00 33 00 5C 00 70 00 \.x.6.4. \.3.\.p. [0580] 73 00 63 00 72 00 69 00 70 00 74 00 2E 00 68 00 s.c.r.i. p.t...h. [0590] 6C 00 70 00 00 00 5C 00 5C 00 6F 00 72 00 61 00 l.p...\. \.o.r.a. [05A0] 6E 00 67 00 65 00 5C 00 70 00 72 00 69 00 6E 00 n.g.e.\. p.r.i.n. [05B0] 74 00 24 00 5C 00 78 00 36 00 34 00 5C 00 33 00 t.$.\.x. 6.4.\.3. [05C0] 5C 00 70 00 73 00 35 00 75 00 69 00 2E 00 64 00 \.p.s.5. u.i...d. [05D0] 6C 00 6C 00 00 00 5C 00 5C 00 6F 00 72 00 61 00 l.l...\. \.o.r.a. [05E0] 6E 00 67 00 65 00 5C 00 70 00 72 00 69 00 6E 00 n.g.e.\. p.r.i.n. [05F0] 74 00 24 00 5C 00 78 00 36 00 34 00 5C 00 33 00 t.$.\.x. 6.4.\.3. [0600] 5C 00 48 00 50 00 5F 00 34 00 35 00 31 00 35 00 \.H.P._. 4.5.1.5. [0610] 2E 00 70 00 70 00 64 00 00 00 5C 00 5C 00 6F 00 ..p.p.d. ..\.\.o. [0620] 72 00 61 00 6E 00 67 00 65 00 5C 00 70 00 72 00 r.a.n.g. e.\.p.r. [0630] 69 00 6E 00 74 00 24 00 5C 00 78 00 36 00 34 00 i.n.t.$. \.x.6.4. [0640] 5C 00 33 00 5C 00 70 00 73 00 63 00 72 00 69 00 \.3.\.p. s.c.r.i. [0650] 70 00 74 00 35 00 2E 00 64 00 6C 00 6C 00 00 00 p.t.5... d.l.l... [0660] 57 00 69 00 6E 00 64 00 6F 00 77 00 73 00 20 00 W.i.n.d. o.w.s. . [0670] 78 00 36 00 34 00 00 00 48 00 50 00 5F 00 34 00 x.6.4... H.P._.4. [0680] 35 00 31 00 35 00 00 00 E0 03 00 00 00 00 00 00 5.1.5... ........ [0690] 00 00 00 00 00 00 00 00 ........ [2012/08/30 15:27:57.897635, 10] rpc_server/srv_pipe_hnd.c:788(np_read_recv) Received 1024 bytes. There is more data outstanding [2012/08/30 15:27:57.897765, 5] smbd/ipc.c:103(send_trans_reply) send_trans_reply: buffer 1024 too large [2012/08/30 15:27:57.897884, 5] smbd/ipc.c:62(copy_trans_params_and_data) copy_trans_params_and_data: params[0..0] data[0..1024] (align 0) [2012/08/30 15:27:57.898012, 3] smbd/error.c:81(error_packet_set) error packet at smbd/ipc.c(137) cmd=37 (SMBtrans) STATUS_BUFFER_OVERFLOW [2012/08/30 15:27:57.898132, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:57.898193, 5] lib/util.c:342(show_msg) size=1080 smb_com=0x25 smb_rcls=5 smb_reh=0 smb_err=32768 smb_flg=136 smb_flg2=51203 smb_tid=1 smb_pid=1080 smb_uid=100 smb_mid=10496 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 1024 (0x400) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 1024 (0x400) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=1025 [2012/08/30 15:27:57.899554, 10] ../lib/util/util.c:415(dump_data) [0000] 00 05 00 02 03 10 00 00 00 B0 06 00 00 04 00 00 ........ ........ [0010] 00 98 06 00 00 00 00 00 00 08 00 02 00 80 06 00 ........ ........ [0020] 00 03 00 00 00 70 06 00 00 58 06 00 00 12 06 00 .....p.. .X...... [0030] 00 CE 05 00 00 8E 05 00 00 4A 05 00 00 2E 03 00 ........ .J...... [0040] 00 2C 03 00 00 24 03 00 00 00 00 00 00 00 00 00 .,...$.. ........ [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0060] 00 22 03 00 00 20 03 00 00 1E 03 00 00 1C 03 00 ."... .. ........ [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [2012/08/30 15:27:57.903364, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 59 [2012/08/30 15:27:57.903562, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x3b [2012/08/30 15:27:57.903692, 3] smbd/process.c:1662(process_smb) Transaction 86 of length 63 (0 toread) [2012/08/30 15:27:57.903810, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:57.903872, 5] lib/util.c:342(show_msg) size=59 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=100 smb_mid=10560 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]=17761 (0x4561) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 688 (0x2B0) smb_vwv[ 6]= 688 (0x2B0) smb_vwv[ 7]=65535 (0xFFFF) smb_vwv[ 8]=65535 (0xFFFF) smb_vwv[ 9]= 688 (0x2B0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=0 [2012/08/30 15:27:57.905351, 10] ../lib/util/util.c:415(dump_data) [2012/08/30 15:27:57.905416, 3] smbd/process.c:1467(switch_message) switch message SMBreadX (pid 3054) conn 0x7fd50c02fa20 [2012/08/30 15:27:57.905535, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/08/30 15:27:57.905657, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) name: \spoolss len: 688 [2012/08/30 15:27:57.905782, 10] rpc_server/srv_pipe_hnd.c:325(read_from_internal_pipe) read_from_pipe: \spoolss: current_pdu_len = 1712, current_pdu_sent = 1024 returning 688 bytes. [2012/08/30 15:27:57.905939, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) free_pipe_context: destroying talloc pool of size 2234 [2012/08/30 15:27:57.906064, 10] rpc_server/rpc_handles.c:307(close_policy_by_pipe) close_policy_by_pipe: deleted handle list for pipe \winreg [2012/08/30 15:27:57.906196, 10] rpc_server/srv_pipe_hnd.c:788(np_read_recv) Received 688 bytes. There is more data outstanding [2012/08/30 15:27:57.906316, 3] smbd/pipes.c:485(pipe_read_andx_done) readX-IPC min=688 max=688 nread=688 [2012/08/30 15:27:57.912535, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 128 [2012/08/30 15:27:57.912736, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x80 [2012/08/30 15:27:57.912857, 3] smbd/process.c:1662(process_smb) Transaction 87 of length 132 (0 toread) [2012/08/30 15:27:57.912976, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:57.913038, 5] lib/util.c:342(show_msg) size=128 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=1080 smb_uid=100 smb_mid=10624 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 44 (0x2C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1712 (0x6B0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 44 (0x2C) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=17761 (0x4561) smb_bcc=61 [2012/08/30 15:27:57.914902, 10] ../lib/util/util.c:415(dump_data) [0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [0010] 00 05 00 00 03 10 00 00 00 2C 00 00 00 05 00 00 ........ .,...... [0020] 00 14 00 00 00 00 00 1D 00 00 00 00 00 4F 00 00 ........ .....O.. [0030] 00 00 00 00 00 3F 50 BD BE EE 0B 00 00 .....?P. ..... [2012/08/30 15:27:57.915246, 3] smbd/process.c:1467(switch_message) switch message SMBtrans (pid 3054) conn 0x7fd50c02fa20 [2012/08/30 15:27:57.915367, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/08/30 15:27:57.915494, 3] smbd/ipc.c:560(handle_trans) trans <\PIPE\> data=44 params=0 setup=2 [2012/08/30 15:27:57.915640, 5] smbd/ipc.c:593(handle_trans) calling named_pipe [2012/08/30 15:27:57.915776, 3] smbd/ipc.c:511(named_pipe) named pipe command on <> name [2012/08/30 15:27:57.915897, 5] smbd/ipc.c:434(api_fd_reply) api_fd_reply [2012/08/30 15:27:57.916018, 3] smbd/ipc.c:475(api_fd_reply) Got API command 0x26 on pipe "spoolss" (pnum 4561) [2012/08/30 15:27:57.916138, 10] smbd/ipc.c:477(api_fd_reply) api_fd_reply: p:0x7fd50c02ba70 max_trans_reply: 1712 [2012/08/30 15:27:57.916258, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 44 [2012/08/30 15:27:57.916376, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 44 [2012/08/30 15:27:57.916496, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 44 [2012/08/30 15:27:57.916614, 10] rpc_server/srv_pipe_hnd.c:50(fill_rpc_header) fill_rpc_header: data_to_copy = 44, len_needed_to_complete_hdr = 16, receive_len = 0 [2012/08/30 15:27:57.916733, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 16 [2012/08/30 15:27:57.916851, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 28 [2012/08/30 15:27:57.916986, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 28 [2012/08/30 15:27:57.917105, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 0 [2012/08/30 15:27:57.917223, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 28 [2012/08/30 15:27:57.917340, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 28, incoming data = 28 [2012/08/30 15:27:57.917459, 10] rpc_server/srv_pipe.c:1877(process_complete_pdu) PDU is in Little Endian format! [2012/08/30 15:27:57.917583, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_REQUEST (0) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x002c (44) auth_length : 0x0000 (0) call_id : 0x00000005 (5) u : union dcerpc_payload(case 0) request: struct dcerpc_request alloc_hint : 0x00000014 (20) context_id : 0x0000 (0) opnum : 0x001d (29) object : union dcerpc_object(case 0) empty: struct dcerpc_empty _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=20 [0000] 00 00 00 00 4F 00 00 00 00 00 00 00 3F 50 BD BE ....O... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:57.920507, 10] rpc_server/srv_pipe.c:1890(process_complete_pdu) Processing packet type 0 [2012/08/30 15:27:57.920636, 10] rpc_server/srv_pipe.c:1734(dcesrv_auth_request) Checking request auth. [2012/08/30 15:27:57.920757, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) Requested \PIPE\\spoolss [2012/08/30 15:27:57.921029, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) api_rpcTNP: \spoolss op 0x1d - api_rpcTNP: rpc command: SPOOLSS_CLOSEPRINTER [2012/08/30 15:27:57.921151, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) api_rpc_cmds[29].fn == 0x7fd50aed00b0 [2012/08/30 15:27:57.921302, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) spoolss_ClosePrinter: struct spoolss_ClosePrinter in: struct spoolss_ClosePrinter handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000004f-0000-0000-3f50-bdbeee0b0000 [2012/08/30 15:27:57.921723, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 4F 00 00 00 00 00 00 00 3F 50 BD BE ....O... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:57.921922, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 4F 00 00 00 00 00 00 00 3F 50 BD BE ....O... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:57.922117, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 4F 00 00 00 00 00 00 00 3F 50 BD BE ....O... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:57.922382, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/08/30 15:27:57.922530, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) spoolss_ClosePrinter: struct spoolss_ClosePrinter out: struct spoolss_ClosePrinter handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2012/08/30 15:27:57.923012, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP) api_rpcTNP: called \spoolss successfully [2012/08/30 15:27:57.923143, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 28 [2012/08/30 15:27:57.923280, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) name: \spoolss len: 1712 [2012/08/30 15:27:57.923400, 10] rpc_server/srv_pipe_hnd.c:346(read_from_internal_pipe) read_from_pipe: \spoolss: fault_state = 0 : data_sent_length = 0, p->out_data.rdata.length = 24. [2012/08/30 15:27:57.923581, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) &r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_RESPONSE (2) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0030 (48) auth_length : 0x0000 (0) call_id : 0x00000005 (5) u : union dcerpc_payload(case 2) response: struct dcerpc_response alloc_hint : 0x00000018 (24) context_id : 0x0000 (0) cancel_count : 0x00 (0) _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=24 [0000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0010] 00 00 00 00 00 00 00 00 ........ [2012/08/30 15:27:57.925061, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) free_pipe_context: destroying talloc pool of size 29 [2012/08/30 15:27:57.925201, 10] rpc_server/srv_pipe_hnd.c:788(np_read_recv) Received 48 bytes. There is no more data outstanding [2012/08/30 15:27:57.925325, 5] smbd/ipc.c:62(copy_trans_params_and_data) copy_trans_params_and_data: params[0..0] data[0..48] (align 0) [2012/08/30 15:27:57.925444, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:57.925506, 5] lib/util.c:342(show_msg) size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=1 smb_pid=1080 smb_uid=100 smb_mid=10624 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [2012/08/30 15:27:57.927003, 10] ../lib/util/util.c:415(dump_data) [0000] 00 05 00 02 03 10 00 00 00 30 00 00 00 05 00 00 ........ .0...... [0010] 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0030] 00 . [2012/08/30 15:27:57.937201, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 41 [2012/08/30 15:27:57.937426, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x29 [2012/08/30 15:27:57.937547, 3] smbd/process.c:1662(process_smb) Transaction 88 of length 45 (0 toread) [2012/08/30 15:27:57.937664, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:57.937726, 5] lib/util.c:342(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=100 smb_mid=10688 smt_wct=3 smb_vwv[ 0]=17761 (0x4561) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2012/08/30 15:27:57.938856, 10] ../lib/util/util.c:415(dump_data) [2012/08/30 15:27:57.938922, 3] smbd/process.c:1467(switch_message) switch message SMBclose (pid 3054) conn 0x7fd50c02fa20 [2012/08/30 15:27:57.939041, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/08/30 15:27:57.939160, 3] smbd/reply.c:4848(reply_close) close fd=-1 fnum=17761 (numopen=2) [2012/08/30 15:27:57.939295, 6] smbd/close.c:532(set_close_write_time) close_write_time: Sun Feb 7 01:28:15 2106 [2012/08/30 15:27:57.939435, 5] smbd/files.c:482(file_free) freed files structure 17761 (1 used) [2012/08/30 15:27:57.939711, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:57.939774, 5] lib/util.c:342(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=1 smb_pid=65279 smb_uid=100 smb_mid=10688 smt_wct=0 smb_bcc=0 [2012/08/30 15:27:57.940543, 10] ../lib/util/util.c:415(dump_data) [2012/08/30 15:27:57.948258, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 120 [2012/08/30 15:27:57.948458, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x78 [2012/08/30 15:27:57.948579, 3] smbd/process.c:1662(process_smb) Transaction 89 of length 124 (0 toread) [2012/08/30 15:27:57.948733, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:57.948805, 5] lib/util.c:342(show_msg) size=120 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=292 smb_uid=100 smb_mid=10752 smt_wct=15 smb_vwv[ 0]= 52 (0x34) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 10 (0xA) smb_vwv[ 3]=16384 (0x4000) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 52 (0x34) smb_vwv[10]= 68 (0x44) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 1 (0x1) smb_vwv[14]= 1 (0x1) smb_bcc=55 [2012/08/30 15:27:57.951810, 10] ../lib/util/util.c:415(dump_data) [0000] 00 00 00 16 00 56 05 07 00 04 01 00 00 00 00 5C .....V.. .......\ [0010] 00 78 00 36 00 34 00 5C 00 33 00 5C 00 70 00 73 .x.6.4.\ .3.\.p.s [0020] 00 63 00 72 00 69 00 70 00 74 00 35 00 2E 00 64 .c.r.i.p .t.5...d [0030] 00 6C 00 6C 00 00 00 .l.l... [2012/08/30 15:27:57.952161, 3] smbd/process.c:1467(switch_message) switch message SMBtrans2 (pid 3054) conn 0x7fd50c011730 [2012/08/30 15:27:57.952288, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (10000, 513) - sec_ctx_stack_ndx = 0 [2012/08/30 15:27:57.952408, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (14): SID[ 0]: S-1-5-21-3266308635-3715972288-3547500332-1001 SID[ 1]: S-1-5-21-3266308635-3715972288-3547500332-513 SID[ 2]: S-1-5-21-3266308635-3715972288-3547500332-512 SID[ 3]: S-1-5-21-3266308635-3715972288-3547500332-514 SID[ 4]: S-1-5-21-3266308635-3715972288-3547500332-515 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-10000 SID[ 10]: S-1-22-2-513 SID[ 11]: S-1-22-2-512 SID[ 12]: S-1-22-2-514 SID[ 13]: S-1-22-2-515 Privileges (0x 1FFFFFF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Privilege[ 8]: SeSecurityPrivilege Privilege[ 9]: SeSystemtimePrivilege Privilege[ 10]: SeShutdownPrivilege Privilege[ 11]: SeDebugPrivilege Privilege[ 12]: SeSystemEnvironmentPrivilege Privilege[ 13]: SeSystemProfilePrivilege Privilege[ 14]: SeProfileSingleProcessPrivilege Privilege[ 15]: SeIncreaseBasePriorityPrivilege Privilege[ 16]: SeLoadDriverPrivilege Privilege[ 17]: SeCreatePagefilePrivilege Privilege[ 18]: SeIncreaseQuotaPrivilege Privilege[ 19]: SeChangeNotifyPrivilege Privilege[ 20]: SeUndockPrivilege Privilege[ 21]: SeManageVolumePrivilege Privilege[ 22]: SeImpersonatePrivilege Privilege[ 23]: SeCreateGlobalPrivilege Privilege[ 24]: SeEnableDelegationPrivilege Rights (0x 0): [2012/08/30 15:27:57.954933, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 10000 Primary group is 513 and contains 4 supplementary groups Group[ 0]: 513 Group[ 1]: 512 Group[ 2]: 514 Group[ 3]: 515 [2012/08/30 15:27:57.955367, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,10000), gid=(0,513) [2012/08/30 15:27:57.955489, 4] smbd/vfs.c:780(vfs_ChDir) vfs_ChDir to /var/lib/samba/printers [2012/08/30 15:27:57.955623, 3] smbd/trans2.c:2286(call_trans2findfirst) call_trans2findfirst: dirtype = 16, maxentries = 1366, close_after_first=1, close_if_end = 1 requires_resume_key = 1 level = 0x104, max_data_bytes = 16384 [2012/08/30 15:27:57.955750, 5] smbd/filename.c:257(unix_convert) unix_convert called on file "x64/3/pscript5.dll" [2012/08/30 15:27:57.955873, 10] smbd/statcache.c:283(stat_cache_lookup) stat_cache_lookup: lookup succeeded for name [X64/3/PSCRIPT5.DLL] -> [x64/3/pscript5.dll] [2012/08/30 15:27:57.955998, 3] smbd/vfs.c:905(check_reduced_name) check_reduced_name [x64/3/pscript5.dll] [/var/lib/samba/printers] [2012/08/30 15:27:57.956125, 10] smbd/vfs.c:969(check_reduced_name) check_reduced_name realpath [x64/3/pscript5.dll] -> [/var/lib/samba/printers/x64/3/pscript5.dll] [2012/08/30 15:27:57.956243, 3] smbd/vfs.c:1039(check_reduced_name) check_reduced_name: x64/3/pscript5.dll reduced to /var/lib/samba/printers/x64/3/pscript5.dll [2012/08/30 15:27:57.956364, 5] smbd/trans2.c:2371(call_trans2findfirst) dir=x64/3, mask = pscript5.dll [2012/08/30 15:27:57.956482, 5] smbd/dir.c:439(dptr_create) dptr_create dir=x64/3 [2012/08/30 15:27:57.956606, 3] smbd/vfs.c:905(check_reduced_name) check_reduced_name [x64/3] [/var/lib/samba/printers] [2012/08/30 15:27:57.956733, 10] smbd/vfs.c:969(check_reduced_name) check_reduced_name realpath [x64/3] -> [/var/lib/samba/printers/x64/3] [2012/08/30 15:27:57.956850, 3] smbd/vfs.c:1039(check_reduced_name) check_reduced_name: x64/3 reduced to /var/lib/samba/printers/x64/3 [2012/08/30 15:27:57.956979, 3] smbd/dir.c:578(dptr_create) creating new dirptr 256 for path x64/3, expect_close = 1 [2012/08/30 15:27:57.957488, 4] smbd/trans2.c:2439(call_trans2findfirst) dptr_num is 256, wcard = pscript5.dll, attr = 22 [2012/08/30 15:27:57.957620, 8] smbd/trans2.c:2448(call_trans2findfirst) dirpath= dontdescend=<> [2012/08/30 15:27:57.957751, 6] smbd/dir.c:969(smbd_dirptr_get_entry) smbd_dirptr_get_entry: dirptr 0x7fd50c02d410 now at offset -1 [2012/08/30 15:27:57.957872, 8] smbd/dosmode.c:621(dos_mode) dos_mode: x64/3/pscript5.dll [2012/08/30 15:27:57.957991, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning a [2012/08/30 15:27:57.958109, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning a [2012/08/30 15:27:57.958299, 10] locking/locking.c:1026(fetch_share_mode_unlocked) fetch_share_mode_unlocked: no share_mode record around (file not open) [2012/08/30 15:27:57.958418, 3] smbd/dir.c:1041(smbd_dirptr_get_entry) smbd_dirptr_get_entry mask=[pscript5.dll] found x64/3/pscript5.dll fname=pscript5.dll (pscript5.dll) [2012/08/30 15:27:57.958615, 10] smbd/trans2.c:1572(smbd_marshall_dir_entry) smbd_marshall_dir_entry: space_remaining = 16384 [2012/08/30 15:27:57.958737, 10] smbd/trans2.c:1721(smbd_marshall_dir_entry) smbd_marshall_dir_entry: SMB_FIND_FILE_BOTH_DIRECTORY_INFO [2012/08/30 15:27:57.958863, 5] smbd/trans2.c:2505(call_trans2findfirst) call_trans2findfirst - (2) closing dptr_num 256 [2012/08/30 15:27:57.958983, 4] smbd/dir.c:257(dptr_close_internal) closing dptr key 256 [2012/08/30 15:27:57.959112, 9] smbd/trans2.c:935(send_trans2_replies) t2_rep: params_sent_thistime = 10, data_sent_thistime = 120, useable_space = 131010 [2012/08/30 15:27:57.959236, 9] smbd/trans2.c:937(send_trans2_replies) t2_rep: params_to_send = 10, data_to_send = 120, paramsize = 10, datasize = 120 [2012/08/30 15:27:57.959355, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:57.959417, 5] lib/util.c:342(show_msg) size=188 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=2 smb_pid=292 smb_uid=100 smb_mid=10752 smt_wct=10 smb_vwv[ 0]= 10 (0xA) smb_vwv[ 1]= 120 (0x78) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 10 (0xA) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 120 (0x78) smb_vwv[ 7]= 68 (0x44) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=133 [2012/08/30 15:27:57.960814, 10] ../lib/util/util.c:415(dump_data) [0000] 00 FD FF 01 00 01 00 00 00 00 00 00 00 78 00 00 ........ .....x.. [0010] 00 00 00 00 00 B0 91 B7 2E 28 7B CD 01 BF 47 1F ........ .({...G. [0020] CC E3 86 CD 01 B0 91 B7 2E 28 7B CD 01 B0 91 B7 ........ .({..... [0030] 2E 28 7B CD 01 00 48 08 00 00 00 00 00 00 00 10 .({...H. ........ [0040] 00 00 00 00 00 20 00 00 00 18 00 00 00 00 00 00 ..... .. ........ [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0060] 00 00 00 00 00 00 00 00 00 00 00 70 00 73 00 63 ........ ...p.s.c [0070] 00 72 00 69 00 70 00 74 00 35 00 2E 00 64 00 6C .r.i.p.t .5...d.l [0080] 00 6C 00 00 00 .l... [2012/08/30 15:27:57.961952, 4] smbd/trans2.c:2549(call_trans2findfirst) SMBtrans2 mask=pscript5.dll directory=x64/3 dirtype=22 numentries=1 [2012/08/30 15:27:57.965524, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 120 [2012/08/30 15:27:57.965710, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x78 [2012/08/30 15:27:57.965829, 3] smbd/process.c:1662(process_smb) Transaction 90 of length 124 (0 toread) [2012/08/30 15:27:57.965956, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:57.966018, 5] lib/util.c:342(show_msg) size=120 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=292 smb_uid=100 smb_mid=10816 smt_wct=15 smb_vwv[ 0]= 52 (0x34) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 10 (0xA) smb_vwv[ 3]=16384 (0x4000) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 52 (0x34) smb_vwv[10]= 68 (0x44) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 1 (0x1) smb_vwv[14]= 1 (0x1) smb_bcc=55 [2012/08/30 15:27:57.967845, 10] ../lib/util/util.c:415(dump_data) [0000] 00 00 00 16 00 56 05 07 00 04 01 00 00 00 00 5C .....V.. .......\ [0010] 00 78 00 36 00 34 00 5C 00 33 00 5C 00 70 00 73 .x.6.4.\ .3.\.p.s [0020] 00 63 00 72 00 69 00 70 00 74 00 35 00 2E 00 64 .c.r.i.p .t.5...d [0030] 00 6C 00 6C 00 00 00 .l.l... [2012/08/30 15:27:57.968180, 3] smbd/process.c:1467(switch_message) switch message SMBtrans2 (pid 3054) conn 0x7fd50c011730 [2012/08/30 15:27:57.968300, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/08/30 15:27:57.968424, 3] smbd/trans2.c:2286(call_trans2findfirst) call_trans2findfirst: dirtype = 16, maxentries = 1366, close_after_first=1, close_if_end = 1 requires_resume_key = 1 level = 0x104, max_data_bytes = 16384 [2012/08/30 15:27:57.968584, 5] smbd/filename.c:257(unix_convert) unix_convert called on file "x64/3/pscript5.dll" [2012/08/30 15:27:57.968707, 10] smbd/statcache.c:283(stat_cache_lookup) stat_cache_lookup: lookup succeeded for name [X64/3/PSCRIPT5.DLL] -> [x64/3/pscript5.dll] [2012/08/30 15:27:57.968836, 3] smbd/vfs.c:905(check_reduced_name) check_reduced_name [x64/3/pscript5.dll] [/var/lib/samba/printers] [2012/08/30 15:27:57.968966, 10] smbd/vfs.c:969(check_reduced_name) check_reduced_name realpath [x64/3/pscript5.dll] -> [/var/lib/samba/printers/x64/3/pscript5.dll] [2012/08/30 15:27:57.969238, 3] smbd/vfs.c:1039(check_reduced_name) check_reduced_name: x64/3/pscript5.dll reduced to /var/lib/samba/printers/x64/3/pscript5.dll [2012/08/30 15:27:57.969359, 5] smbd/trans2.c:2371(call_trans2findfirst) dir=x64/3, mask = pscript5.dll [2012/08/30 15:27:57.969477, 5] smbd/dir.c:439(dptr_create) dptr_create dir=x64/3 [2012/08/30 15:27:57.969631, 3] smbd/vfs.c:905(check_reduced_name) check_reduced_name [x64/3] [/var/lib/samba/printers] [2012/08/30 15:27:57.969755, 10] smbd/vfs.c:969(check_reduced_name) check_reduced_name realpath [x64/3] -> [/var/lib/samba/printers/x64/3] [2012/08/30 15:27:57.969872, 3] smbd/vfs.c:1039(check_reduced_name) check_reduced_name: x64/3 reduced to /var/lib/samba/printers/x64/3 [2012/08/30 15:27:57.970003, 3] smbd/dir.c:578(dptr_create) creating new dirptr 256 for path x64/3, expect_close = 1 [2012/08/30 15:27:57.970120, 4] smbd/trans2.c:2439(call_trans2findfirst) dptr_num is 256, wcard = pscript5.dll, attr = 22 [2012/08/30 15:27:57.970246, 8] smbd/trans2.c:2448(call_trans2findfirst) dirpath= dontdescend=<> [2012/08/30 15:27:57.970374, 6] smbd/dir.c:969(smbd_dirptr_get_entry) smbd_dirptr_get_entry: dirptr 0x7fd50c012c20 now at offset -1 [2012/08/30 15:27:57.970493, 8] smbd/dosmode.c:621(dos_mode) dos_mode: x64/3/pscript5.dll [2012/08/30 15:27:57.970676, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning a [2012/08/30 15:27:57.970794, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning a [2012/08/30 15:27:57.970926, 10] locking/locking.c:1026(fetch_share_mode_unlocked) fetch_share_mode_unlocked: no share_mode record around (file not open) [2012/08/30 15:27:57.971064, 3] smbd/dir.c:1041(smbd_dirptr_get_entry) smbd_dirptr_get_entry mask=[pscript5.dll] found x64/3/pscript5.dll fname=pscript5.dll (pscript5.dll) [2012/08/30 15:27:57.971187, 10] smbd/trans2.c:1572(smbd_marshall_dir_entry) smbd_marshall_dir_entry: space_remaining = 16384 [2012/08/30 15:27:57.971329, 10] smbd/trans2.c:1721(smbd_marshall_dir_entry) smbd_marshall_dir_entry: SMB_FIND_FILE_BOTH_DIRECTORY_INFO [2012/08/30 15:27:57.971470, 5] smbd/trans2.c:2505(call_trans2findfirst) call_trans2findfirst - (2) closing dptr_num 256 [2012/08/30 15:27:57.971693, 4] smbd/dir.c:257(dptr_close_internal) closing dptr key 256 [2012/08/30 15:27:57.971820, 9] smbd/trans2.c:935(send_trans2_replies) t2_rep: params_sent_thistime = 10, data_sent_thistime = 120, useable_space = 131010 [2012/08/30 15:27:57.971939, 9] smbd/trans2.c:937(send_trans2_replies) t2_rep: params_to_send = 10, data_to_send = 120, paramsize = 10, datasize = 120 [2012/08/30 15:27:57.972073, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:57.972134, 5] lib/util.c:342(show_msg) size=188 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=2 smb_pid=292 smb_uid=100 smb_mid=10816 smt_wct=10 smb_vwv[ 0]= 10 (0xA) smb_vwv[ 1]= 120 (0x78) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 10 (0xA) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 120 (0x78) smb_vwv[ 7]= 68 (0x44) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=133 [2012/08/30 15:27:57.973485, 10] ../lib/util/util.c:415(dump_data) [0000] 00 FD FF 01 00 01 00 00 00 00 00 00 00 78 00 00 ........ .....x.. [0010] 00 00 00 00 00 B0 91 B7 2E 28 7B CD 01 BF 47 1F ........ .({...G. [0020] CC E3 86 CD 01 B0 91 B7 2E 28 7B CD 01 B0 91 B7 ........ .({..... [0030] 2E 28 7B CD 01 00 48 08 00 00 00 00 00 00 00 10 .({...H. ........ [0040] 00 00 00 00 00 20 00 00 00 18 00 00 00 00 00 00 ..... .. ........ [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0060] 00 00 00 00 00 00 00 00 00 00 00 70 00 73 00 63 ........ ...p.s.c [0070] 00 72 00 69 00 70 00 74 00 35 00 2E 00 64 00 6C .r.i.p.t .5...d.l [0080] 00 6C 00 00 00 .l... [2012/08/30 15:27:57.974464, 4] smbd/trans2.c:2549(call_trans2findfirst) SMBtrans2 mask=pscript5.dll directory=x64/3 dirtype=22 numentries=1 [2012/08/30 15:27:57.976703, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 120 [2012/08/30 15:27:57.976871, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x78 [2012/08/30 15:27:57.976990, 3] smbd/process.c:1662(process_smb) Transaction 91 of length 124 (0 toread) [2012/08/30 15:27:57.977108, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:57.977170, 5] lib/util.c:342(show_msg) size=120 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=292 smb_uid=100 smb_mid=10880 smt_wct=15 smb_vwv[ 0]= 52 (0x34) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 10 (0xA) smb_vwv[ 3]=16384 (0x4000) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 52 (0x34) smb_vwv[10]= 68 (0x44) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 1 (0x1) smb_vwv[14]= 1 (0x1) smb_bcc=55 [2012/08/30 15:27:57.979062, 10] ../lib/util/util.c:415(dump_data) [0000] 00 00 00 16 00 56 05 07 00 04 01 00 00 00 00 5C .....V.. .......\ [0010] 00 78 00 36 00 34 00 5C 00 33 00 5C 00 70 00 73 .x.6.4.\ .3.\.p.s [0020] 00 63 00 72 00 69 00 70 00 74 00 35 00 2E 00 64 .c.r.i.p .t.5...d [0030] 00 6C 00 6C 00 00 00 .l.l... [2012/08/30 15:27:57.979403, 3] smbd/process.c:1467(switch_message) switch message SMBtrans2 (pid 3054) conn 0x7fd50c011730 [2012/08/30 15:27:57.979562, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/08/30 15:27:57.979697, 3] smbd/trans2.c:2286(call_trans2findfirst) call_trans2findfirst: dirtype = 16, maxentries = 1366, close_after_first=1, close_if_end = 1 requires_resume_key = 1 level = 0x104, max_data_bytes = 16384 [2012/08/30 15:27:57.979824, 5] smbd/filename.c:257(unix_convert) unix_convert called on file "x64/3/pscript5.dll" [2012/08/30 15:27:57.979974, 10] smbd/statcache.c:283(stat_cache_lookup) stat_cache_lookup: lookup succeeded for name [X64/3/PSCRIPT5.DLL] -> [x64/3/pscript5.dll] [2012/08/30 15:27:57.980100, 3] smbd/vfs.c:905(check_reduced_name) check_reduced_name [x64/3/pscript5.dll] [/var/lib/samba/printers] [2012/08/30 15:27:57.980229, 10] smbd/vfs.c:969(check_reduced_name) check_reduced_name realpath [x64/3/pscript5.dll] -> [/var/lib/samba/printers/x64/3/pscript5.dll] [2012/08/30 15:27:57.980346, 3] smbd/vfs.c:1039(check_reduced_name) check_reduced_name: x64/3/pscript5.dll reduced to /var/lib/samba/printers/x64/3/pscript5.dll [2012/08/30 15:27:57.980465, 5] smbd/trans2.c:2371(call_trans2findfirst) dir=x64/3, mask = pscript5.dll [2012/08/30 15:27:57.980584, 5] smbd/dir.c:439(dptr_create) dptr_create dir=x64/3 [2012/08/30 15:27:57.980700, 3] smbd/vfs.c:905(check_reduced_name) check_reduced_name [x64/3] [/var/lib/samba/printers] [2012/08/30 15:27:57.980842, 10] smbd/vfs.c:969(check_reduced_name) check_reduced_name realpath [x64/3] -> [/var/lib/samba/printers/x64/3] [2012/08/30 15:27:57.980959, 3] smbd/vfs.c:1039(check_reduced_name) check_reduced_name: x64/3 reduced to /var/lib/samba/printers/x64/3 [2012/08/30 15:27:57.981087, 3] smbd/dir.c:578(dptr_create) creating new dirptr 256 for path x64/3, expect_close = 1 [2012/08/30 15:27:57.981280, 4] smbd/trans2.c:2439(call_trans2findfirst) dptr_num is 256, wcard = pscript5.dll, attr = 22 [2012/08/30 15:27:57.981407, 8] smbd/trans2.c:2448(call_trans2findfirst) dirpath= dontdescend=<> [2012/08/30 15:27:57.981538, 6] smbd/dir.c:969(smbd_dirptr_get_entry) smbd_dirptr_get_entry: dirptr 0x7fd50c029190 now at offset -1 [2012/08/30 15:27:57.981659, 8] smbd/dosmode.c:621(dos_mode) dos_mode: x64/3/pscript5.dll [2012/08/30 15:27:57.981779, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning a [2012/08/30 15:27:57.981899, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning a [2012/08/30 15:27:57.982052, 10] locking/locking.c:1026(fetch_share_mode_unlocked) fetch_share_mode_unlocked: no share_mode record around (file not open) [2012/08/30 15:27:57.982179, 3] smbd/dir.c:1041(smbd_dirptr_get_entry) smbd_dirptr_get_entry mask=[pscript5.dll] found x64/3/pscript5.dll fname=pscript5.dll (pscript5.dll) [2012/08/30 15:27:57.982306, 10] smbd/trans2.c:1572(smbd_marshall_dir_entry) smbd_marshall_dir_entry: space_remaining = 16384 [2012/08/30 15:27:57.982442, 10] smbd/trans2.c:1721(smbd_marshall_dir_entry) smbd_marshall_dir_entry: SMB_FIND_FILE_BOTH_DIRECTORY_INFO [2012/08/30 15:27:57.982563, 5] smbd/trans2.c:2505(call_trans2findfirst) call_trans2findfirst - (2) closing dptr_num 256 [2012/08/30 15:27:57.982680, 4] smbd/dir.c:257(dptr_close_internal) closing dptr key 256 [2012/08/30 15:27:57.982806, 9] smbd/trans2.c:935(send_trans2_replies) t2_rep: params_sent_thistime = 10, data_sent_thistime = 120, useable_space = 131010 [2012/08/30 15:27:57.982924, 9] smbd/trans2.c:937(send_trans2_replies) t2_rep: params_to_send = 10, data_to_send = 120, paramsize = 10, datasize = 120 [2012/08/30 15:27:57.983042, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:57.983104, 5] lib/util.c:342(show_msg) size=188 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=2 smb_pid=292 smb_uid=100 smb_mid=10880 smt_wct=10 smb_vwv[ 0]= 10 (0xA) smb_vwv[ 1]= 120 (0x78) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 10 (0xA) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 120 (0x78) smb_vwv[ 7]= 68 (0x44) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=133 [2012/08/30 15:27:57.984492, 10] ../lib/util/util.c:415(dump_data) [0000] 00 FD FF 01 00 01 00 00 00 00 00 00 00 78 00 00 ........ .....x.. [0010] 00 00 00 00 00 B0 91 B7 2E 28 7B CD 01 BF 47 1F ........ .({...G. [0020] CC E3 86 CD 01 B0 91 B7 2E 28 7B CD 01 B0 91 B7 ........ .({..... [0030] 2E 28 7B CD 01 00 48 08 00 00 00 00 00 00 00 10 .({...H. ........ [0040] 00 00 00 00 00 20 00 00 00 18 00 00 00 00 00 00 ..... .. ........ [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0060] 00 00 00 00 00 00 00 00 00 00 00 70 00 73 00 63 ........ ...p.s.c [0070] 00 72 00 69 00 70 00 74 00 35 00 2E 00 64 00 6C .r.i.p.t .5...d.l [0080] 00 6C 00 00 00 .l... [2012/08/30 15:27:57.985380, 4] smbd/trans2.c:2549(call_trans2findfirst) SMBtrans2 mask=pscript5.dll directory=x64/3 dirtype=22 numentries=1 [2012/08/30 15:27:57.987395, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 124 [2012/08/30 15:27:57.987638, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x7c [2012/08/30 15:27:57.987758, 3] smbd/process.c:1662(process_smb) Transaction 92 of length 128 (0 toread) [2012/08/30 15:27:57.987876, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:57.987937, 5] lib/util.c:342(show_msg) size=124 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=292 smb_uid=100 smb_mid=10944 smt_wct=24 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 9728 (0x2600) smb_vwv[ 3]= 5632 (0x1600) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]=35072 (0x8900) smb_vwv[ 8]= 512 (0x200) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 256 (0x100) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 256 (0x100) smb_vwv[18]= 0 (0x0) smb_vwv[19]=16384 (0x4000) smb_vwv[20]= 0 (0x0) smb_vwv[21]= 512 (0x200) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 768 (0x300) smb_bcc=41 [2012/08/30 15:27:57.990751, 10] ../lib/util/util.c:415(dump_data) [0000] 00 5C 00 78 00 36 00 34 00 5C 00 33 00 5C 00 70 .\.x.6.4 .\.3.\.p [0010] 00 73 00 63 00 72 00 69 00 70 00 74 00 35 00 2E .s.c.r.i .p.t.5.. [0020] 00 64 00 6C 00 6C 00 00 00 .d.l.l.. . [2012/08/30 15:27:57.991023, 3] smbd/process.c:1467(switch_message) switch message SMBntcreateX (pid 3054) conn 0x7fd50c011730 [2012/08/30 15:27:57.991146, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/08/30 15:27:57.991334, 10] smbd/nttrans.c:500(reply_ntcreate_and_X) reply_ntcreate_and_X: flags = 0x16, access_mask = 0x20089 file_attributes = 0x0, share_access = 0x1, create_disposition = 0x1 create_options = 0x40 root_dir_fid = 0x0, fname = x64/3/pscript5.dll [2012/08/30 15:27:57.991487, 5] smbd/filename.c:257(unix_convert) unix_convert called on file "x64/3/pscript5.dll" [2012/08/30 15:27:57.991617, 10] smbd/statcache.c:283(stat_cache_lookup) stat_cache_lookup: lookup succeeded for name [X64/3/PSCRIPT5.DLL] -> [x64/3/pscript5.dll] [2012/08/30 15:27:57.991743, 3] smbd/vfs.c:905(check_reduced_name) check_reduced_name [x64/3/pscript5.dll] [/var/lib/samba/printers] [2012/08/30 15:27:57.991875, 10] smbd/vfs.c:969(check_reduced_name) check_reduced_name realpath [x64/3/pscript5.dll] -> [/var/lib/samba/printers/x64/3/pscript5.dll] [2012/08/30 15:27:57.991995, 3] smbd/vfs.c:1039(check_reduced_name) check_reduced_name: x64/3/pscript5.dll reduced to /var/lib/samba/printers/x64/3/pscript5.dll [2012/08/30 15:27:57.992116, 10] smbd/open.c:3607(create_file_default) create_file: access_mask = 0x20089 file_attributes = 0x0, share_access = 0x1, create_disposition = 0x1 create_options = 0x40 oplock_request = 0x3 private_flags = 0x0 root_dir_fid = 0x0, ea_list = 0x(nil), sd = 0x(nil), fname = x64/3/pscript5.dll [2012/08/30 15:27:57.992310, 10] smbd/open.c:3127(create_file_unixpath) create_file_unixpath: access_mask = 0x20089 file_attributes = 0x0, share_access = 0x1, create_disposition = 0x1 create_options = 0x40 oplock_request = 0x3 private_flags = 0x0 ea_list = 0x(nil), sd = 0x(nil), fname = x64/3/pscript5.dll [2012/08/30 15:27:57.992478, 5] smbd/files.c:140(file_new) allocated file structure 13666, fnum = 17762 (2 used) [2012/08/30 15:27:57.992601, 10] smbd/files.c:705(file_name_hash) file_name_hash: /var/lib/samba/printers/x64/3/pscript5.dll hash 0xdec2eda5 [2012/08/30 15:27:57.992754, 3] smbd/dosmode.c:159(unix_mode) unix_mode(x64/3/pscript5.dll) returning 0744 [2012/08/30 15:27:57.992930, 10] smbd/open.c:1605(open_file_ntcreate) open_file_ntcreate: fname=x64/3/pscript5.dll, dos_attrs=0x0 access_mask=0x20089 share_access=0x1 create_disposition = 0x1 create_options=0x40 unix mode=0744 oplock_request=3 private_flags = 0x0 [2012/08/30 15:27:57.993080, 8] smbd/dosmode.c:621(dos_mode) dos_mode: x64/3/pscript5.dll [2012/08/30 15:27:57.993199, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning a [2012/08/30 15:27:57.994317, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning a [2012/08/30 15:27:57.994446, 10] smbd/open.c:1778(open_file_ntcreate) open_file_ntcreate: fname=x64/3/pscript5.dll, after mapping access_mask=0x20089 [2012/08/30 15:27:57.994623, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 0108000000000000A53B [2012/08/30 15:27:57.994810, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fd50c00d7a0 [2012/08/30 15:27:57.994933, 10] locking/brlock.c:1814(brl_get_locks_internal) brl_get_locks_internal: 0 current locks on file_id 801:23ba5:0 [2012/08/30 15:27:57.995077, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 0108000000000000A53B [2012/08/30 15:27:57.995208, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 0108000000000000A53B [2012/08/30 15:27:57.995329, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fd50c00d9e0 [2012/08/30 15:27:57.995472, 10] smbd/open.c:1163(grant_fsp_oplock_type) grant_fsp_oplock_type: oplock type 0x3 on file x64/3/pscript5.dll [2012/08/30 15:27:57.995623, 4] smbd/open.c:2069(open_file_ntcreate) calling open_file with flags=0x0 flags2=0x0 mode=0744, access_mask = 0x20089, open_access_mask = 0x20089 [2012/08/30 15:27:57.995755, 10] smbd/open.c:189(fd_open) fd_open: name x64/3/pscript5.dll, flags = 00 mode = 0744, fd = 36. [2012/08/30 15:27:57.995874, 2] smbd/open.c:704(open_file) administrator opened file x64/3/pscript5.dll read=Yes write=No (numopen=1) [2012/08/30 15:27:57.996028, 3] smbd/oplock_linux.c:142(linux_set_kernel_oplock) linux_set_kernel_oplock: got kernel oplock on file x64/3/pscript5.dll, file_id = 801:23ba5:0 gen_id = 1302153908 [2012/08/30 15:27:57.996237, 5] smbd/oplock.c:92(set_file_oplock) set_file_oplock: granted oplock on file x64/3/pscript5.dll, 801:23ba5:0/1302153908, tv_sec = 503fbebd, tv_usec = f24dc [2012/08/30 15:27:57.996405, 10] locking/locking.c:801(unparse_share_modes) unparse_share_modes: owrt: Wed Aug 15 16:54:38 2012 EDT cwrt: Wed Dec 31 19:00:00 1969 EST, ntok: 0, num: 1 [2012/08/30 15:27:57.996565, 10] locking/locking.c:536(print_share_mode_table) print_share_mode_table: share_mode_entry[0]: pid = 3054, share_access = 0x1, private_options = 0x0, access_mask = 0x20089, mid = 0x2ac0, type= 0x3, gen_id = 1302153908, uid = 10000, flags = 0, file_id 801:23ba5:0, name_hash = 0xdec2eda5 [2012/08/30 15:27:57.996696, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 0108000000000000A53B [2012/08/30 15:27:57.996823, 10] smbd/open.c:3419(create_file_unixpath) create_file_unixpath: info=1 [2012/08/30 15:27:57.996942, 10] smbd/open.c:3695(create_file_default) create_file: info=1 [2012/08/30 15:27:57.997061, 8] smbd/dosmode.c:621(dos_mode) dos_mode: x64/3/pscript5.dll [2012/08/30 15:27:57.997183, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning a [2012/08/30 15:27:57.997304, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning a [2012/08/30 15:27:57.997428, 10] locking/locking.c:663(parse_share_modes) parse_share_modes: owrt: Wed Aug 15 16:54:38 2012 EDT, cwrt: Wed Dec 31 19:00:00 1969 EST, ntok: 0, num_share_modes: 1 [2012/08/30 15:27:57.997563, 10] locking/locking.c:725(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 3054, share_access = 0x1, private_options = 0x0, access_mask = 0x20089, mid = 0x2ac0, type= 0x3, gen_id = 1302153908, uid = 10000, flags = 0, file_id 801:23ba5:0, name_hash = 0xdec2eda5 [2012/08/30 15:27:57.997699, 10] smbd/file_access.c:204(can_access_file_data) can_access_file_data: requesting 0x2 on file x64/3/pscript5.dll [2012/08/30 15:27:57.997982, 5] smbd/nttrans.c:725(reply_ntcreate_and_X) reply_ntcreate_and_X: fnum = 17762, open name = x64/3/pscript5.dll [2012/08/30 15:27:57.998667, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 72 [2012/08/30 15:27:57.998829, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x48 [2012/08/30 15:27:57.998949, 3] smbd/process.c:1662(process_smb) Transaction 93 of length 76 (0 toread) [2012/08/30 15:27:57.999066, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:57.999127, 5] lib/util.c:342(show_msg) size=72 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=292 smb_uid=100 smb_mid=11008 smt_wct=15 smb_vwv[ 0]= 4 (0x4) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 2 (0x2) smb_vwv[ 3]= 8 (0x8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 4 (0x4) smb_vwv[10]= 68 (0x44) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 1 (0x1) smb_vwv[14]= 7 (0x7) smb_bcc=7 [2012/08/30 15:27:58.000809, 10] ../lib/util/util.c:415(dump_data) [0000] 00 00 00 62 45 EE 03 ...bE.. [2012/08/30 15:27:58.000940, 3] smbd/process.c:1467(switch_message) switch message SMBtrans2 (pid 3054) conn 0x7fd50c011730 [2012/08/30 15:27:58.001077, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/08/30 15:27:58.001201, 3] smbd/trans2.c:5026(call_trans2qfilepathinfo) call_trans2qfilepathinfo: TRANSACT2_QFILEINFO: level = 1006 [2012/08/30 15:27:58.001331, 10] locking/locking.c:663(parse_share_modes) parse_share_modes: owrt: Wed Aug 15 16:54:38 2012 EDT, cwrt: Wed Dec 31 19:00:00 1969 EST, ntok: 0, num_share_modes: 1 [2012/08/30 15:27:58.001467, 10] locking/locking.c:725(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 3054, share_access = 0x1, private_options = 0x0, access_mask = 0x20089, mid = 0x2ac0, type= 0x3, gen_id = 1302153908, uid = 10000, flags = 0, file_id 801:23ba5:0, name_hash = 0xdec2eda5 [2012/08/30 15:27:58.001587, 10] locking/locking.c:1657(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0xdec2eda5 [2012/08/30 15:27:58.001706, 3] smbd/trans2.c:5255(call_trans2qfilepathinfo) call_trans2qfilepathinfo x64/3/pscript5.dll (fnum = 17762) level=1006 call=7 total_data=0 [2012/08/30 15:27:58.001825, 5] smbd/trans2.c:4223(smbd_do_qfilepathinfo) smbd_do_qfilepathinfo: x64/3/pscript5.dll (fnum = 17762) level=1006 max_data=8 [2012/08/30 15:27:58.001982, 8] smbd/dosmode.c:621(dos_mode) dos_mode: x64/3/pscript5.dll [2012/08/30 15:27:58.002101, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning a [2012/08/30 15:27:58.002222, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning a [2012/08/30 15:27:58.002348, 10] smbd/trans2.c:4615(smbd_do_qfilepathinfo) smbd_do_qfilepathinfo: SMB_FILE_INTERNAL_INFORMATION [2012/08/30 15:27:58.002468, 9] smbd/trans2.c:935(send_trans2_replies) t2_rep: params_sent_thistime = 2, data_sent_thistime = 8, useable_space = 131010 [2012/08/30 15:27:58.002588, 9] smbd/trans2.c:937(send_trans2_replies) t2_rep: params_to_send = 2, data_to_send = 8, paramsize = 2, datasize = 8 [2012/08/30 15:27:58.002705, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:58.002766, 5] lib/util.c:342(show_msg) size=68 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=2 smb_pid=292 smb_uid=100 smb_mid=11008 smt_wct=10 smb_vwv[ 0]= 2 (0x2) smb_vwv[ 1]= 8 (0x8) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 2 (0x2) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 8 (0x8) smb_vwv[ 7]= 60 (0x3C) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=13 [2012/08/30 15:27:58.004148, 10] ../lib/util/util.c:415(dump_data) [0000] 00 00 00 00 00 A5 3B 02 00 00 00 00 00 ......;. ..... [2012/08/30 15:27:58.005756, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 59 [2012/08/30 15:27:58.005960, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x3b [2012/08/30 15:27:58.006081, 3] smbd/process.c:1662(process_smb) Transaction 94 of length 63 (0 toread) [2012/08/30 15:27:58.006204, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:58.006266, 5] lib/util.c:342(show_msg) size=59 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=59399 smb_tid=2 smb_pid=65279 smb_uid=100 smb_mid=11072 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]=17762 (0x4562) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 4096 (0x1000) smb_vwv[ 6]= 4096 (0x1000) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 4096 (0x1000) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=0 [2012/08/30 15:27:58.007922, 10] ../lib/util/util.c:415(dump_data) [2012/08/30 15:27:58.007991, 3] smbd/process.c:1467(switch_message) switch message SMBreadX (pid 3054) conn 0x7fd50c011730 [2012/08/30 15:27:58.008111, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/08/30 15:27:58.008250, 10] locking/locking.c:121(strict_lock_default) is_locked: optimisation - exclusive oplock on file x64/3/pscript5.dll [2012/08/30 15:27:58.008379, 10] locking/locking.c:163(strict_lock_default) strict_lock_default: flavour = WINDOWS_LOCK brl start=0 len=4096 unlocked for fnum 17762 file x64/3/pscript5.dll [2012/08/30 15:27:58.008666, 10] smbd/fileio.c:109(read_file) read_file (x64/3/pscript5.dll): pos = 0, size = 4096, returned 4096 [2012/08/30 15:27:58.008790, 3] smbd/reply.c:3702(send_file_readX) send_file_readX fnum=17762 max=4096 nread=4096 [2012/08/30 15:27:58.016036, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 41 [2012/08/30 15:27:58.016234, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x29 [2012/08/30 15:27:58.016354, 3] smbd/process.c:1662(process_smb) Transaction 95 of length 45 (0 toread) [2012/08/30 15:27:58.016542, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:58.016605, 5] lib/util.c:342(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=65279 smb_uid=100 smb_mid=11136 smt_wct=3 smb_vwv[ 0]=17762 (0x4562) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2012/08/30 15:27:58.017578, 10] ../lib/util/util.c:415(dump_data) [2012/08/30 15:27:58.017643, 3] smbd/process.c:1467(switch_message) switch message SMBclose (pid 3054) conn 0x7fd50c011730 [2012/08/30 15:27:58.017773, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/08/30 15:27:58.017893, 3] smbd/reply.c:4848(reply_close) close fd=36 fnum=17762 (numopen=1) [2012/08/30 15:27:58.018011, 6] smbd/close.c:532(set_close_write_time) close_write_time: Sun Feb 7 01:28:15 2106 [2012/08/30 15:27:58.018222, 10] smbd/oplock_linux.c:154(linux_release_kernel_oplock) linux_release_kernel_oplock: file x64/3/pscript5.dll, file_id = 801:23ba5:0 gen_id = 1302153908 has kernel oplock state of 1. [2012/08/30 15:27:58.018364, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 0108000000000000A53B [2012/08/30 15:27:58.018510, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fd50c04ae20 [2012/08/30 15:27:58.018627, 10] locking/locking.c:663(parse_share_modes) parse_share_modes: owrt: Wed Aug 15 16:54:38 2012 EDT, cwrt: Wed Dec 31 19:00:00 1969 EST, ntok: 0, num_share_modes: 1 [2012/08/30 15:27:58.018764, 10] locking/locking.c:725(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 3054, share_access = 0x1, private_options = 0x0, access_mask = 0x20089, mid = 0x2ac0, type= 0x3, gen_id = 1302153908, uid = 10000, flags = 0, file_id 801:23ba5:0, name_hash = 0xdec2eda5 [2012/08/30 15:27:58.019022, 10] locking/locking.c:1657(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0xdec2eda5 [2012/08/30 15:27:58.019154, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 0108000000000000A53B [2012/08/30 15:27:58.019328, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file x64/3/pscript5.dll = 0 [2012/08/30 15:27:58.019448, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file x64/3/pscript5.dll [2012/08/30 15:27:58.019751, 2] smbd/close.c:696(close_normal_file) administrator closed file x64/3/pscript5.dll (numopen=0) NT_STATUS_OK [2012/08/30 15:27:58.019872, 5] smbd/files.c:482(file_free) freed files structure 17762 (1 used) [2012/08/30 15:27:58.019992, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:58.020054, 5] lib/util.c:342(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=2 smb_pid=65279 smb_uid=100 smb_mid=11136 smt_wct=0 smb_bcc=0 [2012/08/30 15:27:58.020831, 10] ../lib/util/util.c:415(dump_data) [2012/08/30 15:27:58.021832, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 124 [2012/08/30 15:27:58.021979, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x7c [2012/08/30 15:27:58.022097, 3] smbd/process.c:1662(process_smb) Transaction 96 of length 128 (0 toread) [2012/08/30 15:27:58.022215, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:58.022276, 5] lib/util.c:342(show_msg) size=124 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=292 smb_uid=100 smb_mid=11200 smt_wct=24 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 9728 (0x2600) smb_vwv[ 3]= 5632 (0x1600) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]=35072 (0x8900) smb_vwv[ 8]= 512 (0x200) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 768 (0x300) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 256 (0x100) smb_vwv[18]= 0 (0x0) smb_vwv[19]= 0 (0x0) smb_vwv[20]= 0 (0x0) smb_vwv[21]= 512 (0x200) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 768 (0x300) smb_bcc=41 [2012/08/30 15:27:58.025538, 10] ../lib/util/util.c:415(dump_data) [0000] 00 5C 00 78 00 36 00 34 00 5C 00 33 00 5C 00 70 .\.x.6.4 .\.3.\.p [0010] 00 73 00 63 00 72 00 69 00 70 00 74 00 35 00 2E .s.c.r.i .p.t.5.. [0020] 00 64 00 6C 00 6C 00 00 00 .d.l.l.. . [2012/08/30 15:27:58.025816, 3] smbd/process.c:1467(switch_message) switch message SMBntcreateX (pid 3054) conn 0x7fd50c011730 [2012/08/30 15:27:58.025937, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/08/30 15:27:58.026062, 10] smbd/nttrans.c:500(reply_ntcreate_and_X) reply_ntcreate_and_X: flags = 0x16, access_mask = 0x20089 file_attributes = 0x0, share_access = 0x3, create_disposition = 0x1 create_options = 0x0 root_dir_fid = 0x0, fname = x64/3/pscript5.dll [2012/08/30 15:27:58.026190, 5] smbd/filename.c:257(unix_convert) unix_convert called on file "x64/3/pscript5.dll" [2012/08/30 15:27:58.026313, 10] smbd/statcache.c:283(stat_cache_lookup) stat_cache_lookup: lookup succeeded for name [X64/3/PSCRIPT5.DLL] -> [x64/3/pscript5.dll] [2012/08/30 15:27:58.026475, 3] smbd/vfs.c:905(check_reduced_name) check_reduced_name [x64/3/pscript5.dll] [/var/lib/samba/printers] [2012/08/30 15:27:58.026621, 10] smbd/vfs.c:969(check_reduced_name) check_reduced_name realpath [x64/3/pscript5.dll] -> [/var/lib/samba/printers/x64/3/pscript5.dll] [2012/08/30 15:27:58.026743, 3] smbd/vfs.c:1039(check_reduced_name) check_reduced_name: x64/3/pscript5.dll reduced to /var/lib/samba/printers/x64/3/pscript5.dll [2012/08/30 15:27:58.026863, 10] smbd/open.c:3607(create_file_default) create_file: access_mask = 0x20089 file_attributes = 0x0, share_access = 0x3, create_disposition = 0x1 create_options = 0x0 oplock_request = 0x3 private_flags = 0x0 root_dir_fid = 0x0, ea_list = 0x(nil), sd = 0x(nil), fname = x64/3/pscript5.dll [2012/08/30 15:27:58.026998, 10] smbd/open.c:3127(create_file_unixpath) create_file_unixpath: access_mask = 0x20089 file_attributes = 0x0, share_access = 0x3, create_disposition = 0x1 create_options = 0x0 oplock_request = 0x3 private_flags = 0x0 ea_list = 0x(nil), sd = 0x(nil), fname = x64/3/pscript5.dll [2012/08/30 15:27:58.027124, 5] smbd/files.c:140(file_new) allocated file structure 13667, fnum = 17763 (2 used) [2012/08/30 15:27:58.027246, 10] smbd/files.c:705(file_name_hash) file_name_hash: /var/lib/samba/printers/x64/3/pscript5.dll hash 0xdec2eda5 [2012/08/30 15:27:58.027360, 3] smbd/dosmode.c:159(unix_mode) unix_mode(x64/3/pscript5.dll) returning 0744 [2012/08/30 15:27:58.027631, 10] smbd/open.c:1605(open_file_ntcreate) open_file_ntcreate: fname=x64/3/pscript5.dll, dos_attrs=0x0 access_mask=0x20089 share_access=0x3 create_disposition = 0x1 create_options=0x0 unix mode=0744 oplock_request=3 private_flags = 0x0 [2012/08/30 15:27:58.027760, 8] smbd/dosmode.c:621(dos_mode) dos_mode: x64/3/pscript5.dll [2012/08/30 15:27:58.027879, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning a [2012/08/30 15:27:58.027997, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning a [2012/08/30 15:27:58.028116, 10] smbd/open.c:1778(open_file_ntcreate) open_file_ntcreate: fname=x64/3/pscript5.dll, after mapping access_mask=0x20089 [2012/08/30 15:27:58.028245, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 0108000000000000A53B [2012/08/30 15:27:58.028374, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fd50c00d7a0 [2012/08/30 15:27:58.028492, 10] locking/brlock.c:1814(brl_get_locks_internal) brl_get_locks_internal: 0 current locks on file_id 801:23ba5:0 [2012/08/30 15:27:58.028612, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 0108000000000000A53B [2012/08/30 15:27:58.028765, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 0108000000000000A53B [2012/08/30 15:27:58.028887, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fd50c00d9e0 [2012/08/30 15:27:58.029006, 10] smbd/open.c:1163(grant_fsp_oplock_type) grant_fsp_oplock_type: oplock type 0x3 on file x64/3/pscript5.dll [2012/08/30 15:27:58.029127, 4] smbd/open.c:2069(open_file_ntcreate) calling open_file with flags=0x0 flags2=0x0 mode=0744, access_mask = 0x20089, open_access_mask = 0x20089 [2012/08/30 15:27:58.029254, 10] smbd/open.c:189(fd_open) fd_open: name x64/3/pscript5.dll, flags = 00 mode = 0744, fd = 36. [2012/08/30 15:27:58.029373, 2] smbd/open.c:704(open_file) administrator opened file x64/3/pscript5.dll read=Yes write=No (numopen=1) [2012/08/30 15:27:58.029508, 3] smbd/oplock_linux.c:142(linux_set_kernel_oplock) linux_set_kernel_oplock: got kernel oplock on file x64/3/pscript5.dll, file_id = 801:23ba5:0 gen_id = 1302153909 [2012/08/30 15:27:58.029635, 5] smbd/oplock.c:92(set_file_oplock) set_file_oplock: granted oplock on file x64/3/pscript5.dll, 801:23ba5:0/1302153909, tv_sec = 503fbebe, tv_usec = 69f2 [2012/08/30 15:27:58.029759, 10] locking/locking.c:801(unparse_share_modes) unparse_share_modes: owrt: Wed Aug 15 16:54:38 2012 EDT cwrt: Wed Dec 31 19:00:00 1969 EST, ntok: 0, num: 1 [2012/08/30 15:27:58.029913, 10] locking/locking.c:536(print_share_mode_table) print_share_mode_table: share_mode_entry[0]: pid = 3054, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0x2bc0, type= 0x3, gen_id = 1302153909, uid = 10000, flags = 0, file_id 801:23ba5:0, name_hash = 0xdec2eda5 [2012/08/30 15:27:58.030036, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 0108000000000000A53B [2012/08/30 15:27:58.030162, 10] smbd/open.c:3419(create_file_unixpath) create_file_unixpath: info=1 [2012/08/30 15:27:58.030280, 10] smbd/open.c:3695(create_file_default) create_file: info=1 [2012/08/30 15:27:58.030407, 8] smbd/dosmode.c:621(dos_mode) dos_mode: x64/3/pscript5.dll [2012/08/30 15:27:58.030532, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning a [2012/08/30 15:27:58.030652, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning a [2012/08/30 15:27:58.030775, 10] locking/locking.c:663(parse_share_modes) parse_share_modes: owrt: Wed Aug 15 16:54:38 2012 EDT, cwrt: Wed Dec 31 19:00:00 1969 EST, ntok: 0, num_share_modes: 1 [2012/08/30 15:27:58.030910, 10] locking/locking.c:725(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 3054, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0x2bc0, type= 0x3, gen_id = 1302153909, uid = 10000, flags = 0, file_id 801:23ba5:0, name_hash = 0xdec2eda5 [2012/08/30 15:27:58.031036, 10] smbd/file_access.c:204(can_access_file_data) can_access_file_data: requesting 0x2 on file x64/3/pscript5.dll [2012/08/30 15:27:58.031171, 5] smbd/nttrans.c:725(reply_ntcreate_and_X) reply_ntcreate_and_X: fnum = 17763, open name = x64/3/pscript5.dll [2012/08/30 15:27:58.032936, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 41 [2012/08/30 15:27:58.033093, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x29 [2012/08/30 15:27:58.033238, 3] smbd/process.c:1662(process_smb) Transaction 97 of length 45 (0 toread) [2012/08/30 15:27:58.033364, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:58.033426, 5] lib/util.c:342(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=65279 smb_uid=100 smb_mid=11264 smt_wct=3 smb_vwv[ 0]=17763 (0x4563) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2012/08/30 15:27:58.034545, 10] ../lib/util/util.c:415(dump_data) [2012/08/30 15:27:58.034619, 3] smbd/process.c:1467(switch_message) switch message SMBclose (pid 3054) conn 0x7fd50c011730 [2012/08/30 15:27:58.034739, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/08/30 15:27:58.034859, 3] smbd/reply.c:4848(reply_close) close fd=36 fnum=17763 (numopen=1) [2012/08/30 15:27:58.034977, 6] smbd/close.c:532(set_close_write_time) close_write_time: Sun Feb 7 01:28:15 2106 [2012/08/30 15:27:58.035112, 10] smbd/oplock_linux.c:154(linux_release_kernel_oplock) linux_release_kernel_oplock: file x64/3/pscript5.dll, file_id = 801:23ba5:0 gen_id = 1302153909 has kernel oplock state of 1. [2012/08/30 15:27:58.035279, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 0108000000000000A53B [2012/08/30 15:27:58.035404, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fd50c04ae20 [2012/08/30 15:27:58.035558, 10] locking/locking.c:663(parse_share_modes) parse_share_modes: owrt: Wed Aug 15 16:54:38 2012 EDT, cwrt: Wed Dec 31 19:00:00 1969 EST, ntok: 0, num_share_modes: 1 [2012/08/30 15:27:58.035704, 10] locking/locking.c:725(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 3054, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0x2bc0, type= 0x3, gen_id = 1302153909, uid = 10000, flags = 0, file_id 801:23ba5:0, name_hash = 0xdec2eda5 [2012/08/30 15:27:58.035825, 10] locking/locking.c:1657(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0xdec2eda5 [2012/08/30 15:27:58.035946, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 0108000000000000A53B [2012/08/30 15:27:58.036076, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file x64/3/pscript5.dll = 0 [2012/08/30 15:27:58.036195, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file x64/3/pscript5.dll [2012/08/30 15:27:58.036319, 2] smbd/close.c:696(close_normal_file) administrator closed file x64/3/pscript5.dll (numopen=0) NT_STATUS_OK [2012/08/30 15:27:58.036438, 5] smbd/files.c:482(file_free) freed files structure 17763 (1 used) [2012/08/30 15:27:58.036558, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:58.036620, 5] lib/util.c:342(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=2 smb_pid=65279 smb_uid=100 smb_mid=11264 smt_wct=0 smb_bcc=0 [2012/08/30 15:27:58.037436, 10] ../lib/util/util.c:415(dump_data) [2012/08/30 15:27:58.038475, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 124 [2012/08/30 15:27:58.038652, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x7c [2012/08/30 15:27:58.038778, 3] smbd/process.c:1662(process_smb) Transaction 98 of length 128 (0 toread) [2012/08/30 15:27:58.038897, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:58.038958, 5] lib/util.c:342(show_msg) size=124 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=292 smb_uid=100 smb_mid=11328 smt_wct=24 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 9728 (0x2600) smb_vwv[ 3]= 5632 (0x1600) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]=35072 (0x8900) smb_vwv[ 8]= 512 (0x200) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 1280 (0x500) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 256 (0x100) smb_vwv[18]= 0 (0x0) smb_vwv[19]= 1024 (0x400) smb_vwv[20]= 8192 (0x2000) smb_vwv[21]= 512 (0x200) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 768 (0x300) smb_bcc=41 [2012/08/30 15:27:58.042514, 10] ../lib/util/util.c:415(dump_data) [0000] 00 5C 00 78 00 36 00 34 00 5C 00 33 00 5C 00 70 .\.x.6.4 .\.3.\.p [0010] 00 73 00 63 00 72 00 69 00 70 00 74 00 35 00 2E .s.c.r.i .p.t.5.. [0020] 00 64 00 6C 00 6C 00 00 00 .d.l.l.. . [2012/08/30 15:27:58.042800, 3] smbd/process.c:1467(switch_message) switch message SMBntcreateX (pid 3054) conn 0x7fd50c011730 [2012/08/30 15:27:58.042920, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/08/30 15:27:58.043044, 10] smbd/nttrans.c:500(reply_ntcreate_and_X) reply_ntcreate_and_X: flags = 0x16, access_mask = 0x20089 file_attributes = 0x0, share_access = 0x5, create_disposition = 0x1 create_options = 0x200004 root_dir_fid = 0x0, fname = x64/3/pscript5.dll [2012/08/30 15:27:58.043187, 5] smbd/filename.c:257(unix_convert) unix_convert called on file "x64/3/pscript5.dll" [2012/08/30 15:27:58.043310, 10] smbd/statcache.c:283(stat_cache_lookup) stat_cache_lookup: lookup succeeded for name [X64/3/PSCRIPT5.DLL] -> [x64/3/pscript5.dll] [2012/08/30 15:27:58.043435, 3] smbd/vfs.c:905(check_reduced_name) check_reduced_name [x64/3/pscript5.dll] [/var/lib/samba/printers] [2012/08/30 15:27:58.043635, 10] smbd/vfs.c:969(check_reduced_name) check_reduced_name realpath [x64/3/pscript5.dll] -> [/var/lib/samba/printers/x64/3/pscript5.dll] [2012/08/30 15:27:58.043753, 3] smbd/vfs.c:1039(check_reduced_name) check_reduced_name: x64/3/pscript5.dll reduced to /var/lib/samba/printers/x64/3/pscript5.dll [2012/08/30 15:27:58.043873, 10] smbd/open.c:3607(create_file_default) create_file: access_mask = 0x20089 file_attributes = 0x0, share_access = 0x5, create_disposition = 0x1 create_options = 0x200004 oplock_request = 0x3 private_flags = 0x0 root_dir_fid = 0x0, ea_list = 0x(nil), sd = 0x(nil), fname = x64/3/pscript5.dll [2012/08/30 15:27:58.043997, 10] smbd/open.c:3127(create_file_unixpath) create_file_unixpath: access_mask = 0x20089 file_attributes = 0x0, share_access = 0x5, create_disposition = 0x1 create_options = 0x200004 oplock_request = 0x3 private_flags = 0x0 ea_list = 0x(nil), sd = 0x(nil), fname = x64/3/pscript5.dll [2012/08/30 15:27:58.044123, 5] smbd/files.c:140(file_new) allocated file structure 13668, fnum = 17764 (2 used) [2012/08/30 15:27:58.044265, 10] smbd/files.c:705(file_name_hash) file_name_hash: /var/lib/samba/printers/x64/3/pscript5.dll hash 0xdec2eda5 [2012/08/30 15:27:58.044385, 3] smbd/dosmode.c:159(unix_mode) unix_mode(x64/3/pscript5.dll) returning 0744 [2012/08/30 15:27:58.044506, 10] smbd/open.c:1605(open_file_ntcreate) open_file_ntcreate: fname=x64/3/pscript5.dll, dos_attrs=0x0 access_mask=0x20089 share_access=0x5 create_disposition = 0x1 create_options=0x200004 unix mode=0744 oplock_request=3 private_flags = 0x0 [2012/08/30 15:27:58.044636, 8] smbd/dosmode.c:621(dos_mode) dos_mode: x64/3/pscript5.dll [2012/08/30 15:27:58.044755, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning a [2012/08/30 15:27:58.044874, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning a [2012/08/30 15:27:58.045011, 10] smbd/open.c:1778(open_file_ntcreate) open_file_ntcreate: fname=x64/3/pscript5.dll, after mapping access_mask=0x20089 [2012/08/30 15:27:58.045136, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 0108000000000000A53B [2012/08/30 15:27:58.045264, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fd50c00d7a0 [2012/08/30 15:27:58.045383, 10] locking/brlock.c:1814(brl_get_locks_internal) brl_get_locks_internal: 0 current locks on file_id 801:23ba5:0 [2012/08/30 15:27:58.045503, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 0108000000000000A53B [2012/08/30 15:27:58.045634, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 0108000000000000A53B [2012/08/30 15:27:58.045758, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fd50c00d9e0 [2012/08/30 15:27:58.045877, 10] smbd/open.c:1163(grant_fsp_oplock_type) grant_fsp_oplock_type: oplock type 0x3 on file x64/3/pscript5.dll [2012/08/30 15:27:58.045995, 4] smbd/open.c:2069(open_file_ntcreate) calling open_file with flags=0x0 flags2=0x0 mode=0744, access_mask = 0x20089, open_access_mask = 0x20089 [2012/08/30 15:27:58.046123, 10] smbd/open.c:189(fd_open) fd_open: name x64/3/pscript5.dll, flags = 00 mode = 0744, fd = 36. [2012/08/30 15:27:58.046396, 2] smbd/open.c:704(open_file) administrator opened file x64/3/pscript5.dll read=Yes write=No (numopen=1) [2012/08/30 15:27:58.046519, 3] smbd/oplock_linux.c:142(linux_set_kernel_oplock) linux_set_kernel_oplock: got kernel oplock on file x64/3/pscript5.dll, file_id = 801:23ba5:0 gen_id = 1302153910 [2012/08/30 15:27:58.046643, 5] smbd/oplock.c:92(set_file_oplock) set_file_oplock: granted oplock on file x64/3/pscript5.dll, 801:23ba5:0/1302153910, tv_sec = 503fbebe, tv_usec = ac5a [2012/08/30 15:27:58.046767, 10] locking/locking.c:801(unparse_share_modes) unparse_share_modes: owrt: Wed Aug 15 16:54:38 2012 EDT cwrt: Wed Dec 31 19:00:00 1969 EST, ntok: 0, num: 1 [2012/08/30 15:27:58.046902, 10] locking/locking.c:536(print_share_mode_table) print_share_mode_table: share_mode_entry[0]: pid = 3054, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0x2c40, type= 0x3, gen_id = 1302153910, uid = 10000, flags = 0, file_id 801:23ba5:0, name_hash = 0xdec2eda5 [2012/08/30 15:27:58.047026, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 0108000000000000A53B [2012/08/30 15:27:58.047155, 10] smbd/open.c:3419(create_file_unixpath) create_file_unixpath: info=1 [2012/08/30 15:27:58.047273, 10] smbd/open.c:3695(create_file_default) create_file: info=1 [2012/08/30 15:27:58.047394, 8] smbd/dosmode.c:621(dos_mode) dos_mode: x64/3/pscript5.dll [2012/08/30 15:27:58.047565, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning a [2012/08/30 15:27:58.047694, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning a [2012/08/30 15:27:58.047817, 10] locking/locking.c:663(parse_share_modes) parse_share_modes: owrt: Wed Aug 15 16:54:38 2012 EDT, cwrt: Wed Dec 31 19:00:00 1969 EST, ntok: 0, num_share_modes: 1 [2012/08/30 15:27:58.047952, 10] locking/locking.c:725(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 3054, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0x2c40, type= 0x3, gen_id = 1302153910, uid = 10000, flags = 0, file_id 801:23ba5:0, name_hash = 0xdec2eda5 [2012/08/30 15:27:58.048081, 10] smbd/file_access.c:204(can_access_file_data) can_access_file_data: requesting 0x2 on file x64/3/pscript5.dll [2012/08/30 15:27:58.048216, 5] smbd/nttrans.c:725(reply_ntcreate_and_X) reply_ntcreate_and_X: fnum = 17764, open name = x64/3/pscript5.dll [2012/08/30 15:27:58.049300, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 86 [2012/08/30 15:27:58.049454, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x56 [2012/08/30 15:27:58.049578, 3] smbd/process.c:1662(process_smb) Transaction 99 of length 90 (0 toread) [2012/08/30 15:27:58.049696, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:58.049758, 5] lib/util.c:342(show_msg) size=86 smb_com=0xa0 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=292 smb_uid=100 smb_mid=11392 smt_wct=23 smb_vwv[ 0]= 4 (0x4) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 512 (0x200) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]=21504 (0x5400) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 512 (0x200) smb_vwv[14]= 0 (0x0) smb_vwv[15]=21504 (0x5400) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 1024 (0x400) smb_vwv[18]= 2 (0x2) smb_vwv[19]= 452 (0x1C4) smb_vwv[20]= 20 (0x14) smb_vwv[21]=17764 (0x4564) smb_vwv[22]= 1 (0x1) smb_bcc=5 [2012/08/30 15:27:58.051950, 10] ../lib/util/util.c:415(dump_data) [0000] 00 00 00 07 16 ..... [2012/08/30 15:27:58.052079, 3] smbd/process.c:1467(switch_message) switch message SMBnttrans (pid 3054) conn 0x7fd50c011730 [2012/08/30 15:27:58.052199, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/08/30 15:27:58.052345, 10] smbd/nttrans.c:3108(reply_nttrans) num_setup=8, param_total=0, this_param=0, max_param=0, data_total=2, this_data=2, max_data=0, param_offset=84, data_offset=84 [2012/08/30 15:27:58.052467, 10] smbd/nttrans.c:3180(reply_nttrans) reply_nttrans: state->setup_count = 8 [2012/08/30 15:27:58.052602, 10] ../lib/util/util.c:415(dump_data) [0000] C4 01 14 00 64 45 01 00 ....dE.. [2012/08/30 15:27:58.052772, 10] smbd/nttrans.c:2481(call_nt_transact_ioctl) call_nt_transact_ioctl: function[0x001401C4] FID[0x4564] isFSctl[0x01] compfilter[0x00] [2012/08/30 15:27:58.052892, 2] smbd/nttrans.c:2440(smb_fsctl) smb_fsctl (0x1401c4): Currently not implemented. [2012/08/30 15:27:58.053011, 3] smbd/error.c:81(error_packet_set) error packet at smbd/nttrans.c(2514) cmd=160 (SMBnttrans) NT_STATUS_NOT_SUPPORTED [2012/08/30 15:27:58.053145, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:58.053207, 5] lib/util.c:342(show_msg) size=35 smb_com=0xa0 smb_rcls=187 smb_reh=0 smb_err=49152 smb_flg=136 smb_flg2=51203 smb_tid=2 smb_pid=292 smb_uid=100 smb_mid=11392 smt_wct=0 smb_bcc=0 [2012/08/30 15:27:58.053993, 10] ../lib/util/util.c:415(dump_data) [2012/08/30 15:27:58.054200, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2012/08/30 15:27:58.054333, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2012/08/30 15:27:58.054451, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2012/08/30 15:27:58.054759, 5] smbd/uid.c:400(change_to_root_user) change_to_root_user: now uid=(0,0) gid=(0,0) [2012/08/30 15:27:58.054910, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 72 [2012/08/30 15:27:58.055032, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x48 [2012/08/30 15:27:58.055149, 3] smbd/process.c:1662(process_smb) Transaction 100 of length 76 (0 toread) [2012/08/30 15:27:58.055267, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:58.055328, 5] lib/util.c:342(show_msg) size=72 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=292 smb_uid=100 smb_mid=11456 smt_wct=15 smb_vwv[ 0]= 4 (0x4) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 2 (0x2) smb_vwv[ 3]= 24 (0x18) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 4 (0x4) smb_vwv[10]= 68 (0x44) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 1 (0x1) smb_vwv[14]= 7 (0x7) smb_bcc=7 [2012/08/30 15:27:58.057626, 10] ../lib/util/util.c:415(dump_data) [0000] 00 00 00 64 45 ED 03 ...dE.. [2012/08/30 15:27:58.057756, 3] smbd/process.c:1467(switch_message) switch message SMBtrans2 (pid 3054) conn 0x7fd50c011730 [2012/08/30 15:27:58.057896, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (10000, 513) - sec_ctx_stack_ndx = 0 [2012/08/30 15:27:58.058016, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (14): SID[ 0]: S-1-5-21-3266308635-3715972288-3547500332-1001 SID[ 1]: S-1-5-21-3266308635-3715972288-3547500332-513 SID[ 2]: S-1-5-21-3266308635-3715972288-3547500332-512 SID[ 3]: S-1-5-21-3266308635-3715972288-3547500332-514 SID[ 4]: S-1-5-21-3266308635-3715972288-3547500332-515 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-10000 SID[ 10]: S-1-22-2-513 SID[ 11]: S-1-22-2-512 SID[ 12]: S-1-22-2-514 SID[ 13]: S-1-22-2-515 Privileges (0x 1FFFFFF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Privilege[ 8]: SeSecurityPrivilege Privilege[ 9]: SeSystemtimePrivilege Privilege[ 10]: SeShutdownPrivilege Privilege[ 11]: SeDebugPrivilege Privilege[ 12]: SeSystemEnvironmentPrivilege Privilege[ 13]: SeSystemProfilePrivilege Privilege[ 14]: SeProfileSingleProcessPrivilege Privilege[ 15]: SeIncreaseBasePriorityPrivilege Privilege[ 16]: SeLoadDriverPrivilege Privilege[ 17]: SeCreatePagefilePrivilege Privilege[ 18]: SeIncreaseQuotaPrivilege Privilege[ 19]: SeChangeNotifyPrivilege Privilege[ 20]: SeUndockPrivilege Privilege[ 21]: SeManageVolumePrivilege Privilege[ 22]: SeImpersonatePrivilege Privilege[ 23]: SeCreateGlobalPrivilege Privilege[ 24]: SeEnableDelegationPrivilege Rights (0x 0): [2012/08/30 15:27:58.060739, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 10000 Primary group is 513 and contains 4 supplementary groups Group[ 0]: 513 Group[ 1]: 512 Group[ 2]: 514 Group[ 3]: 515 [2012/08/30 15:27:58.061162, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,10000), gid=(0,513) [2012/08/30 15:27:58.061286, 3] smbd/trans2.c:5026(call_trans2qfilepathinfo) call_trans2qfilepathinfo: TRANSACT2_QFILEINFO: level = 1005 [2012/08/30 15:27:58.061420, 10] locking/locking.c:663(parse_share_modes) parse_share_modes: owrt: Wed Aug 15 16:54:38 2012 EDT, cwrt: Wed Dec 31 19:00:00 1969 EST, ntok: 0, num_share_modes: 1 [2012/08/30 15:27:58.061557, 10] locking/locking.c:725(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 3054, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0x2c40, type= 0x3, gen_id = 1302153910, uid = 10000, flags = 0, file_id 801:23ba5:0, name_hash = 0xdec2eda5 [2012/08/30 15:27:58.061694, 10] locking/locking.c:1657(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0xdec2eda5 [2012/08/30 15:27:58.061813, 3] smbd/trans2.c:5255(call_trans2qfilepathinfo) call_trans2qfilepathinfo x64/3/pscript5.dll (fnum = 17764) level=1005 call=7 total_data=0 [2012/08/30 15:27:58.061933, 5] smbd/trans2.c:4223(smbd_do_qfilepathinfo) smbd_do_qfilepathinfo: x64/3/pscript5.dll (fnum = 17764) level=1005 max_data=24 [2012/08/30 15:27:58.062052, 8] smbd/dosmode.c:621(dos_mode) dos_mode: x64/3/pscript5.dll [2012/08/30 15:27:58.062201, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning a [2012/08/30 15:27:58.062326, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning a [2012/08/30 15:27:58.062451, 10] smbd/trans2.c:4473(smbd_do_qfilepathinfo) smbd_do_qfilepathinfo: SMB_FILE_STANDARD_INFORMATION [2012/08/30 15:27:58.062570, 9] smbd/trans2.c:935(send_trans2_replies) t2_rep: params_sent_thistime = 2, data_sent_thistime = 24, useable_space = 131010 [2012/08/30 15:27:58.062690, 9] smbd/trans2.c:937(send_trans2_replies) t2_rep: params_to_send = 2, data_to_send = 24, paramsize = 2, datasize = 24 [2012/08/30 15:27:58.062807, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:58.062869, 5] lib/util.c:342(show_msg) size=84 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=2 smb_pid=292 smb_uid=100 smb_mid=11456 smt_wct=10 smb_vwv[ 0]= 2 (0x2) smb_vwv[ 1]= 24 (0x18) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 2 (0x2) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 24 (0x18) smb_vwv[ 7]= 60 (0x3C) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=29 [2012/08/30 15:27:58.064259, 10] ../lib/util/util.c:415(dump_data) [0000] 00 00 00 00 00 00 00 10 00 00 00 00 00 00 48 08 ........ ......H. [0010] 00 00 00 00 00 01 00 00 00 00 00 00 00 ........ ..... [2012/08/30 15:27:58.064900, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 72 [2012/08/30 15:27:58.065032, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x48 [2012/08/30 15:27:58.065151, 3] smbd/process.c:1662(process_smb) Transaction 101 of length 76 (0 toread) [2012/08/30 15:27:58.065270, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:58.065344, 5] lib/util.c:342(show_msg) size=72 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=292 smb_uid=100 smb_mid=11520 smt_wct=15 smb_vwv[ 0]= 4 (0x4) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 2 (0x2) smb_vwv[ 3]= 40 (0x28) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 4 (0x4) smb_vwv[10]= 68 (0x44) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 1 (0x1) smb_vwv[14]= 7 (0x7) smb_bcc=7 [2012/08/30 15:27:58.067043, 10] ../lib/util/util.c:415(dump_data) [0000] 00 00 00 64 45 EC 03 ...dE.. [2012/08/30 15:27:58.067173, 3] smbd/process.c:1467(switch_message) switch message SMBtrans2 (pid 3054) conn 0x7fd50c011730 [2012/08/30 15:27:58.067292, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/08/30 15:27:58.067413, 3] smbd/trans2.c:5026(call_trans2qfilepathinfo) call_trans2qfilepathinfo: TRANSACT2_QFILEINFO: level = 1004 [2012/08/30 15:27:58.067552, 10] locking/locking.c:663(parse_share_modes) parse_share_modes: owrt: Wed Aug 15 16:54:38 2012 EDT, cwrt: Wed Dec 31 19:00:00 1969 EST, ntok: 0, num_share_modes: 1 [2012/08/30 15:27:58.067699, 10] locking/locking.c:725(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 3054, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0x2c40, type= 0x3, gen_id = 1302153910, uid = 10000, flags = 0, file_id 801:23ba5:0, name_hash = 0xdec2eda5 [2012/08/30 15:27:58.067818, 10] locking/locking.c:1657(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0xdec2eda5 [2012/08/30 15:27:58.067953, 3] smbd/trans2.c:5255(call_trans2qfilepathinfo) call_trans2qfilepathinfo x64/3/pscript5.dll (fnum = 17764) level=1004 call=7 total_data=0 [2012/08/30 15:27:58.068073, 5] smbd/trans2.c:4223(smbd_do_qfilepathinfo) smbd_do_qfilepathinfo: x64/3/pscript5.dll (fnum = 17764) level=1004 max_data=40 [2012/08/30 15:27:58.068192, 8] smbd/dosmode.c:621(dos_mode) dos_mode: x64/3/pscript5.dll [2012/08/30 15:27:58.068327, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning a [2012/08/30 15:27:58.068445, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning a [2012/08/30 15:27:58.068574, 10] smbd/trans2.c:4452(smbd_do_qfilepathinfo) smbd_do_qfilepathinfo: SMB_FILE_BASIC_INFORMATION [2012/08/30 15:27:58.068692, 5] smbd/trans2.c:4462(smbd_do_qfilepathinfo) SMB_QFBI - create: Wed Aug 15 16:54:38 2012 access: Thu Aug 30 15:15:20 2012 write: Wed Aug 15 16:54:38 2012 change: Wed Aug 15 16:54:38 2012 mode: 20 [2012/08/30 15:27:58.069065, 9] smbd/trans2.c:935(send_trans2_replies) t2_rep: params_sent_thistime = 2, data_sent_thistime = 40, useable_space = 131010 [2012/08/30 15:27:58.069189, 9] smbd/trans2.c:937(send_trans2_replies) t2_rep: params_to_send = 2, data_to_send = 40, paramsize = 2, datasize = 40 [2012/08/30 15:27:58.069309, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:58.069370, 5] lib/util.c:342(show_msg) size=100 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=2 smb_pid=292 smb_uid=100 smb_mid=11520 smt_wct=10 smb_vwv[ 0]= 2 (0x2) smb_vwv[ 1]= 40 (0x28) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 2 (0x2) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 40 (0x28) smb_vwv[ 7]= 60 (0x3C) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=45 [2012/08/30 15:27:58.070863, 10] ../lib/util/util.c:415(dump_data) [0000] 00 00 00 00 00 B0 91 B7 2E 28 7B CD 01 BF 47 1F ........ .({...G. [0010] CC E3 86 CD 01 B0 91 B7 2E 28 7B CD 01 B0 91 B7 ........ .({..... [0020] 2E 28 7B CD 01 20 00 00 00 00 00 00 00 .({.. .. ..... [2012/08/30 15:27:58.071693, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 72 [2012/08/30 15:27:58.071826, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x48 [2012/08/30 15:27:58.071944, 3] smbd/process.c:1662(process_smb) Transaction 102 of length 76 (0 toread) [2012/08/30 15:27:58.072065, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:58.072126, 5] lib/util.c:342(show_msg) size=72 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=292 smb_uid=100 smb_mid=11584 smt_wct=15 smb_vwv[ 0]= 4 (0x4) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 2 (0x2) smb_vwv[ 3]= 4094 (0xFFE) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 4 (0x4) smb_vwv[10]= 68 (0x44) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 1 (0x1) smb_vwv[14]= 7 (0x7) smb_bcc=7 [2012/08/30 15:27:58.073767, 10] ../lib/util/util.c:415(dump_data) [0000] 00 00 00 64 45 FE 03 ...dE.. [2012/08/30 15:27:58.073902, 3] smbd/process.c:1467(switch_message) switch message SMBtrans2 (pid 3054) conn 0x7fd50c011730 [2012/08/30 15:27:58.074050, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/08/30 15:27:58.074177, 3] smbd/trans2.c:5026(call_trans2qfilepathinfo) call_trans2qfilepathinfo: TRANSACT2_QFILEINFO: level = 1022 [2012/08/30 15:27:58.074309, 10] locking/locking.c:663(parse_share_modes) parse_share_modes: owrt: Wed Aug 15 16:54:38 2012 EDT, cwrt: Wed Dec 31 19:00:00 1969 EST, ntok: 0, num_share_modes: 1 [2012/08/30 15:27:58.074465, 10] locking/locking.c:725(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 3054, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0x2c40, type= 0x3, gen_id = 1302153910, uid = 10000, flags = 0, file_id 801:23ba5:0, name_hash = 0xdec2eda5 [2012/08/30 15:27:58.074586, 10] locking/locking.c:1657(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0xdec2eda5 [2012/08/30 15:27:58.074705, 3] smbd/trans2.c:5255(call_trans2qfilepathinfo) call_trans2qfilepathinfo x64/3/pscript5.dll (fnum = 17764) level=1022 call=7 total_data=0 [2012/08/30 15:27:58.074825, 5] smbd/trans2.c:4223(smbd_do_qfilepathinfo) smbd_do_qfilepathinfo: x64/3/pscript5.dll (fnum = 17764) level=1022 max_data=4094 [2012/08/30 15:27:58.074943, 8] smbd/dosmode.c:621(dos_mode) dos_mode: x64/3/pscript5.dll [2012/08/30 15:27:58.075072, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning a [2012/08/30 15:27:58.075192, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning a [2012/08/30 15:27:58.075314, 10] smbd/trans2.c:4675(smbd_do_qfilepathinfo) smbd_do_qfilepathinfo: SMB_FILE_STREAM_INFORMATION [2012/08/30 15:27:58.075437, 9] smbd/trans2.c:935(send_trans2_replies) t2_rep: params_sent_thistime = 2, data_sent_thistime = 38, useable_space = 131010 [2012/08/30 15:27:58.075617, 9] smbd/trans2.c:937(send_trans2_replies) t2_rep: params_to_send = 2, data_to_send = 38, paramsize = 2, datasize = 38 [2012/08/30 15:27:58.075735, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:58.075796, 5] lib/util.c:342(show_msg) size=98 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=2 smb_pid=292 smb_uid=100 smb_mid=11584 smt_wct=10 smb_vwv[ 0]= 2 (0x2) smb_vwv[ 1]= 38 (0x26) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 2 (0x2) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 38 (0x26) smb_vwv[ 7]= 60 (0x3C) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=43 [2012/08/30 15:27:58.077143, 10] ../lib/util/util.c:415(dump_data) [0000] 00 00 00 00 00 00 00 00 00 0E 00 00 00 00 48 08 ........ ......H. [0010] 00 00 00 00 00 00 00 10 00 00 00 00 00 3A 00 3A ........ .....:.: [0020] 00 24 00 44 00 41 00 54 00 41 00 .$.D.A.T .A. [2012/08/30 15:27:58.077836, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 72 [2012/08/30 15:27:58.077979, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x48 [2012/08/30 15:27:58.078101, 3] smbd/process.c:1662(process_smb) Transaction 103 of length 76 (0 toread) [2012/08/30 15:27:58.078219, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:58.078280, 5] lib/util.c:342(show_msg) size=72 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=292 smb_uid=100 smb_mid=11648 smt_wct=15 smb_vwv[ 0]= 4 (0x4) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 2 (0x2) smb_vwv[ 3]= 40 (0x28) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 4 (0x4) smb_vwv[10]= 68 (0x44) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 1 (0x1) smb_vwv[14]= 7 (0x7) smb_bcc=7 [2012/08/30 15:27:58.079942, 10] ../lib/util/util.c:415(dump_data) [0000] 00 00 00 64 45 EC 03 ...dE.. [2012/08/30 15:27:58.080072, 3] smbd/process.c:1467(switch_message) switch message SMBtrans2 (pid 3054) conn 0x7fd50c011730 [2012/08/30 15:27:58.080190, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/08/30 15:27:58.080327, 3] smbd/trans2.c:5026(call_trans2qfilepathinfo) call_trans2qfilepathinfo: TRANSACT2_QFILEINFO: level = 1004 [2012/08/30 15:27:58.080457, 10] locking/locking.c:663(parse_share_modes) parse_share_modes: owrt: Wed Aug 15 16:54:38 2012 EDT, cwrt: Wed Dec 31 19:00:00 1969 EST, ntok: 0, num_share_modes: 1 [2012/08/30 15:27:58.080609, 10] locking/locking.c:725(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 3054, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0x2c40, type= 0x3, gen_id = 1302153910, uid = 10000, flags = 0, file_id 801:23ba5:0, name_hash = 0xdec2eda5 [2012/08/30 15:27:58.080730, 10] locking/locking.c:1657(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0xdec2eda5 [2012/08/30 15:27:58.080848, 3] smbd/trans2.c:5255(call_trans2qfilepathinfo) call_trans2qfilepathinfo x64/3/pscript5.dll (fnum = 17764) level=1004 call=7 total_data=0 [2012/08/30 15:27:58.080968, 5] smbd/trans2.c:4223(smbd_do_qfilepathinfo) smbd_do_qfilepathinfo: x64/3/pscript5.dll (fnum = 17764) level=1004 max_data=40 [2012/08/30 15:27:58.081105, 8] smbd/dosmode.c:621(dos_mode) dos_mode: x64/3/pscript5.dll [2012/08/30 15:27:58.081224, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning a [2012/08/30 15:27:58.081350, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning a [2012/08/30 15:27:58.081472, 10] smbd/trans2.c:4452(smbd_do_qfilepathinfo) smbd_do_qfilepathinfo: SMB_FILE_BASIC_INFORMATION [2012/08/30 15:27:58.081590, 5] smbd/trans2.c:4462(smbd_do_qfilepathinfo) SMB_QFBI - create: Wed Aug 15 16:54:38 2012 access: Thu Aug 30 15:15:20 2012 write: Wed Aug 15 16:54:38 2012 change: Wed Aug 15 16:54:38 2012 mode: 20 [2012/08/30 15:27:58.082113, 9] smbd/trans2.c:935(send_trans2_replies) t2_rep: params_sent_thistime = 2, data_sent_thistime = 40, useable_space = 131010 [2012/08/30 15:27:58.082231, 9] smbd/trans2.c:937(send_trans2_replies) t2_rep: params_to_send = 2, data_to_send = 40, paramsize = 2, datasize = 40 [2012/08/30 15:27:58.082349, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:58.082410, 5] lib/util.c:342(show_msg) size=100 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=2 smb_pid=292 smb_uid=100 smb_mid=11648 smt_wct=10 smb_vwv[ 0]= 2 (0x2) smb_vwv[ 1]= 40 (0x28) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 2 (0x2) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 40 (0x28) smb_vwv[ 7]= 60 (0x3C) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=45 [2012/08/30 15:27:58.083782, 10] ../lib/util/util.c:415(dump_data) [0000] 00 00 00 00 00 B0 91 B7 2E 28 7B CD 01 BF 47 1F ........ .({...G. [0010] CC E3 86 CD 01 B0 91 B7 2E 28 7B CD 01 B0 91 B7 ........ .({..... [0020] 2E 28 7B CD 01 20 00 00 00 00 00 00 00 .({.. .. ..... [2012/08/30 15:27:58.085662, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 70 [2012/08/30 15:27:58.085869, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x46 [2012/08/30 15:27:58.085989, 3] smbd/process.c:1662(process_smb) Transaction 104 of length 74 (0 toread) [2012/08/30 15:27:58.086107, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:58.086168, 5] lib/util.c:342(show_msg) size=70 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=292 smb_uid=100 smb_mid=11712 smt_wct=15 smb_vwv[ 0]= 2 (0x2) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 560 (0x230) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 2 (0x2) smb_vwv[10]= 68 (0x44) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 1 (0x1) smb_vwv[14]= 3 (0x3) smb_bcc=5 [2012/08/30 15:27:58.089153, 10] ../lib/util/util.c:415(dump_data) [0000] 00 00 00 05 01 ..... [2012/08/30 15:27:58.089292, 3] smbd/process.c:1467(switch_message) switch message SMBtrans2 (pid 3054) conn 0x7fd50c011730 [2012/08/30 15:27:58.089411, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/08/30 15:27:58.089533, 3] smbd/trans2.c:3507(call_trans2qfsinfo) call_trans2qfsinfo: level = 261 [2012/08/30 15:27:58.089720, 3] smbd/trans2.c:2945(smbd_do_qfsinfo) smbd_do_qfsinfo: level = 261 [2012/08/30 15:27:58.089874, 9] smbd/trans2.c:935(send_trans2_replies) t2_rep: params_sent_thistime = 0, data_sent_thistime = 20, useable_space = 131012 [2012/08/30 15:27:58.090086, 9] smbd/trans2.c:937(send_trans2_replies) t2_rep: params_to_send = 0, data_to_send = 20, paramsize = 0, datasize = 20 [2012/08/30 15:27:58.090205, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:58.090267, 5] lib/util.c:342(show_msg) size=76 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=2 smb_pid=292 smb_uid=100 smb_mid=11712 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 20 (0x14) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 20 (0x14) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=21 [2012/08/30 15:27:58.091670, 10] ../lib/util/util.c:415(dump_data) [0000] 00 2F 00 01 00 FF 00 00 00 08 00 00 00 4E 00 54 ./...... .....N.T [0010] 00 46 00 53 00 .F.S. [2012/08/30 15:27:58.091964, 4] smbd/trans2.c:3523(call_trans2qfsinfo) SMBtrans2 info_level = 261 [2012/08/30 15:27:58.093240, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 59 [2012/08/30 15:27:58.093554, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x3b [2012/08/30 15:27:58.093777, 3] smbd/process.c:1662(process_smb) Transaction 105 of length 63 (0 toread) [2012/08/30 15:27:58.093996, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:58.094067, 5] lib/util.c:342(show_msg) size=59 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=65279 smb_uid=100 smb_mid=11776 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]=17764 (0x4564) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]=32768 (0x8000) smb_vwv[ 6]=32768 (0x8000) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]=32768 (0x8000) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=0 [2012/08/30 15:27:58.097005, 10] ../lib/util/util.c:415(dump_data) [2012/08/30 15:27:58.097082, 3] smbd/process.c:1467(switch_message) switch message SMBreadX (pid 3054) conn 0x7fd50c011730 [2012/08/30 15:27:58.097282, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/08/30 15:27:58.097409, 10] locking/locking.c:121(strict_lock_default) is_locked: optimisation - exclusive oplock on file x64/3/pscript5.dll [2012/08/30 15:27:58.097531, 10] locking/locking.c:163(strict_lock_default) strict_lock_default: flavour = WINDOWS_LOCK brl start=0 len=32768 unlocked for fnum 17764 file x64/3/pscript5.dll [2012/08/30 15:27:58.097681, 10] smbd/fileio.c:109(read_file) read_file (x64/3/pscript5.dll): pos = 0, size = 32768, returned 32768 [2012/08/30 15:27:58.097802, 3] smbd/reply.c:3702(send_file_readX) send_file_readX fnum=17764 max=32768 nread=32768 [2012/08/30 15:27:58.098087, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 59 [2012/08/30 15:27:58.098212, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x3b [2012/08/30 15:27:58.098537, 3] smbd/process.c:1662(process_smb) Transaction 106 of length 63 (0 toread) [2012/08/30 15:27:58.098806, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:58.099138, 5] lib/util.c:342(show_msg) size=59 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=65279 smb_uid=100 smb_mid=11841 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]=17764 (0x4564) smb_vwv[ 3]=32768 (0x8000) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]=32768 (0x8000) smb_vwv[ 6]=32768 (0x8000) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]=32768 (0x8000) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=0 [2012/08/30 15:27:58.100800, 10] ../lib/util/util.c:415(dump_data) [2012/08/30 15:27:58.100865, 3] smbd/process.c:1467(switch_message) switch message SMBreadX (pid 3054) conn 0x7fd50c011730 [2012/08/30 15:27:58.100984, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/08/30 15:27:58.101106, 10] locking/locking.c:121(strict_lock_default) is_locked: optimisation - exclusive oplock on file x64/3/pscript5.dll [2012/08/30 15:27:58.101224, 10] locking/locking.c:163(strict_lock_default) strict_lock_default: flavour = WINDOWS_LOCK brl start=32768 len=32768 unlocked for fnum 17764 file x64/3/pscript5.dll [2012/08/30 15:27:58.101389, 10] smbd/fileio.c:109(read_file) read_file (x64/3/pscript5.dll): pos = 32768, size = 32768, returned 32768 [2012/08/30 15:27:58.101511, 3] smbd/reply.c:3702(send_file_readX) send_file_readX fnum=17764 max=32768 nread=32768 [2012/08/30 15:27:58.101758, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 59 [2012/08/30 15:27:58.102058, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x3b [2012/08/30 15:27:58.102276, 3] smbd/process.c:1662(process_smb) Transaction 107 of length 63 (0 toread) [2012/08/30 15:27:58.102403, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:58.102465, 5] lib/util.c:342(show_msg) size=59 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=65279 smb_uid=100 smb_mid=11906 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]=17764 (0x4564) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 1 (0x1) smb_vwv[ 5]=32768 (0x8000) smb_vwv[ 6]=32768 (0x8000) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]=32768 (0x8000) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=0 [2012/08/30 15:27:58.103949, 10] ../lib/util/util.c:415(dump_data) [2012/08/30 15:27:58.104014, 3] smbd/process.c:1467(switch_message) switch message SMBreadX (pid 3054) conn 0x7fd50c011730 [2012/08/30 15:27:58.104134, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/08/30 15:27:58.104261, 10] locking/locking.c:121(strict_lock_default) is_locked: optimisation - exclusive oplock on file x64/3/pscript5.dll [2012/08/30 15:27:58.104379, 10] locking/locking.c:163(strict_lock_default) strict_lock_default: flavour = WINDOWS_LOCK brl start=65536 len=32768 unlocked for fnum 17764 file x64/3/pscript5.dll [2012/08/30 15:27:58.104522, 10] smbd/fileio.c:109(read_file) read_file (x64/3/pscript5.dll): pos = 65536, size = 32768, returned 32768 [2012/08/30 15:27:58.104643, 3] smbd/reply.c:3702(send_file_readX) send_file_readX fnum=17764 max=32768 nread=32768 [2012/08/30 15:27:58.104897, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 59 [2012/08/30 15:27:58.105025, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x3b [2012/08/30 15:27:58.106742, 3] smbd/process.c:1662(process_smb) Transaction 108 of length 63 (0 toread) [2012/08/30 15:27:58.106894, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:58.106956, 5] lib/util.c:342(show_msg) size=59 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=65279 smb_uid=100 smb_mid=11971 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]=17764 (0x4564) smb_vwv[ 3]=32768 (0x8000) smb_vwv[ 4]= 1 (0x1) smb_vwv[ 5]=32768 (0x8000) smb_vwv[ 6]=32768 (0x8000) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]=32768 (0x8000) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=0 [2012/08/30 15:27:58.108526, 10] ../lib/util/util.c:415(dump_data) [2012/08/30 15:27:58.108608, 3] smbd/process.c:1467(switch_message) switch message SMBreadX (pid 3054) conn 0x7fd50c011730 [2012/08/30 15:27:58.108728, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/08/30 15:27:58.108852, 10] locking/locking.c:121(strict_lock_default) is_locked: optimisation - exclusive oplock on file x64/3/pscript5.dll [2012/08/30 15:27:58.108973, 10] locking/locking.c:163(strict_lock_default) strict_lock_default: flavour = WINDOWS_LOCK brl start=98304 len=32768 unlocked for fnum 17764 file x64/3/pscript5.dll [2012/08/30 15:27:58.109118, 10] smbd/fileio.c:109(read_file) read_file (x64/3/pscript5.dll): pos = 98304, size = 32768, returned 32768 [2012/08/30 15:27:58.109240, 3] smbd/reply.c:3702(send_file_readX) send_file_readX fnum=17764 max=32768 nread=32768 [2012/08/30 15:27:58.109499, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 59 [2012/08/30 15:27:58.109625, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x3b [2012/08/30 15:27:58.109880, 3] smbd/process.c:1662(process_smb) Transaction 109 of length 63 (0 toread) [2012/08/30 15:27:58.110086, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:58.110149, 5] lib/util.c:342(show_msg) size=59 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=65279 smb_uid=100 smb_mid=12036 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]=17764 (0x4564) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 2 (0x2) smb_vwv[ 5]=32768 (0x8000) smb_vwv[ 6]=32768 (0x8000) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]=32768 (0x8000) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=0 [2012/08/30 15:27:58.111726, 10] ../lib/util/util.c:415(dump_data) [2012/08/30 15:27:58.111790, 3] smbd/process.c:1467(switch_message) switch message SMBreadX (pid 3054) conn 0x7fd50c011730 [2012/08/30 15:27:58.111911, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/08/30 15:27:58.112034, 10] locking/locking.c:121(strict_lock_default) is_locked: optimisation - exclusive oplock on file x64/3/pscript5.dll [2012/08/30 15:27:58.112164, 10] locking/locking.c:163(strict_lock_default) strict_lock_default: flavour = WINDOWS_LOCK brl start=131072 len=32768 unlocked for fnum 17764 file x64/3/pscript5.dll [2012/08/30 15:27:58.112392, 10] smbd/fileio.c:109(read_file) read_file (x64/3/pscript5.dll): pos = 131072, size = 32768, returned 32768 [2012/08/30 15:27:58.112517, 3] smbd/reply.c:3702(send_file_readX) send_file_readX fnum=17764 max=32768 nread=32768 [2012/08/30 15:27:58.112763, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 59 [2012/08/30 15:27:58.112897, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x3b [2012/08/30 15:27:58.113171, 3] smbd/process.c:1662(process_smb) Transaction 110 of length 63 (0 toread) [2012/08/30 15:27:58.113388, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:58.113451, 5] lib/util.c:342(show_msg) size=59 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=65279 smb_uid=100 smb_mid=12101 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]=17764 (0x4564) smb_vwv[ 3]=32768 (0x8000) smb_vwv[ 4]= 2 (0x2) smb_vwv[ 5]=32768 (0x8000) smb_vwv[ 6]=32768 (0x8000) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]=32768 (0x8000) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=0 [2012/08/30 15:27:58.114998, 10] ../lib/util/util.c:415(dump_data) [2012/08/30 15:27:58.115078, 3] smbd/process.c:1467(switch_message) switch message SMBreadX (pid 3054) conn 0x7fd50c011730 [2012/08/30 15:27:58.115196, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/08/30 15:27:58.115319, 10] locking/locking.c:121(strict_lock_default) is_locked: optimisation - exclusive oplock on file x64/3/pscript5.dll [2012/08/30 15:27:58.115440, 10] locking/locking.c:163(strict_lock_default) strict_lock_default: flavour = WINDOWS_LOCK brl start=163840 len=32768 unlocked for fnum 17764 file x64/3/pscript5.dll [2012/08/30 15:27:58.115640, 10] smbd/fileio.c:109(read_file) read_file (x64/3/pscript5.dll): pos = 163840, size = 32768, returned 32768 [2012/08/30 15:27:58.115781, 3] smbd/reply.c:3702(send_file_readX) send_file_readX fnum=17764 max=32768 nread=32768 [2012/08/30 15:27:58.116047, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 59 [2012/08/30 15:27:58.116173, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x3b [2012/08/30 15:27:58.116452, 3] smbd/process.c:1662(process_smb) Transaction 111 of length 63 (0 toread) [2012/08/30 15:27:58.116670, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:58.116735, 5] lib/util.c:342(show_msg) size=59 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=65279 smb_uid=100 smb_mid=12166 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]=17764 (0x4564) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 3 (0x3) smb_vwv[ 5]=32768 (0x8000) smb_vwv[ 6]=32768 (0x8000) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]=32768 (0x8000) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=0 [2012/08/30 15:27:58.118397, 10] ../lib/util/util.c:415(dump_data) [2012/08/30 15:27:58.118462, 3] smbd/process.c:1467(switch_message) switch message SMBreadX (pid 3054) conn 0x7fd50c011730 [2012/08/30 15:27:58.118627, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/08/30 15:27:58.118901, 10] locking/locking.c:121(strict_lock_default) is_locked: optimisation - exclusive oplock on file x64/3/pscript5.dll [2012/08/30 15:27:58.119024, 10] locking/locking.c:163(strict_lock_default) strict_lock_default: flavour = WINDOWS_LOCK brl start=196608 len=32768 unlocked for fnum 17764 file x64/3/pscript5.dll [2012/08/30 15:27:58.119169, 10] smbd/fileio.c:109(read_file) read_file (x64/3/pscript5.dll): pos = 196608, size = 32768, returned 32768 [2012/08/30 15:27:58.119310, 3] smbd/reply.c:3702(send_file_readX) send_file_readX fnum=17764 max=32768 nread=32768 [2012/08/30 15:27:58.119601, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 59 [2012/08/30 15:27:58.119753, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x3b [2012/08/30 15:27:58.119874, 3] smbd/process.c:1662(process_smb) Transaction 112 of length 63 (0 toread) [2012/08/30 15:27:58.119993, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:58.120057, 5] lib/util.c:342(show_msg) size=59 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=65279 smb_uid=100 smb_mid=12231 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]=17764 (0x4564) smb_vwv[ 3]=32768 (0x8000) smb_vwv[ 4]= 3 (0x3) smb_vwv[ 5]=32768 (0x8000) smb_vwv[ 6]=32768 (0x8000) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]=32768 (0x8000) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=0 [2012/08/30 15:27:58.122377, 10] ../lib/util/util.c:415(dump_data) [2012/08/30 15:27:58.122457, 3] smbd/process.c:1467(switch_message) switch message SMBreadX (pid 3054) conn 0x7fd50c011730 [2012/08/30 15:27:58.122578, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/08/30 15:27:58.122708, 10] locking/locking.c:121(strict_lock_default) is_locked: optimisation - exclusive oplock on file x64/3/pscript5.dll [2012/08/30 15:27:58.122830, 10] locking/locking.c:163(strict_lock_default) strict_lock_default: flavour = WINDOWS_LOCK brl start=229376 len=32768 unlocked for fnum 17764 file x64/3/pscript5.dll [2012/08/30 15:27:58.122986, 10] smbd/fileio.c:109(read_file) read_file (x64/3/pscript5.dll): pos = 229376, size = 32768, returned 32768 [2012/08/30 15:27:58.123134, 3] smbd/reply.c:3702(send_file_readX) send_file_readX fnum=17764 max=32768 nread=32768 [2012/08/30 15:27:58.123687, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 59 [2012/08/30 15:27:58.123859, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x3b [2012/08/30 15:27:58.123981, 3] smbd/process.c:1662(process_smb) Transaction 113 of length 63 (0 toread) [2012/08/30 15:27:58.124100, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:58.124165, 5] lib/util.c:342(show_msg) size=59 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=65279 smb_uid=100 smb_mid=12296 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]=17764 (0x4564) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 4 (0x4) smb_vwv[ 5]=32768 (0x8000) smb_vwv[ 6]=32768 (0x8000) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]=32768 (0x8000) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=0 [2012/08/30 15:27:58.125749, 10] ../lib/util/util.c:415(dump_data) [2012/08/30 15:27:58.125817, 3] smbd/process.c:1467(switch_message) switch message SMBreadX (pid 3054) conn 0x7fd50c011730 [2012/08/30 15:27:58.126065, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/08/30 15:27:58.126200, 10] locking/locking.c:121(strict_lock_default) is_locked: optimisation - exclusive oplock on file x64/3/pscript5.dll [2012/08/30 15:27:58.126332, 10] locking/locking.c:163(strict_lock_default) strict_lock_default: flavour = WINDOWS_LOCK brl start=262144 len=32768 unlocked for fnum 17764 file x64/3/pscript5.dll [2012/08/30 15:27:58.126481, 10] smbd/fileio.c:109(read_file) read_file (x64/3/pscript5.dll): pos = 262144, size = 32768, returned 32768 [2012/08/30 15:27:58.126620, 3] smbd/reply.c:3702(send_file_readX) send_file_readX fnum=17764 max=32768 nread=32768 [2012/08/30 15:27:58.126774, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 59 [2012/08/30 15:27:58.126895, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x3b [2012/08/30 15:27:58.127016, 3] smbd/process.c:1662(process_smb) Transaction 114 of length 63 (0 toread) [2012/08/30 15:27:58.127136, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:58.127197, 5] lib/util.c:342(show_msg) size=59 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=65279 smb_uid=100 smb_mid=12361 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]=17764 (0x4564) smb_vwv[ 3]=32768 (0x8000) smb_vwv[ 4]= 4 (0x4) smb_vwv[ 5]=32768 (0x8000) smb_vwv[ 6]=32768 (0x8000) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]=32768 (0x8000) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=0 [2012/08/30 15:27:58.130707, 10] ../lib/util/util.c:415(dump_data) [2012/08/30 15:27:58.130782, 3] smbd/process.c:1467(switch_message) switch message SMBreadX (pid 3054) conn 0x7fd50c011730 [2012/08/30 15:27:58.130974, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/08/30 15:27:58.131108, 10] locking/locking.c:121(strict_lock_default) is_locked: optimisation - exclusive oplock on file x64/3/pscript5.dll [2012/08/30 15:27:58.131227, 10] locking/locking.c:163(strict_lock_default) strict_lock_default: flavour = WINDOWS_LOCK brl start=294912 len=32768 unlocked for fnum 17764 file x64/3/pscript5.dll [2012/08/30 15:27:58.131390, 10] smbd/fileio.c:109(read_file) read_file (x64/3/pscript5.dll): pos = 294912, size = 32768, returned 32768 [2012/08/30 15:27:58.131561, 3] smbd/reply.c:3702(send_file_readX) send_file_readX fnum=17764 max=32768 nread=32768 [2012/08/30 15:27:58.133392, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 59 [2012/08/30 15:27:58.133541, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x3b [2012/08/30 15:27:58.133664, 3] smbd/process.c:1662(process_smb) Transaction 115 of length 63 (0 toread) [2012/08/30 15:27:58.133782, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:58.133843, 5] lib/util.c:342(show_msg) size=59 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=65279 smb_uid=100 smb_mid=12426 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]=17764 (0x4564) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 5 (0x5) smb_vwv[ 5]=32768 (0x8000) smb_vwv[ 6]=32768 (0x8000) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]=32768 (0x8000) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=0 [2012/08/30 15:27:58.135580, 10] ../lib/util/util.c:415(dump_data) [2012/08/30 15:27:58.135647, 3] smbd/process.c:1467(switch_message) switch message SMBreadX (pid 3054) conn 0x7fd50c011730 [2012/08/30 15:27:58.135766, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/08/30 15:27:58.135905, 10] locking/locking.c:121(strict_lock_default) is_locked: optimisation - exclusive oplock on file x64/3/pscript5.dll [2012/08/30 15:27:58.136035, 10] locking/locking.c:163(strict_lock_default) strict_lock_default: flavour = WINDOWS_LOCK brl start=327680 len=32768 unlocked for fnum 17764 file x64/3/pscript5.dll [2012/08/30 15:27:58.136188, 10] smbd/fileio.c:109(read_file) read_file (x64/3/pscript5.dll): pos = 327680, size = 32768, returned 32768 [2012/08/30 15:27:58.136314, 3] smbd/reply.c:3702(send_file_readX) send_file_readX fnum=17764 max=32768 nread=32768 [2012/08/30 15:27:58.137737, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 59 [2012/08/30 15:27:58.137881, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x3b [2012/08/30 15:27:58.138014, 3] smbd/process.c:1662(process_smb) Transaction 116 of length 63 (0 toread) [2012/08/30 15:27:58.138132, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:58.138197, 5] lib/util.c:342(show_msg) size=59 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=65279 smb_uid=100 smb_mid=12491 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]=17764 (0x4564) smb_vwv[ 3]=32768 (0x8000) smb_vwv[ 4]= 5 (0x5) smb_vwv[ 5]=32768 (0x8000) smb_vwv[ 6]=32768 (0x8000) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]=32768 (0x8000) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=0 [2012/08/30 15:27:58.140034, 10] ../lib/util/util.c:415(dump_data) [2012/08/30 15:27:58.140110, 3] smbd/process.c:1467(switch_message) switch message SMBreadX (pid 3054) conn 0x7fd50c011730 [2012/08/30 15:27:58.140240, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/08/30 15:27:58.140369, 10] locking/locking.c:121(strict_lock_default) is_locked: optimisation - exclusive oplock on file x64/3/pscript5.dll [2012/08/30 15:27:58.140490, 10] locking/locking.c:163(strict_lock_default) strict_lock_default: flavour = WINDOWS_LOCK brl start=360448 len=32768 unlocked for fnum 17764 file x64/3/pscript5.dll [2012/08/30 15:27:58.140651, 10] smbd/fileio.c:109(read_file) read_file (x64/3/pscript5.dll): pos = 360448, size = 32768, returned 32768 [2012/08/30 15:27:58.140775, 3] smbd/reply.c:3702(send_file_readX) send_file_readX fnum=17764 max=32768 nread=32768 [2012/08/30 15:27:58.141994, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 59 [2012/08/30 15:27:58.142225, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x3b [2012/08/30 15:27:58.142348, 3] smbd/process.c:1662(process_smb) Transaction 117 of length 63 (0 toread) [2012/08/30 15:27:58.142467, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:58.142669, 5] lib/util.c:342(show_msg) size=59 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=65279 smb_uid=100 smb_mid=12556 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]=17764 (0x4564) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 6 (0x6) smb_vwv[ 5]=32768 (0x8000) smb_vwv[ 6]=32768 (0x8000) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]=32768 (0x8000) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=0 [2012/08/30 15:27:58.144266, 10] ../lib/util/util.c:415(dump_data) [2012/08/30 15:27:58.144330, 3] smbd/process.c:1467(switch_message) switch message SMBreadX (pid 3054) conn 0x7fd50c011730 [2012/08/30 15:27:58.144451, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/08/30 15:27:58.144573, 10] locking/locking.c:121(strict_lock_default) is_locked: optimisation - exclusive oplock on file x64/3/pscript5.dll [2012/08/30 15:27:58.144707, 10] locking/locking.c:163(strict_lock_default) strict_lock_default: flavour = WINDOWS_LOCK brl start=393216 len=32768 unlocked for fnum 17764 file x64/3/pscript5.dll [2012/08/30 15:27:58.144849, 10] smbd/fileio.c:109(read_file) read_file (x64/3/pscript5.dll): pos = 393216, size = 32768, returned 32768 [2012/08/30 15:27:58.144974, 3] smbd/reply.c:3702(send_file_readX) send_file_readX fnum=17764 max=32768 nread=32768 [2012/08/30 15:27:58.145230, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 59 [2012/08/30 15:27:58.145357, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x3b [2012/08/30 15:27:58.145476, 3] smbd/process.c:1662(process_smb) Transaction 118 of length 63 (0 toread) [2012/08/30 15:27:58.145735, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:58.145813, 5] lib/util.c:342(show_msg) size=59 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=65279 smb_uid=100 smb_mid=12621 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]=17764 (0x4564) smb_vwv[ 3]=32768 (0x8000) smb_vwv[ 4]= 6 (0x6) smb_vwv[ 5]=32768 (0x8000) smb_vwv[ 6]=32768 (0x8000) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]=32768 (0x8000) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=0 [2012/08/30 15:27:58.147727, 10] ../lib/util/util.c:415(dump_data) [2012/08/30 15:27:58.147795, 3] smbd/process.c:1467(switch_message) switch message SMBreadX (pid 3054) conn 0x7fd50c011730 [2012/08/30 15:27:58.147916, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/08/30 15:27:58.148044, 10] locking/locking.c:121(strict_lock_default) is_locked: optimisation - exclusive oplock on file x64/3/pscript5.dll [2012/08/30 15:27:58.148163, 10] locking/locking.c:163(strict_lock_default) strict_lock_default: flavour = WINDOWS_LOCK brl start=425984 len=32768 unlocked for fnum 17764 file x64/3/pscript5.dll [2012/08/30 15:27:58.148307, 10] smbd/fileio.c:109(read_file) read_file (x64/3/pscript5.dll): pos = 425984, size = 32768, returned 32768 [2012/08/30 15:27:58.148429, 3] smbd/reply.c:3702(send_file_readX) send_file_readX fnum=17764 max=32768 nread=32768 [2012/08/30 15:27:58.148701, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 59 [2012/08/30 15:27:58.148824, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x3b [2012/08/30 15:27:58.148960, 3] smbd/process.c:1662(process_smb) Transaction 119 of length 63 (0 toread) [2012/08/30 15:27:58.149222, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:58.149379, 5] lib/util.c:342(show_msg) size=59 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=65279 smb_uid=100 smb_mid=12686 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]=17764 (0x4564) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 7 (0x7) smb_vwv[ 5]=32768 (0x8000) smb_vwv[ 6]=32768 (0x8000) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]=32768 (0x8000) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=0 [2012/08/30 15:27:58.150970, 10] ../lib/util/util.c:415(dump_data) [2012/08/30 15:27:58.151045, 3] smbd/process.c:1467(switch_message) switch message SMBreadX (pid 3054) conn 0x7fd50c011730 [2012/08/30 15:27:58.151172, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/08/30 15:27:58.151295, 10] locking/locking.c:121(strict_lock_default) is_locked: optimisation - exclusive oplock on file x64/3/pscript5.dll [2012/08/30 15:27:58.151413, 10] locking/locking.c:163(strict_lock_default) strict_lock_default: flavour = WINDOWS_LOCK brl start=458752 len=32768 unlocked for fnum 17764 file x64/3/pscript5.dll [2012/08/30 15:27:58.151557, 10] smbd/fileio.c:109(read_file) read_file (x64/3/pscript5.dll): pos = 458752, size = 32768, returned 32768 [2012/08/30 15:27:58.151706, 3] smbd/reply.c:3702(send_file_readX) send_file_readX fnum=17764 max=32768 nread=32768 [2012/08/30 15:27:58.152046, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 59 [2012/08/30 15:27:58.152179, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x3b [2012/08/30 15:27:58.152404, 3] smbd/process.c:1662(process_smb) Transaction 120 of length 63 (0 toread) [2012/08/30 15:27:58.152540, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:58.152602, 5] lib/util.c:342(show_msg) size=59 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=65279 smb_uid=100 smb_mid=12751 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]=17764 (0x4564) smb_vwv[ 3]=32768 (0x8000) smb_vwv[ 4]= 7 (0x7) smb_vwv[ 5]=32768 (0x8000) smb_vwv[ 6]=32768 (0x8000) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]=32768 (0x8000) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=0 [2012/08/30 15:27:58.154258, 10] ../lib/util/util.c:415(dump_data) [2012/08/30 15:27:58.154321, 3] smbd/process.c:1467(switch_message) switch message SMBreadX (pid 3054) conn 0x7fd50c011730 [2012/08/30 15:27:58.154456, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/08/30 15:27:58.154581, 10] locking/locking.c:121(strict_lock_default) is_locked: optimisation - exclusive oplock on file x64/3/pscript5.dll [2012/08/30 15:27:58.154698, 10] locking/locking.c:163(strict_lock_default) strict_lock_default: flavour = WINDOWS_LOCK brl start=491520 len=32768 unlocked for fnum 17764 file x64/3/pscript5.dll [2012/08/30 15:27:58.154852, 10] smbd/fileio.c:109(read_file) read_file (x64/3/pscript5.dll): pos = 491520, size = 32768, returned 32768 [2012/08/30 15:27:58.154975, 3] smbd/reply.c:3702(send_file_readX) send_file_readX fnum=17764 max=32768 nread=32768 [2012/08/30 15:27:58.155303, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 59 [2012/08/30 15:27:58.155441, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x3b [2012/08/30 15:27:58.155711, 3] smbd/process.c:1662(process_smb) Transaction 121 of length 63 (0 toread) [2012/08/30 15:27:58.155832, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:58.155894, 5] lib/util.c:342(show_msg) size=59 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=65279 smb_uid=100 smb_mid=12800 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]=17764 (0x4564) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 8 (0x8) smb_vwv[ 5]=18432 (0x4800) smb_vwv[ 6]=18432 (0x4800) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]=18432 (0x4800) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=0 [2012/08/30 15:27:58.157408, 10] ../lib/util/util.c:415(dump_data) [2012/08/30 15:27:58.157474, 3] smbd/process.c:1467(switch_message) switch message SMBreadX (pid 3054) conn 0x7fd50c011730 [2012/08/30 15:27:58.157609, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/08/30 15:27:58.157774, 10] locking/locking.c:121(strict_lock_default) is_locked: optimisation - exclusive oplock on file x64/3/pscript5.dll [2012/08/30 15:27:58.157900, 10] locking/locking.c:163(strict_lock_default) strict_lock_default: flavour = WINDOWS_LOCK brl start=524288 len=18432 unlocked for fnum 17764 file x64/3/pscript5.dll [2012/08/30 15:27:58.158076, 10] smbd/fileio.c:109(read_file) read_file (x64/3/pscript5.dll): pos = 524288, size = 18432, returned 18432 [2012/08/30 15:27:58.158215, 3] smbd/reply.c:3702(send_file_readX) send_file_readX fnum=17764 max=18432 nread=18432 [2012/08/30 15:27:58.161224, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 118 [2012/08/30 15:27:58.161414, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x76 [2012/08/30 15:27:58.161553, 3] smbd/process.c:1662(process_smb) Transaction 122 of length 122 (0 toread) [2012/08/30 15:27:58.161688, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:58.161750, 5] lib/util.c:342(show_msg) size=118 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=292 smb_uid=100 smb_mid=12864 smt_wct=15 smb_vwv[ 0]= 50 (0x32) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 10 (0xA) smb_vwv[ 3]=16384 (0x4000) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 50 (0x32) smb_vwv[10]= 68 (0x44) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 1 (0x1) smb_vwv[14]= 1 (0x1) smb_bcc=53 [2012/08/30 15:27:58.163454, 10] ../lib/util/util.c:415(dump_data) [0000] 00 00 00 16 00 56 05 07 00 04 01 00 00 00 00 5C .....V.. .......\ [0010] 00 78 00 36 00 34 00 5C 00 33 00 5C 00 48 00 50 .x.6.4.\ .3.\.H.P [0020] 00 5F 00 34 00 35 00 31 00 35 00 2E 00 70 00 70 ._.4.5.1 .5...p.p [0030] 00 64 00 00 00 .d... [2012/08/30 15:27:58.163857, 3] smbd/process.c:1467(switch_message) switch message SMBtrans2 (pid 3054) conn 0x7fd50c011730 [2012/08/30 15:27:58.163979, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/08/30 15:27:58.164103, 3] smbd/trans2.c:2286(call_trans2findfirst) call_trans2findfirst: dirtype = 16, maxentries = 1366, close_after_first=1, close_if_end = 1 requires_resume_key = 1 level = 0x104, max_data_bytes = 16384 [2012/08/30 15:27:58.164249, 5] smbd/filename.c:257(unix_convert) unix_convert called on file "x64/3/HP_4515.ppd" [2012/08/30 15:27:58.164372, 10] smbd/statcache.c:244(stat_cache_lookup) stat_cache_lookup: lookup failed for name [X64/3/HP_4515.PPD] [2012/08/30 15:27:58.164509, 10] smbd/statcache.c:283(stat_cache_lookup) stat_cache_lookup: lookup succeeded for name [X64/3] -> [x64/3] [2012/08/30 15:27:58.164634, 5] smbd/filename.c:416(unix_convert) unix_convert begin: name = x64/3/HP_4515.ppd, dirpath = x64/3, start = HP_4515.ppd [2012/08/30 15:27:58.164758, 5] smbd/statcache.c:143(stat_cache_add) stat_cache_add: Added entry (7fd50c04aeb0:size 11) X64/3/HP_4515.PPD -> x64/3/HP_4515.ppd [2012/08/30 15:27:58.164878, 5] smbd/filename.c:439(unix_convert) conversion of base_name finished x64/3/HP_4515.ppd -> x64/3/HP_4515.ppd [2012/08/30 15:27:58.164996, 3] smbd/vfs.c:905(check_reduced_name) check_reduced_name [x64/3/HP_4515.ppd] [/var/lib/samba/printers] [2012/08/30 15:27:58.165132, 10] smbd/vfs.c:969(check_reduced_name) check_reduced_name realpath [x64/3/HP_4515.ppd] -> [/var/lib/samba/printers/x64/3/HP_4515.ppd] [2012/08/30 15:27:58.165254, 3] smbd/vfs.c:1039(check_reduced_name) check_reduced_name: x64/3/HP_4515.ppd reduced to /var/lib/samba/printers/x64/3/HP_4515.ppd [2012/08/30 15:27:58.165374, 5] smbd/trans2.c:2371(call_trans2findfirst) dir=x64/3, mask = HP_4515.ppd [2012/08/30 15:27:58.165496, 5] smbd/dir.c:439(dptr_create) dptr_create dir=x64/3 [2012/08/30 15:27:58.165763, 3] smbd/vfs.c:905(check_reduced_name) check_reduced_name [x64/3] [/var/lib/samba/printers] [2012/08/30 15:27:58.165889, 10] smbd/vfs.c:969(check_reduced_name) check_reduced_name realpath [x64/3] -> [/var/lib/samba/printers/x64/3] [2012/08/30 15:27:58.166007, 3] smbd/vfs.c:1039(check_reduced_name) check_reduced_name: x64/3 reduced to /var/lib/samba/printers/x64/3 [2012/08/30 15:27:58.166140, 3] smbd/dir.c:578(dptr_create) creating new dirptr 256 for path x64/3, expect_close = 1 [2012/08/30 15:27:58.166271, 4] smbd/trans2.c:2439(call_trans2findfirst) dptr_num is 256, wcard = HP_4515.ppd, attr = 22 [2012/08/30 15:27:58.166394, 8] smbd/trans2.c:2448(call_trans2findfirst) dirpath= dontdescend=<> [2012/08/30 15:27:58.166544, 6] smbd/dir.c:969(smbd_dirptr_get_entry) smbd_dirptr_get_entry: dirptr 0x7fd50c016340 now at offset -1 [2012/08/30 15:27:58.166682, 8] smbd/dosmode.c:621(dos_mode) dos_mode: x64/3/HP_4515.ppd [2012/08/30 15:27:58.166803, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning a [2012/08/30 15:27:58.166925, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning a [2012/08/30 15:27:58.167081, 10] locking/locking.c:1026(fetch_share_mode_unlocked) fetch_share_mode_unlocked: no share_mode record around (file not open) [2012/08/30 15:27:58.167202, 3] smbd/dir.c:1041(smbd_dirptr_get_entry) smbd_dirptr_get_entry mask=[HP_4515.ppd] found x64/3/HP_4515.ppd fname=HP_4515.ppd (HP_4515.ppd) [2012/08/30 15:27:58.167352, 10] smbd/trans2.c:1572(smbd_marshall_dir_entry) smbd_marshall_dir_entry: space_remaining = 16384 [2012/08/30 15:27:58.167471, 10] smbd/trans2.c:1721(smbd_marshall_dir_entry) smbd_marshall_dir_entry: SMB_FIND_FILE_BOTH_DIRECTORY_INFO [2012/08/30 15:27:58.168393, 5] smbd/trans2.c:2505(call_trans2findfirst) call_trans2findfirst - (2) closing dptr_num 256 [2012/08/30 15:27:58.168515, 4] smbd/dir.c:257(dptr_close_internal) closing dptr key 256 [2012/08/30 15:27:58.168649, 9] smbd/trans2.c:935(send_trans2_replies) t2_rep: params_sent_thistime = 10, data_sent_thistime = 116, useable_space = 131010 [2012/08/30 15:27:58.168772, 9] smbd/trans2.c:937(send_trans2_replies) t2_rep: params_to_send = 10, data_to_send = 116, paramsize = 10, datasize = 116 [2012/08/30 15:27:58.168892, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:58.168953, 5] lib/util.c:342(show_msg) size=184 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=2 smb_pid=292 smb_uid=100 smb_mid=12864 smt_wct=10 smb_vwv[ 0]= 10 (0xA) smb_vwv[ 1]= 116 (0x74) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 10 (0xA) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 116 (0x74) smb_vwv[ 7]= 68 (0x44) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=129 [2012/08/30 15:27:58.170423, 10] ../lib/util/util.c:415(dump_data) [0000] 00 FD FF 01 00 01 00 00 00 00 00 00 00 74 00 00 ........ .....t.. [0010] 00 00 00 00 00 64 61 C6 CB E3 86 CD 01 0E E9 1C .....da. ........ [0020] D9 E3 86 CD 01 64 61 C6 CB E3 86 CD 01 64 61 C6 .....da. .....da. [0030] CB E3 86 CD 01 2A 4F 00 00 00 00 00 00 00 00 10 .....*O. ........ [0040] 00 00 00 00 00 20 00 00 00 16 00 00 00 00 00 00 ..... .. ........ [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0060] 00 00 00 00 00 00 00 00 00 00 00 48 00 50 00 5F ........ ...H.P._ [0070] 00 34 00 35 00 31 00 35 00 2E 00 70 00 70 00 64 .4.5.1.5 ...p.p.d [0080] 00 . [2012/08/30 15:27:58.171275, 4] smbd/trans2.c:2549(call_trans2findfirst) SMBtrans2 mask=HP_4515.ppd directory=x64/3 dirtype=22 numentries=1 [2012/08/30 15:27:58.173986, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 118 [2012/08/30 15:27:58.174160, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x76 [2012/08/30 15:27:58.174283, 3] smbd/process.c:1662(process_smb) Transaction 123 of length 122 (0 toread) [2012/08/30 15:27:58.174417, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:58.174557, 5] lib/util.c:342(show_msg) size=118 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=292 smb_uid=100 smb_mid=12928 smt_wct=15 smb_vwv[ 0]= 50 (0x32) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 10 (0xA) smb_vwv[ 3]=16384 (0x4000) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 50 (0x32) smb_vwv[10]= 68 (0x44) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 1 (0x1) smb_vwv[14]= 1 (0x1) smb_bcc=53 [2012/08/30 15:27:58.176664, 10] ../lib/util/util.c:415(dump_data) [0000] 00 00 00 16 00 56 05 07 00 04 01 00 00 00 00 5C .....V.. .......\ [0010] 00 78 00 36 00 34 00 5C 00 33 00 5C 00 48 00 50 .x.6.4.\ .3.\.H.P [0020] 00 5F 00 34 00 35 00 31 00 35 00 2E 00 70 00 70 ._.4.5.1 .5...p.p [0030] 00 64 00 00 00 .d... [2012/08/30 15:27:58.177053, 3] smbd/process.c:1467(switch_message) switch message SMBtrans2 (pid 3054) conn 0x7fd50c011730 [2012/08/30 15:27:58.177173, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/08/30 15:27:58.177301, 3] smbd/trans2.c:2286(call_trans2findfirst) call_trans2findfirst: dirtype = 16, maxentries = 1366, close_after_first=1, close_if_end = 1 requires_resume_key = 1 level = 0x104, max_data_bytes = 16384 [2012/08/30 15:27:58.177450, 5] smbd/filename.c:257(unix_convert) unix_convert called on file "x64/3/HP_4515.ppd" [2012/08/30 15:27:58.177574, 10] smbd/statcache.c:283(stat_cache_lookup) stat_cache_lookup: lookup succeeded for name [X64/3/HP_4515.PPD] -> [x64/3/HP_4515.ppd] [2012/08/30 15:27:58.177715, 3] smbd/vfs.c:905(check_reduced_name) check_reduced_name [x64/3/HP_4515.ppd] [/var/lib/samba/printers] [2012/08/30 15:27:58.177828, 10] smbd/vfs.c:969(check_reduced_name) check_reduced_name realpath [x64/3/HP_4515.ppd] -> [/var/lib/samba/printers/x64/3/HP_4515.ppd] [2012/08/30 15:27:58.178020, 3] smbd/vfs.c:1039(check_reduced_name) check_reduced_name: x64/3/HP_4515.ppd reduced to /var/lib/samba/printers/x64/3/HP_4515.ppd [2012/08/30 15:27:58.178150, 5] smbd/trans2.c:2371(call_trans2findfirst) dir=x64/3, mask = HP_4515.ppd [2012/08/30 15:27:58.178427, 5] smbd/dir.c:439(dptr_create) dptr_create dir=x64/3 [2012/08/30 15:27:58.178547, 3] smbd/vfs.c:905(check_reduced_name) check_reduced_name [x64/3] [/var/lib/samba/printers] [2012/08/30 15:27:58.178679, 10] smbd/vfs.c:969(check_reduced_name) check_reduced_name realpath [x64/3] -> [/var/lib/samba/printers/x64/3] [2012/08/30 15:27:58.178801, 3] smbd/vfs.c:1039(check_reduced_name) check_reduced_name: x64/3 reduced to /var/lib/samba/printers/x64/3 [2012/08/30 15:27:58.178932, 3] smbd/dir.c:578(dptr_create) creating new dirptr 256 for path x64/3, expect_close = 1 [2012/08/30 15:27:58.179070, 4] smbd/trans2.c:2439(call_trans2findfirst) dptr_num is 256, wcard = HP_4515.ppd, attr = 22 [2012/08/30 15:27:58.179190, 8] smbd/trans2.c:2448(call_trans2findfirst) dirpath= dontdescend=<> [2012/08/30 15:27:58.179325, 6] smbd/dir.c:969(smbd_dirptr_get_entry) smbd_dirptr_get_entry: dirptr 0x7fd50c02d410 now at offset -1 [2012/08/30 15:27:58.179451, 8] smbd/dosmode.c:621(dos_mode) dos_mode: x64/3/HP_4515.ppd [2012/08/30 15:27:58.179627, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning a [2012/08/30 15:27:58.179749, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning a [2012/08/30 15:27:58.179901, 10] locking/locking.c:1026(fetch_share_mode_unlocked) fetch_share_mode_unlocked: no share_mode record around (file not open) [2012/08/30 15:27:58.180061, 3] smbd/dir.c:1041(smbd_dirptr_get_entry) smbd_dirptr_get_entry mask=[HP_4515.ppd] found x64/3/HP_4515.ppd fname=HP_4515.ppd (HP_4515.ppd) [2012/08/30 15:27:58.180194, 10] smbd/trans2.c:1572(smbd_marshall_dir_entry) smbd_marshall_dir_entry: space_remaining = 16384 [2012/08/30 15:27:58.180314, 10] smbd/trans2.c:1721(smbd_marshall_dir_entry) smbd_marshall_dir_entry: SMB_FIND_FILE_BOTH_DIRECTORY_INFO [2012/08/30 15:27:58.180435, 5] smbd/trans2.c:2505(call_trans2findfirst) call_trans2findfirst - (2) closing dptr_num 256 [2012/08/30 15:27:58.180595, 4] smbd/dir.c:257(dptr_close_internal) closing dptr key 256 [2012/08/30 15:27:58.180726, 9] smbd/trans2.c:935(send_trans2_replies) t2_rep: params_sent_thistime = 10, data_sent_thistime = 116, useable_space = 131010 [2012/08/30 15:27:58.180846, 9] smbd/trans2.c:937(send_trans2_replies) t2_rep: params_to_send = 10, data_to_send = 116, paramsize = 10, datasize = 116 [2012/08/30 15:27:58.180966, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:58.181027, 5] lib/util.c:342(show_msg) size=184 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=2 smb_pid=292 smb_uid=100 smb_mid=12928 smt_wct=10 smb_vwv[ 0]= 10 (0xA) smb_vwv[ 1]= 116 (0x74) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 10 (0xA) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 116 (0x74) smb_vwv[ 7]= 68 (0x44) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=129 [2012/08/30 15:27:58.182534, 10] ../lib/util/util.c:415(dump_data) [0000] 00 FD FF 01 00 01 00 00 00 00 00 00 00 74 00 00 ........ .....t.. [0010] 00 00 00 00 00 64 61 C6 CB E3 86 CD 01 0E E9 1C .....da. ........ [0020] D9 E3 86 CD 01 64 61 C6 CB E3 86 CD 01 64 61 C6 .....da. .....da. [0030] CB E3 86 CD 01 2A 4F 00 00 00 00 00 00 00 00 10 .....*O. ........ [0040] 00 00 00 00 00 20 00 00 00 16 00 00 00 00 00 00 ..... .. ........ [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0060] 00 00 00 00 00 00 00 00 00 00 00 48 00 50 00 5F ........ ...H.P._ [0070] 00 34 00 35 00 31 00 35 00 2E 00 70 00 70 00 64 .4.5.1.5 ...p.p.d [0080] 00 . [2012/08/30 15:27:58.183418, 4] smbd/trans2.c:2549(call_trans2findfirst) SMBtrans2 mask=HP_4515.ppd directory=x64/3 dirtype=22 numentries=1 [2012/08/30 15:27:58.184627, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 122 [2012/08/30 15:27:58.184781, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x7a [2012/08/30 15:27:58.184901, 3] smbd/process.c:1662(process_smb) Transaction 124 of length 126 (0 toread) [2012/08/30 15:27:58.185052, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:58.185122, 5] lib/util.c:342(show_msg) size=122 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=292 smb_uid=100 smb_mid=12992 smt_wct=24 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 9216 (0x2400) smb_vwv[ 3]= 5632 (0x1600) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]=35072 (0x8900) smb_vwv[ 8]= 512 (0x200) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 256 (0x100) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 256 (0x100) smb_vwv[18]= 0 (0x0) smb_vwv[19]=16384 (0x4000) smb_vwv[20]= 0 (0x0) smb_vwv[21]= 512 (0x200) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 768 (0x300) smb_bcc=39 [2012/08/30 15:27:58.187419, 10] ../lib/util/util.c:415(dump_data) [0000] 00 5C 00 78 00 36 00 34 00 5C 00 33 00 5C 00 48 .\.x.6.4 .\.3.\.H [0010] 00 50 00 5F 00 34 00 35 00 31 00 35 00 2E 00 70 .P._.4.5 .1.5...p [0020] 00 70 00 64 00 00 00 .p.d... [2012/08/30 15:27:58.187783, 3] smbd/process.c:1467(switch_message) switch message SMBntcreateX (pid 3054) conn 0x7fd50c011730 [2012/08/30 15:27:58.187920, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/08/30 15:27:58.188052, 10] smbd/nttrans.c:500(reply_ntcreate_and_X) reply_ntcreate_and_X: flags = 0x16, access_mask = 0x20089 file_attributes = 0x0, share_access = 0x1, create_disposition = 0x1 create_options = 0x40 root_dir_fid = 0x0, fname = x64/3/HP_4515.ppd [2012/08/30 15:27:58.188177, 5] smbd/filename.c:257(unix_convert) unix_convert called on file "x64/3/HP_4515.ppd" [2012/08/30 15:27:58.188317, 10] smbd/statcache.c:283(stat_cache_lookup) stat_cache_lookup: lookup succeeded for name [X64/3/HP_4515.PPD] -> [x64/3/HP_4515.ppd] [2012/08/30 15:27:58.188445, 3] smbd/vfs.c:905(check_reduced_name) check_reduced_name [x64/3/HP_4515.ppd] [/var/lib/samba/printers] [2012/08/30 15:27:58.188576, 10] smbd/vfs.c:969(check_reduced_name) check_reduced_name realpath [x64/3/HP_4515.ppd] -> [/var/lib/samba/printers/x64/3/HP_4515.ppd] [2012/08/30 15:27:58.188710, 3] smbd/vfs.c:1039(check_reduced_name) check_reduced_name: x64/3/HP_4515.ppd reduced to /var/lib/samba/printers/x64/3/HP_4515.ppd [2012/08/30 15:27:58.188828, 10] smbd/open.c:3607(create_file_default) create_file: access_mask = 0x20089 file_attributes = 0x0, share_access = 0x1, create_disposition = 0x1 create_options = 0x40 oplock_request = 0x3 private_flags = 0x0 root_dir_fid = 0x0, ea_list = 0x(nil), sd = 0x(nil), fname = x64/3/HP_4515.ppd [2012/08/30 15:27:58.188968, 10] smbd/open.c:3127(create_file_unixpath) create_file_unixpath: access_mask = 0x20089 file_attributes = 0x0, share_access = 0x1, create_disposition = 0x1 create_options = 0x40 oplock_request = 0x3 private_flags = 0x0 ea_list = 0x(nil), sd = 0x(nil), fname = x64/3/HP_4515.ppd [2012/08/30 15:27:58.189112, 5] smbd/files.c:140(file_new) allocated file structure 13669, fnum = 17765 (3 used) [2012/08/30 15:27:58.189236, 10] smbd/files.c:705(file_name_hash) file_name_hash: /var/lib/samba/printers/x64/3/HP_4515.ppd hash 0xcfec0173 [2012/08/30 15:27:58.189361, 3] smbd/dosmode.c:159(unix_mode) unix_mode(x64/3/HP_4515.ppd) returning 0744 [2012/08/30 15:27:58.189480, 10] smbd/open.c:1605(open_file_ntcreate) open_file_ntcreate: fname=x64/3/HP_4515.ppd, dos_attrs=0x0 access_mask=0x20089 share_access=0x1 create_disposition = 0x1 create_options=0x40 unix mode=0744 oplock_request=3 private_flags = 0x0 [2012/08/30 15:27:58.189613, 8] smbd/dosmode.c:621(dos_mode) dos_mode: x64/3/HP_4515.ppd [2012/08/30 15:27:58.189734, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning a [2012/08/30 15:27:58.189853, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning a [2012/08/30 15:27:58.189975, 10] smbd/open.c:1778(open_file_ntcreate) open_file_ntcreate: fname=x64/3/HP_4515.ppd, after mapping access_mask=0x20089 [2012/08/30 15:27:58.190234, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 0108000000000000A63B [2012/08/30 15:27:58.190392, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fd50c04b390 [2012/08/30 15:27:58.190514, 10] locking/brlock.c:1814(brl_get_locks_internal) brl_get_locks_internal: 0 current locks on file_id 801:23ba6:0 [2012/08/30 15:27:58.190651, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 0108000000000000A63B [2012/08/30 15:27:58.190799, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 0108000000000000A63B [2012/08/30 15:27:58.190921, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fd50c04b5d0 [2012/08/30 15:27:58.191056, 10] smbd/open.c:1163(grant_fsp_oplock_type) grant_fsp_oplock_type: oplock type 0x3 on file x64/3/HP_4515.ppd [2012/08/30 15:27:58.191177, 4] smbd/open.c:2069(open_file_ntcreate) calling open_file with flags=0x0 flags2=0x0 mode=0744, access_mask = 0x20089, open_access_mask = 0x20089 [2012/08/30 15:27:58.191320, 10] smbd/open.c:189(fd_open) fd_open: name x64/3/HP_4515.ppd, flags = 00 mode = 0744, fd = 37. [2012/08/30 15:27:58.191441, 2] smbd/open.c:704(open_file) administrator opened file x64/3/HP_4515.ppd read=Yes write=No (numopen=2) [2012/08/30 15:27:58.191628, 3] smbd/oplock_linux.c:142(linux_set_kernel_oplock) linux_set_kernel_oplock: got kernel oplock on file x64/3/HP_4515.ppd, file_id = 801:23ba6:0 gen_id = 1302153911 [2012/08/30 15:27:58.191757, 5] smbd/oplock.c:92(set_file_oplock) set_file_oplock: granted oplock on file x64/3/HP_4515.ppd, 801:23ba6:0/1302153911, tv_sec = 503fbebe, tv_usec = 2e2b6 [2012/08/30 15:27:58.191883, 10] locking/locking.c:801(unparse_share_modes) unparse_share_modes: owrt: Thu Aug 30 15:15:20 2012 EDT cwrt: Wed Dec 31 19:00:00 1969 EST, ntok: 0, num: 1 [2012/08/30 15:27:58.192021, 10] locking/locking.c:536(print_share_mode_table) print_share_mode_table: share_mode_entry[0]: pid = 3054, share_access = 0x1, private_options = 0x0, access_mask = 0x20089, mid = 0x32c0, type= 0x3, gen_id = 1302153911, uid = 10000, flags = 0, file_id 801:23ba6:0, name_hash = 0xcfec0173 [2012/08/30 15:27:58.192149, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 0108000000000000A63B [2012/08/30 15:27:58.192277, 10] smbd/open.c:3419(create_file_unixpath) create_file_unixpath: info=1 [2012/08/30 15:27:58.192394, 10] smbd/open.c:3695(create_file_default) create_file: info=1 [2012/08/30 15:27:58.192515, 8] smbd/dosmode.c:621(dos_mode) dos_mode: x64/3/HP_4515.ppd [2012/08/30 15:27:58.192633, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning a [2012/08/30 15:27:58.192753, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning a [2012/08/30 15:27:58.192876, 10] locking/locking.c:663(parse_share_modes) parse_share_modes: owrt: Thu Aug 30 15:15:20 2012 EDT, cwrt: Wed Dec 31 19:00:00 1969 EST, ntok: 0, num_share_modes: 1 [2012/08/30 15:27:58.193013, 10] locking/locking.c:725(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 3054, share_access = 0x1, private_options = 0x0, access_mask = 0x20089, mid = 0x32c0, type= 0x3, gen_id = 1302153911, uid = 10000, flags = 0, file_id 801:23ba6:0, name_hash = 0xcfec0173 [2012/08/30 15:27:58.193159, 10] smbd/file_access.c:204(can_access_file_data) can_access_file_data: requesting 0x2 on file x64/3/HP_4515.ppd [2012/08/30 15:27:58.193279, 5] smbd/nttrans.c:725(reply_ntcreate_and_X) reply_ntcreate_and_X: fnum = 17765, open name = x64/3/HP_4515.ppd [2012/08/30 15:27:58.193898, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 72 [2012/08/30 15:27:58.194092, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x48 [2012/08/30 15:27:58.194215, 3] smbd/process.c:1662(process_smb) Transaction 125 of length 76 (0 toread) [2012/08/30 15:27:58.194333, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:58.194394, 5] lib/util.c:342(show_msg) size=72 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=292 smb_uid=100 smb_mid=13056 smt_wct=15 smb_vwv[ 0]= 4 (0x4) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 2 (0x2) smb_vwv[ 3]= 8 (0x8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 4 (0x4) smb_vwv[10]= 68 (0x44) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 1 (0x1) smb_vwv[14]= 7 (0x7) smb_bcc=7 [2012/08/30 15:27:58.196149, 10] ../lib/util/util.c:415(dump_data) [0000] 00 00 00 65 45 EE 03 ...eE.. [2012/08/30 15:27:58.196278, 3] smbd/process.c:1467(switch_message) switch message SMBtrans2 (pid 3054) conn 0x7fd50c011730 [2012/08/30 15:27:58.196400, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/08/30 15:27:58.196536, 3] smbd/trans2.c:5026(call_trans2qfilepathinfo) call_trans2qfilepathinfo: TRANSACT2_QFILEINFO: level = 1006 [2012/08/30 15:27:58.196667, 10] locking/locking.c:663(parse_share_modes) parse_share_modes: owrt: Thu Aug 30 15:15:20 2012 EDT, cwrt: Wed Dec 31 19:00:00 1969 EST, ntok: 0, num_share_modes: 1 [2012/08/30 15:27:58.196822, 10] locking/locking.c:725(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 3054, share_access = 0x1, private_options = 0x0, access_mask = 0x20089, mid = 0x32c0, type= 0x3, gen_id = 1302153911, uid = 10000, flags = 0, file_id 801:23ba6:0, name_hash = 0xcfec0173 [2012/08/30 15:27:58.196941, 10] locking/locking.c:1657(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0xcfec0173 [2012/08/30 15:27:58.197076, 3] smbd/trans2.c:5255(call_trans2qfilepathinfo) call_trans2qfilepathinfo x64/3/HP_4515.ppd (fnum = 17765) level=1006 call=7 total_data=0 [2012/08/30 15:27:58.197199, 5] smbd/trans2.c:4223(smbd_do_qfilepathinfo) smbd_do_qfilepathinfo: x64/3/HP_4515.ppd (fnum = 17765) level=1006 max_data=8 [2012/08/30 15:27:58.197318, 8] smbd/dosmode.c:621(dos_mode) dos_mode: x64/3/HP_4515.ppd [2012/08/30 15:27:58.197452, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning a [2012/08/30 15:27:58.197586, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning a [2012/08/30 15:27:58.197725, 10] smbd/trans2.c:4615(smbd_do_qfilepathinfo) smbd_do_qfilepathinfo: SMB_FILE_INTERNAL_INFORMATION [2012/08/30 15:27:58.197846, 9] smbd/trans2.c:935(send_trans2_replies) t2_rep: params_sent_thistime = 2, data_sent_thistime = 8, useable_space = 131010 [2012/08/30 15:27:58.197985, 9] smbd/trans2.c:937(send_trans2_replies) t2_rep: params_to_send = 2, data_to_send = 8, paramsize = 2, datasize = 8 [2012/08/30 15:27:58.198120, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:58.198182, 5] lib/util.c:342(show_msg) size=68 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=2 smb_pid=292 smb_uid=100 smb_mid=13056 smt_wct=10 smb_vwv[ 0]= 2 (0x2) smb_vwv[ 1]= 8 (0x8) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 2 (0x2) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 8 (0x8) smb_vwv[ 7]= 60 (0x3C) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=13 [2012/08/30 15:27:58.199638, 10] ../lib/util/util.c:415(dump_data) [0000] 00 00 00 00 00 A6 3B 02 00 00 00 00 00 ......;. ..... [2012/08/30 15:27:58.200844, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 59 [2012/08/30 15:27:58.200999, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x3b [2012/08/30 15:27:58.201124, 3] smbd/process.c:1662(process_smb) Transaction 126 of length 63 (0 toread) [2012/08/30 15:27:58.201254, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:58.201316, 5] lib/util.c:342(show_msg) size=59 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=59399 smb_tid=2 smb_pid=65279 smb_uid=100 smb_mid=13120 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]=17765 (0x4565) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 4096 (0x1000) smb_vwv[ 6]= 4096 (0x1000) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 4096 (0x1000) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=0 [2012/08/30 15:27:58.202968, 10] ../lib/util/util.c:415(dump_data) [2012/08/30 15:27:58.203033, 3] smbd/process.c:1467(switch_message) switch message SMBreadX (pid 3054) conn 0x7fd50c011730 [2012/08/30 15:27:58.203155, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/08/30 15:27:58.203278, 10] locking/locking.c:121(strict_lock_default) is_locked: optimisation - exclusive oplock on file x64/3/HP_4515.ppd [2012/08/30 15:27:58.203397, 10] locking/locking.c:163(strict_lock_default) strict_lock_default: flavour = WINDOWS_LOCK brl start=0 len=4096 unlocked for fnum 17765 file x64/3/HP_4515.ppd [2012/08/30 15:27:58.203556, 10] smbd/fileio.c:109(read_file) read_file (x64/3/HP_4515.ppd): pos = 0, size = 4096, returned 4096 [2012/08/30 15:27:58.203687, 3] smbd/reply.c:3702(send_file_readX) send_file_readX fnum=17765 max=4096 nread=4096 [2012/08/30 15:27:58.206554, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 41 [2012/08/30 15:27:58.206761, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x29 [2012/08/30 15:27:58.206919, 3] smbd/process.c:1662(process_smb) Transaction 127 of length 45 (0 toread) [2012/08/30 15:27:58.207066, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:58.207141, 5] lib/util.c:342(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=65279 smb_uid=100 smb_mid=13184 smt_wct=3 smb_vwv[ 0]=17765 (0x4565) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2012/08/30 15:27:58.208389, 10] ../lib/util/util.c:415(dump_data) [2012/08/30 15:27:58.208468, 3] smbd/process.c:1467(switch_message) switch message SMBclose (pid 3054) conn 0x7fd50c011730 [2012/08/30 15:27:58.208627, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/08/30 15:27:58.208787, 3] smbd/reply.c:4848(reply_close) close fd=37 fnum=17765 (numopen=2) [2012/08/30 15:27:58.208930, 6] smbd/close.c:532(set_close_write_time) close_write_time: Sun Feb 7 01:28:15 2106 [2012/08/30 15:27:58.209095, 10] smbd/oplock_linux.c:154(linux_release_kernel_oplock) linux_release_kernel_oplock: file x64/3/HP_4515.ppd, file_id = 801:23ba6:0 gen_id = 1302153911 has kernel oplock state of 1. [2012/08/30 15:27:58.209264, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 0108000000000000A63B [2012/08/30 15:27:58.209429, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fd50c04ce90 [2012/08/30 15:27:58.209576, 10] locking/locking.c:663(parse_share_modes) parse_share_modes: owrt: Thu Aug 30 15:15:20 2012 EDT, cwrt: Wed Dec 31 19:00:00 1969 EST, ntok: 0, num_share_modes: 1 [2012/08/30 15:27:58.209742, 10] locking/locking.c:725(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 3054, share_access = 0x1, private_options = 0x0, access_mask = 0x20089, mid = 0x32c0, type= 0x3, gen_id = 1302153911, uid = 10000, flags = 0, file_id 801:23ba6:0, name_hash = 0xcfec0173 [2012/08/30 15:27:58.210270, 10] locking/locking.c:1657(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0xcfec0173 [2012/08/30 15:27:58.210440, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 0108000000000000A63B [2012/08/30 15:27:58.210597, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file x64/3/HP_4515.ppd = 0 [2012/08/30 15:27:58.210755, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file x64/3/HP_4515.ppd [2012/08/30 15:27:58.210904, 2] smbd/close.c:696(close_normal_file) administrator closed file x64/3/HP_4515.ppd (numopen=1) NT_STATUS_OK [2012/08/30 15:27:58.211048, 5] smbd/files.c:482(file_free) freed files structure 17765 (2 used) [2012/08/30 15:27:58.211343, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:58.211442, 5] lib/util.c:342(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=2 smb_pid=65279 smb_uid=100 smb_mid=13184 smt_wct=0 smb_bcc=0 [2012/08/30 15:27:58.212440, 10] ../lib/util/util.c:415(dump_data) [2012/08/30 15:27:58.213882, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 122 [2012/08/30 15:27:58.214063, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x7a [2012/08/30 15:27:58.214202, 3] smbd/process.c:1662(process_smb) Transaction 128 of length 126 (0 toread) [2012/08/30 15:27:58.214361, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:58.214432, 5] lib/util.c:342(show_msg) size=122 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=292 smb_uid=100 smb_mid=13248 smt_wct=24 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 9216 (0x2400) smb_vwv[ 3]= 5632 (0x1600) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]=35072 (0x8900) smb_vwv[ 8]= 512 (0x200) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 768 (0x300) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 256 (0x100) smb_vwv[18]= 0 (0x0) smb_vwv[19]= 0 (0x0) smb_vwv[20]= 0 (0x0) smb_vwv[21]= 512 (0x200) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 768 (0x300) smb_bcc=39 [2012/08/30 15:27:58.217249, 10] ../lib/util/util.c:415(dump_data) [0000] 00 5C 00 78 00 36 00 34 00 5C 00 33 00 5C 00 48 .\.x.6.4 .\.3.\.H [0010] 00 50 00 5F 00 34 00 35 00 31 00 35 00 2E 00 70 .P._.4.5 .1.5...p [0020] 00 70 00 64 00 00 00 .p.d... [2012/08/30 15:27:58.217587, 3] smbd/process.c:1467(switch_message) switch message SMBntcreateX (pid 3054) conn 0x7fd50c011730 [2012/08/30 15:27:58.217796, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/08/30 15:27:58.217944, 10] smbd/nttrans.c:500(reply_ntcreate_and_X) reply_ntcreate_and_X: flags = 0x16, access_mask = 0x20089 file_attributes = 0x0, share_access = 0x3, create_disposition = 0x1 create_options = 0x0 root_dir_fid = 0x0, fname = x64/3/HP_4515.ppd [2012/08/30 15:27:58.218068, 5] smbd/filename.c:257(unix_convert) unix_convert called on file "x64/3/HP_4515.ppd" [2012/08/30 15:27:58.218207, 10] smbd/statcache.c:283(stat_cache_lookup) stat_cache_lookup: lookup succeeded for name [X64/3/HP_4515.PPD] -> [x64/3/HP_4515.ppd] [2012/08/30 15:27:58.218349, 3] smbd/vfs.c:905(check_reduced_name) check_reduced_name [x64/3/HP_4515.ppd] [/var/lib/samba/printers] [2012/08/30 15:27:58.218481, 10] smbd/vfs.c:969(check_reduced_name) check_reduced_name realpath [x64/3/HP_4515.ppd] -> [/var/lib/samba/printers/x64/3/HP_4515.ppd] [2012/08/30 15:27:58.218601, 3] smbd/vfs.c:1039(check_reduced_name) check_reduced_name: x64/3/HP_4515.ppd reduced to /var/lib/samba/printers/x64/3/HP_4515.ppd [2012/08/30 15:27:58.218732, 10] smbd/open.c:3607(create_file_default) create_file: access_mask = 0x20089 file_attributes = 0x0, share_access = 0x3, create_disposition = 0x1 create_options = 0x0 oplock_request = 0x3 private_flags = 0x0 root_dir_fid = 0x0, ea_list = 0x(nil), sd = 0x(nil), fname = x64/3/HP_4515.ppd [2012/08/30 15:27:58.218990, 10] smbd/open.c:3127(create_file_unixpath) create_file_unixpath: access_mask = 0x20089 file_attributes = 0x0, share_access = 0x3, create_disposition = 0x1 create_options = 0x0 oplock_request = 0x3 private_flags = 0x0 ea_list = 0x(nil), sd = 0x(nil), fname = x64/3/HP_4515.ppd [2012/08/30 15:27:58.219200, 5] smbd/files.c:140(file_new) allocated file structure 13670, fnum = 17766 (3 used) [2012/08/30 15:27:58.219323, 10] smbd/files.c:705(file_name_hash) file_name_hash: /var/lib/samba/printers/x64/3/HP_4515.ppd hash 0xcfec0173 [2012/08/30 15:27:58.219461, 3] smbd/dosmode.c:159(unix_mode) unix_mode(x64/3/HP_4515.ppd) returning 0744 [2012/08/30 15:27:58.219611, 10] smbd/open.c:1605(open_file_ntcreate) open_file_ntcreate: fname=x64/3/HP_4515.ppd, dos_attrs=0x0 access_mask=0x20089 share_access=0x3 create_disposition = 0x1 create_options=0x0 unix mode=0744 oplock_request=3 private_flags = 0x0 [2012/08/30 15:27:58.219733, 8] smbd/dosmode.c:621(dos_mode) dos_mode: x64/3/HP_4515.ppd [2012/08/30 15:27:58.219869, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning a [2012/08/30 15:27:58.220032, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning a [2012/08/30 15:27:58.220182, 10] smbd/open.c:1778(open_file_ntcreate) open_file_ntcreate: fname=x64/3/HP_4515.ppd, after mapping access_mask=0x20089 [2012/08/30 15:27:58.220308, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 0108000000000000A63B [2012/08/30 15:27:58.220436, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fd50c04b390 [2012/08/30 15:27:58.220554, 10] locking/brlock.c:1814(brl_get_locks_internal) brl_get_locks_internal: 0 current locks on file_id 801:23ba6:0 [2012/08/30 15:27:58.220691, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 0108000000000000A63B [2012/08/30 15:27:58.220838, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 0108000000000000A63B [2012/08/30 15:27:58.220959, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fd50c04b5d0 [2012/08/30 15:27:58.221094, 10] smbd/open.c:1163(grant_fsp_oplock_type) grant_fsp_oplock_type: oplock type 0x3 on file x64/3/HP_4515.ppd [2012/08/30 15:27:58.221217, 4] smbd/open.c:2069(open_file_ntcreate) calling open_file with flags=0x0 flags2=0x0 mode=0744, access_mask = 0x20089, open_access_mask = 0x20089 [2012/08/30 15:27:58.221348, 10] smbd/open.c:189(fd_open) fd_open: name x64/3/HP_4515.ppd, flags = 00 mode = 0744, fd = 37. [2012/08/30 15:27:58.221472, 2] smbd/open.c:704(open_file) administrator opened file x64/3/HP_4515.ppd read=Yes write=No (numopen=2) [2012/08/30 15:27:58.221595, 3] smbd/oplock_linux.c:142(linux_set_kernel_oplock) linux_set_kernel_oplock: got kernel oplock on file x64/3/HP_4515.ppd, file_id = 801:23ba6:0 gen_id = 1302153912 [2012/08/30 15:27:58.221756, 5] smbd/oplock.c:92(set_file_oplock) set_file_oplock: granted oplock on file x64/3/HP_4515.ppd, 801:23ba6:0/1302153912, tv_sec = 503fbebe, tv_usec = 3583e [2012/08/30 15:27:58.221880, 10] locking/locking.c:801(unparse_share_modes) unparse_share_modes: owrt: Thu Aug 30 15:15:20 2012 EDT cwrt: Wed Dec 31 19:00:00 1969 EST, ntok: 0, num: 1 [2012/08/30 15:27:58.222033, 10] locking/locking.c:536(print_share_mode_table) print_share_mode_table: share_mode_entry[0]: pid = 3054, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0x33c0, type= 0x3, gen_id = 1302153912, uid = 10000, flags = 0, file_id 801:23ba6:0, name_hash = 0xcfec0173 [2012/08/30 15:27:58.222172, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 0108000000000000A63B [2012/08/30 15:27:58.222297, 10] smbd/open.c:3419(create_file_unixpath) create_file_unixpath: info=1 [2012/08/30 15:27:58.222417, 10] smbd/open.c:3695(create_file_default) create_file: info=1 [2012/08/30 15:27:58.222535, 8] smbd/dosmode.c:621(dos_mode) dos_mode: x64/3/HP_4515.ppd [2012/08/30 15:27:58.222671, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning a [2012/08/30 15:27:58.222791, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning a [2012/08/30 15:27:58.222914, 10] locking/locking.c:663(parse_share_modes) parse_share_modes: owrt: Thu Aug 30 15:15:20 2012 EDT, cwrt: Wed Dec 31 19:00:00 1969 EST, ntok: 0, num_share_modes: 1 [2012/08/30 15:27:58.223061, 10] locking/locking.c:725(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 3054, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0x33c0, type= 0x3, gen_id = 1302153912, uid = 10000, flags = 0, file_id 801:23ba6:0, name_hash = 0xcfec0173 [2012/08/30 15:27:58.223207, 10] smbd/file_access.c:204(can_access_file_data) can_access_file_data: requesting 0x2 on file x64/3/HP_4515.ppd [2012/08/30 15:27:58.223329, 5] smbd/nttrans.c:725(reply_ntcreate_and_X) reply_ntcreate_and_X: fnum = 17766, open name = x64/3/HP_4515.ppd [2012/08/30 15:27:58.224432, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 41 [2012/08/30 15:27:58.224711, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x29 [2012/08/30 15:27:58.224832, 3] smbd/process.c:1662(process_smb) Transaction 129 of length 45 (0 toread) [2012/08/30 15:27:58.224954, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:58.225015, 5] lib/util.c:342(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=65279 smb_uid=100 smb_mid=13312 smt_wct=3 smb_vwv[ 0]=17766 (0x4566) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2012/08/30 15:27:58.226148, 10] ../lib/util/util.c:415(dump_data) [2012/08/30 15:27:58.226228, 3] smbd/process.c:1467(switch_message) switch message SMBclose (pid 3054) conn 0x7fd50c011730 [2012/08/30 15:27:58.226363, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/08/30 15:27:58.226483, 3] smbd/reply.c:4848(reply_close) close fd=37 fnum=17766 (numopen=2) [2012/08/30 15:27:58.226620, 6] smbd/close.c:532(set_close_write_time) close_write_time: Sun Feb 7 01:28:15 2106 [2012/08/30 15:27:58.226776, 10] smbd/oplock_linux.c:154(linux_release_kernel_oplock) linux_release_kernel_oplock: file x64/3/HP_4515.ppd, file_id = 801:23ba6:0 gen_id = 1302153912 has kernel oplock state of 1. [2012/08/30 15:27:58.226920, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 0108000000000000A63B [2012/08/30 15:27:58.227048, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fd50c04ce90 [2012/08/30 15:27:58.227176, 10] locking/locking.c:663(parse_share_modes) parse_share_modes: owrt: Thu Aug 30 15:15:20 2012 EDT, cwrt: Wed Dec 31 19:00:00 1969 EST, ntok: 0, num_share_modes: 1 [2012/08/30 15:27:58.227318, 10] locking/locking.c:725(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 3054, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0x33c0, type= 0x3, gen_id = 1302153912, uid = 10000, flags = 0, file_id 801:23ba6:0, name_hash = 0xcfec0173 [2012/08/30 15:27:58.227455, 10] locking/locking.c:1657(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0xcfec0173 [2012/08/30 15:27:58.228420, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 0108000000000000A63B [2012/08/30 15:27:58.228560, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file x64/3/HP_4515.ppd = 0 [2012/08/30 15:27:58.228702, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file x64/3/HP_4515.ppd [2012/08/30 15:27:58.228831, 2] smbd/close.c:696(close_normal_file) administrator closed file x64/3/HP_4515.ppd (numopen=1) NT_STATUS_OK [2012/08/30 15:27:58.228962, 5] smbd/files.c:482(file_free) freed files structure 17766 (2 used) [2012/08/30 15:27:58.229090, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:58.229151, 5] lib/util.c:342(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=2 smb_pid=65279 smb_uid=100 smb_mid=13312 smt_wct=0 smb_bcc=0 [2012/08/30 15:27:58.229986, 10] ../lib/util/util.c:415(dump_data) [2012/08/30 15:27:58.231412, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 122 [2012/08/30 15:27:58.231635, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x7a [2012/08/30 15:27:58.231767, 3] smbd/process.c:1662(process_smb) Transaction 130 of length 126 (0 toread) [2012/08/30 15:27:58.231901, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:58.231974, 5] lib/util.c:342(show_msg) size=122 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=292 smb_uid=100 smb_mid=13376 smt_wct=24 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 9216 (0x2400) smb_vwv[ 3]= 5632 (0x1600) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]=35072 (0x8900) smb_vwv[ 8]= 512 (0x200) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 1280 (0x500) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 256 (0x100) smb_vwv[18]= 0 (0x0) smb_vwv[19]= 1024 (0x400) smb_vwv[20]= 8192 (0x2000) smb_vwv[21]= 512 (0x200) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 768 (0x300) smb_bcc=39 [2012/08/30 15:27:58.234208, 10] ../lib/util/util.c:415(dump_data) [0000] 00 5C 00 78 00 36 00 34 00 5C 00 33 00 5C 00 48 .\.x.6.4 .\.3.\.H [0010] 00 50 00 5F 00 34 00 35 00 31 00 35 00 2E 00 70 .P._.4.5 .1.5...p [0020] 00 70 00 64 00 00 00 .p.d... [2012/08/30 15:27:58.234501, 3] smbd/process.c:1467(switch_message) switch message SMBntcreateX (pid 3054) conn 0x7fd50c011730 [2012/08/30 15:27:58.234637, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/08/30 15:27:58.234777, 10] smbd/nttrans.c:500(reply_ntcreate_and_X) reply_ntcreate_and_X: flags = 0x16, access_mask = 0x20089 file_attributes = 0x0, share_access = 0x5, create_disposition = 0x1 create_options = 0x200004 root_dir_fid = 0x0, fname = x64/3/HP_4515.ppd [2012/08/30 15:27:58.234916, 5] smbd/filename.c:257(unix_convert) unix_convert called on file "x64/3/HP_4515.ppd" [2012/08/30 15:27:58.235038, 10] smbd/statcache.c:283(stat_cache_lookup) stat_cache_lookup: lookup succeeded for name [X64/3/HP_4515.PPD] -> [x64/3/HP_4515.ppd] [2012/08/30 15:27:58.235194, 3] smbd/vfs.c:905(check_reduced_name) check_reduced_name [x64/3/HP_4515.ppd] [/var/lib/samba/printers] [2012/08/30 15:27:58.235326, 10] smbd/vfs.c:969(check_reduced_name) check_reduced_name realpath [x64/3/HP_4515.ppd] -> [/var/lib/samba/printers/x64/3/HP_4515.ppd] [2012/08/30 15:27:58.235444, 3] smbd/vfs.c:1039(check_reduced_name) check_reduced_name: x64/3/HP_4515.ppd reduced to /var/lib/samba/printers/x64/3/HP_4515.ppd [2012/08/30 15:27:58.235610, 10] smbd/open.c:3607(create_file_default) create_file: access_mask = 0x20089 file_attributes = 0x0, share_access = 0x5, create_disposition = 0x1 create_options = 0x200004 oplock_request = 0x3 private_flags = 0x0 root_dir_fid = 0x0, ea_list = 0x(nil), sd = 0x(nil), fname = x64/3/HP_4515.ppd [2012/08/30 15:27:58.235750, 10] smbd/open.c:3127(create_file_unixpath) create_file_unixpath: access_mask = 0x20089 file_attributes = 0x0, share_access = 0x5, create_disposition = 0x1 create_options = 0x200004 oplock_request = 0x3 private_flags = 0x0 ea_list = 0x(nil), sd = 0x(nil), fname = x64/3/HP_4515.ppd [2012/08/30 15:27:58.235891, 5] smbd/files.c:140(file_new) allocated file structure 13671, fnum = 17767 (3 used) [2012/08/30 15:27:58.236032, 10] smbd/files.c:705(file_name_hash) file_name_hash: /var/lib/samba/printers/x64/3/HP_4515.ppd hash 0xcfec0173 [2012/08/30 15:27:58.236154, 3] smbd/dosmode.c:159(unix_mode) unix_mode(x64/3/HP_4515.ppd) returning 0744 [2012/08/30 15:27:58.236275, 10] smbd/open.c:1605(open_file_ntcreate) open_file_ntcreate: fname=x64/3/HP_4515.ppd, dos_attrs=0x0 access_mask=0x20089 share_access=0x5 create_disposition = 0x1 create_options=0x200004 unix mode=0744 oplock_request=3 private_flags = 0x0 [2012/08/30 15:27:58.236397, 8] smbd/dosmode.c:621(dos_mode) dos_mode: x64/3/HP_4515.ppd [2012/08/30 15:27:58.236518, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning a [2012/08/30 15:27:58.236647, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning a [2012/08/30 15:27:58.236778, 10] smbd/open.c:1778(open_file_ntcreate) open_file_ntcreate: fname=x64/3/HP_4515.ppd, after mapping access_mask=0x20089 [2012/08/30 15:27:58.236919, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 0108000000000000A63B [2012/08/30 15:27:58.237055, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fd50c04b390 [2012/08/30 15:27:58.237179, 10] locking/brlock.c:1814(brl_get_locks_internal) brl_get_locks_internal: 0 current locks on file_id 801:23ba6:0 [2012/08/30 15:27:58.237302, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 0108000000000000A63B [2012/08/30 15:27:58.237449, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 0108000000000000A63B [2012/08/30 15:27:58.237570, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fd50c04b5d0 [2012/08/30 15:27:58.237705, 10] smbd/open.c:1163(grant_fsp_oplock_type) grant_fsp_oplock_type: oplock type 0x3 on file x64/3/HP_4515.ppd [2012/08/30 15:27:58.237825, 4] smbd/open.c:2069(open_file_ntcreate) calling open_file with flags=0x0 flags2=0x0 mode=0744, access_mask = 0x20089, open_access_mask = 0x20089 [2012/08/30 15:27:58.237968, 10] smbd/open.c:189(fd_open) fd_open: name x64/3/HP_4515.ppd, flags = 00 mode = 0744, fd = 37. [2012/08/30 15:27:58.238089, 2] smbd/open.c:704(open_file) administrator opened file x64/3/HP_4515.ppd read=Yes write=No (numopen=2) [2012/08/30 15:27:58.238358, 3] smbd/oplock_linux.c:142(linux_set_kernel_oplock) linux_set_kernel_oplock: got kernel oplock on file x64/3/HP_4515.ppd, file_id = 801:23ba6:0 gen_id = 1302153913 [2012/08/30 15:27:58.238479, 5] smbd/oplock.c:92(set_file_oplock) set_file_oplock: granted oplock on file x64/3/HP_4515.ppd, 801:23ba6:0/1302153913, tv_sec = 503fbebe, tv_usec = 39971 [2012/08/30 15:27:58.238620, 10] locking/locking.c:801(unparse_share_modes) unparse_share_modes: owrt: Thu Aug 30 15:15:20 2012 EDT cwrt: Wed Dec 31 19:00:00 1969 EST, ntok: 0, num: 1 [2012/08/30 15:27:58.238772, 10] locking/locking.c:536(print_share_mode_table) print_share_mode_table: share_mode_entry[0]: pid = 3054, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0x3440, type= 0x3, gen_id = 1302153913, uid = 10000, flags = 0, file_id 801:23ba6:0, name_hash = 0xcfec0173 [2012/08/30 15:27:58.238933, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 0108000000000000A63B [2012/08/30 15:27:58.239076, 10] smbd/open.c:3419(create_file_unixpath) create_file_unixpath: info=1 [2012/08/30 15:27:58.239197, 10] smbd/open.c:3695(create_file_default) create_file: info=1 [2012/08/30 15:27:58.239315, 8] smbd/dosmode.c:621(dos_mode) dos_mode: x64/3/HP_4515.ppd [2012/08/30 15:27:58.239449, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning a [2012/08/30 15:27:58.239607, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning a [2012/08/30 15:27:58.239757, 10] locking/locking.c:663(parse_share_modes) parse_share_modes: owrt: Thu Aug 30 15:15:20 2012 EDT, cwrt: Wed Dec 31 19:00:00 1969 EST, ntok: 0, num_share_modes: 1 [2012/08/30 15:27:58.239911, 10] locking/locking.c:725(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 3054, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0x3440, type= 0x3, gen_id = 1302153913, uid = 10000, flags = 0, file_id 801:23ba6:0, name_hash = 0xcfec0173 [2012/08/30 15:27:58.240048, 10] smbd/file_access.c:204(can_access_file_data) can_access_file_data: requesting 0x2 on file x64/3/HP_4515.ppd [2012/08/30 15:27:58.240189, 5] smbd/nttrans.c:725(reply_ntcreate_and_X) reply_ntcreate_and_X: fnum = 17767, open name = x64/3/HP_4515.ppd [2012/08/30 15:27:58.241361, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 86 [2012/08/30 15:27:58.241571, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x56 [2012/08/30 15:27:58.241694, 3] smbd/process.c:1662(process_smb) Transaction 131 of length 90 (0 toread) [2012/08/30 15:27:58.241812, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:58.241897, 5] lib/util.c:342(show_msg) size=86 smb_com=0xa0 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=292 smb_uid=100 smb_mid=13440 smt_wct=23 smb_vwv[ 0]= 4 (0x4) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 512 (0x200) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]=21504 (0x5400) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 512 (0x200) smb_vwv[14]= 0 (0x0) smb_vwv[15]=21504 (0x5400) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 1024 (0x400) smb_vwv[18]= 2 (0x2) smb_vwv[19]= 452 (0x1C4) smb_vwv[20]= 20 (0x14) smb_vwv[21]=17767 (0x4567) smb_vwv[22]= 1 (0x1) smb_bcc=5 [2012/08/30 15:27:58.244184, 10] ../lib/util/util.c:415(dump_data) [0000] 00 00 00 07 16 ..... [2012/08/30 15:27:58.244333, 3] smbd/process.c:1467(switch_message) switch message SMBnttrans (pid 3054) conn 0x7fd50c011730 [2012/08/30 15:27:58.244457, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/08/30 15:27:58.244622, 10] smbd/nttrans.c:3108(reply_nttrans) num_setup=8, param_total=0, this_param=0, max_param=0, data_total=2, this_data=2, max_data=0, param_offset=84, data_offset=84 [2012/08/30 15:27:58.244748, 10] smbd/nttrans.c:3180(reply_nttrans) reply_nttrans: state->setup_count = 8 [2012/08/30 15:27:58.244884, 10] ../lib/util/util.c:415(dump_data) [0000] C4 01 14 00 67 45 01 00 ....gE.. [2012/08/30 15:27:58.245028, 10] smbd/nttrans.c:2481(call_nt_transact_ioctl) call_nt_transact_ioctl: function[0x001401C4] FID[0x4567] isFSctl[0x01] compfilter[0x00] [2012/08/30 15:27:58.245152, 3] smbd/error.c:81(error_packet_set) error packet at smbd/nttrans.c(2514) cmd=160 (SMBnttrans) NT_STATUS_NOT_SUPPORTED [2012/08/30 15:27:58.245274, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:58.245335, 5] lib/util.c:342(show_msg) size=35 smb_com=0xa0 smb_rcls=187 smb_reh=0 smb_err=49152 smb_flg=136 smb_flg2=51203 smb_tid=2 smb_pid=292 smb_uid=100 smb_mid=13440 smt_wct=0 smb_bcc=0 [2012/08/30 15:27:58.246196, 10] ../lib/util/util.c:415(dump_data) [2012/08/30 15:27:58.246894, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 72 [2012/08/30 15:27:58.247038, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x48 [2012/08/30 15:27:58.247182, 3] smbd/process.c:1662(process_smb) Transaction 132 of length 76 (0 toread) [2012/08/30 15:27:58.247301, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:58.247381, 5] lib/util.c:342(show_msg) size=72 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=292 smb_uid=100 smb_mid=13504 smt_wct=15 smb_vwv[ 0]= 4 (0x4) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 2 (0x2) smb_vwv[ 3]= 24 (0x18) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 4 (0x4) smb_vwv[10]= 68 (0x44) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 1 (0x1) smb_vwv[14]= 7 (0x7) smb_bcc=7 [2012/08/30 15:27:58.249123, 10] ../lib/util/util.c:415(dump_data) [0000] 00 00 00 67 45 ED 03 ...gE.. [2012/08/30 15:27:58.249264, 3] smbd/process.c:1467(switch_message) switch message SMBtrans2 (pid 3054) conn 0x7fd50c011730 [2012/08/30 15:27:58.249389, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/08/30 15:27:58.249526, 3] smbd/trans2.c:5026(call_trans2qfilepathinfo) call_trans2qfilepathinfo: TRANSACT2_QFILEINFO: level = 1005 [2012/08/30 15:27:58.249681, 10] locking/locking.c:663(parse_share_modes) parse_share_modes: owrt: Thu Aug 30 15:15:20 2012 EDT, cwrt: Wed Dec 31 19:00:00 1969 EST, ntok: 0, num_share_modes: 1 [2012/08/30 15:27:58.249820, 10] locking/locking.c:725(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 3054, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0x3440, type= 0x3, gen_id = 1302153913, uid = 10000, flags = 0, file_id 801:23ba6:0, name_hash = 0xcfec0173 [2012/08/30 15:27:58.250100, 10] locking/locking.c:1657(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0xcfec0173 [2012/08/30 15:27:58.250220, 3] smbd/trans2.c:5255(call_trans2qfilepathinfo) call_trans2qfilepathinfo x64/3/HP_4515.ppd (fnum = 17767) level=1005 call=7 total_data=0 [2012/08/30 15:27:58.250340, 5] smbd/trans2.c:4223(smbd_do_qfilepathinfo) smbd_do_qfilepathinfo: x64/3/HP_4515.ppd (fnum = 17767) level=1005 max_data=24 [2012/08/30 15:27:58.250477, 8] smbd/dosmode.c:621(dos_mode) dos_mode: x64/3/HP_4515.ppd [2012/08/30 15:27:58.250598, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning a [2012/08/30 15:27:58.250716, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning a [2012/08/30 15:27:58.250870, 10] smbd/trans2.c:4473(smbd_do_qfilepathinfo) smbd_do_qfilepathinfo: SMB_FILE_STANDARD_INFORMATION [2012/08/30 15:27:58.250992, 9] smbd/trans2.c:935(send_trans2_replies) t2_rep: params_sent_thistime = 2, data_sent_thistime = 24, useable_space = 131010 [2012/08/30 15:27:58.251110, 9] smbd/trans2.c:937(send_trans2_replies) t2_rep: params_to_send = 2, data_to_send = 24, paramsize = 2, datasize = 24 [2012/08/30 15:27:58.251245, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:58.251306, 5] lib/util.c:342(show_msg) size=84 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=2 smb_pid=292 smb_uid=100 smb_mid=13504 smt_wct=10 smb_vwv[ 0]= 2 (0x2) smb_vwv[ 1]= 24 (0x18) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 2 (0x2) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 24 (0x18) smb_vwv[ 7]= 60 (0x3C) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=29 [2012/08/30 15:27:58.252719, 10] ../lib/util/util.c:415(dump_data) [0000] 00 00 00 00 00 00 00 10 00 00 00 00 00 2A 4F 00 ........ .....*O. [0010] 00 00 00 00 00 01 00 00 00 00 00 00 00 ........ ..... [2012/08/30 15:27:58.253453, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 72 [2012/08/30 15:27:58.253606, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x48 [2012/08/30 15:27:58.253742, 3] smbd/process.c:1662(process_smb) Transaction 133 of length 76 (0 toread) [2012/08/30 15:27:58.253859, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:58.253964, 5] lib/util.c:342(show_msg) size=72 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=292 smb_uid=100 smb_mid=13568 smt_wct=15 smb_vwv[ 0]= 4 (0x4) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 2 (0x2) smb_vwv[ 3]= 40 (0x28) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 4 (0x4) smb_vwv[10]= 68 (0x44) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 1 (0x1) smb_vwv[14]= 7 (0x7) smb_bcc=7 [2012/08/30 15:27:58.255691, 10] ../lib/util/util.c:415(dump_data) [0000] 00 00 00 67 45 EC 03 ...gE.. [2012/08/30 15:27:58.255823, 3] smbd/process.c:1467(switch_message) switch message SMBtrans2 (pid 3054) conn 0x7fd50c011730 [2012/08/30 15:27:58.255942, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/08/30 15:27:58.256078, 3] smbd/trans2.c:5026(call_trans2qfilepathinfo) call_trans2qfilepathinfo: TRANSACT2_QFILEINFO: level = 1004 [2012/08/30 15:27:58.256222, 10] locking/locking.c:663(parse_share_modes) parse_share_modes: owrt: Thu Aug 30 15:15:20 2012 EDT, cwrt: Wed Dec 31 19:00:00 1969 EST, ntok: 0, num_share_modes: 1 [2012/08/30 15:27:58.256359, 10] locking/locking.c:725(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 3054, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0x3440, type= 0x3, gen_id = 1302153913, uid = 10000, flags = 0, file_id 801:23ba6:0, name_hash = 0xcfec0173 [2012/08/30 15:27:58.256502, 10] locking/locking.c:1657(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0xcfec0173 [2012/08/30 15:27:58.256640, 3] smbd/trans2.c:5255(call_trans2qfilepathinfo) call_trans2qfilepathinfo x64/3/HP_4515.ppd (fnum = 17767) level=1004 call=7 total_data=0 [2012/08/30 15:27:58.256760, 5] smbd/trans2.c:4223(smbd_do_qfilepathinfo) smbd_do_qfilepathinfo: x64/3/HP_4515.ppd (fnum = 17767) level=1004 max_data=40 [2012/08/30 15:27:58.256883, 8] smbd/dosmode.c:621(dos_mode) dos_mode: x64/3/HP_4515.ppd [2012/08/30 15:27:58.257005, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning a [2012/08/30 15:27:58.257123, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning a [2012/08/30 15:27:58.257248, 10] smbd/trans2.c:4452(smbd_do_qfilepathinfo) smbd_do_qfilepathinfo: SMB_FILE_BASIC_INFORMATION [2012/08/30 15:27:58.257365, 5] smbd/trans2.c:4462(smbd_do_qfilepathinfo) SMB_QFBI - create: Thu Aug 30 15:15:20 2012 access: Thu Aug 30 15:15:42 2012 write: Thu Aug 30 15:15:20 2012 change: Thu Aug 30 15:15:20 2012 mode: 20 [2012/08/30 15:27:58.257730, 9] smbd/trans2.c:935(send_trans2_replies) t2_rep: params_sent_thistime = 2, data_sent_thistime = 40, useable_space = 131010 [2012/08/30 15:27:58.257874, 9] smbd/trans2.c:937(send_trans2_replies) t2_rep: params_to_send = 2, data_to_send = 40, paramsize = 2, datasize = 40 [2012/08/30 15:27:58.258007, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:58.258074, 5] lib/util.c:342(show_msg) size=100 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=2 smb_pid=292 smb_uid=100 smb_mid=13568 smt_wct=10 smb_vwv[ 0]= 2 (0x2) smb_vwv[ 1]= 40 (0x28) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 2 (0x2) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 40 (0x28) smb_vwv[ 7]= 60 (0x3C) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=45 [2012/08/30 15:27:58.259463, 10] ../lib/util/util.c:415(dump_data) [0000] 00 00 00 00 00 64 61 C6 CB E3 86 CD 01 0E E9 1C .....da. ........ [0010] D9 E3 86 CD 01 64 61 C6 CB E3 86 CD 01 64 61 C6 .....da. .....da. [0020] CB E3 86 CD 01 20 00 00 00 00 00 00 00 ..... .. ..... [2012/08/30 15:27:58.260218, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 72 [2012/08/30 15:27:58.260368, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x48 [2012/08/30 15:27:58.260498, 3] smbd/process.c:1662(process_smb) Transaction 134 of length 76 (0 toread) [2012/08/30 15:27:58.260622, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:58.260695, 5] lib/util.c:342(show_msg) size=72 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=292 smb_uid=100 smb_mid=13632 smt_wct=15 smb_vwv[ 0]= 4 (0x4) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 2 (0x2) smb_vwv[ 3]= 4094 (0xFFE) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 4 (0x4) smb_vwv[10]= 68 (0x44) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 1 (0x1) smb_vwv[14]= 7 (0x7) smb_bcc=7 [2012/08/30 15:27:58.262524, 10] ../lib/util/util.c:415(dump_data) [0000] 00 00 00 67 45 FE 03 ...gE.. [2012/08/30 15:27:58.262657, 3] smbd/process.c:1467(switch_message) switch message SMBtrans2 (pid 3054) conn 0x7fd50c011730 [2012/08/30 15:27:58.262779, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/08/30 15:27:58.262899, 3] smbd/trans2.c:5026(call_trans2qfilepathinfo) call_trans2qfilepathinfo: TRANSACT2_QFILEINFO: level = 1022 [2012/08/30 15:27:58.263049, 10] locking/locking.c:663(parse_share_modes) parse_share_modes: owrt: Thu Aug 30 15:15:20 2012 EDT, cwrt: Wed Dec 31 19:00:00 1969 EST, ntok: 0, num_share_modes: 1 [2012/08/30 15:27:58.263211, 10] locking/locking.c:725(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 3054, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0x3440, type= 0x3, gen_id = 1302153913, uid = 10000, flags = 0, file_id 801:23ba6:0, name_hash = 0xcfec0173 [2012/08/30 15:27:58.263331, 10] locking/locking.c:1657(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0xcfec0173 [2012/08/30 15:27:58.263466, 3] smbd/trans2.c:5255(call_trans2qfilepathinfo) call_trans2qfilepathinfo x64/3/HP_4515.ppd (fnum = 17767) level=1022 call=7 total_data=0 [2012/08/30 15:27:58.263613, 5] smbd/trans2.c:4223(smbd_do_qfilepathinfo) smbd_do_qfilepathinfo: x64/3/HP_4515.ppd (fnum = 17767) level=1022 max_data=4094 [2012/08/30 15:27:58.263735, 8] smbd/dosmode.c:621(dos_mode) dos_mode: x64/3/HP_4515.ppd [2012/08/30 15:27:58.263853, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning a [2012/08/30 15:27:58.263975, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning a [2012/08/30 15:27:58.264100, 10] smbd/trans2.c:4675(smbd_do_qfilepathinfo) smbd_do_qfilepathinfo: SMB_FILE_STREAM_INFORMATION [2012/08/30 15:27:58.264223, 9] smbd/trans2.c:935(send_trans2_replies) t2_rep: params_sent_thistime = 2, data_sent_thistime = 38, useable_space = 131010 [2012/08/30 15:27:58.264358, 9] smbd/trans2.c:937(send_trans2_replies) t2_rep: params_to_send = 2, data_to_send = 38, paramsize = 2, datasize = 38 [2012/08/30 15:27:58.264494, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:58.264556, 5] lib/util.c:342(show_msg) size=98 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=2 smb_pid=292 smb_uid=100 smb_mid=13632 smt_wct=10 smb_vwv[ 0]= 2 (0x2) smb_vwv[ 1]= 38 (0x26) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 2 (0x2) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 38 (0x26) smb_vwv[ 7]= 60 (0x3C) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=43 [2012/08/30 15:27:58.265978, 10] ../lib/util/util.c:415(dump_data) [0000] 00 00 00 00 00 00 00 00 00 0E 00 00 00 2A 4F 00 ........ .....*O. [0010] 00 00 00 00 00 00 00 10 00 00 00 00 00 3A 00 3A ........ .....:.: [0020] 00 24 00 44 00 41 00 54 00 41 00 .$.D.A.T .A. [2012/08/30 15:27:58.266688, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 72 [2012/08/30 15:27:58.266818, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x48 [2012/08/30 15:27:58.266939, 3] smbd/process.c:1662(process_smb) Transaction 135 of length 76 (0 toread) [2012/08/30 15:27:58.267074, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:58.267143, 5] lib/util.c:342(show_msg) size=72 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=292 smb_uid=100 smb_mid=13696 smt_wct=15 smb_vwv[ 0]= 4 (0x4) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 2 (0x2) smb_vwv[ 3]= 40 (0x28) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 4 (0x4) smb_vwv[10]= 68 (0x44) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 1 (0x1) smb_vwv[14]= 7 (0x7) smb_bcc=7 [2012/08/30 15:27:58.268920, 10] ../lib/util/util.c:415(dump_data) [0000] 00 00 00 67 45 EC 03 ...gE.. [2012/08/30 15:27:58.269072, 3] smbd/process.c:1467(switch_message) switch message SMBtrans2 (pid 3054) conn 0x7fd50c011730 [2012/08/30 15:27:58.269201, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/08/30 15:27:58.269326, 3] smbd/trans2.c:5026(call_trans2qfilepathinfo) call_trans2qfilepathinfo: TRANSACT2_QFILEINFO: level = 1004 [2012/08/30 15:27:58.269477, 10] locking/locking.c:663(parse_share_modes) parse_share_modes: owrt: Thu Aug 30 15:15:20 2012 EDT, cwrt: Wed Dec 31 19:00:00 1969 EST, ntok: 0, num_share_modes: 1 [2012/08/30 15:27:58.269630, 10] locking/locking.c:725(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 3054, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0x3440, type= 0x3, gen_id = 1302153913, uid = 10000, flags = 0, file_id 801:23ba6:0, name_hash = 0xcfec0173 [2012/08/30 15:27:58.269792, 10] locking/locking.c:1657(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0xcfec0173 [2012/08/30 15:27:58.269917, 3] smbd/trans2.c:5255(call_trans2qfilepathinfo) call_trans2qfilepathinfo x64/3/HP_4515.ppd (fnum = 17767) level=1004 call=7 total_data=0 [2012/08/30 15:27:58.270039, 5] smbd/trans2.c:4223(smbd_do_qfilepathinfo) smbd_do_qfilepathinfo: x64/3/HP_4515.ppd (fnum = 17767) level=1004 max_data=40 [2012/08/30 15:27:58.270168, 8] smbd/dosmode.c:621(dos_mode) dos_mode: x64/3/HP_4515.ppd [2012/08/30 15:27:58.270307, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning a [2012/08/30 15:27:58.270442, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning a [2012/08/30 15:27:58.270669, 10] smbd/trans2.c:4452(smbd_do_qfilepathinfo) smbd_do_qfilepathinfo: SMB_FILE_BASIC_INFORMATION [2012/08/30 15:27:58.270801, 5] smbd/trans2.c:4462(smbd_do_qfilepathinfo) SMB_QFBI - create: Thu Aug 30 15:15:20 2012 access: Thu Aug 30 15:15:42 2012 write: Thu Aug 30 15:15:20 2012 change: Thu Aug 30 15:15:20 2012 mode: 20 [2012/08/30 15:27:58.271203, 9] smbd/trans2.c:935(send_trans2_replies) t2_rep: params_sent_thistime = 2, data_sent_thistime = 40, useable_space = 131010 [2012/08/30 15:27:58.271322, 9] smbd/trans2.c:937(send_trans2_replies) t2_rep: params_to_send = 2, data_to_send = 40, paramsize = 2, datasize = 40 [2012/08/30 15:27:58.271456, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:58.271557, 5] lib/util.c:342(show_msg) size=100 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=2 smb_pid=292 smb_uid=100 smb_mid=13696 smt_wct=10 smb_vwv[ 0]= 2 (0x2) smb_vwv[ 1]= 40 (0x28) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 2 (0x2) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 40 (0x28) smb_vwv[ 7]= 60 (0x3C) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=45 [2012/08/30 15:27:58.272943, 10] ../lib/util/util.c:415(dump_data) [0000] 00 00 00 00 00 64 61 C6 CB E3 86 CD 01 0E E9 1C .....da. ........ [0010] D9 E3 86 CD 01 64 61 C6 CB E3 86 CD 01 64 61 C6 .....da. .....da. [0020] CB E3 86 CD 01 20 00 00 00 00 00 00 00 ..... .. ..... [2012/08/30 15:27:58.274331, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 70 [2012/08/30 15:27:58.274482, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x46 [2012/08/30 15:27:58.274602, 3] smbd/process.c:1662(process_smb) Transaction 136 of length 74 (0 toread) [2012/08/30 15:27:58.274739, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:58.274800, 5] lib/util.c:342(show_msg) size=70 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=292 smb_uid=100 smb_mid=13760 smt_wct=15 smb_vwv[ 0]= 2 (0x2) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 560 (0x230) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 2 (0x2) smb_vwv[10]= 68 (0x44) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 1 (0x1) smb_vwv[14]= 3 (0x3) smb_bcc=5 [2012/08/30 15:27:58.276640, 10] ../lib/util/util.c:415(dump_data) [0000] 00 00 00 05 01 ..... [2012/08/30 15:27:58.276794, 3] smbd/process.c:1467(switch_message) switch message SMBtrans2 (pid 3054) conn 0x7fd50c011730 [2012/08/30 15:27:58.276925, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/08/30 15:27:58.277053, 3] smbd/trans2.c:3507(call_trans2qfsinfo) call_trans2qfsinfo: level = 261 [2012/08/30 15:27:58.277194, 3] smbd/trans2.c:2945(smbd_do_qfsinfo) smbd_do_qfsinfo: level = 261 [2012/08/30 15:27:58.277355, 9] smbd/trans2.c:935(send_trans2_replies) t2_rep: params_sent_thistime = 0, data_sent_thistime = 20, useable_space = 131012 [2012/08/30 15:27:58.277476, 9] smbd/trans2.c:937(send_trans2_replies) t2_rep: params_to_send = 0, data_to_send = 20, paramsize = 0, datasize = 20 [2012/08/30 15:27:58.277632, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:58.277715, 5] lib/util.c:342(show_msg) size=76 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=2 smb_pid=292 smb_uid=100 smb_mid=13760 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 20 (0x14) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 20 (0x14) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=21 [2012/08/30 15:27:58.280165, 10] ../lib/util/util.c:415(dump_data) [0000] 00 2F 00 01 00 FF 00 00 00 08 00 00 00 4E 00 54 ./...... .....N.T [0010] 00 46 00 53 00 .F.S. [2012/08/30 15:27:58.280496, 4] smbd/trans2.c:3523(call_trans2qfsinfo) SMBtrans2 info_level = 261 [2012/08/30 15:27:58.285478, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 59 [2012/08/30 15:27:58.285664, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x3b [2012/08/30 15:27:58.285843, 3] smbd/process.c:1662(process_smb) Transaction 137 of length 63 (0 toread) [2012/08/30 15:27:58.285969, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:58.286034, 5] lib/util.c:342(show_msg) size=59 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=65279 smb_uid=100 smb_mid=13824 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]=17767 (0x4567) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]=20266 (0x4F2A) smb_vwv[ 6]=20266 (0x4F2A) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]=20266 (0x4F2A) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=0 [2012/08/30 15:27:58.287972, 10] ../lib/util/util.c:415(dump_data) [2012/08/30 15:27:58.288049, 3] smbd/process.c:1467(switch_message) switch message SMBreadX (pid 3054) conn 0x7fd50c011730 [2012/08/30 15:27:58.288187, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/08/30 15:27:58.288316, 10] locking/locking.c:121(strict_lock_default) is_locked: optimisation - exclusive oplock on file x64/3/HP_4515.ppd [2012/08/30 15:27:58.288437, 10] locking/locking.c:163(strict_lock_default) strict_lock_default: flavour = WINDOWS_LOCK brl start=0 len=20266 unlocked for fnum 17767 file x64/3/HP_4515.ppd [2012/08/30 15:27:58.288599, 10] smbd/fileio.c:109(read_file) read_file (x64/3/HP_4515.ppd): pos = 0, size = 20266, returned 20266 [2012/08/30 15:27:58.288733, 3] smbd/reply.c:3702(send_file_readX) send_file_readX fnum=17767 max=20266 nread=20266 [2012/08/30 15:27:58.299479, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 114 [2012/08/30 15:27:58.299699, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x72 [2012/08/30 15:27:58.299822, 3] smbd/process.c:1662(process_smb) Transaction 138 of length 118 (0 toread) [2012/08/30 15:27:58.299959, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:58.300021, 5] lib/util.c:342(show_msg) size=114 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=292 smb_uid=100 smb_mid=13888 smt_wct=15 smb_vwv[ 0]= 46 (0x2E) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 10 (0xA) smb_vwv[ 3]=16384 (0x4000) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 46 (0x2E) smb_vwv[10]= 68 (0x44) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 1 (0x1) smb_vwv[14]= 1 (0x1) smb_bcc=49 [2012/08/30 15:27:58.302506, 10] ../lib/util/util.c:415(dump_data) [0000] 00 00 00 16 00 56 05 07 00 04 01 00 00 00 00 5C .....V.. .......\ [0010] 00 78 00 36 00 34 00 5C 00 33 00 5C 00 70 00 73 .x.6.4.\ .3.\.p.s [0020] 00 35 00 75 00 69 00 2E 00 64 00 6C 00 6C 00 00 .5.u.i.. .d.l.l.. [0030] 00 . [2012/08/30 15:27:58.302901, 3] smbd/process.c:1467(switch_message) switch message SMBtrans2 (pid 3054) conn 0x7fd50c011730 [2012/08/30 15:27:58.303032, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/08/30 15:27:58.303164, 3] smbd/trans2.c:2286(call_trans2findfirst) call_trans2findfirst: dirtype = 16, maxentries = 1366, close_after_first=1, close_if_end = 1 requires_resume_key = 1 level = 0x104, max_data_bytes = 16384 [2012/08/30 15:27:58.303295, 5] smbd/filename.c:257(unix_convert) unix_convert called on file "x64/3/ps5ui.dll" [2012/08/30 15:27:58.303428, 10] smbd/statcache.c:244(stat_cache_lookup) stat_cache_lookup: lookup failed for name [X64/3/PS5UI.DLL] [2012/08/30 15:27:58.303621, 10] smbd/statcache.c:283(stat_cache_lookup) stat_cache_lookup: lookup succeeded for name [X64/3] -> [x64/3] [2012/08/30 15:27:58.303757, 5] smbd/filename.c:416(unix_convert) unix_convert begin: name = x64/3/ps5ui.dll, dirpath = x64/3, start = ps5ui.dll [2012/08/30 15:27:58.303902, 5] smbd/statcache.c:143(stat_cache_add) stat_cache_add: Added entry (7fd50c04cf10:size f) X64/3/PS5UI.DLL -> x64/3/ps5ui.dll [2012/08/30 15:27:58.304043, 5] smbd/filename.c:439(unix_convert) conversion of base_name finished x64/3/ps5ui.dll -> x64/3/ps5ui.dll [2012/08/30 15:27:58.304161, 3] smbd/vfs.c:905(check_reduced_name) check_reduced_name [x64/3/ps5ui.dll] [/var/lib/samba/printers] [2012/08/30 15:27:58.304309, 10] smbd/vfs.c:969(check_reduced_name) check_reduced_name realpath [x64/3/ps5ui.dll] -> [/var/lib/samba/printers/x64/3/ps5ui.dll] [2012/08/30 15:27:58.304442, 3] smbd/vfs.c:1039(check_reduced_name) check_reduced_name: x64/3/ps5ui.dll reduced to /var/lib/samba/printers/x64/3/ps5ui.dll [2012/08/30 15:27:58.304576, 5] smbd/trans2.c:2371(call_trans2findfirst) dir=x64/3, mask = ps5ui.dll [2012/08/30 15:27:58.304696, 5] smbd/dir.c:439(dptr_create) dptr_create dir=x64/3 [2012/08/30 15:27:58.304846, 3] smbd/vfs.c:905(check_reduced_name) check_reduced_name [x64/3] [/var/lib/samba/printers] [2012/08/30 15:27:58.304972, 10] smbd/vfs.c:969(check_reduced_name) check_reduced_name realpath [x64/3] -> [/var/lib/samba/printers/x64/3] [2012/08/30 15:27:58.305089, 3] smbd/vfs.c:1039(check_reduced_name) check_reduced_name: x64/3 reduced to /var/lib/samba/printers/x64/3 [2012/08/30 15:27:58.305234, 3] smbd/dir.c:578(dptr_create) creating new dirptr 256 for path x64/3, expect_close = 1 [2012/08/30 15:27:58.305355, 4] smbd/trans2.c:2439(call_trans2findfirst) dptr_num is 256, wcard = ps5ui.dll, attr = 22 [2012/08/30 15:27:58.305473, 8] smbd/trans2.c:2448(call_trans2findfirst) dirpath= dontdescend=<> [2012/08/30 15:27:58.305603, 6] smbd/dir.c:969(smbd_dirptr_get_entry) smbd_dirptr_get_entry: dirptr 0x7fd50c014be0 now at offset -1 [2012/08/30 15:27:58.305740, 8] smbd/dosmode.c:621(dos_mode) dos_mode: x64/3/ps5ui.dll [2012/08/30 15:27:58.305876, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning a [2012/08/30 15:27:58.306011, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning a [2012/08/30 15:27:58.306189, 10] locking/locking.c:1026(fetch_share_mode_unlocked) fetch_share_mode_unlocked: no share_mode record around (file not open) [2012/08/30 15:27:58.306314, 3] smbd/dir.c:1041(smbd_dirptr_get_entry) smbd_dirptr_get_entry mask=[ps5ui.dll] found x64/3/ps5ui.dll fname=ps5ui.dll (ps5ui.dll) [2012/08/30 15:27:58.306457, 10] smbd/trans2.c:1572(smbd_marshall_dir_entry) smbd_marshall_dir_entry: space_remaining = 16384 [2012/08/30 15:27:58.306579, 10] smbd/trans2.c:1721(smbd_marshall_dir_entry) smbd_marshall_dir_entry: SMB_FIND_FILE_BOTH_DIRECTORY_INFO [2012/08/30 15:27:58.306701, 5] smbd/trans2.c:2505(call_trans2findfirst) call_trans2findfirst - (2) closing dptr_num 256 [2012/08/30 15:27:58.306825, 4] smbd/dir.c:257(dptr_close_internal) closing dptr key 256 [2012/08/30 15:27:58.306968, 9] smbd/trans2.c:935(send_trans2_replies) t2_rep: params_sent_thistime = 10, data_sent_thistime = 112, useable_space = 131010 [2012/08/30 15:27:58.307088, 9] smbd/trans2.c:937(send_trans2_replies) t2_rep: params_to_send = 10, data_to_send = 112, paramsize = 10, datasize = 112 [2012/08/30 15:27:58.307210, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:58.307272, 5] lib/util.c:342(show_msg) size=180 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=2 smb_pid=292 smb_uid=100 smb_mid=13888 smt_wct=10 smb_vwv[ 0]= 10 (0xA) smb_vwv[ 1]= 112 (0x70) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 10 (0xA) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 112 (0x70) smb_vwv[ 7]= 68 (0x44) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=125 [2012/08/30 15:27:58.308806, 10] ../lib/util/util.c:415(dump_data) [0000] 00 FD FF 01 00 01 00 00 00 00 00 00 00 70 00 00 ........ .....p.. [0010] 00 00 00 00 00 24 26 B0 2E 28 7B CD 01 F5 54 22 .....$&. .({...T" [0020] CC E3 86 CD 01 24 26 B0 2E 28 7B CD 01 24 26 B0 .....$&. .({..$&. [0030] 2E 28 7B CD 01 00 14 0B 00 00 00 00 00 00 00 10 .({..... ........ [0040] 00 00 00 00 00 20 00 00 00 12 00 00 00 00 00 00 ..... .. ........ [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0060] 00 00 00 00 00 00 00 00 00 00 00 70 00 73 00 35 ........ ...p.s.5 [0070] 00 75 00 69 00 2E 00 64 00 6C 00 6C 00 .u.i...d .l.l. [2012/08/30 15:27:58.309636, 4] smbd/trans2.c:2549(call_trans2findfirst) SMBtrans2 mask=ps5ui.dll directory=x64/3 dirtype=22 numentries=1 [2012/08/30 15:27:58.315438, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 114 [2012/08/30 15:27:58.315649, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x72 [2012/08/30 15:27:58.315770, 3] smbd/process.c:1662(process_smb) Transaction 139 of length 118 (0 toread) [2012/08/30 15:27:58.315891, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:58.315953, 5] lib/util.c:342(show_msg) size=114 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=292 smb_uid=100 smb_mid=13952 smt_wct=15 smb_vwv[ 0]= 46 (0x2E) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 10 (0xA) smb_vwv[ 3]=16384 (0x4000) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 46 (0x2E) smb_vwv[10]= 68 (0x44) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 1 (0x1) smb_vwv[14]= 1 (0x1) smb_bcc=49 [2012/08/30 15:27:58.317830, 10] ../lib/util/util.c:415(dump_data) [0000] 00 00 00 16 00 56 05 07 00 04 01 00 00 00 00 5C .....V.. .......\ [0010] 00 78 00 36 00 34 00 5C 00 33 00 5C 00 70 00 73 .x.6.4.\ .3.\.p.s [0020] 00 35 00 75 00 69 00 2E 00 64 00 6C 00 6C 00 00 .5.u.i.. .d.l.l.. [0030] 00 . [2012/08/30 15:27:58.318208, 3] smbd/process.c:1467(switch_message) switch message SMBtrans2 (pid 3054) conn 0x7fd50c011730 [2012/08/30 15:27:58.318369, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/08/30 15:27:58.318501, 3] smbd/trans2.c:2286(call_trans2findfirst) call_trans2findfirst: dirtype = 16, maxentries = 1366, close_after_first=1, close_if_end = 1 requires_resume_key = 1 level = 0x104, max_data_bytes = 16384 [2012/08/30 15:27:58.318647, 5] smbd/filename.c:257(unix_convert) unix_convert called on file "x64/3/ps5ui.dll" [2012/08/30 15:27:58.318786, 10] smbd/statcache.c:283(stat_cache_lookup) stat_cache_lookup: lookup succeeded for name [X64/3/PS5UI.DLL] -> [x64/3/ps5ui.dll] [2012/08/30 15:27:58.319082, 3] smbd/vfs.c:905(check_reduced_name) check_reduced_name [x64/3/ps5ui.dll] [/var/lib/samba/printers] [2012/08/30 15:27:58.319224, 10] smbd/vfs.c:969(check_reduced_name) check_reduced_name realpath [x64/3/ps5ui.dll] -> [/var/lib/samba/printers/x64/3/ps5ui.dll] [2012/08/30 15:27:58.319519, 3] smbd/vfs.c:1039(check_reduced_name) check_reduced_name: x64/3/ps5ui.dll reduced to /var/lib/samba/printers/x64/3/ps5ui.dll [2012/08/30 15:27:58.319662, 5] smbd/trans2.c:2371(call_trans2findfirst) dir=x64/3, mask = ps5ui.dll [2012/08/30 15:27:58.319782, 5] smbd/dir.c:439(dptr_create) dptr_create dir=x64/3 [2012/08/30 15:27:58.319917, 3] smbd/vfs.c:905(check_reduced_name) check_reduced_name [x64/3] [/var/lib/samba/printers] [2012/08/30 15:27:58.320895, 10] smbd/vfs.c:969(check_reduced_name) check_reduced_name realpath [x64/3] -> [/var/lib/samba/printers/x64/3] [2012/08/30 15:27:58.321072, 3] smbd/vfs.c:1039(check_reduced_name) check_reduced_name: x64/3 reduced to /var/lib/samba/printers/x64/3 [2012/08/30 15:27:58.321219, 3] smbd/dir.c:578(dptr_create) creating new dirptr 256 for path x64/3, expect_close = 1 [2012/08/30 15:27:58.321337, 4] smbd/trans2.c:2439(call_trans2findfirst) dptr_num is 256, wcard = ps5ui.dll, attr = 22 [2012/08/30 15:27:58.321477, 8] smbd/trans2.c:2448(call_trans2findfirst) dirpath= dontdescend=<> [2012/08/30 15:27:58.321610, 6] smbd/dir.c:969(smbd_dirptr_get_entry) smbd_dirptr_get_entry: dirptr 0x7fd50c02dd90 now at offset -1 [2012/08/30 15:27:58.321731, 8] smbd/dosmode.c:621(dos_mode) dos_mode: x64/3/ps5ui.dll [2012/08/30 15:27:58.322014, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning a [2012/08/30 15:27:58.322150, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning a [2012/08/30 15:27:58.322282, 10] locking/locking.c:1026(fetch_share_mode_unlocked) fetch_share_mode_unlocked: no share_mode record around (file not open) [2012/08/30 15:27:58.322417, 3] smbd/dir.c:1041(smbd_dirptr_get_entry) smbd_dirptr_get_entry mask=[ps5ui.dll] found x64/3/ps5ui.dll fname=ps5ui.dll (ps5ui.dll) [2012/08/30 15:27:58.322557, 10] smbd/trans2.c:1572(smbd_marshall_dir_entry) smbd_marshall_dir_entry: space_remaining = 16384 [2012/08/30 15:27:58.322689, 10] smbd/trans2.c:1721(smbd_marshall_dir_entry) smbd_marshall_dir_entry: SMB_FIND_FILE_BOTH_DIRECTORY_INFO [2012/08/30 15:27:58.322815, 5] smbd/trans2.c:2505(call_trans2findfirst) call_trans2findfirst - (2) closing dptr_num 256 [2012/08/30 15:27:58.322950, 4] smbd/dir.c:257(dptr_close_internal) closing dptr key 256 [2012/08/30 15:27:58.323108, 9] smbd/trans2.c:935(send_trans2_replies) t2_rep: params_sent_thistime = 10, data_sent_thistime = 112, useable_space = 131010 [2012/08/30 15:27:58.323231, 9] smbd/trans2.c:937(send_trans2_replies) t2_rep: params_to_send = 10, data_to_send = 112, paramsize = 10, datasize = 112 [2012/08/30 15:27:58.323386, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:58.323449, 5] lib/util.c:342(show_msg) size=180 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=2 smb_pid=292 smb_uid=100 smb_mid=13952 smt_wct=10 smb_vwv[ 0]= 10 (0xA) smb_vwv[ 1]= 112 (0x70) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 10 (0xA) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 112 (0x70) smb_vwv[ 7]= 68 (0x44) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=125 [2012/08/30 15:27:58.324871, 10] ../lib/util/util.c:415(dump_data) [0000] 00 FD FF 01 00 01 00 00 00 00 00 00 00 70 00 00 ........ .....p.. [0010] 00 00 00 00 00 24 26 B0 2E 28 7B CD 01 F5 54 22 .....$&. .({...T" [0020] CC E3 86 CD 01 24 26 B0 2E 28 7B CD 01 24 26 B0 .....$&. .({..$&. [0030] 2E 28 7B CD 01 00 14 0B 00 00 00 00 00 00 00 10 .({..... ........ [0040] 00 00 00 00 00 20 00 00 00 12 00 00 00 00 00 00 ..... .. ........ [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0060] 00 00 00 00 00 00 00 00 00 00 00 70 00 73 00 35 ........ ...p.s.5 [0070] 00 75 00 69 00 2E 00 64 00 6C 00 6C 00 .u.i...d .l.l. [2012/08/30 15:27:58.325631, 4] smbd/trans2.c:2549(call_trans2findfirst) SMBtrans2 mask=ps5ui.dll directory=x64/3 dirtype=22 numentries=1 [2012/08/30 15:27:58.327679, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 118 [2012/08/30 15:27:58.327849, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x76 [2012/08/30 15:27:58.327976, 3] smbd/process.c:1662(process_smb) Transaction 140 of length 122 (0 toread) [2012/08/30 15:27:58.328095, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:58.328165, 5] lib/util.c:342(show_msg) size=118 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=292 smb_uid=100 smb_mid=14016 smt_wct=24 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 8192 (0x2000) smb_vwv[ 3]= 5632 (0x1600) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]=35072 (0x8900) smb_vwv[ 8]= 512 (0x200) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 256 (0x100) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 256 (0x100) smb_vwv[18]= 0 (0x0) smb_vwv[19]=16384 (0x4000) smb_vwv[20]= 0 (0x0) smb_vwv[21]= 512 (0x200) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 768 (0x300) smb_bcc=35 [2012/08/30 15:27:58.330515, 10] ../lib/util/util.c:415(dump_data) [0000] 00 5C 00 78 00 36 00 34 00 5C 00 33 00 5C 00 70 .\.x.6.4 .\.3.\.p [0010] 00 73 00 35 00 75 00 69 00 2E 00 64 00 6C 00 6C .s.5.u.i ...d.l.l [0020] 00 00 00 ... [2012/08/30 15:27:58.330804, 3] smbd/process.c:1467(switch_message) switch message SMBntcreateX (pid 3054) conn 0x7fd50c011730 [2012/08/30 15:27:58.330927, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/08/30 15:27:58.331050, 10] smbd/nttrans.c:500(reply_ntcreate_and_X) reply_ntcreate_and_X: flags = 0x16, access_mask = 0x20089 file_attributes = 0x0, share_access = 0x1, create_disposition = 0x1 create_options = 0x40 root_dir_fid = 0x0, fname = x64/3/ps5ui.dll [2012/08/30 15:27:58.331191, 5] smbd/filename.c:257(unix_convert) unix_convert called on file "x64/3/ps5ui.dll" [2012/08/30 15:27:58.331361, 10] smbd/statcache.c:283(stat_cache_lookup) stat_cache_lookup: lookup succeeded for name [X64/3/PS5UI.DLL] -> [x64/3/ps5ui.dll] [2012/08/30 15:27:58.331525, 3] smbd/vfs.c:905(check_reduced_name) check_reduced_name [x64/3/ps5ui.dll] [/var/lib/samba/printers] [2012/08/30 15:27:58.331663, 10] smbd/vfs.c:969(check_reduced_name) check_reduced_name realpath [x64/3/ps5ui.dll] -> [/var/lib/samba/printers/x64/3/ps5ui.dll] [2012/08/30 15:27:58.331798, 3] smbd/vfs.c:1039(check_reduced_name) check_reduced_name: x64/3/ps5ui.dll reduced to /var/lib/samba/printers/x64/3/ps5ui.dll [2012/08/30 15:27:58.331935, 10] smbd/open.c:3607(create_file_default) create_file: access_mask = 0x20089 file_attributes = 0x0, share_access = 0x1, create_disposition = 0x1 create_options = 0x40 oplock_request = 0x3 private_flags = 0x0 root_dir_fid = 0x0, ea_list = 0x(nil), sd = 0x(nil), fname = x64/3/ps5ui.dll [2012/08/30 15:27:58.332058, 10] smbd/open.c:3127(create_file_unixpath) create_file_unixpath: access_mask = 0x20089 file_attributes = 0x0, share_access = 0x1, create_disposition = 0x1 create_options = 0x40 oplock_request = 0x3 private_flags = 0x0 ea_list = 0x(nil), sd = 0x(nil), fname = x64/3/ps5ui.dll [2012/08/30 15:27:58.332211, 5] smbd/files.c:140(file_new) allocated file structure 13672, fnum = 17768 (4 used) [2012/08/30 15:27:58.332351, 10] smbd/files.c:705(file_name_hash) file_name_hash: /var/lib/samba/printers/x64/3/ps5ui.dll hash 0xe1875e7e [2012/08/30 15:27:58.332474, 3] smbd/dosmode.c:159(unix_mode) unix_mode(x64/3/ps5ui.dll) returning 0744 [2012/08/30 15:27:58.332593, 10] smbd/open.c:1605(open_file_ntcreate) open_file_ntcreate: fname=x64/3/ps5ui.dll, dos_attrs=0x0 access_mask=0x20089 share_access=0x1 create_disposition = 0x1 create_options=0x40 unix mode=0744 oplock_request=3 private_flags = 0x0 [2012/08/30 15:27:58.332731, 8] smbd/dosmode.c:621(dos_mode) dos_mode: x64/3/ps5ui.dll [2012/08/30 15:27:58.332876, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning a [2012/08/30 15:27:58.332995, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning a [2012/08/30 15:27:58.333131, 10] smbd/open.c:1778(open_file_ntcreate) open_file_ntcreate: fname=x64/3/ps5ui.dll, after mapping access_mask=0x20089 [2012/08/30 15:27:58.333273, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 0108000000000000A73B [2012/08/30 15:27:58.333442, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fd50c04d360 [2012/08/30 15:27:58.333579, 10] locking/brlock.c:1814(brl_get_locks_internal) brl_get_locks_internal: 0 current locks on file_id 801:23ba7:0 [2012/08/30 15:27:58.333716, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 0108000000000000A73B [2012/08/30 15:27:58.333993, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 0108000000000000A73B [2012/08/30 15:27:58.334144, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fd50c04d5a0 [2012/08/30 15:27:58.334266, 10] smbd/open.c:1163(grant_fsp_oplock_type) grant_fsp_oplock_type: oplock type 0x3 on file x64/3/ps5ui.dll [2012/08/30 15:27:58.334413, 4] smbd/open.c:2069(open_file_ntcreate) calling open_file with flags=0x0 flags2=0x0 mode=0744, access_mask = 0x20089, open_access_mask = 0x20089 [2012/08/30 15:27:58.334541, 10] smbd/open.c:189(fd_open) fd_open: name x64/3/ps5ui.dll, flags = 00 mode = 0744, fd = 38. [2012/08/30 15:27:58.334676, 2] smbd/open.c:704(open_file) administrator opened file x64/3/ps5ui.dll read=Yes write=No (numopen=3) [2012/08/30 15:27:58.334803, 3] smbd/oplock_linux.c:142(linux_set_kernel_oplock) linux_set_kernel_oplock: got kernel oplock on file x64/3/ps5ui.dll, file_id = 801:23ba7:0 gen_id = 1302153914 [2012/08/30 15:27:58.334924, 5] smbd/oplock.c:92(set_file_oplock) set_file_oplock: granted oplock on file x64/3/ps5ui.dll, 801:23ba7:0/1302153914, tv_sec = 503fbebe, tv_usec = 511b1 [2012/08/30 15:27:58.335065, 10] locking/locking.c:801(unparse_share_modes) unparse_share_modes: owrt: Wed Aug 15 16:54:38 2012 EDT cwrt: Wed Dec 31 19:00:00 1969 EST, ntok: 0, num: 1 [2012/08/30 15:27:58.335217, 10] locking/locking.c:536(print_share_mode_table) print_share_mode_table: share_mode_entry[0]: pid = 3054, share_access = 0x1, private_options = 0x0, access_mask = 0x20089, mid = 0x36c0, type= 0x3, gen_id = 1302153914, uid = 10000, flags = 0, file_id 801:23ba7:0, name_hash = 0xe1875e7e [2012/08/30 15:27:58.335373, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 0108000000000000A73B [2012/08/30 15:27:58.335559, 10] smbd/open.c:3419(create_file_unixpath) create_file_unixpath: info=1 [2012/08/30 15:27:58.335687, 10] smbd/open.c:3695(create_file_default) create_file: info=1 [2012/08/30 15:27:58.335822, 8] smbd/dosmode.c:621(dos_mode) dos_mode: x64/3/ps5ui.dll [2012/08/30 15:27:58.335943, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning a [2012/08/30 15:27:58.336060, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning a [2012/08/30 15:27:58.336199, 10] locking/locking.c:663(parse_share_modes) parse_share_modes: owrt: Wed Aug 15 16:54:38 2012 EDT, cwrt: Wed Dec 31 19:00:00 1969 EST, ntok: 0, num_share_modes: 1 [2012/08/30 15:27:58.336338, 10] locking/locking.c:725(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 3054, share_access = 0x1, private_options = 0x0, access_mask = 0x20089, mid = 0x36c0, type= 0x3, gen_id = 1302153914, uid = 10000, flags = 0, file_id 801:23ba7:0, name_hash = 0xe1875e7e [2012/08/30 15:27:58.336465, 10] smbd/file_access.c:204(can_access_file_data) can_access_file_data: requesting 0x2 on file x64/3/ps5ui.dll [2012/08/30 15:27:58.336599, 5] smbd/nttrans.c:725(reply_ntcreate_and_X) reply_ntcreate_and_X: fnum = 17768, open name = x64/3/ps5ui.dll [2012/08/30 15:27:58.337388, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 72 [2012/08/30 15:27:58.337544, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x48 [2012/08/30 15:27:58.337676, 3] smbd/process.c:1662(process_smb) Transaction 141 of length 76 (0 toread) [2012/08/30 15:27:58.337830, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:58.337901, 5] lib/util.c:342(show_msg) size=72 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=292 smb_uid=100 smb_mid=14080 smt_wct=15 smb_vwv[ 0]= 4 (0x4) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 2 (0x2) smb_vwv[ 3]= 8 (0x8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 4 (0x4) smb_vwv[10]= 68 (0x44) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 1 (0x1) smb_vwv[14]= 7 (0x7) smb_bcc=7 [2012/08/30 15:27:58.339681, 10] ../lib/util/util.c:415(dump_data) [0000] 00 00 00 68 45 EE 03 ...hE.. [2012/08/30 15:27:58.339812, 3] smbd/process.c:1467(switch_message) switch message SMBtrans2 (pid 3054) conn 0x7fd50c011730 [2012/08/30 15:27:58.339929, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/08/30 15:27:58.340212, 3] smbd/trans2.c:5026(call_trans2qfilepathinfo) call_trans2qfilepathinfo: TRANSACT2_QFILEINFO: level = 1006 [2012/08/30 15:27:58.340355, 10] locking/locking.c:663(parse_share_modes) parse_share_modes: owrt: Wed Aug 15 16:54:38 2012 EDT, cwrt: Wed Dec 31 19:00:00 1969 EST, ntok: 0, num_share_modes: 1 [2012/08/30 15:27:58.340512, 10] locking/locking.c:725(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 3054, share_access = 0x1, private_options = 0x0, access_mask = 0x20089, mid = 0x36c0, type= 0x3, gen_id = 1302153914, uid = 10000, flags = 0, file_id 801:23ba7:0, name_hash = 0xe1875e7e [2012/08/30 15:27:58.340635, 10] locking/locking.c:1657(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0xe1875e7e [2012/08/30 15:27:58.340764, 3] smbd/trans2.c:5255(call_trans2qfilepathinfo) call_trans2qfilepathinfo x64/3/ps5ui.dll (fnum = 17768) level=1006 call=7 total_data=0 [2012/08/30 15:27:58.340890, 5] smbd/trans2.c:4223(smbd_do_qfilepathinfo) smbd_do_qfilepathinfo: x64/3/ps5ui.dll (fnum = 17768) level=1006 max_data=8 [2012/08/30 15:27:58.341025, 8] smbd/dosmode.c:621(dos_mode) dos_mode: x64/3/ps5ui.dll [2012/08/30 15:27:58.341143, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning a [2012/08/30 15:27:58.341279, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning a [2012/08/30 15:27:58.341418, 10] smbd/trans2.c:4615(smbd_do_qfilepathinfo) smbd_do_qfilepathinfo: SMB_FILE_INTERNAL_INFORMATION [2012/08/30 15:27:58.341537, 9] smbd/trans2.c:935(send_trans2_replies) t2_rep: params_sent_thistime = 2, data_sent_thistime = 8, useable_space = 131010 [2012/08/30 15:27:58.341690, 9] smbd/trans2.c:937(send_trans2_replies) t2_rep: params_to_send = 2, data_to_send = 8, paramsize = 2, datasize = 8 [2012/08/30 15:27:58.341817, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:58.341878, 5] lib/util.c:342(show_msg) size=68 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=2 smb_pid=292 smb_uid=100 smb_mid=14080 smt_wct=10 smb_vwv[ 0]= 2 (0x2) smb_vwv[ 1]= 8 (0x8) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 2 (0x2) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 8 (0x8) smb_vwv[ 7]= 60 (0x3C) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=13 [2012/08/30 15:27:58.343274, 10] ../lib/util/util.c:415(dump_data) [0000] 00 00 00 00 00 A7 3B 02 00 00 00 00 00 ......;. ..... [2012/08/30 15:27:58.344935, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 59 [2012/08/30 15:27:58.345112, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x3b [2012/08/30 15:27:58.345232, 3] smbd/process.c:1662(process_smb) Transaction 142 of length 63 (0 toread) [2012/08/30 15:27:58.345353, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:58.345415, 5] lib/util.c:342(show_msg) size=59 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=59399 smb_tid=2 smb_pid=65279 smb_uid=100 smb_mid=14144 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]=17768 (0x4568) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 4096 (0x1000) smb_vwv[ 6]= 4096 (0x1000) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 4096 (0x1000) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=0 [2012/08/30 15:27:58.347130, 10] ../lib/util/util.c:415(dump_data) [2012/08/30 15:27:58.347202, 3] smbd/process.c:1467(switch_message) switch message SMBreadX (pid 3054) conn 0x7fd50c011730 [2012/08/30 15:27:58.347323, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/08/30 15:27:58.347465, 10] locking/locking.c:121(strict_lock_default) is_locked: optimisation - exclusive oplock on file x64/3/ps5ui.dll [2012/08/30 15:27:58.347966, 10] locking/locking.c:163(strict_lock_default) strict_lock_default: flavour = WINDOWS_LOCK brl start=0 len=4096 unlocked for fnum 17768 file x64/3/ps5ui.dll [2012/08/30 15:27:58.348113, 10] smbd/fileio.c:109(read_file) read_file (x64/3/ps5ui.dll): pos = 0, size = 4096, returned 4096 [2012/08/30 15:27:58.348235, 3] smbd/reply.c:3702(send_file_readX) send_file_readX fnum=17768 max=4096 nread=4096 [2012/08/30 15:27:58.351683, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 41 [2012/08/30 15:27:58.351893, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x29 [2012/08/30 15:27:58.352033, 3] smbd/process.c:1662(process_smb) Transaction 143 of length 45 (0 toread) [2012/08/30 15:27:58.352152, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:58.352234, 5] lib/util.c:342(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=65279 smb_uid=100 smb_mid=14208 smt_wct=3 smb_vwv[ 0]=17768 (0x4568) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2012/08/30 15:27:58.353227, 10] ../lib/util/util.c:415(dump_data) [2012/08/30 15:27:58.353292, 3] smbd/process.c:1467(switch_message) switch message SMBclose (pid 3054) conn 0x7fd50c011730 [2012/08/30 15:27:58.353416, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/08/30 15:27:58.353553, 3] smbd/reply.c:4848(reply_close) close fd=38 fnum=17768 (numopen=3) [2012/08/30 15:27:58.353673, 6] smbd/close.c:532(set_close_write_time) close_write_time: Sun Feb 7 01:28:15 2106 [2012/08/30 15:27:58.353830, 10] smbd/oplock_linux.c:154(linux_release_kernel_oplock) linux_release_kernel_oplock: file x64/3/ps5ui.dll, file_id = 801:23ba7:0 gen_id = 1302153914 has kernel oplock state of 1. [2012/08/30 15:27:58.353976, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 0108000000000000A73B [2012/08/30 15:27:58.354105, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fd50c04eef0 [2012/08/30 15:27:58.354244, 10] locking/locking.c:663(parse_share_modes) parse_share_modes: owrt: Wed Aug 15 16:54:38 2012 EDT, cwrt: Wed Dec 31 19:00:00 1969 EST, ntok: 0, num_share_modes: 1 [2012/08/30 15:27:58.354387, 10] locking/locking.c:725(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 3054, share_access = 0x1, private_options = 0x0, access_mask = 0x20089, mid = 0x36c0, type= 0x3, gen_id = 1302153914, uid = 10000, flags = 0, file_id 801:23ba7:0, name_hash = 0xe1875e7e [2012/08/30 15:27:58.354510, 10] locking/locking.c:1657(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0xe1875e7e [2012/08/30 15:27:58.354636, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 0108000000000000A73B [2012/08/30 15:27:58.354767, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file x64/3/ps5ui.dll = 0 [2012/08/30 15:27:58.354888, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file x64/3/ps5ui.dll [2012/08/30 15:27:58.355034, 2] smbd/close.c:696(close_normal_file) administrator closed file x64/3/ps5ui.dll (numopen=2) NT_STATUS_OK [2012/08/30 15:27:58.355168, 5] smbd/files.c:482(file_free) freed files structure 17768 (3 used) [2012/08/30 15:27:58.355290, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:58.355355, 5] lib/util.c:342(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=2 smb_pid=65279 smb_uid=100 smb_mid=14208 smt_wct=0 smb_bcc=0 [2012/08/30 15:27:58.356999, 10] ../lib/util/util.c:415(dump_data) [2012/08/30 15:27:58.361401, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 118 [2012/08/30 15:27:58.361947, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x76 [2012/08/30 15:27:58.362140, 3] smbd/process.c:1662(process_smb) Transaction 144 of length 122 (0 toread) [2012/08/30 15:27:58.362348, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:58.362428, 5] lib/util.c:342(show_msg) size=118 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=292 smb_uid=100 smb_mid=14272 smt_wct=24 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 8192 (0x2000) smb_vwv[ 3]= 5632 (0x1600) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]=35072 (0x8900) smb_vwv[ 8]= 512 (0x200) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 768 (0x300) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 256 (0x100) smb_vwv[18]= 0 (0x0) smb_vwv[19]= 0 (0x0) smb_vwv[20]= 0 (0x0) smb_vwv[21]= 512 (0x200) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 768 (0x300) smb_bcc=35 [2012/08/30 15:27:58.369562, 10] ../lib/util/util.c:415(dump_data) [0000] 00 5C 00 78 00 36 00 34 00 5C 00 33 00 5C 00 70 .\.x.6.4 .\.3.\.p [0010] 00 73 00 35 00 75 00 69 00 2E 00 64 00 6C 00 6C .s.5.u.i ...d.l.l [0020] 00 00 00 ... [2012/08/30 15:27:58.369977, 3] smbd/process.c:1467(switch_message) switch message SMBntcreateX (pid 3054) conn 0x7fd50c011730 [2012/08/30 15:27:58.370195, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/08/30 15:27:58.370429, 10] smbd/nttrans.c:500(reply_ntcreate_and_X) reply_ntcreate_and_X: flags = 0x16, access_mask = 0x20089 file_attributes = 0x0, share_access = 0x3, create_disposition = 0x1 create_options = 0x0 root_dir_fid = 0x0, fname = x64/3/ps5ui.dll [2012/08/30 15:27:58.370653, 5] smbd/filename.c:257(unix_convert) unix_convert called on file "x64/3/ps5ui.dll" [2012/08/30 15:27:58.370866, 10] smbd/statcache.c:283(stat_cache_lookup) stat_cache_lookup: lookup succeeded for name [X64/3/PS5UI.DLL] -> [x64/3/ps5ui.dll] [2012/08/30 15:27:58.371056, 3] smbd/vfs.c:905(check_reduced_name) check_reduced_name [x64/3/ps5ui.dll] [/var/lib/samba/printers] [2012/08/30 15:27:58.371250, 10] smbd/vfs.c:969(check_reduced_name) check_reduced_name realpath [x64/3/ps5ui.dll] -> [/var/lib/samba/printers/x64/3/ps5ui.dll] [2012/08/30 15:27:58.371425, 3] smbd/vfs.c:1039(check_reduced_name) check_reduced_name: x64/3/ps5ui.dll reduced to /var/lib/samba/printers/x64/3/ps5ui.dll [2012/08/30 15:27:58.371592, 10] smbd/open.c:3607(create_file_default) create_file: access_mask = 0x20089 file_attributes = 0x0, share_access = 0x3, create_disposition = 0x1 create_options = 0x0 oplock_request = 0x3 private_flags = 0x0 root_dir_fid = 0x0, ea_list = 0x(nil), sd = 0x(nil), fname = x64/3/ps5ui.dll [2012/08/30 15:27:58.371755, 10] smbd/open.c:3127(create_file_unixpath) create_file_unixpath: access_mask = 0x20089 file_attributes = 0x0, share_access = 0x3, create_disposition = 0x1 create_options = 0x0 oplock_request = 0x3 private_flags = 0x0 ea_list = 0x(nil), sd = 0x(nil), fname = x64/3/ps5ui.dll [2012/08/30 15:27:58.371884, 5] smbd/files.c:140(file_new) allocated file structure 13673, fnum = 17769 (4 used) [2012/08/30 15:27:58.372011, 10] smbd/files.c:705(file_name_hash) file_name_hash: /var/lib/samba/printers/x64/3/ps5ui.dll hash 0xe1875e7e [2012/08/30 15:27:58.372143, 3] smbd/dosmode.c:159(unix_mode) unix_mode(x64/3/ps5ui.dll) returning 0744 [2012/08/30 15:27:58.372266, 10] smbd/open.c:1605(open_file_ntcreate) open_file_ntcreate: fname=x64/3/ps5ui.dll, dos_attrs=0x0 access_mask=0x20089 share_access=0x3 create_disposition = 0x1 create_options=0x0 unix mode=0744 oplock_request=3 private_flags = 0x0 [2012/08/30 15:27:58.375540, 8] smbd/dosmode.c:621(dos_mode) dos_mode: x64/3/ps5ui.dll [2012/08/30 15:27:58.375673, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning a [2012/08/30 15:27:58.375812, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning a [2012/08/30 15:27:58.375950, 10] smbd/open.c:1778(open_file_ntcreate) open_file_ntcreate: fname=x64/3/ps5ui.dll, after mapping access_mask=0x20089 [2012/08/30 15:27:58.376080, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 0108000000000000A73B [2012/08/30 15:27:58.376236, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fd50c04d360 [2012/08/30 15:27:58.376374, 10] locking/brlock.c:1814(brl_get_locks_internal) brl_get_locks_internal: 0 current locks on file_id 801:23ba7:0 [2012/08/30 15:27:58.376495, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 0108000000000000A73B [2012/08/30 15:27:58.376647, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 0108000000000000A73B [2012/08/30 15:27:58.376786, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fd50c04d5a0 [2012/08/30 15:27:58.376923, 10] smbd/open.c:1163(grant_fsp_oplock_type) grant_fsp_oplock_type: oplock type 0x3 on file x64/3/ps5ui.dll [2012/08/30 15:27:58.377044, 4] smbd/open.c:2069(open_file_ntcreate) calling open_file with flags=0x0 flags2=0x0 mode=0744, access_mask = 0x20089, open_access_mask = 0x20089 [2012/08/30 15:27:58.377178, 10] smbd/open.c:189(fd_open) fd_open: name x64/3/ps5ui.dll, flags = 00 mode = 0744, fd = 38. [2012/08/30 15:27:58.377299, 2] smbd/open.c:704(open_file) administrator opened file x64/3/ps5ui.dll read=Yes write=No (numopen=3) [2012/08/30 15:27:58.377424, 3] smbd/oplock_linux.c:142(linux_set_kernel_oplock) linux_set_kernel_oplock: got kernel oplock on file x64/3/ps5ui.dll, file_id = 801:23ba7:0 gen_id = 1302153915 [2012/08/30 15:27:58.377567, 5] smbd/oplock.c:92(set_file_oplock) set_file_oplock: granted oplock on file x64/3/ps5ui.dll, 801:23ba7:0/1302153915, tv_sec = 503fbebe, tv_usec = 5acab [2012/08/30 15:27:58.377695, 10] locking/locking.c:801(unparse_share_modes) unparse_share_modes: owrt: Wed Aug 15 16:54:38 2012 EDT cwrt: Wed Dec 31 19:00:00 1969 EST, ntok: 0, num: 1 [2012/08/30 15:27:58.377833, 10] locking/locking.c:536(print_share_mode_table) print_share_mode_table: share_mode_entry[0]: pid = 3054, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0x37c0, type= 0x3, gen_id = 1302153915, uid = 10000, flags = 0, file_id 801:23ba7:0, name_hash = 0xe1875e7e [2012/08/30 15:27:58.377984, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 0108000000000000A73B [2012/08/30 15:27:58.378115, 10] smbd/open.c:3419(create_file_unixpath) create_file_unixpath: info=1 [2012/08/30 15:27:58.378233, 10] smbd/open.c:3695(create_file_default) create_file: info=1 [2012/08/30 15:27:58.378370, 8] smbd/dosmode.c:621(dos_mode) dos_mode: x64/3/ps5ui.dll [2012/08/30 15:27:58.378492, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning a [2012/08/30 15:27:58.378610, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning a [2012/08/30 15:27:58.378738, 10] locking/locking.c:663(parse_share_modes) parse_share_modes: owrt: Wed Aug 15 16:54:38 2012 EDT, cwrt: Wed Dec 31 19:00:00 1969 EST, ntok: 0, num_share_modes: 1 [2012/08/30 15:27:58.378891, 10] locking/locking.c:725(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 3054, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0x37c0, type= 0x3, gen_id = 1302153915, uid = 10000, flags = 0, file_id 801:23ba7:0, name_hash = 0xe1875e7e [2012/08/30 15:27:58.379029, 10] smbd/file_access.c:204(can_access_file_data) can_access_file_data: requesting 0x2 on file x64/3/ps5ui.dll [2012/08/30 15:27:58.379164, 5] smbd/nttrans.c:725(reply_ntcreate_and_X) reply_ntcreate_and_X: fnum = 17769, open name = x64/3/ps5ui.dll [2012/08/30 15:27:58.382180, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 41 [2012/08/30 15:27:58.382409, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x29 [2012/08/30 15:27:58.382555, 3] smbd/process.c:1662(process_smb) Transaction 145 of length 45 (0 toread) [2012/08/30 15:27:58.382697, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:58.382776, 5] lib/util.c:342(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=65279 smb_uid=100 smb_mid=14336 smt_wct=3 smb_vwv[ 0]=17769 (0x4569) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2012/08/30 15:27:58.383628, 10] ../lib/util/util.c:415(dump_data) [2012/08/30 15:27:58.383695, 3] smbd/process.c:1467(switch_message) switch message SMBclose (pid 3054) conn 0x7fd50c011730 [2012/08/30 15:27:58.383818, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/08/30 15:27:58.383955, 3] smbd/reply.c:4848(reply_close) close fd=38 fnum=17769 (numopen=3) [2012/08/30 15:27:58.385095, 6] smbd/close.c:532(set_close_write_time) close_write_time: Sun Feb 7 01:28:15 2106 [2012/08/30 15:27:58.385240, 10] smbd/oplock_linux.c:154(linux_release_kernel_oplock) linux_release_kernel_oplock: file x64/3/ps5ui.dll, file_id = 801:23ba7:0 gen_id = 1302153915 has kernel oplock state of 1. [2012/08/30 15:27:58.385428, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 0108000000000000A73B [2012/08/30 15:27:58.385562, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fd50c04eef0 [2012/08/30 15:27:58.385692, 10] locking/locking.c:663(parse_share_modes) parse_share_modes: owrt: Wed Aug 15 16:54:38 2012 EDT, cwrt: Wed Dec 31 19:00:00 1969 EST, ntok: 0, num_share_modes: 1 [2012/08/30 15:27:58.385836, 10] locking/locking.c:725(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 3054, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0x37c0, type= 0x3, gen_id = 1302153915, uid = 10000, flags = 0, file_id 801:23ba7:0, name_hash = 0xe1875e7e [2012/08/30 15:27:58.386014, 10] locking/locking.c:1657(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0xe1875e7e [2012/08/30 15:27:58.386141, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 0108000000000000A73B [2012/08/30 15:27:58.386281, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file x64/3/ps5ui.dll = 0 [2012/08/30 15:27:58.386408, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file x64/3/ps5ui.dll [2012/08/30 15:27:58.386537, 2] smbd/close.c:696(close_normal_file) administrator closed file x64/3/ps5ui.dll (numopen=2) NT_STATUS_OK [2012/08/30 15:27:58.386669, 5] smbd/files.c:482(file_free) freed files structure 17769 (3 used) [2012/08/30 15:27:58.386797, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:58.386861, 5] lib/util.c:342(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=2 smb_pid=65279 smb_uid=100 smb_mid=14336 smt_wct=0 smb_bcc=0 [2012/08/30 15:27:58.387746, 10] ../lib/util/util.c:415(dump_data) [2012/08/30 15:27:58.388836, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 118 [2012/08/30 15:27:58.389011, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x76 [2012/08/30 15:27:58.389132, 3] smbd/process.c:1662(process_smb) Transaction 146 of length 122 (0 toread) [2012/08/30 15:27:58.389254, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:58.389316, 5] lib/util.c:342(show_msg) size=118 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=292 smb_uid=100 smb_mid=14400 smt_wct=24 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 8192 (0x2000) smb_vwv[ 3]= 5632 (0x1600) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]=35072 (0x8900) smb_vwv[ 8]= 512 (0x200) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 1280 (0x500) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 256 (0x100) smb_vwv[18]= 0 (0x0) smb_vwv[19]= 1024 (0x400) smb_vwv[20]= 8192 (0x2000) smb_vwv[21]= 512 (0x200) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 768 (0x300) smb_bcc=35 [2012/08/30 15:27:58.399837, 10] ../lib/util/util.c:415(dump_data) [0000] 00 5C 00 78 00 36 00 34 00 5C 00 33 00 5C 00 70 .\.x.6.4 .\.3.\.p [0010] 00 73 00 35 00 75 00 69 00 2E 00 64 00 6C 00 6C .s.5.u.i ...d.l.l [0020] 00 00 00 ... [2012/08/30 15:27:58.400124, 3] smbd/process.c:1467(switch_message) switch message SMBntcreateX (pid 3054) conn 0x7fd50c011730 [2012/08/30 15:27:58.400264, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/08/30 15:27:58.400406, 10] smbd/nttrans.c:500(reply_ntcreate_and_X) reply_ntcreate_and_X: flags = 0x16, access_mask = 0x20089 file_attributes = 0x0, share_access = 0x5, create_disposition = 0x1 create_options = 0x200004 root_dir_fid = 0x0, fname = x64/3/ps5ui.dll [2012/08/30 15:27:58.400541, 5] smbd/filename.c:257(unix_convert) unix_convert called on file "x64/3/ps5ui.dll" [2012/08/30 15:27:58.400666, 10] smbd/statcache.c:283(stat_cache_lookup) stat_cache_lookup: lookup succeeded for name [X64/3/PS5UI.DLL] -> [x64/3/ps5ui.dll] [2012/08/30 15:27:58.400757, 3] smbd/vfs.c:905(check_reduced_name) check_reduced_name [x64/3/ps5ui.dll] [/var/lib/samba/printers] [2012/08/30 15:27:58.400892, 10] smbd/vfs.c:969(check_reduced_name) check_reduced_name realpath [x64/3/ps5ui.dll] -> [/var/lib/samba/printers/x64/3/ps5ui.dll] [2012/08/30 15:27:58.401010, 3] smbd/vfs.c:1039(check_reduced_name) check_reduced_name: x64/3/ps5ui.dll reduced to /var/lib/samba/printers/x64/3/ps5ui.dll [2012/08/30 15:27:58.401132, 10] smbd/open.c:3607(create_file_default) create_file: access_mask = 0x20089 file_attributes = 0x0, share_access = 0x5, create_disposition = 0x1 create_options = 0x200004 oplock_request = 0x3 private_flags = 0x0 root_dir_fid = 0x0, ea_list = 0x(nil), sd = 0x(nil), fname = x64/3/ps5ui.dll [2012/08/30 15:27:58.401268, 10] smbd/open.c:3127(create_file_unixpath) create_file_unixpath: access_mask = 0x20089 file_attributes = 0x0, share_access = 0x5, create_disposition = 0x1 create_options = 0x200004 oplock_request = 0x3 private_flags = 0x0 ea_list = 0x(nil), sd = 0x(nil), fname = x64/3/ps5ui.dll [2012/08/30 15:27:58.401400, 5] smbd/files.c:140(file_new) allocated file structure 13674, fnum = 17770 (4 used) [2012/08/30 15:27:58.401527, 10] smbd/files.c:705(file_name_hash) file_name_hash: /var/lib/samba/printers/x64/3/ps5ui.dll hash 0xe1875e7e [2012/08/30 15:27:58.401650, 3] smbd/dosmode.c:159(unix_mode) unix_mode(x64/3/ps5ui.dll) returning 0744 [2012/08/30 15:27:58.401783, 10] smbd/open.c:1605(open_file_ntcreate) open_file_ntcreate: fname=x64/3/ps5ui.dll, dos_attrs=0x0 access_mask=0x20089 share_access=0x5 create_disposition = 0x1 create_options=0x200004 unix mode=0744 oplock_request=3 private_flags = 0x0 [2012/08/30 15:27:58.401907, 8] smbd/dosmode.c:621(dos_mode) dos_mode: x64/3/ps5ui.dll [2012/08/30 15:27:58.402028, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning a [2012/08/30 15:27:58.402149, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning a [2012/08/30 15:27:58.402289, 10] smbd/open.c:1778(open_file_ntcreate) open_file_ntcreate: fname=x64/3/ps5ui.dll, after mapping access_mask=0x20089 [2012/08/30 15:27:58.402433, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 0108000000000000A73B [2012/08/30 15:27:58.402572, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fd50c04d360 [2012/08/30 15:27:58.402710, 10] locking/brlock.c:1814(brl_get_locks_internal) brl_get_locks_internal: 0 current locks on file_id 801:23ba7:0 [2012/08/30 15:27:58.402843, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 0108000000000000A73B [2012/08/30 15:27:58.402980, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 0108000000000000A73B [2012/08/30 15:27:58.403105, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fd50c04d5a0 [2012/08/30 15:27:58.403227, 10] smbd/open.c:1163(grant_fsp_oplock_type) grant_fsp_oplock_type: oplock type 0x3 on file x64/3/ps5ui.dll [2012/08/30 15:27:58.403346, 4] smbd/open.c:2069(open_file_ntcreate) calling open_file with flags=0x0 flags2=0x0 mode=0744, access_mask = 0x20089, open_access_mask = 0x20089 [2012/08/30 15:27:58.403480, 10] smbd/open.c:189(fd_open) fd_open: name x64/3/ps5ui.dll, flags = 00 mode = 0744, fd = 38. [2012/08/30 15:27:58.403633, 2] smbd/open.c:704(open_file) administrator opened file x64/3/ps5ui.dll read=Yes write=No (numopen=3) [2012/08/30 15:27:58.403761, 3] smbd/oplock_linux.c:142(linux_set_kernel_oplock) linux_set_kernel_oplock: got kernel oplock on file x64/3/ps5ui.dll, file_id = 801:23ba7:0 gen_id = 1302153916 [2012/08/30 15:27:58.403885, 5] smbd/oplock.c:92(set_file_oplock) set_file_oplock: granted oplock on file x64/3/ps5ui.dll, 801:23ba7:0/1302153916, tv_sec = 503fbebe, tv_usec = 61ff6 [2012/08/30 15:27:58.404027, 10] locking/locking.c:801(unparse_share_modes) unparse_share_modes: owrt: Wed Aug 15 16:54:38 2012 EDT cwrt: Wed Dec 31 19:00:00 1969 EST, ntok: 0, num: 1 [2012/08/30 15:27:58.404166, 10] locking/locking.c:536(print_share_mode_table) print_share_mode_table: share_mode_entry[0]: pid = 3054, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0x3840, type= 0x3, gen_id = 1302153916, uid = 10000, flags = 0, file_id 801:23ba7:0, name_hash = 0xe1875e7e [2012/08/30 15:27:58.404291, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 0108000000000000A73B [2012/08/30 15:27:58.404423, 10] smbd/open.c:3419(create_file_unixpath) create_file_unixpath: info=1 [2012/08/30 15:27:58.404545, 10] smbd/open.c:3695(create_file_default) create_file: info=1 [2012/08/30 15:27:58.404664, 8] smbd/dosmode.c:621(dos_mode) dos_mode: x64/3/ps5ui.dll [2012/08/30 15:27:58.404786, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning a [2012/08/30 15:27:58.404918, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning a [2012/08/30 15:27:58.405050, 10] locking/locking.c:663(parse_share_modes) parse_share_modes: owrt: Wed Aug 15 16:54:38 2012 EDT, cwrt: Wed Dec 31 19:00:00 1969 EST, ntok: 0, num_share_modes: 1 [2012/08/30 15:27:58.405203, 10] locking/locking.c:725(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 3054, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0x3840, type= 0x3, gen_id = 1302153916, uid = 10000, flags = 0, file_id 801:23ba7:0, name_hash = 0xe1875e7e [2012/08/30 15:27:58.405348, 10] smbd/file_access.c:204(can_access_file_data) can_access_file_data: requesting 0x2 on file x64/3/ps5ui.dll [2012/08/30 15:27:58.405467, 5] smbd/nttrans.c:725(reply_ntcreate_and_X) reply_ntcreate_and_X: fnum = 17770, open name = x64/3/ps5ui.dll [2012/08/30 15:27:58.406915, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 86 [2012/08/30 15:27:58.407095, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x56 [2012/08/30 15:27:58.407216, 3] smbd/process.c:1662(process_smb) Transaction 147 of length 90 (0 toread) [2012/08/30 15:27:58.407342, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:58.407404, 5] lib/util.c:342(show_msg) size=86 smb_com=0xa0 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=292 smb_uid=100 smb_mid=14464 smt_wct=23 smb_vwv[ 0]= 4 (0x4) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 512 (0x200) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]=21504 (0x5400) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 512 (0x200) smb_vwv[14]= 0 (0x0) smb_vwv[15]=21504 (0x5400) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 1024 (0x400) smb_vwv[18]= 2 (0x2) smb_vwv[19]= 452 (0x1C4) smb_vwv[20]= 20 (0x14) smb_vwv[21]=17770 (0x456A) smb_vwv[22]= 1 (0x1) smb_bcc=5 [2012/08/30 15:27:58.409921, 10] ../lib/util/util.c:415(dump_data) [0000] 00 00 00 07 16 ..... [2012/08/30 15:27:58.410128, 3] smbd/process.c:1467(switch_message) switch message SMBnttrans (pid 3054) conn 0x7fd50c011730 [2012/08/30 15:27:58.410250, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/08/30 15:27:58.410528, 10] smbd/nttrans.c:3108(reply_nttrans) num_setup=8, param_total=0, this_param=0, max_param=0, data_total=2, this_data=2, max_data=0, param_offset=84, data_offset=84 [2012/08/30 15:27:58.410652, 10] smbd/nttrans.c:3180(reply_nttrans) reply_nttrans: state->setup_count = 8 [2012/08/30 15:27:58.411017, 10] ../lib/util/util.c:415(dump_data) [0000] C4 01 14 00 6A 45 01 00 ....jE.. [2012/08/30 15:27:58.411158, 10] smbd/nttrans.c:2481(call_nt_transact_ioctl) call_nt_transact_ioctl: function[0x001401C4] FID[0x456A] isFSctl[0x01] compfilter[0x00] [2012/08/30 15:27:58.411299, 3] smbd/error.c:81(error_packet_set) error packet at smbd/nttrans.c(2514) cmd=160 (SMBnttrans) NT_STATUS_NOT_SUPPORTED [2012/08/30 15:27:58.411423, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:58.411484, 5] lib/util.c:342(show_msg) size=35 smb_com=0xa0 smb_rcls=187 smb_reh=0 smb_err=49152 smb_flg=136 smb_flg2=51203 smb_tid=2 smb_pid=292 smb_uid=100 smb_mid=14464 smt_wct=0 smb_bcc=0 [2012/08/30 15:27:58.412323, 10] ../lib/util/util.c:415(dump_data) [2012/08/30 15:27:58.413337, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 72 [2012/08/30 15:27:58.413496, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x48 [2012/08/30 15:27:58.413751, 3] smbd/process.c:1662(process_smb) Transaction 148 of length 76 (0 toread) [2012/08/30 15:27:58.413879, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:58.413942, 5] lib/util.c:342(show_msg) size=72 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=292 smb_uid=100 smb_mid=14528 smt_wct=15 smb_vwv[ 0]= 4 (0x4) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 2 (0x2) smb_vwv[ 3]= 24 (0x18) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 4 (0x4) smb_vwv[10]= 68 (0x44) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 1 (0x1) smb_vwv[14]= 7 (0x7) smb_bcc=7 [2012/08/30 15:27:58.415675, 10] ../lib/util/util.c:415(dump_data) [0000] 00 00 00 6A 45 ED 03 ...jE.. [2012/08/30 15:27:58.415815, 3] smbd/process.c:1467(switch_message) switch message SMBtrans2 (pid 3054) conn 0x7fd50c011730 [2012/08/30 15:27:58.415952, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/08/30 15:27:58.416081, 3] smbd/trans2.c:5026(call_trans2qfilepathinfo) call_trans2qfilepathinfo: TRANSACT2_QFILEINFO: level = 1005 [2012/08/30 15:27:58.416218, 10] locking/locking.c:663(parse_share_modes) parse_share_modes: owrt: Wed Aug 15 16:54:38 2012 EDT, cwrt: Wed Dec 31 19:00:00 1969 EST, ntok: 0, num_share_modes: 1 [2012/08/30 15:27:58.416375, 10] locking/locking.c:725(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 3054, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0x3840, type= 0x3, gen_id = 1302153916, uid = 10000, flags = 0, file_id 801:23ba7:0, name_hash = 0xe1875e7e [2012/08/30 15:27:58.416495, 10] locking/locking.c:1657(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0xe1875e7e [2012/08/30 15:27:58.416623, 3] smbd/trans2.c:5255(call_trans2qfilepathinfo) call_trans2qfilepathinfo x64/3/ps5ui.dll (fnum = 17770) level=1005 call=7 total_data=0 [2012/08/30 15:27:58.416743, 5] smbd/trans2.c:4223(smbd_do_qfilepathinfo) smbd_do_qfilepathinfo: x64/3/ps5ui.dll (fnum = 17770) level=1005 max_data=24 [2012/08/30 15:27:58.416861, 8] smbd/dosmode.c:621(dos_mode) dos_mode: x64/3/ps5ui.dll [2012/08/30 15:27:58.416980, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning a [2012/08/30 15:27:58.417099, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning a [2012/08/30 15:27:58.417222, 10] smbd/trans2.c:4473(smbd_do_qfilepathinfo) smbd_do_qfilepathinfo: SMB_FILE_STANDARD_INFORMATION [2012/08/30 15:27:58.417341, 9] smbd/trans2.c:935(send_trans2_replies) t2_rep: params_sent_thistime = 2, data_sent_thistime = 24, useable_space = 131010 [2012/08/30 15:27:58.417619, 9] smbd/trans2.c:937(send_trans2_replies) t2_rep: params_to_send = 2, data_to_send = 24, paramsize = 2, datasize = 24 [2012/08/30 15:27:58.417746, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:58.417808, 5] lib/util.c:342(show_msg) size=84 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=2 smb_pid=292 smb_uid=100 smb_mid=14528 smt_wct=10 smb_vwv[ 0]= 2 (0x2) smb_vwv[ 1]= 24 (0x18) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 2 (0x2) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 24 (0x18) smb_vwv[ 7]= 60 (0x3C) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=29 [2012/08/30 15:27:58.420528, 10] ../lib/util/util.c:415(dump_data) [0000] 00 00 00 00 00 00 00 10 00 00 00 00 00 00 14 0B ........ ........ [0010] 00 00 00 00 00 01 00 00 00 00 00 00 00 ........ ..... [2012/08/30 15:27:58.421934, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 72 [2012/08/30 15:27:58.422117, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x48 [2012/08/30 15:27:58.422244, 3] smbd/process.c:1662(process_smb) Transaction 149 of length 76 (0 toread) [2012/08/30 15:27:58.422423, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:58.422496, 5] lib/util.c:342(show_msg) size=72 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=292 smb_uid=100 smb_mid=14592 smt_wct=15 smb_vwv[ 0]= 4 (0x4) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 2 (0x2) smb_vwv[ 3]= 40 (0x28) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 4 (0x4) smb_vwv[10]= 68 (0x44) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 1 (0x1) smb_vwv[14]= 7 (0x7) smb_bcc=7 [2012/08/30 15:27:58.424369, 10] ../lib/util/util.c:415(dump_data) [0000] 00 00 00 6A 45 EC 03 ...jE.. [2012/08/30 15:27:58.424529, 3] smbd/process.c:1467(switch_message) switch message SMBtrans2 (pid 3054) conn 0x7fd50c011730 [2012/08/30 15:27:58.424654, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/08/30 15:27:58.424833, 3] smbd/trans2.c:5026(call_trans2qfilepathinfo) call_trans2qfilepathinfo: TRANSACT2_QFILEINFO: level = 1004 [2012/08/30 15:27:58.424998, 10] locking/locking.c:663(parse_share_modes) parse_share_modes: owrt: Wed Aug 15 16:54:38 2012 EDT, cwrt: Wed Dec 31 19:00:00 1969 EST, ntok: 0, num_share_modes: 1 [2012/08/30 15:27:58.425142, 10] locking/locking.c:725(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 3054, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0x3840, type= 0x3, gen_id = 1302153916, uid = 10000, flags = 0, file_id 801:23ba7:0, name_hash = 0xe1875e7e [2012/08/30 15:27:58.425267, 10] locking/locking.c:1657(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0xe1875e7e [2012/08/30 15:27:58.425399, 3] smbd/trans2.c:5255(call_trans2qfilepathinfo) call_trans2qfilepathinfo x64/3/ps5ui.dll (fnum = 17770) level=1004 call=7 total_data=0 [2012/08/30 15:27:58.425536, 5] smbd/trans2.c:4223(smbd_do_qfilepathinfo) smbd_do_qfilepathinfo: x64/3/ps5ui.dll (fnum = 17770) level=1004 max_data=40 [2012/08/30 15:27:58.425659, 8] smbd/dosmode.c:621(dos_mode) dos_mode: x64/3/ps5ui.dll [2012/08/30 15:27:58.425795, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning a [2012/08/30 15:27:58.426011, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning a [2012/08/30 15:27:58.426136, 10] smbd/trans2.c:4452(smbd_do_qfilepathinfo) smbd_do_qfilepathinfo: SMB_FILE_BASIC_INFORMATION [2012/08/30 15:27:58.426297, 5] smbd/trans2.c:4462(smbd_do_qfilepathinfo) SMB_QFBI - create: Wed Aug 15 16:54:38 2012 access: Thu Aug 30 15:15:20 2012 write: Wed Aug 15 16:54:38 2012 change: Wed Aug 15 16:54:38 2012 mode: 20 [2012/08/30 15:27:58.426677, 9] smbd/trans2.c:935(send_trans2_replies) t2_rep: params_sent_thistime = 2, data_sent_thistime = 40, useable_space = 131010 [2012/08/30 15:27:58.426869, 9] smbd/trans2.c:937(send_trans2_replies) t2_rep: params_to_send = 2, data_to_send = 40, paramsize = 2, datasize = 40 [2012/08/30 15:27:58.426989, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:58.427050, 5] lib/util.c:342(show_msg) size=100 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=2 smb_pid=292 smb_uid=100 smb_mid=14592 smt_wct=10 smb_vwv[ 0]= 2 (0x2) smb_vwv[ 1]= 40 (0x28) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 2 (0x2) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 40 (0x28) smb_vwv[ 7]= 60 (0x3C) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=45 [2012/08/30 15:27:58.428624, 10] ../lib/util/util.c:415(dump_data) [0000] 00 00 00 00 00 24 26 B0 2E 28 7B CD 01 F5 54 22 .....$&. .({...T" [0010] CC E3 86 CD 01 24 26 B0 2E 28 7B CD 01 24 26 B0 .....$&. .({..$&. [0020] 2E 28 7B CD 01 20 00 00 00 00 00 00 00 .({.. .. ..... [2012/08/30 15:27:58.429755, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2012/08/30 15:27:58.429946, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2012/08/30 15:27:58.430211, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2012/08/30 15:27:58.430412, 5] smbd/uid.c:400(change_to_root_user) change_to_root_user: now uid=(0,0) gid=(0,0) [2012/08/30 15:27:58.430560, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 72 [2012/08/30 15:27:58.430720, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x48 [2012/08/30 15:27:58.430855, 3] smbd/process.c:1662(process_smb) Transaction 150 of length 76 (0 toread) [2012/08/30 15:27:58.430972, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:58.431052, 5] lib/util.c:342(show_msg) size=72 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=292 smb_uid=100 smb_mid=14656 smt_wct=15 smb_vwv[ 0]= 4 (0x4) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 2 (0x2) smb_vwv[ 3]= 4094 (0xFFE) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 4 (0x4) smb_vwv[10]= 68 (0x44) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 1 (0x1) smb_vwv[14]= 7 (0x7) smb_bcc=7 [2012/08/30 15:27:58.433138, 10] ../lib/util/util.c:415(dump_data) [0000] 00 00 00 6A 45 FE 03 ...jE.. [2012/08/30 15:27:58.433270, 3] smbd/process.c:1467(switch_message) switch message SMBtrans2 (pid 3054) conn 0x7fd50c011730 [2012/08/30 15:27:58.433441, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (10000, 513) - sec_ctx_stack_ndx = 0 [2012/08/30 15:27:58.433564, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (14): SID[ 0]: S-1-5-21-3266308635-3715972288-3547500332-1001 SID[ 1]: S-1-5-21-3266308635-3715972288-3547500332-513 SID[ 2]: S-1-5-21-3266308635-3715972288-3547500332-512 SID[ 3]: S-1-5-21-3266308635-3715972288-3547500332-514 SID[ 4]: S-1-5-21-3266308635-3715972288-3547500332-515 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-10000 SID[ 10]: S-1-22-2-513 SID[ 11]: S-1-22-2-512 SID[ 12]: S-1-22-2-514 SID[ 13]: S-1-22-2-515 Privileges (0x 1FFFFFF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Privilege[ 8]: SeSecurityPrivilege Privilege[ 9]: SeSystemtimePrivilege Privilege[ 10]: SeShutdownPrivilege Privilege[ 11]: SeDebugPrivilege Privilege[ 12]: SeSystemEnvironmentPrivilege Privilege[ 13]: SeSystemProfilePrivilege Privilege[ 14]: SeProfileSingleProcessPrivilege Privilege[ 15]: SeIncreaseBasePriorityPrivilege Privilege[ 16]: SeLoadDriverPrivilege Privilege[ 17]: SeCreatePagefilePrivilege Privilege[ 18]: SeIncreaseQuotaPrivilege Privilege[ 19]: SeChangeNotifyPrivilege Privilege[ 20]: SeUndockPrivilege Privilege[ 21]: SeManageVolumePrivilege Privilege[ 22]: SeImpersonatePrivilege Privilege[ 23]: SeCreateGlobalPrivilege Privilege[ 24]: SeEnableDelegationPrivilege Rights (0x 0): [2012/08/30 15:27:58.436332, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 10000 Primary group is 513 and contains 4 supplementary groups Group[ 0]: 513 Group[ 1]: 512 Group[ 2]: 514 Group[ 3]: 515 [2012/08/30 15:27:58.436773, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,10000), gid=(0,513) [2012/08/30 15:27:58.436913, 3] smbd/trans2.c:5026(call_trans2qfilepathinfo) call_trans2qfilepathinfo: TRANSACT2_QFILEINFO: level = 1022 [2012/08/30 15:27:58.437064, 10] locking/locking.c:663(parse_share_modes) parse_share_modes: owrt: Wed Aug 15 16:54:38 2012 EDT, cwrt: Wed Dec 31 19:00:00 1969 EST, ntok: 0, num_share_modes: 1 [2012/08/30 15:27:58.437201, 10] locking/locking.c:725(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 3054, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0x3840, type= 0x3, gen_id = 1302153916, uid = 10000, flags = 0, file_id 801:23ba7:0, name_hash = 0xe1875e7e [2012/08/30 15:27:58.437324, 10] locking/locking.c:1657(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0xe1875e7e [2012/08/30 15:27:58.437444, 3] smbd/trans2.c:5255(call_trans2qfilepathinfo) call_trans2qfilepathinfo x64/3/ps5ui.dll (fnum = 17770) level=1022 call=7 total_data=0 [2012/08/30 15:27:58.437564, 5] smbd/trans2.c:4223(smbd_do_qfilepathinfo) smbd_do_qfilepathinfo: x64/3/ps5ui.dll (fnum = 17770) level=1022 max_data=4094 [2012/08/30 15:27:58.437686, 8] smbd/dosmode.c:621(dos_mode) dos_mode: x64/3/ps5ui.dll [2012/08/30 15:27:58.437805, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning a [2012/08/30 15:27:58.437926, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning a [2012/08/30 15:27:58.438076, 10] smbd/trans2.c:4675(smbd_do_qfilepathinfo) smbd_do_qfilepathinfo: SMB_FILE_STREAM_INFORMATION [2012/08/30 15:27:58.438201, 9] smbd/trans2.c:935(send_trans2_replies) t2_rep: params_sent_thistime = 2, data_sent_thistime = 38, useable_space = 131010 [2012/08/30 15:27:58.438341, 9] smbd/trans2.c:937(send_trans2_replies) t2_rep: params_to_send = 2, data_to_send = 38, paramsize = 2, datasize = 38 [2012/08/30 15:27:58.438480, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:58.438541, 5] lib/util.c:342(show_msg) size=98 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=2 smb_pid=292 smb_uid=100 smb_mid=14656 smt_wct=10 smb_vwv[ 0]= 2 (0x2) smb_vwv[ 1]= 38 (0x26) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 2 (0x2) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 38 (0x26) smb_vwv[ 7]= 60 (0x3C) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=43 [2012/08/30 15:27:58.439986, 10] ../lib/util/util.c:415(dump_data) [0000] 00 00 00 00 00 00 00 00 00 0E 00 00 00 00 14 0B ........ ........ [0010] 00 00 00 00 00 00 00 10 00 00 00 00 00 3A 00 3A ........ .....:.: [0020] 00 24 00 44 00 41 00 54 00 41 00 .$.D.A.T .A. [2012/08/30 15:27:58.440815, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 72 [2012/08/30 15:27:58.440968, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x48 [2012/08/30 15:27:58.441093, 3] smbd/process.c:1662(process_smb) Transaction 151 of length 76 (0 toread) [2012/08/30 15:27:58.441214, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:58.441275, 5] lib/util.c:342(show_msg) size=72 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=292 smb_uid=100 smb_mid=14720 smt_wct=15 smb_vwv[ 0]= 4 (0x4) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 2 (0x2) smb_vwv[ 3]= 40 (0x28) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 4 (0x4) smb_vwv[10]= 68 (0x44) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 1 (0x1) smb_vwv[14]= 7 (0x7) smb_bcc=7 [2012/08/30 15:27:58.443116, 10] ../lib/util/util.c:415(dump_data) [0000] 00 00 00 6A 45 EC 03 ...jE.. [2012/08/30 15:27:58.443249, 3] smbd/process.c:1467(switch_message) switch message SMBtrans2 (pid 3054) conn 0x7fd50c011730 [2012/08/30 15:27:58.443387, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/08/30 15:27:58.443559, 3] smbd/trans2.c:5026(call_trans2qfilepathinfo) call_trans2qfilepathinfo: TRANSACT2_QFILEINFO: level = 1004 [2012/08/30 15:27:58.443711, 10] locking/locking.c:663(parse_share_modes) parse_share_modes: owrt: Wed Aug 15 16:54:38 2012 EDT, cwrt: Wed Dec 31 19:00:00 1969 EST, ntok: 0, num_share_modes: 1 [2012/08/30 15:27:58.443870, 10] locking/locking.c:725(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 3054, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0x3840, type= 0x3, gen_id = 1302153916, uid = 10000, flags = 0, file_id 801:23ba7:0, name_hash = 0xe1875e7e [2012/08/30 15:27:58.443991, 10] locking/locking.c:1657(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0xe1875e7e [2012/08/30 15:27:58.444130, 3] smbd/trans2.c:5255(call_trans2qfilepathinfo) call_trans2qfilepathinfo x64/3/ps5ui.dll (fnum = 17770) level=1004 call=7 total_data=0 [2012/08/30 15:27:58.444269, 5] smbd/trans2.c:4223(smbd_do_qfilepathinfo) smbd_do_qfilepathinfo: x64/3/ps5ui.dll (fnum = 17770) level=1004 max_data=40 [2012/08/30 15:27:58.444401, 8] smbd/dosmode.c:621(dos_mode) dos_mode: x64/3/ps5ui.dll [2012/08/30 15:27:58.444527, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning a [2012/08/30 15:27:58.444651, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning a [2012/08/30 15:27:58.444775, 10] smbd/trans2.c:4452(smbd_do_qfilepathinfo) smbd_do_qfilepathinfo: SMB_FILE_BASIC_INFORMATION [2012/08/30 15:27:58.444912, 5] smbd/trans2.c:4462(smbd_do_qfilepathinfo) SMB_QFBI - create: Wed Aug 15 16:54:38 2012 access: Thu Aug 30 15:15:20 2012 write: Wed Aug 15 16:54:38 2012 change: Wed Aug 15 16:54:38 2012 mode: 20 [2012/08/30 15:27:58.445309, 9] smbd/trans2.c:935(send_trans2_replies) t2_rep: params_sent_thistime = 2, data_sent_thistime = 40, useable_space = 131010 [2012/08/30 15:27:58.445444, 9] smbd/trans2.c:937(send_trans2_replies) t2_rep: params_to_send = 2, data_to_send = 40, paramsize = 2, datasize = 40 [2012/08/30 15:27:58.445561, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:58.445648, 5] lib/util.c:342(show_msg) size=100 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=2 smb_pid=292 smb_uid=100 smb_mid=14720 smt_wct=10 smb_vwv[ 0]= 2 (0x2) smb_vwv[ 1]= 40 (0x28) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 2 (0x2) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 40 (0x28) smb_vwv[ 7]= 60 (0x3C) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=45 [2012/08/30 15:27:58.447092, 10] ../lib/util/util.c:415(dump_data) [0000] 00 00 00 00 00 24 26 B0 2E 28 7B CD 01 F5 54 22 .....$&. .({...T" [0010] CC E3 86 CD 01 24 26 B0 2E 28 7B CD 01 24 26 B0 .....$&. .({..$&. [0020] 2E 28 7B CD 01 20 00 00 00 00 00 00 00 .({.. .. ..... [2012/08/30 15:27:58.448592, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 70 [2012/08/30 15:27:58.448887, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x46 [2012/08/30 15:27:58.449008, 3] smbd/process.c:1662(process_smb) Transaction 152 of length 74 (0 toread) [2012/08/30 15:27:58.449143, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:58.449211, 5] lib/util.c:342(show_msg) size=70 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=292 smb_uid=100 smb_mid=14784 smt_wct=15 smb_vwv[ 0]= 2 (0x2) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 560 (0x230) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 2 (0x2) smb_vwv[10]= 68 (0x44) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 1 (0x1) smb_vwv[14]= 3 (0x3) smb_bcc=5 [2012/08/30 15:27:58.450927, 10] ../lib/util/util.c:415(dump_data) [0000] 00 00 00 05 01 ..... [2012/08/30 15:27:58.451078, 3] smbd/process.c:1467(switch_message) switch message SMBtrans2 (pid 3054) conn 0x7fd50c011730 [2012/08/30 15:27:58.451219, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/08/30 15:27:58.451347, 3] smbd/trans2.c:3507(call_trans2qfsinfo) call_trans2qfsinfo: level = 261 [2012/08/30 15:27:58.451489, 3] smbd/trans2.c:2945(smbd_do_qfsinfo) smbd_do_qfsinfo: level = 261 [2012/08/30 15:27:58.451637, 9] smbd/trans2.c:935(send_trans2_replies) t2_rep: params_sent_thistime = 0, data_sent_thistime = 20, useable_space = 131012 [2012/08/30 15:27:58.451759, 9] smbd/trans2.c:937(send_trans2_replies) t2_rep: params_to_send = 0, data_to_send = 20, paramsize = 0, datasize = 20 [2012/08/30 15:27:58.451877, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:58.451950, 5] lib/util.c:342(show_msg) size=76 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=2 smb_pid=292 smb_uid=100 smb_mid=14784 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 20 (0x14) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 20 (0x14) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=21 [2012/08/30 15:27:58.453342, 10] ../lib/util/util.c:415(dump_data) [0000] 00 2F 00 01 00 FF 00 00 00 08 00 00 00 4E 00 54 ./...... .....N.T [0010] 00 46 00 53 00 .F.S. [2012/08/30 15:27:58.453667, 4] smbd/trans2.c:3523(call_trans2qfsinfo) SMBtrans2 info_level = 261 [2012/08/30 15:27:58.454936, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 59 [2012/08/30 15:27:58.455201, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x3b [2012/08/30 15:27:58.455434, 3] smbd/process.c:1662(process_smb) Transaction 153 of length 63 (0 toread) [2012/08/30 15:27:58.455679, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:58.455856, 5] lib/util.c:342(show_msg) size=59 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=65279 smb_uid=100 smb_mid=14848 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]=17770 (0x456A) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]=32768 (0x8000) smb_vwv[ 6]=32768 (0x8000) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]=32768 (0x8000) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=0 [2012/08/30 15:27:58.458664, 10] ../lib/util/util.c:415(dump_data) [2012/08/30 15:27:58.458746, 3] smbd/process.c:1467(switch_message) switch message SMBreadX (pid 3054) conn 0x7fd50c011730 [2012/08/30 15:27:58.458872, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/08/30 15:27:58.459000, 10] locking/locking.c:121(strict_lock_default) is_locked: optimisation - exclusive oplock on file x64/3/ps5ui.dll [2012/08/30 15:27:58.459122, 10] locking/locking.c:163(strict_lock_default) strict_lock_default: flavour = WINDOWS_LOCK brl start=0 len=32768 unlocked for fnum 17770 file x64/3/ps5ui.dll [2012/08/30 15:27:58.459275, 10] smbd/fileio.c:109(read_file) read_file (x64/3/ps5ui.dll): pos = 0, size = 32768, returned 32768 [2012/08/30 15:27:58.459415, 3] smbd/reply.c:3702(send_file_readX) send_file_readX fnum=17770 max=32768 nread=32768 [2012/08/30 15:27:58.459817, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 59 [2012/08/30 15:27:58.459954, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x3b [2012/08/30 15:27:58.460075, 3] smbd/process.c:1662(process_smb) Transaction 154 of length 63 (0 toread) [2012/08/30 15:27:58.460193, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:58.460255, 5] lib/util.c:342(show_msg) size=59 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=65279 smb_uid=100 smb_mid=14927 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]=17770 (0x456A) smb_vwv[ 3]=32768 (0x8000) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]=32768 (0x8000) smb_vwv[ 6]=32768 (0x8000) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]=32768 (0x8000) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=0 [2012/08/30 15:27:58.462497, 10] ../lib/util/util.c:415(dump_data) [2012/08/30 15:27:58.462575, 3] smbd/process.c:1467(switch_message) switch message SMBreadX (pid 3054) conn 0x7fd50c011730 [2012/08/30 15:27:58.462760, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/08/30 15:27:58.462955, 10] locking/locking.c:121(strict_lock_default) is_locked: optimisation - exclusive oplock on file x64/3/ps5ui.dll [2012/08/30 15:27:58.463141, 10] locking/locking.c:163(strict_lock_default) strict_lock_default: flavour = WINDOWS_LOCK brl start=32768 len=32768 unlocked for fnum 17770 file x64/3/ps5ui.dll [2012/08/30 15:27:58.463353, 10] smbd/fileio.c:109(read_file) read_file (x64/3/ps5ui.dll): pos = 32768, size = 32768, returned 32768 [2012/08/30 15:27:58.463603, 3] smbd/reply.c:3702(send_file_readX) send_file_readX fnum=17770 max=32768 nread=32768 [2012/08/30 15:27:58.464761, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 59 [2012/08/30 15:27:58.464918, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x3b [2012/08/30 15:27:58.465040, 3] smbd/process.c:1662(process_smb) Transaction 155 of length 63 (0 toread) [2012/08/30 15:27:58.465162, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:58.465223, 5] lib/util.c:342(show_msg) size=59 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=65279 smb_uid=100 smb_mid=14990 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]=17770 (0x456A) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 1 (0x1) smb_vwv[ 5]=32768 (0x8000) smb_vwv[ 6]=32768 (0x8000) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]=32768 (0x8000) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=0 [2012/08/30 15:27:58.467174, 10] ../lib/util/util.c:415(dump_data) [2012/08/30 15:27:58.467259, 3] smbd/process.c:1467(switch_message) switch message SMBreadX (pid 3054) conn 0x7fd50c011730 [2012/08/30 15:27:58.467381, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/08/30 15:27:58.467558, 10] locking/locking.c:121(strict_lock_default) is_locked: optimisation - exclusive oplock on file x64/3/ps5ui.dll [2012/08/30 15:27:58.467818, 10] locking/locking.c:163(strict_lock_default) strict_lock_default: flavour = WINDOWS_LOCK brl start=65536 len=32768 unlocked for fnum 17770 file x64/3/ps5ui.dll [2012/08/30 15:27:58.467972, 10] smbd/fileio.c:109(read_file) read_file (x64/3/ps5ui.dll): pos = 65536, size = 32768, returned 32768 [2012/08/30 15:27:58.468132, 3] smbd/reply.c:3702(send_file_readX) send_file_readX fnum=17770 max=32768 nread=32768 [2012/08/30 15:27:58.468477, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 59 [2012/08/30 15:27:58.468613, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x3b [2012/08/30 15:27:58.468739, 3] smbd/process.c:1662(process_smb) Transaction 156 of length 63 (0 toread) [2012/08/30 15:27:58.468989, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:58.469055, 5] lib/util.c:342(show_msg) size=59 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=65279 smb_uid=100 smb_mid=15053 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]=17770 (0x456A) smb_vwv[ 3]=32768 (0x8000) smb_vwv[ 4]= 1 (0x1) smb_vwv[ 5]=32768 (0x8000) smb_vwv[ 6]=32768 (0x8000) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]=32768 (0x8000) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=0 [2012/08/30 15:27:58.470749, 10] ../lib/util/util.c:415(dump_data) [2012/08/30 15:27:58.470820, 3] smbd/process.c:1467(switch_message) switch message SMBreadX (pid 3054) conn 0x7fd50c011730 [2012/08/30 15:27:58.470949, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/08/30 15:27:58.471076, 10] locking/locking.c:121(strict_lock_default) is_locked: optimisation - exclusive oplock on file x64/3/ps5ui.dll [2012/08/30 15:27:58.471211, 10] locking/locking.c:163(strict_lock_default) strict_lock_default: flavour = WINDOWS_LOCK brl start=98304 len=32768 unlocked for fnum 17770 file x64/3/ps5ui.dll [2012/08/30 15:27:58.471368, 10] smbd/fileio.c:109(read_file) read_file (x64/3/ps5ui.dll): pos = 98304, size = 32768, returned 32768 [2012/08/30 15:27:58.471521, 3] smbd/reply.c:3702(send_file_readX) send_file_readX fnum=17770 max=32768 nread=32768 [2012/08/30 15:27:58.471879, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 59 [2012/08/30 15:27:58.472010, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x3b [2012/08/30 15:27:58.472129, 3] smbd/process.c:1662(process_smb) Transaction 157 of length 63 (0 toread) [2012/08/30 15:27:58.472251, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:58.472435, 5] lib/util.c:342(show_msg) size=59 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=65279 smb_uid=100 smb_mid=15116 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]=17770 (0x456A) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 2 (0x2) smb_vwv[ 5]=32768 (0x8000) smb_vwv[ 6]=32768 (0x8000) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]=32768 (0x8000) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=0 [2012/08/30 15:27:58.474075, 10] ../lib/util/util.c:415(dump_data) [2012/08/30 15:27:58.474144, 3] smbd/process.c:1467(switch_message) switch message SMBreadX (pid 3054) conn 0x7fd50c011730 [2012/08/30 15:27:58.474263, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/08/30 15:27:58.474388, 10] locking/locking.c:121(strict_lock_default) is_locked: optimisation - exclusive oplock on file x64/3/ps5ui.dll [2012/08/30 15:27:58.474507, 10] locking/locking.c:163(strict_lock_default) strict_lock_default: flavour = WINDOWS_LOCK brl start=131072 len=32768 unlocked for fnum 17770 file x64/3/ps5ui.dll [2012/08/30 15:27:58.474675, 10] smbd/fileio.c:109(read_file) read_file (x64/3/ps5ui.dll): pos = 131072, size = 32768, returned 32768 [2012/08/30 15:27:58.474825, 3] smbd/reply.c:3702(send_file_readX) send_file_readX fnum=17770 max=32768 nread=32768 [2012/08/30 15:27:58.475183, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 59 [2012/08/30 15:27:58.475439, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x3b [2012/08/30 15:27:58.475616, 3] smbd/process.c:1662(process_smb) Transaction 158 of length 63 (0 toread) [2012/08/30 15:27:58.475736, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:58.475917, 5] lib/util.c:342(show_msg) size=59 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=65279 smb_uid=100 smb_mid=15179 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]=17770 (0x456A) smb_vwv[ 3]=32768 (0x8000) smb_vwv[ 4]= 2 (0x2) smb_vwv[ 5]=32768 (0x8000) smb_vwv[ 6]=32768 (0x8000) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]=32768 (0x8000) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=0 [2012/08/30 15:27:58.477449, 10] ../lib/util/util.c:415(dump_data) [2012/08/30 15:27:58.477516, 3] smbd/process.c:1467(switch_message) switch message SMBreadX (pid 3054) conn 0x7fd50c011730 [2012/08/30 15:27:58.477795, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/08/30 15:27:58.477920, 10] locking/locking.c:121(strict_lock_default) is_locked: optimisation - exclusive oplock on file x64/3/ps5ui.dll [2012/08/30 15:27:58.478042, 10] locking/locking.c:163(strict_lock_default) strict_lock_default: flavour = WINDOWS_LOCK brl start=163840 len=32768 unlocked for fnum 17770 file x64/3/ps5ui.dll [2012/08/30 15:27:58.478183, 10] smbd/fileio.c:109(read_file) read_file (x64/3/ps5ui.dll): pos = 163840, size = 32768, returned 32768 [2012/08/30 15:27:58.478307, 3] smbd/reply.c:3702(send_file_readX) send_file_readX fnum=17770 max=32768 nread=32768 [2012/08/30 15:27:58.478656, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 59 [2012/08/30 15:27:58.478788, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x3b [2012/08/30 15:27:58.478909, 3] smbd/process.c:1662(process_smb) Transaction 159 of length 63 (0 toread) [2012/08/30 15:27:58.479162, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:58.479225, 5] lib/util.c:342(show_msg) size=59 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=65279 smb_uid=100 smb_mid=15242 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]=17770 (0x456A) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 3 (0x3) smb_vwv[ 5]=32768 (0x8000) smb_vwv[ 6]=32768 (0x8000) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]=32768 (0x8000) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=0 [2012/08/30 15:27:58.480901, 10] ../lib/util/util.c:415(dump_data) [2012/08/30 15:27:58.480965, 3] smbd/process.c:1467(switch_message) switch message SMBreadX (pid 3054) conn 0x7fd50c011730 [2012/08/30 15:27:58.481086, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/08/30 15:27:58.481225, 10] locking/locking.c:121(strict_lock_default) is_locked: optimisation - exclusive oplock on file x64/3/ps5ui.dll [2012/08/30 15:27:58.481343, 10] locking/locking.c:163(strict_lock_default) strict_lock_default: flavour = WINDOWS_LOCK brl start=196608 len=32768 unlocked for fnum 17770 file x64/3/ps5ui.dll [2012/08/30 15:27:58.481507, 10] smbd/fileio.c:109(read_file) read_file (x64/3/ps5ui.dll): pos = 196608, size = 32768, returned 32768 [2012/08/30 15:27:58.481661, 3] smbd/reply.c:3702(send_file_readX) send_file_readX fnum=17770 max=32768 nread=32768 [2012/08/30 15:27:58.482288, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 59 [2012/08/30 15:27:58.482583, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x3b [2012/08/30 15:27:58.482706, 3] smbd/process.c:1662(process_smb) Transaction 160 of length 63 (0 toread) [2012/08/30 15:27:58.482825, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:58.483006, 5] lib/util.c:342(show_msg) size=59 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=65279 smb_uid=100 smb_mid=15305 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]=17770 (0x456A) smb_vwv[ 3]=32768 (0x8000) smb_vwv[ 4]= 3 (0x3) smb_vwv[ 5]=32768 (0x8000) smb_vwv[ 6]=32768 (0x8000) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]=32768 (0x8000) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=0 [2012/08/30 15:27:58.484563, 10] ../lib/util/util.c:415(dump_data) [2012/08/30 15:27:58.484638, 3] smbd/process.c:1467(switch_message) switch message SMBreadX (pid 3054) conn 0x7fd50c011730 [2012/08/30 15:27:58.484761, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/08/30 15:27:58.484885, 10] locking/locking.c:121(strict_lock_default) is_locked: optimisation - exclusive oplock on file x64/3/ps5ui.dll [2012/08/30 15:27:58.485026, 10] locking/locking.c:163(strict_lock_default) strict_lock_default: flavour = WINDOWS_LOCK brl start=229376 len=32768 unlocked for fnum 17770 file x64/3/ps5ui.dll [2012/08/30 15:27:58.485182, 10] smbd/fileio.c:109(read_file) read_file (x64/3/ps5ui.dll): pos = 229376, size = 32768, returned 32768 [2012/08/30 15:27:58.485305, 3] smbd/reply.c:3702(send_file_readX) send_file_readX fnum=17770 max=32768 nread=32768 [2012/08/30 15:27:58.485877, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 59 [2012/08/30 15:27:58.486026, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x3b [2012/08/30 15:27:58.486144, 3] smbd/process.c:1662(process_smb) Transaction 161 of length 63 (0 toread) [2012/08/30 15:27:58.486266, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:58.486327, 5] lib/util.c:342(show_msg) size=59 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=65279 smb_uid=100 smb_mid=15368 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]=17770 (0x456A) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 4 (0x4) smb_vwv[ 5]=32768 (0x8000) smb_vwv[ 6]=32768 (0x8000) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]=32768 (0x8000) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=0 [2012/08/30 15:27:58.487876, 10] ../lib/util/util.c:415(dump_data) [2012/08/30 15:27:58.487958, 3] smbd/process.c:1467(switch_message) switch message SMBreadX (pid 3054) conn 0x7fd50c011730 [2012/08/30 15:27:58.488078, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/08/30 15:27:58.488348, 10] locking/locking.c:121(strict_lock_default) is_locked: optimisation - exclusive oplock on file x64/3/ps5ui.dll [2012/08/30 15:27:58.488470, 10] locking/locking.c:163(strict_lock_default) strict_lock_default: flavour = WINDOWS_LOCK brl start=262144 len=32768 unlocked for fnum 17770 file x64/3/ps5ui.dll [2012/08/30 15:27:58.488618, 10] smbd/fileio.c:109(read_file) read_file (x64/3/ps5ui.dll): pos = 262144, size = 32768, returned 32768 [2012/08/30 15:27:58.488741, 3] smbd/reply.c:3702(send_file_readX) send_file_readX fnum=17770 max=32768 nread=32768 [2012/08/30 15:27:58.489245, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 59 [2012/08/30 15:27:58.489380, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x3b [2012/08/30 15:27:58.489653, 3] smbd/process.c:1662(process_smb) Transaction 162 of length 63 (0 toread) [2012/08/30 15:27:58.489773, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:58.489834, 5] lib/util.c:342(show_msg) size=59 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=65279 smb_uid=100 smb_mid=15431 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]=17770 (0x456A) smb_vwv[ 3]=32768 (0x8000) smb_vwv[ 4]= 4 (0x4) smb_vwv[ 5]=32768 (0x8000) smb_vwv[ 6]=32768 (0x8000) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]=32768 (0x8000) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=0 [2012/08/30 15:27:58.492743, 10] ../lib/util/util.c:415(dump_data) [2012/08/30 15:27:58.492880, 3] smbd/process.c:1467(switch_message) switch message SMBreadX (pid 3054) conn 0x7fd50c011730 [2012/08/30 15:27:58.493005, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/08/30 15:27:58.493129, 10] locking/locking.c:121(strict_lock_default) is_locked: optimisation - exclusive oplock on file x64/3/ps5ui.dll [2012/08/30 15:27:58.493250, 10] locking/locking.c:163(strict_lock_default) strict_lock_default: flavour = WINDOWS_LOCK brl start=294912 len=32768 unlocked for fnum 17770 file x64/3/ps5ui.dll [2012/08/30 15:27:58.493407, 10] smbd/fileio.c:109(read_file) read_file (x64/3/ps5ui.dll): pos = 294912, size = 32768, returned 32768 [2012/08/30 15:27:58.493575, 3] smbd/reply.c:3702(send_file_readX) send_file_readX fnum=17770 max=32768 nread=32768 [2012/08/30 15:27:58.494286, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 59 [2012/08/30 15:27:58.494423, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x3b [2012/08/30 15:27:58.494559, 3] smbd/process.c:1662(process_smb) Transaction 163 of length 63 (0 toread) [2012/08/30 15:27:58.494680, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:58.494742, 5] lib/util.c:342(show_msg) size=59 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=65279 smb_uid=100 smb_mid=15494 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]=17770 (0x456A) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 5 (0x5) smb_vwv[ 5]=32768 (0x8000) smb_vwv[ 6]=32768 (0x8000) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]=32768 (0x8000) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=0 [2012/08/30 15:27:58.496325, 10] ../lib/util/util.c:415(dump_data) [2012/08/30 15:27:58.496390, 3] smbd/process.c:1467(switch_message) switch message SMBreadX (pid 3054) conn 0x7fd50c011730 [2012/08/30 15:27:58.496508, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/08/30 15:27:58.496632, 10] locking/locking.c:121(strict_lock_default) is_locked: optimisation - exclusive oplock on file x64/3/ps5ui.dll [2012/08/30 15:27:58.496765, 10] locking/locking.c:163(strict_lock_default) strict_lock_default: flavour = WINDOWS_LOCK brl start=327680 len=32768 unlocked for fnum 17770 file x64/3/ps5ui.dll [2012/08/30 15:27:58.496913, 10] smbd/fileio.c:109(read_file) read_file (x64/3/ps5ui.dll): pos = 327680, size = 32768, returned 32768 [2012/08/30 15:27:58.497051, 3] smbd/reply.c:3702(send_file_readX) send_file_readX fnum=17770 max=32768 nread=32768 [2012/08/30 15:27:58.498902, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 59 [2012/08/30 15:27:58.499082, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x3b [2012/08/30 15:27:58.499204, 3] smbd/process.c:1662(process_smb) Transaction 164 of length 63 (0 toread) [2012/08/30 15:27:58.499325, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:58.499390, 5] lib/util.c:342(show_msg) size=59 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=65279 smb_uid=100 smb_mid=15557 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]=17770 (0x456A) smb_vwv[ 3]=32768 (0x8000) smb_vwv[ 4]= 5 (0x5) smb_vwv[ 5]=32768 (0x8000) smb_vwv[ 6]=32768 (0x8000) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]=32768 (0x8000) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=0 [2012/08/30 15:27:58.501021, 10] ../lib/util/util.c:415(dump_data) [2012/08/30 15:27:58.501088, 3] smbd/process.c:1467(switch_message) switch message SMBreadX (pid 3054) conn 0x7fd50c011730 [2012/08/30 15:27:58.501209, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/08/30 15:27:58.501333, 10] locking/locking.c:121(strict_lock_default) is_locked: optimisation - exclusive oplock on file x64/3/ps5ui.dll [2012/08/30 15:27:58.501486, 10] locking/locking.c:163(strict_lock_default) strict_lock_default: flavour = WINDOWS_LOCK brl start=360448 len=32768 unlocked for fnum 17770 file x64/3/ps5ui.dll [2012/08/30 15:27:58.501643, 10] smbd/fileio.c:109(read_file) read_file (x64/3/ps5ui.dll): pos = 360448, size = 32768, returned 32768 [2012/08/30 15:27:58.501768, 3] smbd/reply.c:3702(send_file_readX) send_file_readX fnum=17770 max=32768 nread=32768 [2012/08/30 15:27:58.503060, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 59 [2012/08/30 15:27:58.503240, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x3b [2012/08/30 15:27:58.503371, 3] smbd/process.c:1662(process_smb) Transaction 165 of length 63 (0 toread) [2012/08/30 15:27:58.503547, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:58.503618, 5] lib/util.c:342(show_msg) size=59 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=65279 smb_uid=100 smb_mid=15620 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]=17770 (0x456A) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 6 (0x6) smb_vwv[ 5]=32768 (0x8000) smb_vwv[ 6]=32768 (0x8000) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]=32768 (0x8000) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=0 [2012/08/30 15:27:58.505153, 10] ../lib/util/util.c:415(dump_data) [2012/08/30 15:27:58.505219, 3] smbd/process.c:1467(switch_message) switch message SMBreadX (pid 3054) conn 0x7fd50c011730 [2012/08/30 15:27:58.505354, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/08/30 15:27:58.505477, 10] locking/locking.c:121(strict_lock_default) is_locked: optimisation - exclusive oplock on file x64/3/ps5ui.dll [2012/08/30 15:27:58.505598, 10] locking/locking.c:163(strict_lock_default) strict_lock_default: flavour = WINDOWS_LOCK brl start=393216 len=32768 unlocked for fnum 17770 file x64/3/ps5ui.dll [2012/08/30 15:27:58.505757, 10] smbd/fileio.c:109(read_file) read_file (x64/3/ps5ui.dll): pos = 393216, size = 32768, returned 32768 [2012/08/30 15:27:58.505881, 3] smbd/reply.c:3702(send_file_readX) send_file_readX fnum=17770 max=32768 nread=32768 [2012/08/30 15:27:58.506277, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 59 [2012/08/30 15:27:58.506415, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x3b [2012/08/30 15:27:58.506551, 3] smbd/process.c:1662(process_smb) Transaction 166 of length 63 (0 toread) [2012/08/30 15:27:58.506673, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:58.506739, 5] lib/util.c:342(show_msg) size=59 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=65279 smb_uid=100 smb_mid=15683 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]=17770 (0x456A) smb_vwv[ 3]=32768 (0x8000) smb_vwv[ 4]= 6 (0x6) smb_vwv[ 5]=32768 (0x8000) smb_vwv[ 6]=32768 (0x8000) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]=32768 (0x8000) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=0 [2012/08/30 15:27:58.508541, 10] ../lib/util/util.c:415(dump_data) [2012/08/30 15:27:58.508625, 3] smbd/process.c:1467(switch_message) switch message SMBreadX (pid 3054) conn 0x7fd50c011730 [2012/08/30 15:27:58.508769, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/08/30 15:27:58.508912, 10] locking/locking.c:121(strict_lock_default) is_locked: optimisation - exclusive oplock on file x64/3/ps5ui.dll [2012/08/30 15:27:58.509079, 10] locking/locking.c:163(strict_lock_default) strict_lock_default: flavour = WINDOWS_LOCK brl start=425984 len=32768 unlocked for fnum 17770 file x64/3/ps5ui.dll [2012/08/30 15:27:58.509262, 10] smbd/fileio.c:109(read_file) read_file (x64/3/ps5ui.dll): pos = 425984, size = 32768, returned 32768 [2012/08/30 15:27:58.509410, 3] smbd/reply.c:3702(send_file_readX) send_file_readX fnum=17770 max=32768 nread=32768 [2012/08/30 15:27:58.510028, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 59 [2012/08/30 15:27:58.510199, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x3b [2012/08/30 15:27:58.510348, 3] smbd/process.c:1662(process_smb) Transaction 167 of length 63 (0 toread) [2012/08/30 15:27:58.510475, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:58.510537, 5] lib/util.c:342(show_msg) size=59 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=65279 smb_uid=100 smb_mid=15746 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]=17770 (0x456A) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 7 (0x7) smb_vwv[ 5]=32768 (0x8000) smb_vwv[ 6]=32768 (0x8000) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]=32768 (0x8000) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=0 [2012/08/30 15:27:58.512187, 10] ../lib/util/util.c:415(dump_data) [2012/08/30 15:27:58.512272, 3] smbd/process.c:1467(switch_message) switch message SMBreadX (pid 3054) conn 0x7fd50c011730 [2012/08/30 15:27:58.512413, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/08/30 15:27:58.512551, 10] locking/locking.c:121(strict_lock_default) is_locked: optimisation - exclusive oplock on file x64/3/ps5ui.dll [2012/08/30 15:27:58.512686, 10] locking/locking.c:163(strict_lock_default) strict_lock_default: flavour = WINDOWS_LOCK brl start=458752 len=32768 unlocked for fnum 17770 file x64/3/ps5ui.dll [2012/08/30 15:27:58.512858, 10] smbd/fileio.c:109(read_file) read_file (x64/3/ps5ui.dll): pos = 458752, size = 32768, returned 32768 [2012/08/30 15:27:58.512989, 3] smbd/reply.c:3702(send_file_readX) send_file_readX fnum=17770 max=32768 nread=32768 [2012/08/30 15:27:58.518960, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 59 [2012/08/30 15:27:58.519154, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x3b [2012/08/30 15:27:58.519322, 3] smbd/process.c:1662(process_smb) Transaction 168 of length 63 (0 toread) [2012/08/30 15:27:58.519443, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:58.519560, 5] lib/util.c:342(show_msg) size=59 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=65279 smb_uid=100 smb_mid=15809 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]=17770 (0x456A) smb_vwv[ 3]=32768 (0x8000) smb_vwv[ 4]= 7 (0x7) smb_vwv[ 5]=32768 (0x8000) smb_vwv[ 6]=32768 (0x8000) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]=32768 (0x8000) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=0 [2012/08/30 15:27:58.521258, 10] ../lib/util/util.c:415(dump_data) [2012/08/30 15:27:58.521326, 3] smbd/process.c:1467(switch_message) switch message SMBreadX (pid 3054) conn 0x7fd50c011730 [2012/08/30 15:27:58.521448, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/08/30 15:27:58.521616, 10] locking/locking.c:121(strict_lock_default) is_locked: optimisation - exclusive oplock on file x64/3/ps5ui.dll [2012/08/30 15:27:58.521738, 10] locking/locking.c:163(strict_lock_default) strict_lock_default: flavour = WINDOWS_LOCK brl start=491520 len=32768 unlocked for fnum 17770 file x64/3/ps5ui.dll [2012/08/30 15:27:58.521907, 10] smbd/fileio.c:109(read_file) read_file (x64/3/ps5ui.dll): pos = 491520, size = 32768, returned 32768 [2012/08/30 15:27:58.522043, 3] smbd/reply.c:3702(send_file_readX) send_file_readX fnum=17770 max=32768 nread=32768 [2012/08/30 15:27:58.523367, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 59 [2012/08/30 15:27:58.523604, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x3b [2012/08/30 15:27:58.523742, 3] smbd/process.c:1662(process_smb) Transaction 169 of length 63 (0 toread) [2012/08/30 15:27:58.523898, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:58.523960, 5] lib/util.c:342(show_msg) size=59 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=65279 smb_uid=100 smb_mid=15872 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]=17770 (0x456A) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 8 (0x8) smb_vwv[ 5]=32768 (0x8000) smb_vwv[ 6]=32768 (0x8000) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]=32768 (0x8000) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=0 [2012/08/30 15:27:58.525563, 10] ../lib/util/util.c:415(dump_data) [2012/08/30 15:27:58.525631, 3] smbd/process.c:1467(switch_message) switch message SMBreadX (pid 3054) conn 0x7fd50c011730 [2012/08/30 15:27:58.525913, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/08/30 15:27:58.526052, 10] locking/locking.c:121(strict_lock_default) is_locked: optimisation - exclusive oplock on file x64/3/ps5ui.dll [2012/08/30 15:27:58.526201, 10] locking/locking.c:163(strict_lock_default) strict_lock_default: flavour = WINDOWS_LOCK brl start=524288 len=32768 unlocked for fnum 17770 file x64/3/ps5ui.dll [2012/08/30 15:27:58.526369, 10] smbd/fileio.c:109(read_file) read_file (x64/3/ps5ui.dll): pos = 524288, size = 32768, returned 32768 [2012/08/30 15:27:58.526496, 3] smbd/reply.c:3702(send_file_readX) send_file_readX fnum=17770 max=32768 nread=32768 [2012/08/30 15:27:58.526860, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 59 [2012/08/30 15:27:58.527117, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x3b [2012/08/30 15:27:58.527265, 3] smbd/process.c:1662(process_smb) Transaction 170 of length 63 (0 toread) [2012/08/30 15:27:58.527396, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:58.527463, 5] lib/util.c:342(show_msg) size=59 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=65279 smb_uid=100 smb_mid=15951 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]=17770 (0x456A) smb_vwv[ 3]=32768 (0x8000) smb_vwv[ 4]= 8 (0x8) smb_vwv[ 5]=32768 (0x8000) smb_vwv[ 6]=32768 (0x8000) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]=32768 (0x8000) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=0 [2012/08/30 15:27:58.529048, 10] ../lib/util/util.c:415(dump_data) [2012/08/30 15:27:58.529152, 3] smbd/process.c:1467(switch_message) switch message SMBreadX (pid 3054) conn 0x7fd50c011730 [2012/08/30 15:27:58.529287, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/08/30 15:27:58.529425, 10] locking/locking.c:121(strict_lock_default) is_locked: optimisation - exclusive oplock on file x64/3/ps5ui.dll [2012/08/30 15:27:58.529560, 10] locking/locking.c:163(strict_lock_default) strict_lock_default: flavour = WINDOWS_LOCK brl start=557056 len=32768 unlocked for fnum 17770 file x64/3/ps5ui.dll [2012/08/30 15:27:58.529756, 10] smbd/fileio.c:109(read_file) read_file (x64/3/ps5ui.dll): pos = 557056, size = 32768, returned 32768 [2012/08/30 15:27:58.529888, 3] smbd/reply.c:3702(send_file_readX) send_file_readX fnum=17770 max=32768 nread=32768 [2012/08/30 15:27:58.530264, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 59 [2012/08/30 15:27:58.530400, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x3b [2012/08/30 15:27:58.530641, 3] smbd/process.c:1662(process_smb) Transaction 171 of length 63 (0 toread) [2012/08/30 15:27:58.530774, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:58.530842, 5] lib/util.c:342(show_msg) size=59 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=65279 smb_uid=100 smb_mid=16014 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]=17770 (0x456A) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 9 (0x9) smb_vwv[ 5]=32768 (0x8000) smb_vwv[ 6]=32768 (0x8000) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]=32768 (0x8000) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=0 [2012/08/30 15:27:58.532590, 10] ../lib/util/util.c:415(dump_data) [2012/08/30 15:27:58.532658, 3] smbd/process.c:1467(switch_message) switch message SMBreadX (pid 3054) conn 0x7fd50c011730 [2012/08/30 15:27:58.532792, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/08/30 15:27:58.532930, 10] locking/locking.c:121(strict_lock_default) is_locked: optimisation - exclusive oplock on file x64/3/ps5ui.dll [2012/08/30 15:27:58.533065, 10] locking/locking.c:163(strict_lock_default) strict_lock_default: flavour = WINDOWS_LOCK brl start=589824 len=32768 unlocked for fnum 17770 file x64/3/ps5ui.dll [2012/08/30 15:27:58.533234, 10] smbd/fileio.c:109(read_file) read_file (x64/3/ps5ui.dll): pos = 589824, size = 32768, returned 32768 [2012/08/30 15:27:58.533389, 3] smbd/reply.c:3702(send_file_readX) send_file_readX fnum=17770 max=32768 nread=32768 [2012/08/30 15:27:58.533791, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 59 [2012/08/30 15:27:58.533930, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x3b [2012/08/30 15:27:58.534168, 3] smbd/process.c:1662(process_smb) Transaction 172 of length 63 (0 toread) [2012/08/30 15:27:58.534305, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:58.534373, 5] lib/util.c:342(show_msg) size=59 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=65279 smb_uid=100 smb_mid=16077 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]=17770 (0x456A) smb_vwv[ 3]=32768 (0x8000) smb_vwv[ 4]= 9 (0x9) smb_vwv[ 5]=32768 (0x8000) smb_vwv[ 6]=32768 (0x8000) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]=32768 (0x8000) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=0 [2012/08/30 15:27:58.536004, 10] ../lib/util/util.c:415(dump_data) [2012/08/30 15:27:58.536070, 3] smbd/process.c:1467(switch_message) switch message SMBreadX (pid 3054) conn 0x7fd50c011730 [2012/08/30 15:27:58.536190, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/08/30 15:27:58.536313, 10] locking/locking.c:121(strict_lock_default) is_locked: optimisation - exclusive oplock on file x64/3/ps5ui.dll [2012/08/30 15:27:58.536447, 10] locking/locking.c:163(strict_lock_default) strict_lock_default: flavour = WINDOWS_LOCK brl start=622592 len=32768 unlocked for fnum 17770 file x64/3/ps5ui.dll [2012/08/30 15:27:58.536614, 10] smbd/fileio.c:109(read_file) read_file (x64/3/ps5ui.dll): pos = 622592, size = 32768, returned 32768 [2012/08/30 15:27:58.536744, 3] smbd/reply.c:3702(send_file_readX) send_file_readX fnum=17770 max=32768 nread=32768 [2012/08/30 15:27:58.537093, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 59 [2012/08/30 15:27:58.537234, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x3b [2012/08/30 15:27:58.537642, 3] smbd/process.c:1662(process_smb) Transaction 173 of length 63 (0 toread) [2012/08/30 15:27:58.537771, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:58.537836, 5] lib/util.c:342(show_msg) size=59 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=65279 smb_uid=100 smb_mid=16140 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]=17770 (0x456A) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 10 (0xA) smb_vwv[ 5]=32768 (0x8000) smb_vwv[ 6]=32768 (0x8000) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]=32768 (0x8000) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=0 [2012/08/30 15:27:58.539441, 10] ../lib/util/util.c:415(dump_data) [2012/08/30 15:27:58.539559, 3] smbd/process.c:1467(switch_message) switch message SMBreadX (pid 3054) conn 0x7fd50c011730 [2012/08/30 15:27:58.539705, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/08/30 15:27:58.539828, 10] locking/locking.c:121(strict_lock_default) is_locked: optimisation - exclusive oplock on file x64/3/ps5ui.dll [2012/08/30 15:27:58.539965, 10] locking/locking.c:163(strict_lock_default) strict_lock_default: flavour = WINDOWS_LOCK brl start=655360 len=32768 unlocked for fnum 17770 file x64/3/ps5ui.dll [2012/08/30 15:27:58.540091, 10] smbd/fileio.c:109(read_file) read_file (x64/3/ps5ui.dll): pos = 655360, size = 32768, returned 32768 [2012/08/30 15:27:58.540336, 3] smbd/reply.c:3702(send_file_readX) send_file_readX fnum=17770 max=32768 nread=32768 [2012/08/30 15:27:58.540713, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 59 [2012/08/30 15:27:58.540968, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x3b [2012/08/30 15:27:58.541128, 3] smbd/process.c:1662(process_smb) Transaction 174 of length 63 (0 toread) [2012/08/30 15:27:58.541264, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:58.541338, 5] lib/util.c:342(show_msg) size=59 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=65279 smb_uid=100 smb_mid=16203 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]=17770 (0x456A) smb_vwv[ 3]=32768 (0x8000) smb_vwv[ 4]= 10 (0xA) smb_vwv[ 5]=32768 (0x8000) smb_vwv[ 6]=32768 (0x8000) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]=32768 (0x8000) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=0 [2012/08/30 15:27:58.542968, 10] ../lib/util/util.c:415(dump_data) [2012/08/30 15:27:58.543047, 3] smbd/process.c:1467(switch_message) switch message SMBreadX (pid 3054) conn 0x7fd50c011730 [2012/08/30 15:27:58.543183, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/08/30 15:27:58.543329, 10] locking/locking.c:121(strict_lock_default) is_locked: optimisation - exclusive oplock on file x64/3/ps5ui.dll [2012/08/30 15:27:58.543465, 10] locking/locking.c:163(strict_lock_default) strict_lock_default: flavour = WINDOWS_LOCK brl start=688128 len=32768 unlocked for fnum 17770 file x64/3/ps5ui.dll [2012/08/30 15:27:58.544491, 10] smbd/fileio.c:109(read_file) read_file (x64/3/ps5ui.dll): pos = 688128, size = 32768, returned 32768 [2012/08/30 15:27:58.544631, 3] smbd/reply.c:3702(send_file_readX) send_file_readX fnum=17770 max=32768 nread=32768 [2012/08/30 15:27:58.545003, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 59 [2012/08/30 15:27:58.545153, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x3b [2012/08/30 15:27:58.545275, 3] smbd/process.c:1662(process_smb) Transaction 175 of length 63 (0 toread) [2012/08/30 15:27:58.545507, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:58.545588, 5] lib/util.c:342(show_msg) size=59 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=65279 smb_uid=100 smb_mid=16266 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]=17770 (0x456A) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 11 (0xB) smb_vwv[ 5]= 5120 (0x1400) smb_vwv[ 6]= 5120 (0x1400) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 5120 (0x1400) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=0 [2012/08/30 15:27:58.547189, 10] ../lib/util/util.c:415(dump_data) [2012/08/30 15:27:58.547267, 3] smbd/process.c:1467(switch_message) switch message SMBreadX (pid 3054) conn 0x7fd50c011730 [2012/08/30 15:27:58.547396, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/08/30 15:27:58.547567, 10] locking/locking.c:121(strict_lock_default) is_locked: optimisation - exclusive oplock on file x64/3/ps5ui.dll [2012/08/30 15:27:58.547709, 10] locking/locking.c:163(strict_lock_default) strict_lock_default: flavour = WINDOWS_LOCK brl start=720896 len=5120 unlocked for fnum 17770 file x64/3/ps5ui.dll [2012/08/30 15:27:58.547869, 10] smbd/fileio.c:109(read_file) read_file (x64/3/ps5ui.dll): pos = 720896, size = 5120, returned 5120 [2012/08/30 15:27:58.547999, 3] smbd/reply.c:3702(send_file_readX) send_file_readX fnum=17770 max=5120 nread=5120 [2012/08/30 15:27:58.554725, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 118 [2012/08/30 15:27:58.554931, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x76 [2012/08/30 15:27:58.555051, 3] smbd/process.c:1662(process_smb) Transaction 176 of length 122 (0 toread) [2012/08/30 15:27:58.555169, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:58.555231, 5] lib/util.c:342(show_msg) size=118 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=292 smb_uid=100 smb_mid=16330 smt_wct=15 smb_vwv[ 0]= 50 (0x32) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 10 (0xA) smb_vwv[ 3]=16384 (0x4000) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 50 (0x32) smb_vwv[10]= 68 (0x44) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 1 (0x1) smb_vwv[14]= 1 (0x1) smb_bcc=53 [2012/08/30 15:27:58.556965, 10] ../lib/util/util.c:415(dump_data) [0000] 00 00 00 16 00 56 05 07 00 04 01 00 00 00 00 5C .....V.. .......\ [0010] 00 78 00 36 00 34 00 5C 00 33 00 5C 00 70 00 73 .x.6.4.\ .3.\.p.s [0020] 00 63 00 72 00 69 00 70 00 74 00 2E 00 68 00 6C .c.r.i.p .t...h.l [0030] 00 70 00 00 00 .p... [2012/08/30 15:27:58.557299, 3] smbd/process.c:1467(switch_message) switch message SMBtrans2 (pid 3054) conn 0x7fd50c011730 [2012/08/30 15:27:58.557418, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/08/30 15:27:58.557543, 3] smbd/trans2.c:2286(call_trans2findfirst) call_trans2findfirst: dirtype = 16, maxentries = 1366, close_after_first=1, close_if_end = 1 requires_resume_key = 1 level = 0x104, max_data_bytes = 16384 [2012/08/30 15:27:58.557671, 5] smbd/filename.c:257(unix_convert) unix_convert called on file "x64/3/pscript.hlp" [2012/08/30 15:27:58.557793, 10] smbd/statcache.c:244(stat_cache_lookup) stat_cache_lookup: lookup failed for name [X64/3/PSCRIPT.HLP] [2012/08/30 15:27:58.557912, 10] smbd/statcache.c:283(stat_cache_lookup) stat_cache_lookup: lookup succeeded for name [X64/3] -> [x64/3] [2012/08/30 15:27:58.558047, 5] smbd/filename.c:416(unix_convert) unix_convert begin: name = x64/3/pscript.hlp, dirpath = x64/3, start = pscript.hlp [2012/08/30 15:27:58.558201, 5] smbd/statcache.c:143(stat_cache_add) stat_cache_add: Added entry (7fd50c04ef90:size 11) X64/3/PSCRIPT.HLP -> x64/3/pscript.hlp [2012/08/30 15:27:58.558318, 5] smbd/filename.c:439(unix_convert) conversion of base_name finished x64/3/pscript.hlp -> x64/3/pscript.hlp [2012/08/30 15:27:58.558437, 3] smbd/vfs.c:905(check_reduced_name) check_reduced_name [x64/3/pscript.hlp] [/var/lib/samba/printers] [2012/08/30 15:27:58.558568, 10] smbd/vfs.c:969(check_reduced_name) check_reduced_name realpath [x64/3/pscript.hlp] -> [/var/lib/samba/printers/x64/3/pscript.hlp] [2012/08/30 15:27:58.558685, 3] smbd/vfs.c:1039(check_reduced_name) check_reduced_name: x64/3/pscript.hlp reduced to /var/lib/samba/printers/x64/3/pscript.hlp [2012/08/30 15:27:58.558849, 5] smbd/trans2.c:2371(call_trans2findfirst) dir=x64/3, mask = pscript.hlp [2012/08/30 15:27:58.558968, 5] smbd/dir.c:439(dptr_create) dptr_create dir=x64/3 [2012/08/30 15:27:58.560698, 3] smbd/vfs.c:905(check_reduced_name) check_reduced_name [x64/3] [/var/lib/samba/printers] [2012/08/30 15:27:58.560871, 10] smbd/vfs.c:969(check_reduced_name) check_reduced_name realpath [x64/3] -> [/var/lib/samba/printers/x64/3] [2012/08/30 15:27:58.561028, 3] smbd/vfs.c:1039(check_reduced_name) check_reduced_name: x64/3 reduced to /var/lib/samba/printers/x64/3 [2012/08/30 15:27:58.561187, 3] smbd/dir.c:578(dptr_create) creating new dirptr 256 for path x64/3, expect_close = 1 [2012/08/30 15:27:58.561406, 4] smbd/trans2.c:2439(call_trans2findfirst) dptr_num is 256, wcard = pscript.hlp, attr = 22 [2012/08/30 15:27:58.561550, 8] smbd/trans2.c:2448(call_trans2findfirst) dirpath= dontdescend=<> [2012/08/30 15:27:58.561705, 6] smbd/dir.c:969(smbd_dirptr_get_entry) smbd_dirptr_get_entry: dirptr 0x7fd50c02d410 now at offset -1 [2012/08/30 15:27:58.561848, 8] smbd/dosmode.c:621(dos_mode) dos_mode: x64/3/pscript.hlp [2012/08/30 15:27:58.562146, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning a [2012/08/30 15:27:58.562284, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning a [2012/08/30 15:27:58.562483, 10] locking/locking.c:1026(fetch_share_mode_unlocked) fetch_share_mode_unlocked: no share_mode record around (file not open) [2012/08/30 15:27:58.562621, 3] smbd/dir.c:1041(smbd_dirptr_get_entry) smbd_dirptr_get_entry mask=[pscript.hlp] found x64/3/pscript.hlp fname=pscript.hlp (pscript.hlp) [2012/08/30 15:27:58.562762, 10] smbd/trans2.c:1572(smbd_marshall_dir_entry) smbd_marshall_dir_entry: space_remaining = 16384 [2012/08/30 15:27:58.562898, 10] smbd/trans2.c:1721(smbd_marshall_dir_entry) smbd_marshall_dir_entry: SMB_FIND_FILE_BOTH_DIRECTORY_INFO [2012/08/30 15:27:58.563035, 5] smbd/trans2.c:2505(call_trans2findfirst) call_trans2findfirst - (2) closing dptr_num 256 [2012/08/30 15:27:58.563170, 4] smbd/dir.c:257(dptr_close_internal) closing dptr key 256 [2012/08/30 15:27:58.563314, 9] smbd/trans2.c:935(send_trans2_replies) t2_rep: params_sent_thistime = 10, data_sent_thistime = 116, useable_space = 131010 [2012/08/30 15:27:58.563448, 9] smbd/trans2.c:937(send_trans2_replies) t2_rep: params_to_send = 10, data_to_send = 116, paramsize = 10, datasize = 116 [2012/08/30 15:27:58.563541, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:58.563611, 5] lib/util.c:342(show_msg) size=184 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=2 smb_pid=292 smb_uid=100 smb_mid=16330 smt_wct=10 smb_vwv[ 0]= 10 (0xA) smb_vwv[ 1]= 116 (0x74) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 10 (0xA) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 116 (0x74) smb_vwv[ 7]= 68 (0x44) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=129 [2012/08/30 15:27:58.565352, 10] ../lib/util/util.c:415(dump_data) [0000] 00 FD FF 01 00 01 00 00 00 00 00 00 00 74 00 00 ........ .....t.. [0010] 00 00 00 00 00 FE CA D0 CB E3 86 CD 01 11 9C 2E ........ ........ [0020] D9 E3 86 CD 01 FE CA D0 CB E3 86 CD 01 FE CA D0 ........ ........ [0030] CB E3 86 CD 01 B6 65 00 00 00 00 00 00 00 00 10 ......e. ........ [0040] 00 00 00 00 00 20 00 00 00 16 00 00 00 00 00 00 ..... .. ........ [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0060] 00 00 00 00 00 00 00 00 00 00 00 70 00 73 00 63 ........ ...p.s.c [0070] 00 72 00 69 00 70 00 74 00 2E 00 68 00 6C 00 70 .r.i.p.t ...h.l.p [0080] 00 . [2012/08/30 15:27:58.566176, 4] smbd/trans2.c:2549(call_trans2findfirst) SMBtrans2 mask=pscript.hlp directory=x64/3 dirtype=22 numentries=1 [2012/08/30 15:27:58.571090, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 118 [2012/08/30 15:27:58.571274, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x76 [2012/08/30 15:27:58.571395, 3] smbd/process.c:1662(process_smb) Transaction 177 of length 122 (0 toread) [2012/08/30 15:27:58.571560, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:58.571632, 5] lib/util.c:342(show_msg) size=118 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=292 smb_uid=100 smb_mid=16394 smt_wct=15 smb_vwv[ 0]= 50 (0x32) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 10 (0xA) smb_vwv[ 3]=16384 (0x4000) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 50 (0x32) smb_vwv[10]= 68 (0x44) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 1 (0x1) smb_vwv[14]= 1 (0x1) smb_bcc=53 [2012/08/30 15:27:58.573505, 10] ../lib/util/util.c:415(dump_data) [0000] 00 00 00 16 00 56 05 07 00 04 01 00 00 00 00 5C .....V.. .......\ [0010] 00 78 00 36 00 34 00 5C 00 33 00 5C 00 70 00 73 .x.6.4.\ .3.\.p.s [0020] 00 63 00 72 00 69 00 70 00 74 00 2E 00 68 00 6C .c.r.i.p .t...h.l [0030] 00 70 00 00 00 .p... [2012/08/30 15:27:58.573864, 3] smbd/process.c:1467(switch_message) switch message SMBtrans2 (pid 3054) conn 0x7fd50c011730 [2012/08/30 15:27:58.574159, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/08/30 15:27:58.574285, 3] smbd/trans2.c:2286(call_trans2findfirst) call_trans2findfirst: dirtype = 16, maxentries = 1366, close_after_first=1, close_if_end = 1 requires_resume_key = 1 level = 0x104, max_data_bytes = 16384 [2012/08/30 15:27:58.574414, 5] smbd/filename.c:257(unix_convert) unix_convert called on file "x64/3/pscript.hlp" [2012/08/30 15:27:58.574537, 10] smbd/statcache.c:283(stat_cache_lookup) stat_cache_lookup: lookup succeeded for name [X64/3/PSCRIPT.HLP] -> [x64/3/pscript.hlp] [2012/08/30 15:27:58.574662, 3] smbd/vfs.c:905(check_reduced_name) check_reduced_name [x64/3/pscript.hlp] [/var/lib/samba/printers] [2012/08/30 15:27:58.574792, 10] smbd/vfs.c:969(check_reduced_name) check_reduced_name realpath [x64/3/pscript.hlp] -> [/var/lib/samba/printers/x64/3/pscript.hlp] [2012/08/30 15:27:58.574909, 3] smbd/vfs.c:1039(check_reduced_name) check_reduced_name: x64/3/pscript.hlp reduced to /var/lib/samba/printers/x64/3/pscript.hlp [2012/08/30 15:27:58.575048, 5] smbd/trans2.c:2371(call_trans2findfirst) dir=x64/3, mask = pscript.hlp [2012/08/30 15:27:58.575168, 5] smbd/dir.c:439(dptr_create) dptr_create dir=x64/3 [2012/08/30 15:27:58.575285, 3] smbd/vfs.c:905(check_reduced_name) check_reduced_name [x64/3] [/var/lib/samba/printers] [2012/08/30 15:27:58.575412, 10] smbd/vfs.c:969(check_reduced_name) check_reduced_name realpath [x64/3] -> [/var/lib/samba/printers/x64/3] [2012/08/30 15:27:58.575562, 3] smbd/vfs.c:1039(check_reduced_name) check_reduced_name: x64/3 reduced to /var/lib/samba/printers/x64/3 [2012/08/30 15:27:58.575702, 3] smbd/dir.c:578(dptr_create) creating new dirptr 256 for path x64/3, expect_close = 1 [2012/08/30 15:27:58.575819, 4] smbd/trans2.c:2439(call_trans2findfirst) dptr_num is 256, wcard = pscript.hlp, attr = 22 [2012/08/30 15:27:58.575936, 8] smbd/trans2.c:2448(call_trans2findfirst) dirpath= dontdescend=<> [2012/08/30 15:27:58.576064, 6] smbd/dir.c:969(smbd_dirptr_get_entry) smbd_dirptr_get_entry: dirptr 0x7fd50c012c20 now at offset -1 [2012/08/30 15:27:58.576184, 8] smbd/dosmode.c:621(dos_mode) dos_mode: x64/3/pscript.hlp [2012/08/30 15:27:58.576303, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning a [2012/08/30 15:27:58.576421, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning a [2012/08/30 15:27:58.576551, 10] locking/locking.c:1026(fetch_share_mode_unlocked) fetch_share_mode_unlocked: no share_mode record around (file not open) [2012/08/30 15:27:58.576669, 3] smbd/dir.c:1041(smbd_dirptr_get_entry) smbd_dirptr_get_entry mask=[pscript.hlp] found x64/3/pscript.hlp fname=pscript.hlp (pscript.hlp) [2012/08/30 15:27:58.576792, 10] smbd/trans2.c:1572(smbd_marshall_dir_entry) smbd_marshall_dir_entry: space_remaining = 16384 [2012/08/30 15:27:58.576910, 10] smbd/trans2.c:1721(smbd_marshall_dir_entry) smbd_marshall_dir_entry: SMB_FIND_FILE_BOTH_DIRECTORY_INFO [2012/08/30 15:27:58.577030, 5] smbd/trans2.c:2505(call_trans2findfirst) call_trans2findfirst - (2) closing dptr_num 256 [2012/08/30 15:27:58.577165, 4] smbd/dir.c:257(dptr_close_internal) closing dptr key 256 [2012/08/30 15:27:58.577298, 9] smbd/trans2.c:935(send_trans2_replies) t2_rep: params_sent_thistime = 10, data_sent_thistime = 116, useable_space = 131010 [2012/08/30 15:27:58.577416, 9] smbd/trans2.c:937(send_trans2_replies) t2_rep: params_to_send = 10, data_to_send = 116, paramsize = 10, datasize = 116 [2012/08/30 15:27:58.577534, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:58.577595, 5] lib/util.c:342(show_msg) size=184 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=2 smb_pid=292 smb_uid=100 smb_mid=16394 smt_wct=10 smb_vwv[ 0]= 10 (0xA) smb_vwv[ 1]= 116 (0x74) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 10 (0xA) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 116 (0x74) smb_vwv[ 7]= 68 (0x44) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=129 [2012/08/30 15:27:58.579021, 10] ../lib/util/util.c:415(dump_data) [0000] 00 FD FF 01 00 01 00 00 00 00 00 00 00 74 00 00 ........ .....t.. [0010] 00 00 00 00 00 FE CA D0 CB E3 86 CD 01 11 9C 2E ........ ........ [0020] D9 E3 86 CD 01 FE CA D0 CB E3 86 CD 01 FE CA D0 ........ ........ [0030] CB E3 86 CD 01 B6 65 00 00 00 00 00 00 00 00 10 ......e. ........ [0040] 00 00 00 00 00 20 00 00 00 16 00 00 00 00 00 00 ..... .. ........ [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0060] 00 00 00 00 00 00 00 00 00 00 00 70 00 73 00 63 ........ ...p.s.c [0070] 00 72 00 69 00 70 00 74 00 2E 00 68 00 6C 00 70 .r.i.p.t ...h.l.p [0080] 00 . [2012/08/30 15:27:58.579847, 4] smbd/trans2.c:2549(call_trans2findfirst) SMBtrans2 mask=pscript.hlp directory=x64/3 dirtype=22 numentries=1 [2012/08/30 15:27:58.581574, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 122 [2012/08/30 15:27:58.581733, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x7a [2012/08/30 15:27:58.581853, 3] smbd/process.c:1662(process_smb) Transaction 178 of length 126 (0 toread) [2012/08/30 15:27:58.582001, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:58.582063, 5] lib/util.c:342(show_msg) size=122 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=292 smb_uid=100 smb_mid=16458 smt_wct=24 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 9216 (0x2400) smb_vwv[ 3]= 5632 (0x1600) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]=35072 (0x8900) smb_vwv[ 8]= 512 (0x200) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 256 (0x100) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 256 (0x100) smb_vwv[18]= 0 (0x0) smb_vwv[19]=16384 (0x4000) smb_vwv[20]= 0 (0x0) smb_vwv[21]= 512 (0x200) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 768 (0x300) smb_bcc=39 [2012/08/30 15:27:58.584304, 10] ../lib/util/util.c:415(dump_data) [0000] 00 5C 00 78 00 36 00 34 00 5C 00 33 00 5C 00 70 .\.x.6.4 .\.3.\.p [0010] 00 73 00 63 00 72 00 69 00 70 00 74 00 2E 00 68 .s.c.r.i .p.t...h [0020] 00 6C 00 70 00 00 00 .l.p... [2012/08/30 15:27:58.584588, 3] smbd/process.c:1467(switch_message) switch message SMBntcreateX (pid 3054) conn 0x7fd50c011730 [2012/08/30 15:27:58.584707, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/08/30 15:27:58.584833, 10] smbd/nttrans.c:500(reply_ntcreate_and_X) reply_ntcreate_and_X: flags = 0x16, access_mask = 0x20089 file_attributes = 0x0, share_access = 0x1, create_disposition = 0x1 create_options = 0x40 root_dir_fid = 0x0, fname = x64/3/pscript.hlp [2012/08/30 15:27:58.584959, 5] smbd/filename.c:257(unix_convert) unix_convert called on file "x64/3/pscript.hlp" [2012/08/30 15:27:58.585082, 10] smbd/statcache.c:283(stat_cache_lookup) stat_cache_lookup: lookup succeeded for name [X64/3/PSCRIPT.HLP] -> [x64/3/pscript.hlp] [2012/08/30 15:27:58.585219, 3] smbd/vfs.c:905(check_reduced_name) check_reduced_name [x64/3/pscript.hlp] [/var/lib/samba/printers] [2012/08/30 15:27:58.585348, 10] smbd/vfs.c:969(check_reduced_name) check_reduced_name realpath [x64/3/pscript.hlp] -> [/var/lib/samba/printers/x64/3/pscript.hlp] [2012/08/30 15:27:58.585465, 3] smbd/vfs.c:1039(check_reduced_name) check_reduced_name: x64/3/pscript.hlp reduced to /var/lib/samba/printers/x64/3/pscript.hlp [2012/08/30 15:27:58.585601, 10] smbd/open.c:3607(create_file_default) create_file: access_mask = 0x20089 file_attributes = 0x0, share_access = 0x1, create_disposition = 0x1 create_options = 0x40 oplock_request = 0x3 private_flags = 0x0 root_dir_fid = 0x0, ea_list = 0x(nil), sd = 0x(nil), fname = x64/3/pscript.hlp [2012/08/30 15:27:58.585724, 10] smbd/open.c:3127(create_file_unixpath) create_file_unixpath: access_mask = 0x20089 file_attributes = 0x0, share_access = 0x1, create_disposition = 0x1 create_options = 0x40 oplock_request = 0x3 private_flags = 0x0 ea_list = 0x(nil), sd = 0x(nil), fname = x64/3/pscript.hlp [2012/08/30 15:27:58.586027, 5] smbd/files.c:140(file_new) allocated file structure 13675, fnum = 17771 (5 used) [2012/08/30 15:27:58.586153, 10] smbd/files.c:705(file_name_hash) file_name_hash: /var/lib/samba/printers/x64/3/pscript.hlp hash 0x5179febe [2012/08/30 15:27:58.586295, 3] smbd/dosmode.c:159(unix_mode) unix_mode(x64/3/pscript.hlp) returning 0744 [2012/08/30 15:27:58.586414, 10] smbd/open.c:1605(open_file_ntcreate) open_file_ntcreate: fname=x64/3/pscript.hlp, dos_attrs=0x0 access_mask=0x20089 share_access=0x1 create_disposition = 0x1 create_options=0x40 unix mode=0744 oplock_request=3 private_flags = 0x0 [2012/08/30 15:27:58.586539, 8] smbd/dosmode.c:621(dos_mode) dos_mode: x64/3/pscript.hlp [2012/08/30 15:27:58.586657, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning a [2012/08/30 15:27:58.586775, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning a [2012/08/30 15:27:58.586900, 10] smbd/open.c:1778(open_file_ntcreate) open_file_ntcreate: fname=x64/3/pscript.hlp, after mapping access_mask=0x20089 [2012/08/30 15:27:58.587026, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 0108000000000000A83B [2012/08/30 15:27:58.587176, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fd50c04f470 [2012/08/30 15:27:58.587298, 10] locking/brlock.c:1814(brl_get_locks_internal) brl_get_locks_internal: 0 current locks on file_id 801:23ba8:0 [2012/08/30 15:27:58.587420, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 0108000000000000A83B [2012/08/30 15:27:58.587582, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 0108000000000000A83B [2012/08/30 15:27:58.587720, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fd50c04f6b0 [2012/08/30 15:27:58.587845, 10] smbd/open.c:1163(grant_fsp_oplock_type) grant_fsp_oplock_type: oplock type 0x3 on file x64/3/pscript.hlp [2012/08/30 15:27:58.587969, 4] smbd/open.c:2069(open_file_ntcreate) calling open_file with flags=0x0 flags2=0x0 mode=0744, access_mask = 0x20089, open_access_mask = 0x20089 [2012/08/30 15:27:58.588097, 10] smbd/open.c:189(fd_open) fd_open: name x64/3/pscript.hlp, flags = 00 mode = 0744, fd = 39. [2012/08/30 15:27:58.588216, 2] smbd/open.c:704(open_file) administrator opened file x64/3/pscript.hlp read=Yes write=No (numopen=4) [2012/08/30 15:27:58.588352, 3] smbd/oplock_linux.c:142(linux_set_kernel_oplock) linux_set_kernel_oplock: got kernel oplock on file x64/3/pscript.hlp, file_id = 801:23ba8:0 gen_id = 1302153917 [2012/08/30 15:27:58.588479, 5] smbd/oplock.c:92(set_file_oplock) set_file_oplock: granted oplock on file x64/3/pscript.hlp, 801:23ba8:0/1302153917, tv_sec = 503fbebe, tv_usec = 8f129 [2012/08/30 15:27:58.588604, 10] locking/locking.c:801(unparse_share_modes) unparse_share_modes: owrt: Thu Aug 30 15:15:20 2012 EDT cwrt: Wed Dec 31 19:00:00 1969 EST, ntok: 0, num: 1 [2012/08/30 15:27:58.588750, 10] locking/locking.c:536(print_share_mode_table) print_share_mode_table: share_mode_entry[0]: pid = 3054, share_access = 0x1, private_options = 0x0, access_mask = 0x20089, mid = 0x404a, type= 0x3, gen_id = 1302153917, uid = 10000, flags = 0, file_id 801:23ba8:0, name_hash = 0x5179febe [2012/08/30 15:27:58.588874, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 0108000000000000A83B [2012/08/30 15:27:58.589000, 10] smbd/open.c:3419(create_file_unixpath) create_file_unixpath: info=1 [2012/08/30 15:27:58.589120, 10] smbd/open.c:3695(create_file_default) create_file: info=1 [2012/08/30 15:27:58.589239, 8] smbd/dosmode.c:621(dos_mode) dos_mode: x64/3/pscript.hlp [2012/08/30 15:27:58.589357, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning a [2012/08/30 15:27:58.589477, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning a [2012/08/30 15:27:58.589601, 10] locking/locking.c:663(parse_share_modes) parse_share_modes: owrt: Thu Aug 30 15:15:20 2012 EDT, cwrt: Wed Dec 31 19:00:00 1969 EST, ntok: 0, num_share_modes: 1 [2012/08/30 15:27:58.589736, 10] locking/locking.c:725(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 3054, share_access = 0x1, private_options = 0x0, access_mask = 0x20089, mid = 0x404a, type= 0x3, gen_id = 1302153917, uid = 10000, flags = 0, file_id 801:23ba8:0, name_hash = 0x5179febe [2012/08/30 15:27:58.589906, 10] smbd/file_access.c:204(can_access_file_data) can_access_file_data: requesting 0x2 on file x64/3/pscript.hlp [2012/08/30 15:27:58.590024, 5] smbd/nttrans.c:725(reply_ntcreate_and_X) reply_ntcreate_and_X: fnum = 17771, open name = x64/3/pscript.hlp [2012/08/30 15:27:58.590648, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 72 [2012/08/30 15:27:58.590786, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x48 [2012/08/30 15:27:58.590905, 3] smbd/process.c:1662(process_smb) Transaction 179 of length 76 (0 toread) [2012/08/30 15:27:58.591025, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:58.591087, 5] lib/util.c:342(show_msg) size=72 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=292 smb_uid=100 smb_mid=16522 smt_wct=15 smb_vwv[ 0]= 4 (0x4) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 2 (0x2) smb_vwv[ 3]= 8 (0x8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 4 (0x4) smb_vwv[10]= 68 (0x44) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 1 (0x1) smb_vwv[14]= 7 (0x7) smb_bcc=7 [2012/08/30 15:27:58.592992, 10] ../lib/util/util.c:415(dump_data) [0000] 00 00 00 6B 45 EE 03 ...kE.. [2012/08/30 15:27:58.593135, 3] smbd/process.c:1467(switch_message) switch message SMBtrans2 (pid 3054) conn 0x7fd50c011730 [2012/08/30 15:27:58.593272, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/08/30 15:27:58.593394, 3] smbd/trans2.c:5026(call_trans2qfilepathinfo) call_trans2qfilepathinfo: TRANSACT2_QFILEINFO: level = 1006 [2012/08/30 15:27:58.593525, 10] locking/locking.c:663(parse_share_modes) parse_share_modes: owrt: Thu Aug 30 15:15:20 2012 EDT, cwrt: Wed Dec 31 19:00:00 1969 EST, ntok: 0, num_share_modes: 1 [2012/08/30 15:27:58.593675, 10] locking/locking.c:725(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 3054, share_access = 0x1, private_options = 0x0, access_mask = 0x20089, mid = 0x404a, type= 0x3, gen_id = 1302153917, uid = 10000, flags = 0, file_id 801:23ba8:0, name_hash = 0x5179febe [2012/08/30 15:27:58.593794, 10] locking/locking.c:1657(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0x5179febe [2012/08/30 15:27:58.593940, 3] smbd/trans2.c:5255(call_trans2qfilepathinfo) call_trans2qfilepathinfo x64/3/pscript.hlp (fnum = 17771) level=1006 call=7 total_data=0 [2012/08/30 15:27:58.594083, 5] smbd/trans2.c:4223(smbd_do_qfilepathinfo) smbd_do_qfilepathinfo: x64/3/pscript.hlp (fnum = 17771) level=1006 max_data=8 [2012/08/30 15:27:58.594211, 8] smbd/dosmode.c:621(dos_mode) dos_mode: x64/3/pscript.hlp [2012/08/30 15:27:58.594329, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning a [2012/08/30 15:27:58.594449, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning a [2012/08/30 15:27:58.594571, 10] smbd/trans2.c:4615(smbd_do_qfilepathinfo) smbd_do_qfilepathinfo: SMB_FILE_INTERNAL_INFORMATION [2012/08/30 15:27:58.594690, 9] smbd/trans2.c:935(send_trans2_replies) t2_rep: params_sent_thistime = 2, data_sent_thistime = 8, useable_space = 131010 [2012/08/30 15:27:58.594810, 9] smbd/trans2.c:937(send_trans2_replies) t2_rep: params_to_send = 2, data_to_send = 8, paramsize = 2, datasize = 8 [2012/08/30 15:27:58.594927, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:58.594989, 5] lib/util.c:342(show_msg) size=68 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=2 smb_pid=292 smb_uid=100 smb_mid=16522 smt_wct=10 smb_vwv[ 0]= 2 (0x2) smb_vwv[ 1]= 8 (0x8) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 2 (0x2) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 8 (0x8) smb_vwv[ 7]= 60 (0x3C) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=13 [2012/08/30 15:27:58.596408, 10] ../lib/util/util.c:415(dump_data) [0000] 00 00 00 00 00 A8 3B 02 00 00 00 00 00 ......;. ..... [2012/08/30 15:27:58.597743, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 59 [2012/08/30 15:27:58.597893, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x3b [2012/08/30 15:27:58.598015, 3] smbd/process.c:1662(process_smb) Transaction 180 of length 63 (0 toread) [2012/08/30 15:27:58.598133, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:58.598194, 5] lib/util.c:342(show_msg) size=59 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=59399 smb_tid=2 smb_pid=65279 smb_uid=100 smb_mid=16586 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]=17771 (0x456B) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 4096 (0x1000) smb_vwv[ 6]= 4096 (0x1000) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 4096 (0x1000) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=0 [2012/08/30 15:27:58.599722, 10] ../lib/util/util.c:415(dump_data) [2012/08/30 15:27:58.599786, 3] smbd/process.c:1467(switch_message) switch message SMBreadX (pid 3054) conn 0x7fd50c011730 [2012/08/30 15:27:58.599908, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/08/30 15:27:58.600031, 10] locking/locking.c:121(strict_lock_default) is_locked: optimisation - exclusive oplock on file x64/3/pscript.hlp [2012/08/30 15:27:58.600150, 10] locking/locking.c:163(strict_lock_default) strict_lock_default: flavour = WINDOWS_LOCK brl start=0 len=4096 unlocked for fnum 17771 file x64/3/pscript.hlp [2012/08/30 15:27:58.600285, 10] smbd/fileio.c:109(read_file) read_file (x64/3/pscript.hlp): pos = 0, size = 4096, returned 4096 [2012/08/30 15:27:58.600411, 3] smbd/reply.c:3702(send_file_readX) send_file_readX fnum=17771 max=4096 nread=4096 [2012/08/30 15:27:58.603542, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 41 [2012/08/30 15:27:58.603731, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x29 [2012/08/30 15:27:58.603917, 3] smbd/process.c:1662(process_smb) Transaction 181 of length 45 (0 toread) [2012/08/30 15:27:58.604049, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:58.604112, 5] lib/util.c:342(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=65279 smb_uid=100 smb_mid=16650 smt_wct=3 smb_vwv[ 0]=17771 (0x456B) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2012/08/30 15:27:58.605095, 10] ../lib/util/util.c:415(dump_data) [2012/08/30 15:27:58.605164, 3] smbd/process.c:1467(switch_message) switch message SMBclose (pid 3054) conn 0x7fd50c011730 [2012/08/30 15:27:58.606134, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/08/30 15:27:58.606272, 3] smbd/reply.c:4848(reply_close) close fd=39 fnum=17771 (numopen=4) [2012/08/30 15:27:58.606414, 6] smbd/close.c:532(set_close_write_time) close_write_time: Sun Feb 7 01:28:15 2106 [2012/08/30 15:27:58.606551, 10] smbd/oplock_linux.c:154(linux_release_kernel_oplock) linux_release_kernel_oplock: file x64/3/pscript.hlp, file_id = 801:23ba8:0 gen_id = 1302153917 has kernel oplock state of 1. [2012/08/30 15:27:58.606692, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 0108000000000000A83B [2012/08/30 15:27:58.606824, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fd50c050f70 [2012/08/30 15:27:58.606942, 10] locking/locking.c:663(parse_share_modes) parse_share_modes: owrt: Thu Aug 30 15:15:20 2012 EDT, cwrt: Wed Dec 31 19:00:00 1969 EST, ntok: 0, num_share_modes: 1 [2012/08/30 15:27:58.607085, 10] locking/locking.c:725(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 3054, share_access = 0x1, private_options = 0x0, access_mask = 0x20089, mid = 0x404a, type= 0x3, gen_id = 1302153917, uid = 10000, flags = 0, file_id 801:23ba8:0, name_hash = 0x5179febe [2012/08/30 15:27:58.607251, 10] locking/locking.c:1657(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0x5179febe [2012/08/30 15:27:58.607373, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 0108000000000000A83B [2012/08/30 15:27:58.607531, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file x64/3/pscript.hlp = 0 [2012/08/30 15:27:58.607663, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file x64/3/pscript.hlp [2012/08/30 15:27:58.607793, 2] smbd/close.c:696(close_normal_file) administrator closed file x64/3/pscript.hlp (numopen=3) NT_STATUS_OK [2012/08/30 15:27:58.607920, 5] smbd/files.c:482(file_free) freed files structure 17771 (4 used) [2012/08/30 15:27:58.608044, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:58.608106, 5] lib/util.c:342(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=2 smb_pid=65279 smb_uid=100 smb_mid=16650 smt_wct=0 smb_bcc=0 [2012/08/30 15:27:58.608890, 10] ../lib/util/util.c:415(dump_data) [2012/08/30 15:27:58.611411, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 122 [2012/08/30 15:27:58.611661, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x7a [2012/08/30 15:27:58.611815, 3] smbd/process.c:1662(process_smb) Transaction 182 of length 126 (0 toread) [2012/08/30 15:27:58.611944, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:58.612008, 5] lib/util.c:342(show_msg) size=122 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=292 smb_uid=100 smb_mid=16714 smt_wct=24 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 9216 (0x2400) smb_vwv[ 3]= 5632 (0x1600) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]=35072 (0x8900) smb_vwv[ 8]= 512 (0x200) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 768 (0x300) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 256 (0x100) smb_vwv[18]= 0 (0x0) smb_vwv[19]= 0 (0x0) smb_vwv[20]= 0 (0x0) smb_vwv[21]= 512 (0x200) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 768 (0x300) smb_bcc=39 [2012/08/30 15:27:58.614965, 10] ../lib/util/util.c:415(dump_data) [0000] 00 5C 00 78 00 36 00 34 00 5C 00 33 00 5C 00 70 .\.x.6.4 .\.3.\.p [0010] 00 73 00 63 00 72 00 69 00 70 00 74 00 2E 00 68 .s.c.r.i .p.t...h [0020] 00 6C 00 70 00 00 00 .l.p... [2012/08/30 15:27:58.615337, 3] smbd/process.c:1467(switch_message) switch message SMBntcreateX (pid 3054) conn 0x7fd50c011730 [2012/08/30 15:27:58.615477, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/08/30 15:27:58.616414, 10] smbd/nttrans.c:500(reply_ntcreate_and_X) reply_ntcreate_and_X: flags = 0x16, access_mask = 0x20089 file_attributes = 0x0, share_access = 0x3, create_disposition = 0x1 create_options = 0x0 root_dir_fid = 0x0, fname = x64/3/pscript.hlp [2012/08/30 15:27:58.616562, 5] smbd/filename.c:257(unix_convert) unix_convert called on file "x64/3/pscript.hlp" [2012/08/30 15:27:58.616691, 10] smbd/statcache.c:283(stat_cache_lookup) stat_cache_lookup: lookup succeeded for name [X64/3/PSCRIPT.HLP] -> [x64/3/pscript.hlp] [2012/08/30 15:27:58.616835, 3] smbd/vfs.c:905(check_reduced_name) check_reduced_name [x64/3/pscript.hlp] [/var/lib/samba/printers] [2012/08/30 15:27:58.617001, 10] smbd/vfs.c:969(check_reduced_name) check_reduced_name realpath [x64/3/pscript.hlp] -> [/var/lib/samba/printers/x64/3/pscript.hlp] [2012/08/30 15:27:58.617124, 3] smbd/vfs.c:1039(check_reduced_name) check_reduced_name: x64/3/pscript.hlp reduced to /var/lib/samba/printers/x64/3/pscript.hlp [2012/08/30 15:27:58.617247, 10] smbd/open.c:3607(create_file_default) create_file: access_mask = 0x20089 file_attributes = 0x0, share_access = 0x3, create_disposition = 0x1 create_options = 0x0 oplock_request = 0x3 private_flags = 0x0 root_dir_fid = 0x0, ea_list = 0x(nil), sd = 0x(nil), fname = x64/3/pscript.hlp [2012/08/30 15:27:58.617406, 10] smbd/open.c:3127(create_file_unixpath) create_file_unixpath: access_mask = 0x20089 file_attributes = 0x0, share_access = 0x3, create_disposition = 0x1 create_options = 0x0 oplock_request = 0x3 private_flags = 0x0 ea_list = 0x(nil), sd = 0x(nil), fname = x64/3/pscript.hlp [2012/08/30 15:27:58.617535, 5] smbd/files.c:140(file_new) allocated file structure 13676, fnum = 17772 (5 used) [2012/08/30 15:27:58.617690, 10] smbd/files.c:705(file_name_hash) file_name_hash: /var/lib/samba/printers/x64/3/pscript.hlp hash 0x5179febe [2012/08/30 15:27:58.617846, 3] smbd/dosmode.c:159(unix_mode) unix_mode(x64/3/pscript.hlp) returning 0744 [2012/08/30 15:27:58.617970, 10] smbd/open.c:1605(open_file_ntcreate) open_file_ntcreate: fname=x64/3/pscript.hlp, dos_attrs=0x0 access_mask=0x20089 share_access=0x3 create_disposition = 0x1 create_options=0x0 unix mode=0744 oplock_request=3 private_flags = 0x0 [2012/08/30 15:27:58.618110, 8] smbd/dosmode.c:621(dos_mode) dos_mode: x64/3/pscript.hlp [2012/08/30 15:27:58.618258, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning a [2012/08/30 15:27:58.618409, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning a [2012/08/30 15:27:58.620273, 10] smbd/open.c:1778(open_file_ntcreate) open_file_ntcreate: fname=x64/3/pscript.hlp, after mapping access_mask=0x20089 [2012/08/30 15:27:58.620454, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 0108000000000000A83B [2012/08/30 15:27:58.620637, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fd50c04f470 [2012/08/30 15:27:58.620815, 10] locking/brlock.c:1814(brl_get_locks_internal) brl_get_locks_internal: 0 current locks on file_id 801:23ba8:0 [2012/08/30 15:27:58.620975, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 0108000000000000A83B [2012/08/30 15:27:58.621161, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 0108000000000000A83B [2012/08/30 15:27:58.621334, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fd50c04f6b0 [2012/08/30 15:27:58.621487, 10] smbd/open.c:1163(grant_fsp_oplock_type) grant_fsp_oplock_type: oplock type 0x3 on file x64/3/pscript.hlp [2012/08/30 15:27:58.621679, 4] smbd/open.c:2069(open_file_ntcreate) calling open_file with flags=0x0 flags2=0x0 mode=0744, access_mask = 0x20089, open_access_mask = 0x20089 [2012/08/30 15:27:58.622020, 10] smbd/open.c:189(fd_open) fd_open: name x64/3/pscript.hlp, flags = 00 mode = 0744, fd = 39. [2012/08/30 15:27:58.622170, 2] smbd/open.c:704(open_file) administrator opened file x64/3/pscript.hlp read=Yes write=No (numopen=4) [2012/08/30 15:27:58.622331, 3] smbd/oplock_linux.c:142(linux_set_kernel_oplock) linux_set_kernel_oplock: got kernel oplock on file x64/3/pscript.hlp, file_id = 801:23ba8:0 gen_id = 1302153918 [2012/08/30 15:27:58.622499, 5] smbd/oplock.c:92(set_file_oplock) set_file_oplock: granted oplock on file x64/3/pscript.hlp, 801:23ba8:0/1302153918, tv_sec = 503fbebe, tv_usec = 96c3d [2012/08/30 15:27:58.622664, 10] locking/locking.c:801(unparse_share_modes) unparse_share_modes: owrt: Thu Aug 30 15:15:20 2012 EDT cwrt: Wed Dec 31 19:00:00 1969 EST, ntok: 0, num: 1 [2012/08/30 15:27:58.622858, 10] locking/locking.c:536(print_share_mode_table) print_share_mode_table: share_mode_entry[0]: pid = 3054, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0x414a, type= 0x3, gen_id = 1302153918, uid = 10000, flags = 0, file_id 801:23ba8:0, name_hash = 0x5179febe [2012/08/30 15:27:58.623036, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 0108000000000000A83B [2012/08/30 15:27:58.623314, 10] smbd/open.c:3419(create_file_unixpath) create_file_unixpath: info=1 [2012/08/30 15:27:58.623461, 10] smbd/open.c:3695(create_file_default) create_file: info=1 [2012/08/30 15:27:58.623556, 8] smbd/dosmode.c:621(dos_mode) dos_mode: x64/3/pscript.hlp [2012/08/30 15:27:58.623721, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning a [2012/08/30 15:27:58.623860, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning a [2012/08/30 15:27:58.623990, 10] locking/locking.c:663(parse_share_modes) parse_share_modes: owrt: Thu Aug 30 15:15:20 2012 EDT, cwrt: Wed Dec 31 19:00:00 1969 EST, ntok: 0, num_share_modes: 1 [2012/08/30 15:27:58.624147, 10] locking/locking.c:725(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 3054, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0x414a, type= 0x3, gen_id = 1302153918, uid = 10000, flags = 0, file_id 801:23ba8:0, name_hash = 0x5179febe [2012/08/30 15:27:58.624294, 10] smbd/file_access.c:204(can_access_file_data) can_access_file_data: requesting 0x2 on file x64/3/pscript.hlp [2012/08/30 15:27:58.624456, 5] smbd/nttrans.c:725(reply_ntcreate_and_X) reply_ntcreate_and_X: fnum = 17772, open name = x64/3/pscript.hlp [2012/08/30 15:27:58.626894, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 41 [2012/08/30 15:27:58.627181, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x29 [2012/08/30 15:27:58.627309, 3] smbd/process.c:1662(process_smb) Transaction 183 of length 45 (0 toread) [2012/08/30 15:27:58.627475, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:58.627619, 5] lib/util.c:342(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=65279 smb_uid=100 smb_mid=16778 smt_wct=3 smb_vwv[ 0]=17772 (0x456C) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2012/08/30 15:27:58.628795, 10] ../lib/util/util.c:415(dump_data) [2012/08/30 15:27:58.628880, 3] smbd/process.c:1467(switch_message) switch message SMBclose (pid 3054) conn 0x7fd50c011730 [2012/08/30 15:27:58.629005, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/08/30 15:27:58.629131, 3] smbd/reply.c:4848(reply_close) close fd=39 fnum=17772 (numopen=4) [2012/08/30 15:27:58.629309, 6] smbd/close.c:532(set_close_write_time) close_write_time: Sun Feb 7 01:28:15 2106 [2012/08/30 15:27:58.629474, 10] smbd/oplock_linux.c:154(linux_release_kernel_oplock) linux_release_kernel_oplock: file x64/3/pscript.hlp, file_id = 801:23ba8:0 gen_id = 1302153918 has kernel oplock state of 1. [2012/08/30 15:27:58.629619, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 0108000000000000A83B [2012/08/30 15:27:58.629752, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fd50c050f70 [2012/08/30 15:27:58.629914, 10] locking/locking.c:663(parse_share_modes) parse_share_modes: owrt: Thu Aug 30 15:15:20 2012 EDT, cwrt: Wed Dec 31 19:00:00 1969 EST, ntok: 0, num_share_modes: 1 [2012/08/30 15:27:58.630099, 10] locking/locking.c:725(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 3054, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0x414a, type= 0x3, gen_id = 1302153918, uid = 10000, flags = 0, file_id 801:23ba8:0, name_hash = 0x5179febe [2012/08/30 15:27:58.630264, 10] locking/locking.c:1657(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0x5179febe [2012/08/30 15:27:58.630397, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 0108000000000000A83B [2012/08/30 15:27:58.630568, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file x64/3/pscript.hlp = 0 [2012/08/30 15:27:58.630753, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file x64/3/pscript.hlp [2012/08/30 15:27:58.630885, 2] smbd/close.c:696(close_normal_file) administrator closed file x64/3/pscript.hlp (numopen=3) NT_STATUS_OK [2012/08/30 15:27:58.631010, 5] smbd/files.c:482(file_free) freed files structure 17772 (4 used) [2012/08/30 15:27:58.631150, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:58.631239, 5] lib/util.c:342(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=2 smb_pid=65279 smb_uid=100 smb_mid=16778 smt_wct=0 smb_bcc=0 [2012/08/30 15:27:58.632221, 10] ../lib/util/util.c:415(dump_data) [2012/08/30 15:27:58.633648, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 122 [2012/08/30 15:27:58.633911, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x7a [2012/08/30 15:27:58.634332, 3] smbd/process.c:1662(process_smb) Transaction 184 of length 126 (0 toread) [2012/08/30 15:27:58.634472, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:58.634588, 5] lib/util.c:342(show_msg) size=122 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=292 smb_uid=100 smb_mid=16842 smt_wct=24 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 9216 (0x2400) smb_vwv[ 3]= 5632 (0x1600) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]=35072 (0x8900) smb_vwv[ 8]= 512 (0x200) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 1280 (0x500) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 256 (0x100) smb_vwv[18]= 0 (0x0) smb_vwv[19]= 1024 (0x400) smb_vwv[20]= 8192 (0x2000) smb_vwv[21]= 512 (0x200) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 768 (0x300) smb_bcc=39 [2012/08/30 15:27:58.637145, 10] ../lib/util/util.c:415(dump_data) [0000] 00 5C 00 78 00 36 00 34 00 5C 00 33 00 5C 00 70 .\.x.6.4 .\.3.\.p [0010] 00 73 00 63 00 72 00 69 00 70 00 74 00 2E 00 68 .s.c.r.i .p.t...h [0020] 00 6C 00 70 00 00 00 .l.p... [2012/08/30 15:27:58.637498, 3] smbd/process.c:1467(switch_message) switch message SMBntcreateX (pid 3054) conn 0x7fd50c011730 [2012/08/30 15:27:58.637639, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/08/30 15:27:58.637773, 10] smbd/nttrans.c:500(reply_ntcreate_and_X) reply_ntcreate_and_X: flags = 0x16, access_mask = 0x20089 file_attributes = 0x0, share_access = 0x5, create_disposition = 0x1 create_options = 0x200004 root_dir_fid = 0x0, fname = x64/3/pscript.hlp [2012/08/30 15:27:58.637901, 5] smbd/filename.c:257(unix_convert) unix_convert called on file "x64/3/pscript.hlp" [2012/08/30 15:27:58.638059, 10] smbd/statcache.c:283(stat_cache_lookup) stat_cache_lookup: lookup succeeded for name [X64/3/PSCRIPT.HLP] -> [x64/3/pscript.hlp] [2012/08/30 15:27:58.638222, 3] smbd/vfs.c:905(check_reduced_name) check_reduced_name [x64/3/pscript.hlp] [/var/lib/samba/printers] [2012/08/30 15:27:58.638371, 10] smbd/vfs.c:969(check_reduced_name) check_reduced_name realpath [x64/3/pscript.hlp] -> [/var/lib/samba/printers/x64/3/pscript.hlp] [2012/08/30 15:27:58.638533, 3] smbd/vfs.c:1039(check_reduced_name) check_reduced_name: x64/3/pscript.hlp reduced to /var/lib/samba/printers/x64/3/pscript.hlp [2012/08/30 15:27:58.638672, 10] smbd/open.c:3607(create_file_default) create_file: access_mask = 0x20089 file_attributes = 0x0, share_access = 0x5, create_disposition = 0x1 create_options = 0x200004 oplock_request = 0x3 private_flags = 0x0 root_dir_fid = 0x0, ea_list = 0x(nil), sd = 0x(nil), fname = x64/3/pscript.hlp [2012/08/30 15:27:58.638824, 10] smbd/open.c:3127(create_file_unixpath) create_file_unixpath: access_mask = 0x20089 file_attributes = 0x0, share_access = 0x5, create_disposition = 0x1 create_options = 0x200004 oplock_request = 0x3 private_flags = 0x0 ea_list = 0x(nil), sd = 0x(nil), fname = x64/3/pscript.hlp [2012/08/30 15:27:58.638959, 5] smbd/files.c:140(file_new) allocated file structure 13677, fnum = 17773 (5 used) [2012/08/30 15:27:58.639101, 10] smbd/files.c:705(file_name_hash) file_name_hash: /var/lib/samba/printers/x64/3/pscript.hlp hash 0x5179febe [2012/08/30 15:27:58.639226, 3] smbd/dosmode.c:159(unix_mode) unix_mode(x64/3/pscript.hlp) returning 0744 [2012/08/30 15:27:58.639366, 10] smbd/open.c:1605(open_file_ntcreate) open_file_ntcreate: fname=x64/3/pscript.hlp, dos_attrs=0x0 access_mask=0x20089 share_access=0x5 create_disposition = 0x1 create_options=0x200004 unix mode=0744 oplock_request=3 private_flags = 0x0 [2012/08/30 15:27:58.639530, 8] smbd/dosmode.c:621(dos_mode) dos_mode: x64/3/pscript.hlp [2012/08/30 15:27:58.639677, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning a [2012/08/30 15:27:58.639831, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning a [2012/08/30 15:27:58.640080, 10] smbd/open.c:1778(open_file_ntcreate) open_file_ntcreate: fname=x64/3/pscript.hlp, after mapping access_mask=0x20089 [2012/08/30 15:27:58.640226, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 0108000000000000A83B [2012/08/30 15:27:58.640368, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fd50c04f470 [2012/08/30 15:27:58.640497, 10] locking/brlock.c:1814(brl_get_locks_internal) brl_get_locks_internal: 0 current locks on file_id 801:23ba8:0 [2012/08/30 15:27:58.640622, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 0108000000000000A83B [2012/08/30 15:27:58.640773, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 0108000000000000A83B [2012/08/30 15:27:58.640940, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fd50c04f6b0 [2012/08/30 15:27:58.641100, 10] smbd/open.c:1163(grant_fsp_oplock_type) grant_fsp_oplock_type: oplock type 0x3 on file x64/3/pscript.hlp [2012/08/30 15:27:58.641223, 4] smbd/open.c:2069(open_file_ntcreate) calling open_file with flags=0x0 flags2=0x0 mode=0744, access_mask = 0x20089, open_access_mask = 0x20089 [2012/08/30 15:27:58.641370, 10] smbd/open.c:189(fd_open) fd_open: name x64/3/pscript.hlp, flags = 00 mode = 0744, fd = 39. [2012/08/30 15:27:58.641494, 2] smbd/open.c:704(open_file) administrator opened file x64/3/pscript.hlp read=Yes write=No (numopen=4) [2012/08/30 15:27:58.641639, 3] smbd/oplock_linux.c:142(linux_set_kernel_oplock) linux_set_kernel_oplock: got kernel oplock on file x64/3/pscript.hlp, file_id = 801:23ba8:0 gen_id = 1302153919 [2012/08/30 15:27:58.641766, 5] smbd/oplock.c:92(set_file_oplock) set_file_oplock: granted oplock on file x64/3/pscript.hlp, 801:23ba8:0/1302153919, tv_sec = 503fbebe, tv_usec = 9bfed [2012/08/30 15:27:58.641909, 10] locking/locking.c:801(unparse_share_modes) unparse_share_modes: owrt: Thu Aug 30 15:15:20 2012 EDT cwrt: Wed Dec 31 19:00:00 1969 EST, ntok: 0, num: 1 [2012/08/30 15:27:58.642090, 10] locking/locking.c:536(print_share_mode_table) print_share_mode_table: share_mode_entry[0]: pid = 3054, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0x41ca, type= 0x3, gen_id = 1302153919, uid = 10000, flags = 0, file_id 801:23ba8:0, name_hash = 0x5179febe [2012/08/30 15:27:58.642255, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 0108000000000000A83B [2012/08/30 15:27:58.642433, 10] smbd/open.c:3419(create_file_unixpath) create_file_unixpath: info=1 [2012/08/30 15:27:58.642570, 10] smbd/open.c:3695(create_file_default) create_file: info=1 [2012/08/30 15:27:58.642693, 8] smbd/dosmode.c:621(dos_mode) dos_mode: x64/3/pscript.hlp [2012/08/30 15:27:58.642859, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning a [2012/08/30 15:27:58.642996, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning a [2012/08/30 15:27:58.643153, 10] locking/locking.c:663(parse_share_modes) parse_share_modes: owrt: Thu Aug 30 15:15:20 2012 EDT, cwrt: Wed Dec 31 19:00:00 1969 EST, ntok: 0, num_share_modes: 1 [2012/08/30 15:27:58.643337, 10] locking/locking.c:725(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 3054, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0x41ca, type= 0x3, gen_id = 1302153919, uid = 10000, flags = 0, file_id 801:23ba8:0, name_hash = 0x5179febe [2012/08/30 15:27:58.643484, 10] smbd/file_access.c:204(can_access_file_data) can_access_file_data: requesting 0x2 on file x64/3/pscript.hlp [2012/08/30 15:27:58.643621, 5] smbd/nttrans.c:725(reply_ntcreate_and_X) reply_ntcreate_and_X: fnum = 17773, open name = x64/3/pscript.hlp [2012/08/30 15:27:58.644576, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 86 [2012/08/30 15:27:58.644758, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x56 [2012/08/30 15:27:58.644915, 3] smbd/process.c:1662(process_smb) Transaction 185 of length 90 (0 toread) [2012/08/30 15:27:58.645062, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:58.645140, 5] lib/util.c:342(show_msg) size=86 smb_com=0xa0 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=292 smb_uid=100 smb_mid=16906 smt_wct=23 smb_vwv[ 0]= 4 (0x4) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 512 (0x200) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]=21504 (0x5400) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 512 (0x200) smb_vwv[14]= 0 (0x0) smb_vwv[15]=21504 (0x5400) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 1024 (0x400) smb_vwv[18]= 2 (0x2) smb_vwv[19]= 452 (0x1C4) smb_vwv[20]= 20 (0x14) smb_vwv[21]=17773 (0x456D) smb_vwv[22]= 1 (0x1) smb_bcc=5 [2012/08/30 15:27:58.647842, 10] ../lib/util/util.c:415(dump_data) [0000] 00 00 00 07 16 ..... [2012/08/30 15:27:58.647988, 3] smbd/process.c:1467(switch_message) switch message SMBnttrans (pid 3054) conn 0x7fd50c011730 [2012/08/30 15:27:58.648112, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/08/30 15:27:58.648266, 10] smbd/nttrans.c:3108(reply_nttrans) num_setup=8, param_total=0, this_param=0, max_param=0, data_total=2, this_data=2, max_data=0, param_offset=84, data_offset=84 [2012/08/30 15:27:58.648408, 10] smbd/nttrans.c:3180(reply_nttrans) reply_nttrans: state->setup_count = 8 [2012/08/30 15:27:58.648548, 10] ../lib/util/util.c:415(dump_data) [0000] C4 01 14 00 6D 45 01 00 ....mE.. [2012/08/30 15:27:58.648708, 10] smbd/nttrans.c:2481(call_nt_transact_ioctl) call_nt_transact_ioctl: function[0x001401C4] FID[0x456D] isFSctl[0x01] compfilter[0x00] [2012/08/30 15:27:58.648873, 3] smbd/error.c:81(error_packet_set) error packet at smbd/nttrans.c(2514) cmd=160 (SMBnttrans) NT_STATUS_NOT_SUPPORTED [2012/08/30 15:27:58.649018, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:58.649107, 5] lib/util.c:342(show_msg) size=35 smb_com=0xa0 smb_rcls=187 smb_reh=0 smb_err=49152 smb_flg=136 smb_flg2=51203 smb_tid=2 smb_pid=292 smb_uid=100 smb_mid=16906 smt_wct=0 smb_bcc=0 [2012/08/30 15:27:58.650033, 10] ../lib/util/util.c:415(dump_data) [2012/08/30 15:27:58.650620, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 72 [2012/08/30 15:27:58.650784, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x48 [2012/08/30 15:27:58.650931, 3] smbd/process.c:1662(process_smb) Transaction 186 of length 76 (0 toread) [2012/08/30 15:27:58.651059, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:58.651149, 5] lib/util.c:342(show_msg) size=72 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=292 smb_uid=100 smb_mid=16970 smt_wct=15 smb_vwv[ 0]= 4 (0x4) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 2 (0x2) smb_vwv[ 3]= 24 (0x18) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 4 (0x4) smb_vwv[10]= 68 (0x44) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 1 (0x1) smb_vwv[14]= 7 (0x7) smb_bcc=7 [2012/08/30 15:27:58.653106, 10] ../lib/util/util.c:415(dump_data) [0000] 00 00 00 6D 45 ED 03 ...mE.. [2012/08/30 15:27:58.653289, 3] smbd/process.c:1467(switch_message) switch message SMBtrans2 (pid 3054) conn 0x7fd50c011730 [2012/08/30 15:27:58.653443, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/08/30 15:27:58.653598, 3] smbd/trans2.c:5026(call_trans2qfilepathinfo) call_trans2qfilepathinfo: TRANSACT2_QFILEINFO: level = 1005 [2012/08/30 15:27:58.653856, 10] locking/locking.c:663(parse_share_modes) parse_share_modes: owrt: Thu Aug 30 15:15:20 2012 EDT, cwrt: Wed Dec 31 19:00:00 1969 EST, ntok: 0, num_share_modes: 1 [2012/08/30 15:27:58.654044, 10] locking/locking.c:725(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 3054, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0x41ca, type= 0x3, gen_id = 1302153919, uid = 10000, flags = 0, file_id 801:23ba8:0, name_hash = 0x5179febe [2012/08/30 15:27:58.654208, 10] locking/locking.c:1657(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0x5179febe [2012/08/30 15:27:58.654376, 3] smbd/trans2.c:5255(call_trans2qfilepathinfo) call_trans2qfilepathinfo x64/3/pscript.hlp (fnum = 17773) level=1005 call=7 total_data=0 [2012/08/30 15:27:58.654506, 5] smbd/trans2.c:4223(smbd_do_qfilepathinfo) smbd_do_qfilepathinfo: x64/3/pscript.hlp (fnum = 17773) level=1005 max_data=24 [2012/08/30 15:27:58.654644, 8] smbd/dosmode.c:621(dos_mode) dos_mode: x64/3/pscript.hlp [2012/08/30 15:27:58.654797, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning a [2012/08/30 15:27:58.654935, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning a [2012/08/30 15:27:58.655063, 10] smbd/trans2.c:4473(smbd_do_qfilepathinfo) smbd_do_qfilepathinfo: SMB_FILE_STANDARD_INFORMATION [2012/08/30 15:27:58.655187, 9] smbd/trans2.c:935(send_trans2_replies) t2_rep: params_sent_thistime = 2, data_sent_thistime = 24, useable_space = 131010 [2012/08/30 15:27:58.655326, 9] smbd/trans2.c:937(send_trans2_replies) t2_rep: params_to_send = 2, data_to_send = 24, paramsize = 2, datasize = 24 [2012/08/30 15:27:58.655472, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:58.655559, 5] lib/util.c:342(show_msg) size=84 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=2 smb_pid=292 smb_uid=100 smb_mid=16970 smt_wct=10 smb_vwv[ 0]= 2 (0x2) smb_vwv[ 1]= 24 (0x18) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 2 (0x2) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 24 (0x18) smb_vwv[ 7]= 60 (0x3C) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=29 [2012/08/30 15:27:58.657220, 10] ../lib/util/util.c:415(dump_data) [0000] 00 00 00 00 00 00 00 10 00 00 00 00 00 B6 65 00 ........ ......e. [0010] 00 00 00 00 00 01 00 00 00 00 00 00 00 ........ ..... [2012/08/30 15:27:58.658073, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 72 [2012/08/30 15:27:58.658222, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x48 [2012/08/30 15:27:58.658389, 3] smbd/process.c:1662(process_smb) Transaction 187 of length 76 (0 toread) [2012/08/30 15:27:58.658512, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:58.658575, 5] lib/util.c:342(show_msg) size=72 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=292 smb_uid=100 smb_mid=17034 smt_wct=15 smb_vwv[ 0]= 4 (0x4) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 2 (0x2) smb_vwv[ 3]= 40 (0x28) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 4 (0x4) smb_vwv[10]= 68 (0x44) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 1 (0x1) smb_vwv[14]= 7 (0x7) smb_bcc=7 [2012/08/30 15:27:58.660494, 10] ../lib/util/util.c:415(dump_data) [0000] 00 00 00 6D 45 EC 03 ...mE.. [2012/08/30 15:27:58.660628, 3] smbd/process.c:1467(switch_message) switch message SMBtrans2 (pid 3054) conn 0x7fd50c011730 [2012/08/30 15:27:58.660775, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/08/30 15:27:58.660906, 3] smbd/trans2.c:5026(call_trans2qfilepathinfo) call_trans2qfilepathinfo: TRANSACT2_QFILEINFO: level = 1004 [2012/08/30 15:27:58.661053, 10] locking/locking.c:663(parse_share_modes) parse_share_modes: owrt: Thu Aug 30 15:15:20 2012 EDT, cwrt: Wed Dec 31 19:00:00 1969 EST, ntok: 0, num_share_modes: 1 [2012/08/30 15:27:58.661211, 10] locking/locking.c:725(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 3054, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0x41ca, type= 0x3, gen_id = 1302153919, uid = 10000, flags = 0, file_id 801:23ba8:0, name_hash = 0x5179febe [2012/08/30 15:27:58.661350, 10] locking/locking.c:1657(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0x5179febe [2012/08/30 15:27:58.661503, 3] smbd/trans2.c:5255(call_trans2qfilepathinfo) call_trans2qfilepathinfo x64/3/pscript.hlp (fnum = 17773) level=1004 call=7 total_data=0 [2012/08/30 15:27:58.661628, 5] smbd/trans2.c:4223(smbd_do_qfilepathinfo) smbd_do_qfilepathinfo: x64/3/pscript.hlp (fnum = 17773) level=1004 max_data=40 [2012/08/30 15:27:58.661779, 8] smbd/dosmode.c:621(dos_mode) dos_mode: x64/3/pscript.hlp [2012/08/30 15:27:58.661961, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning a [2012/08/30 15:27:58.662101, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning a [2012/08/30 15:27:58.662255, 10] smbd/trans2.c:4452(smbd_do_qfilepathinfo) smbd_do_qfilepathinfo: SMB_FILE_BASIC_INFORMATION [2012/08/30 15:27:58.662415, 5] smbd/trans2.c:4462(smbd_do_qfilepathinfo) SMB_QFBI - create: Thu Aug 30 15:15:20 2012 access: Thu Aug 30 15:15:42 2012 write: Thu Aug 30 15:15:20 2012 change: Thu Aug 30 15:15:20 2012 mode: 20 [2012/08/30 15:27:58.662864, 9] smbd/trans2.c:935(send_trans2_replies) t2_rep: params_sent_thistime = 2, data_sent_thistime = 40, useable_space = 131010 [2012/08/30 15:27:58.662987, 9] smbd/trans2.c:937(send_trans2_replies) t2_rep: params_to_send = 2, data_to_send = 40, paramsize = 2, datasize = 40 [2012/08/30 15:27:58.663133, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:58.663211, 5] lib/util.c:342(show_msg) size=100 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=2 smb_pid=292 smb_uid=100 smb_mid=17034 smt_wct=10 smb_vwv[ 0]= 2 (0x2) smb_vwv[ 1]= 40 (0x28) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 2 (0x2) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 40 (0x28) smb_vwv[ 7]= 60 (0x3C) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=45 [2012/08/30 15:27:58.664822, 10] ../lib/util/util.c:415(dump_data) [0000] 00 00 00 00 00 FE CA D0 CB E3 86 CD 01 11 9C 2E ........ ........ [0010] D9 E3 86 CD 01 FE CA D0 CB E3 86 CD 01 FE CA D0 ........ ........ [0020] CB E3 86 CD 01 20 00 00 00 00 00 00 00 ..... .. ..... [2012/08/30 15:27:58.666094, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 72 [2012/08/30 15:27:58.666278, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x48 [2012/08/30 15:27:58.666403, 3] smbd/process.c:1662(process_smb) Transaction 188 of length 76 (0 toread) [2012/08/30 15:27:58.666550, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:58.666629, 5] lib/util.c:342(show_msg) size=72 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=292 smb_uid=100 smb_mid=17098 smt_wct=15 smb_vwv[ 0]= 4 (0x4) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 2 (0x2) smb_vwv[ 3]= 4094 (0xFFE) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 4 (0x4) smb_vwv[10]= 68 (0x44) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 1 (0x1) smb_vwv[14]= 7 (0x7) smb_bcc=7 [2012/08/30 15:27:58.668592, 10] ../lib/util/util.c:415(dump_data) [0000] 00 00 00 6D 45 FE 03 ...mE.. [2012/08/30 15:27:58.668744, 3] smbd/process.c:1467(switch_message) switch message SMBtrans2 (pid 3054) conn 0x7fd50c011730 [2012/08/30 15:27:58.668882, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/08/30 15:27:58.669009, 3] smbd/trans2.c:5026(call_trans2qfilepathinfo) call_trans2qfilepathinfo: TRANSACT2_QFILEINFO: level = 1022 [2012/08/30 15:27:58.669302, 10] locking/locking.c:663(parse_share_modes) parse_share_modes: owrt: Thu Aug 30 15:15:20 2012 EDT, cwrt: Wed Dec 31 19:00:00 1969 EST, ntok: 0, num_share_modes: 1 [2012/08/30 15:27:58.669486, 10] locking/locking.c:725(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 3054, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0x41ca, type= 0x3, gen_id = 1302153919, uid = 10000, flags = 0, file_id 801:23ba8:0, name_hash = 0x5179febe [2012/08/30 15:27:58.669613, 10] locking/locking.c:1657(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0x5179febe [2012/08/30 15:27:58.669905, 3] smbd/trans2.c:5255(call_trans2qfilepathinfo) call_trans2qfilepathinfo x64/3/pscript.hlp (fnum = 17773) level=1022 call=7 total_data=0 [2012/08/30 15:27:58.670047, 5] smbd/trans2.c:4223(smbd_do_qfilepathinfo) smbd_do_qfilepathinfo: x64/3/pscript.hlp (fnum = 17773) level=1022 max_data=4094 [2012/08/30 15:27:58.670189, 8] smbd/dosmode.c:621(dos_mode) dos_mode: x64/3/pscript.hlp [2012/08/30 15:27:58.670327, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning a [2012/08/30 15:27:58.670464, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning a [2012/08/30 15:27:58.670592, 10] smbd/trans2.c:4675(smbd_do_qfilepathinfo) smbd_do_qfilepathinfo: SMB_FILE_STREAM_INFORMATION [2012/08/30 15:27:58.670751, 9] smbd/trans2.c:935(send_trans2_replies) t2_rep: params_sent_thistime = 2, data_sent_thistime = 38, useable_space = 131010 [2012/08/30 15:27:58.670889, 9] smbd/trans2.c:937(send_trans2_replies) t2_rep: params_to_send = 2, data_to_send = 38, paramsize = 2, datasize = 38 [2012/08/30 15:27:58.671012, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:58.671099, 5] lib/util.c:342(show_msg) size=98 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=2 smb_pid=292 smb_uid=100 smb_mid=17098 smt_wct=10 smb_vwv[ 0]= 2 (0x2) smb_vwv[ 1]= 38 (0x26) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 2 (0x2) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 38 (0x26) smb_vwv[ 7]= 60 (0x3C) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=43 [2012/08/30 15:27:58.672677, 10] ../lib/util/util.c:415(dump_data) [0000] 00 00 00 00 00 00 00 00 00 0E 00 00 00 B6 65 00 ........ ......e. [0010] 00 00 00 00 00 00 00 10 00 00 00 00 00 3A 00 3A ........ .....:.: [0020] 00 24 00 44 00 41 00 54 00 41 00 .$.D.A.T .A. [2012/08/30 15:27:58.674091, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 72 [2012/08/30 15:27:58.674314, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x48 [2012/08/30 15:27:58.674455, 3] smbd/process.c:1662(process_smb) Transaction 189 of length 76 (0 toread) [2012/08/30 15:27:58.674610, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:58.674675, 5] lib/util.c:342(show_msg) size=72 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=292 smb_uid=100 smb_mid=17162 smt_wct=15 smb_vwv[ 0]= 4 (0x4) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 2 (0x2) smb_vwv[ 3]= 40 (0x28) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 4 (0x4) smb_vwv[10]= 68 (0x44) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 1 (0x1) smb_vwv[14]= 7 (0x7) smb_bcc=7 [2012/08/30 15:27:58.676783, 10] ../lib/util/util.c:415(dump_data) [0000] 00 00 00 6D 45 EC 03 ...mE.. [2012/08/30 15:27:58.676936, 3] smbd/process.c:1467(switch_message) switch message SMBtrans2 (pid 3054) conn 0x7fd50c011730 [2012/08/30 15:27:58.677069, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/08/30 15:27:58.677202, 3] smbd/trans2.c:5026(call_trans2qfilepathinfo) call_trans2qfilepathinfo: TRANSACT2_QFILEINFO: level = 1004 [2012/08/30 15:27:58.677345, 10] locking/locking.c:663(parse_share_modes) parse_share_modes: owrt: Thu Aug 30 15:15:20 2012 EDT, cwrt: Wed Dec 31 19:00:00 1969 EST, ntok: 0, num_share_modes: 1 [2012/08/30 15:27:58.677521, 10] locking/locking.c:725(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 3054, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0x41ca, type= 0x3, gen_id = 1302153919, uid = 10000, flags = 0, file_id 801:23ba8:0, name_hash = 0x5179febe [2012/08/30 15:27:58.677719, 10] locking/locking.c:1657(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0x5179febe [2012/08/30 15:27:58.677849, 3] smbd/trans2.c:5255(call_trans2qfilepathinfo) call_trans2qfilepathinfo x64/3/pscript.hlp (fnum = 17773) level=1004 call=7 total_data=0 [2012/08/30 15:27:58.677989, 5] smbd/trans2.c:4223(smbd_do_qfilepathinfo) smbd_do_qfilepathinfo: x64/3/pscript.hlp (fnum = 17773) level=1004 max_data=40 [2012/08/30 15:27:58.678113, 8] smbd/dosmode.c:621(dos_mode) dos_mode: x64/3/pscript.hlp [2012/08/30 15:27:58.678281, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning a [2012/08/30 15:27:58.678406, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning a [2012/08/30 15:27:58.678548, 10] smbd/trans2.c:4452(smbd_do_qfilepathinfo) smbd_do_qfilepathinfo: SMB_FILE_BASIC_INFORMATION [2012/08/30 15:27:58.678689, 5] smbd/trans2.c:4462(smbd_do_qfilepathinfo) SMB_QFBI - create: Thu Aug 30 15:15:20 2012 access: Thu Aug 30 15:15:42 2012 write: Thu Aug 30 15:15:20 2012 change: Thu Aug 30 15:15:20 2012 mode: 20 [2012/08/30 15:27:58.679118, 9] smbd/trans2.c:935(send_trans2_replies) t2_rep: params_sent_thistime = 2, data_sent_thistime = 40, useable_space = 131010 [2012/08/30 15:27:58.679260, 9] smbd/trans2.c:937(send_trans2_replies) t2_rep: params_to_send = 2, data_to_send = 40, paramsize = 2, datasize = 40 [2012/08/30 15:27:58.679413, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:58.679477, 5] lib/util.c:342(show_msg) size=100 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=2 smb_pid=292 smb_uid=100 smb_mid=17162 smt_wct=10 smb_vwv[ 0]= 2 (0x2) smb_vwv[ 1]= 40 (0x28) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 2 (0x2) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 40 (0x28) smb_vwv[ 7]= 60 (0x3C) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=45 [2012/08/30 15:27:58.681189, 10] ../lib/util/util.c:415(dump_data) [0000] 00 00 00 00 00 FE CA D0 CB E3 86 CD 01 11 9C 2E ........ ........ [0010] D9 E3 86 CD 01 FE CA D0 CB E3 86 CD 01 FE CA D0 ........ ........ [0020] CB E3 86 CD 01 20 00 00 00 00 00 00 00 ..... .. ..... [2012/08/30 15:27:58.683364, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 70 [2012/08/30 15:27:58.683680, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x46 [2012/08/30 15:27:58.683823, 3] smbd/process.c:1662(process_smb) Transaction 190 of length 74 (0 toread) [2012/08/30 15:27:58.683962, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:58.684026, 5] lib/util.c:342(show_msg) size=70 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=292 smb_uid=100 smb_mid=17226 smt_wct=15 smb_vwv[ 0]= 2 (0x2) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 560 (0x230) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 2 (0x2) smb_vwv[10]= 68 (0x44) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 1 (0x1) smb_vwv[14]= 3 (0x3) smb_bcc=5 [2012/08/30 15:27:58.686419, 10] ../lib/util/util.c:415(dump_data) [0000] 00 00 00 05 01 ..... [2012/08/30 15:27:58.686596, 3] smbd/process.c:1467(switch_message) switch message SMBtrans2 (pid 3054) conn 0x7fd50c011730 [2012/08/30 15:27:58.686741, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/08/30 15:27:58.686923, 3] smbd/trans2.c:3507(call_trans2qfsinfo) call_trans2qfsinfo: level = 261 [2012/08/30 15:27:58.687082, 3] smbd/trans2.c:2945(smbd_do_qfsinfo) smbd_do_qfsinfo: level = 261 [2012/08/30 15:27:58.687232, 9] smbd/trans2.c:935(send_trans2_replies) t2_rep: params_sent_thistime = 0, data_sent_thistime = 20, useable_space = 131012 [2012/08/30 15:27:58.687396, 9] smbd/trans2.c:937(send_trans2_replies) t2_rep: params_to_send = 0, data_to_send = 20, paramsize = 0, datasize = 20 [2012/08/30 15:27:58.687566, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:58.687639, 5] lib/util.c:342(show_msg) size=76 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=2 smb_pid=292 smb_uid=100 smb_mid=17226 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 20 (0x14) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 20 (0x14) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=21 [2012/08/30 15:27:58.689399, 10] ../lib/util/util.c:415(dump_data) [0000] 00 2F 00 01 00 FF 00 00 00 08 00 00 00 4E 00 54 ./...... .....N.T [0010] 00 46 00 53 00 .F.S. [2012/08/30 15:27:58.689779, 4] smbd/trans2.c:3523(call_trans2qfsinfo) SMBtrans2 info_level = 261 [2012/08/30 15:27:58.691384, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 59 [2012/08/30 15:27:58.691587, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x3b [2012/08/30 15:27:58.691741, 3] smbd/process.c:1662(process_smb) Transaction 191 of length 63 (0 toread) [2012/08/30 15:27:58.691956, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:58.692036, 5] lib/util.c:342(show_msg) size=59 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=65279 smb_uid=100 smb_mid=17290 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]=17773 (0x456D) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]=26038 (0x65B6) smb_vwv[ 6]=26038 (0x65B6) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]=26038 (0x65B6) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=0 [2012/08/30 15:27:58.694243, 10] ../lib/util/util.c:415(dump_data) [2012/08/30 15:27:58.694338, 3] smbd/process.c:1467(switch_message) switch message SMBreadX (pid 3054) conn 0x7fd50c011730 [2012/08/30 15:27:58.694466, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/08/30 15:27:58.694629, 10] locking/locking.c:121(strict_lock_default) is_locked: optimisation - exclusive oplock on file x64/3/pscript.hlp [2012/08/30 15:27:58.694757, 10] locking/locking.c:163(strict_lock_default) strict_lock_default: flavour = WINDOWS_LOCK brl start=0 len=26038 unlocked for fnum 17773 file x64/3/pscript.hlp [2012/08/30 15:27:58.694944, 10] smbd/fileio.c:109(read_file) read_file (x64/3/pscript.hlp): pos = 0, size = 26038, returned 26038 [2012/08/30 15:27:58.695079, 3] smbd/reply.c:3702(send_file_readX) send_file_readX fnum=17773 max=26038 nread=26038 [2012/08/30 15:27:58.703731, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 118 [2012/08/30 15:27:58.703951, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x76 [2012/08/30 15:27:58.704074, 3] smbd/process.c:1662(process_smb) Transaction 192 of length 122 (0 toread) [2012/08/30 15:27:58.704205, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:58.704273, 5] lib/util.c:342(show_msg) size=118 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=292 smb_uid=100 smb_mid=17354 smt_wct=15 smb_vwv[ 0]= 50 (0x32) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 10 (0xA) smb_vwv[ 3]=16384 (0x4000) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 50 (0x32) smb_vwv[10]= 68 (0x44) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 1 (0x1) smb_vwv[14]= 1 (0x1) smb_bcc=53 [2012/08/30 15:27:58.705996, 10] ../lib/util/util.c:415(dump_data) [0000] 00 00 00 16 00 56 05 07 00 04 01 00 00 00 00 5C .....V.. .......\ [0010] 00 78 00 36 00 34 00 5C 00 33 00 5C 00 70 00 73 .x.6.4.\ .3.\.p.s [0020] 00 63 00 72 00 69 00 70 00 74 00 2E 00 6E 00 74 .c.r.i.p .t...n.t [0030] 00 66 00 00 00 .f... [2012/08/30 15:27:58.706521, 3] smbd/process.c:1467(switch_message) switch message SMBtrans2 (pid 3054) conn 0x7fd50c011730 [2012/08/30 15:27:58.706644, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/08/30 15:27:58.706789, 3] smbd/trans2.c:2286(call_trans2findfirst) call_trans2findfirst: dirtype = 16, maxentries = 1366, close_after_first=1, close_if_end = 1 requires_resume_key = 1 level = 0x104, max_data_bytes = 16384 [2012/08/30 15:27:58.706954, 5] smbd/filename.c:257(unix_convert) unix_convert called on file "x64/3/pscript.ntf" [2012/08/30 15:27:58.707083, 10] smbd/statcache.c:244(stat_cache_lookup) stat_cache_lookup: lookup failed for name [X64/3/PSCRIPT.NTF] [2012/08/30 15:27:58.707204, 10] smbd/statcache.c:283(stat_cache_lookup) stat_cache_lookup: lookup succeeded for name [X64/3] -> [x64/3] [2012/08/30 15:27:58.707330, 5] smbd/filename.c:416(unix_convert) unix_convert begin: name = x64/3/pscript.ntf, dirpath = x64/3, start = pscript.ntf [2012/08/30 15:27:58.707575, 5] smbd/statcache.c:143(stat_cache_add) stat_cache_add: Added entry (7fd50c051000:size 11) X64/3/PSCRIPT.NTF -> x64/3/pscript.ntf [2012/08/30 15:27:58.707706, 5] smbd/filename.c:439(unix_convert) conversion of base_name finished x64/3/pscript.ntf -> x64/3/pscript.ntf [2012/08/30 15:27:58.707841, 3] smbd/vfs.c:905(check_reduced_name) check_reduced_name [x64/3/pscript.ntf] [/var/lib/samba/printers] [2012/08/30 15:27:58.707974, 10] smbd/vfs.c:969(check_reduced_name) check_reduced_name realpath [x64/3/pscript.ntf] -> [/var/lib/samba/printers/x64/3/pscript.ntf] [2012/08/30 15:27:58.708094, 3] smbd/vfs.c:1039(check_reduced_name) check_reduced_name: x64/3/pscript.ntf reduced to /var/lib/samba/printers/x64/3/pscript.ntf [2012/08/30 15:27:58.708231, 5] smbd/trans2.c:2371(call_trans2findfirst) dir=x64/3, mask = pscript.ntf [2012/08/30 15:27:58.708618, 5] smbd/dir.c:439(dptr_create) dptr_create dir=x64/3 [2012/08/30 15:27:58.708743, 3] smbd/vfs.c:905(check_reduced_name) check_reduced_name [x64/3] [/var/lib/samba/printers] [2012/08/30 15:27:58.709392, 10] smbd/vfs.c:969(check_reduced_name) check_reduced_name realpath [x64/3] -> [/var/lib/samba/printers/x64/3] [2012/08/30 15:27:58.709594, 3] smbd/vfs.c:1039(check_reduced_name) check_reduced_name: x64/3 reduced to /var/lib/samba/printers/x64/3 [2012/08/30 15:27:58.709751, 3] smbd/dir.c:578(dptr_create) creating new dirptr 256 for path x64/3, expect_close = 1 [2012/08/30 15:27:58.709876, 4] smbd/trans2.c:2439(call_trans2findfirst) dptr_num is 256, wcard = pscript.ntf, attr = 22 [2012/08/30 15:27:58.710001, 8] smbd/trans2.c:2448(call_trans2findfirst) dirpath= dontdescend=<> [2012/08/30 15:27:58.710189, 6] smbd/dir.c:969(smbd_dirptr_get_entry) smbd_dirptr_get_entry: dirptr 0x7fd50c02dd90 now at offset -1 [2012/08/30 15:27:58.710314, 8] smbd/dosmode.c:621(dos_mode) dos_mode: x64/3/pscript.ntf [2012/08/30 15:27:58.710436, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning a [2012/08/30 15:27:58.710575, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning a [2012/08/30 15:27:58.710759, 10] locking/locking.c:1026(fetch_share_mode_unlocked) fetch_share_mode_unlocked: no share_mode record around (file not open) [2012/08/30 15:27:58.710884, 3] smbd/dir.c:1041(smbd_dirptr_get_entry) smbd_dirptr_get_entry mask=[pscript.ntf] found x64/3/pscript.ntf fname=pscript.ntf (pscript.ntf) [2012/08/30 15:27:58.711016, 10] smbd/trans2.c:1572(smbd_marshall_dir_entry) smbd_marshall_dir_entry: space_remaining = 16384 [2012/08/30 15:27:58.711138, 10] smbd/trans2.c:1721(smbd_marshall_dir_entry) smbd_marshall_dir_entry: SMB_FIND_FILE_BOTH_DIRECTORY_INFO [2012/08/30 15:27:58.711298, 5] smbd/trans2.c:2505(call_trans2findfirst) call_trans2findfirst - (2) closing dptr_num 256 [2012/08/30 15:27:58.711434, 4] smbd/dir.c:257(dptr_close_internal) closing dptr key 256 [2012/08/30 15:27:58.711648, 9] smbd/trans2.c:935(send_trans2_replies) t2_rep: params_sent_thistime = 10, data_sent_thistime = 116, useable_space = 131010 [2012/08/30 15:27:58.711787, 9] smbd/trans2.c:937(send_trans2_replies) t2_rep: params_to_send = 10, data_to_send = 116, paramsize = 10, datasize = 116 [2012/08/30 15:27:58.711908, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:58.711970, 5] lib/util.c:342(show_msg) size=184 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=2 smb_pid=292 smb_uid=100 smb_mid=17354 smt_wct=10 smb_vwv[ 0]= 10 (0xA) smb_vwv[ 1]= 116 (0x74) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 10 (0xA) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 116 (0x74) smb_vwv[ 7]= 68 (0x44) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=129 [2012/08/30 15:27:58.713706, 10] ../lib/util/util.c:415(dump_data) [0000] 00 FD FF 01 00 01 00 00 00 00 00 00 00 74 00 00 ........ .....t.. [0010] 00 00 00 00 00 42 5E D7 CB E3 86 CD 01 B1 C3 37 .....B^. .......7 [0020] D9 E3 86 CD 01 42 5E D7 CB E3 86 CD 01 42 5E D7 .....B^. .....B^. [0030] CB E3 86 CD 01 C4 2E 10 00 00 00 00 00 00 00 20 ........ ....... [0040] 00 00 00 00 00 20 00 00 00 16 00 00 00 00 00 00 ..... .. ........ [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0060] 00 00 00 00 00 00 00 00 00 00 00 70 00 73 00 63 ........ ...p.s.c [0070] 00 72 00 69 00 70 00 74 00 2E 00 6E 00 74 00 66 .r.i.p.t ...n.t.f [0080] 00 . [2012/08/30 15:27:58.719339, 4] smbd/trans2.c:2549(call_trans2findfirst) SMBtrans2 mask=pscript.ntf directory=x64/3 dirtype=22 numentries=1 [2012/08/30 15:27:58.720380, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 118 [2012/08/30 15:27:58.720566, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x76 [2012/08/30 15:27:58.720718, 3] smbd/process.c:1662(process_smb) Transaction 193 of length 122 (0 toread) [2012/08/30 15:27:58.720878, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:58.720966, 5] lib/util.c:342(show_msg) size=118 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=292 smb_uid=100 smb_mid=17418 smt_wct=15 smb_vwv[ 0]= 50 (0x32) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 10 (0xA) smb_vwv[ 3]=16384 (0x4000) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 50 (0x32) smb_vwv[10]= 68 (0x44) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 1 (0x1) smb_vwv[14]= 1 (0x1) smb_bcc=53 [2012/08/30 15:27:58.722840, 10] ../lib/util/util.c:415(dump_data) [0000] 00 00 00 16 00 56 05 07 00 04 01 00 00 00 00 5C .....V.. .......\ [0010] 00 78 00 36 00 34 00 5C 00 33 00 5C 00 70 00 73 .x.6.4.\ .3.\.p.s [0020] 00 63 00 72 00 69 00 70 00 74 00 2E 00 6E 00 74 .c.r.i.p .t...n.t [0030] 00 66 00 00 00 .f... [2012/08/30 15:27:58.723214, 3] smbd/process.c:1467(switch_message) switch message SMBtrans2 (pid 3054) conn 0x7fd50c011730 [2012/08/30 15:27:58.723361, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/08/30 15:27:58.723506, 3] smbd/trans2.c:2286(call_trans2findfirst) call_trans2findfirst: dirtype = 16, maxentries = 1366, close_after_first=1, close_if_end = 1 requires_resume_key = 1 level = 0x104, max_data_bytes = 16384 [2012/08/30 15:27:58.723666, 5] smbd/filename.c:257(unix_convert) unix_convert called on file "x64/3/pscript.ntf" [2012/08/30 15:27:58.723882, 10] smbd/statcache.c:283(stat_cache_lookup) stat_cache_lookup: lookup succeeded for name [X64/3/PSCRIPT.NTF] -> [x64/3/pscript.ntf] [2012/08/30 15:27:58.724011, 3] smbd/vfs.c:905(check_reduced_name) check_reduced_name [x64/3/pscript.ntf] [/var/lib/samba/printers] [2012/08/30 15:27:58.724143, 10] smbd/vfs.c:969(check_reduced_name) check_reduced_name realpath [x64/3/pscript.ntf] -> [/var/lib/samba/printers/x64/3/pscript.ntf] [2012/08/30 15:27:58.724263, 3] smbd/vfs.c:1039(check_reduced_name) check_reduced_name: x64/3/pscript.ntf reduced to /var/lib/samba/printers/x64/3/pscript.ntf [2012/08/30 15:27:58.724398, 5] smbd/trans2.c:2371(call_trans2findfirst) dir=x64/3, mask = pscript.ntf [2012/08/30 15:27:58.724537, 5] smbd/dir.c:439(dptr_create) dptr_create dir=x64/3 [2012/08/30 15:27:58.724712, 3] smbd/vfs.c:905(check_reduced_name) check_reduced_name [x64/3] [/var/lib/samba/printers] [2012/08/30 15:27:58.724851, 10] smbd/vfs.c:969(check_reduced_name) check_reduced_name realpath [x64/3] -> [/var/lib/samba/printers/x64/3] [2012/08/30 15:27:58.724992, 3] smbd/vfs.c:1039(check_reduced_name) check_reduced_name: x64/3 reduced to /var/lib/samba/printers/x64/3 [2012/08/30 15:27:58.725137, 3] smbd/dir.c:578(dptr_create) creating new dirptr 256 for path x64/3, expect_close = 1 [2012/08/30 15:27:58.725257, 4] smbd/trans2.c:2439(call_trans2findfirst) dptr_num is 256, wcard = pscript.ntf, attr = 22 [2012/08/30 15:27:58.725404, 8] smbd/trans2.c:2448(call_trans2findfirst) dirpath= dontdescend=<> [2012/08/30 15:27:58.725541, 6] smbd/dir.c:969(smbd_dirptr_get_entry) smbd_dirptr_get_entry: dirptr 0x7fd50c028850 now at offset -1 [2012/08/30 15:27:58.725678, 8] smbd/dosmode.c:621(dos_mode) dos_mode: x64/3/pscript.ntf [2012/08/30 15:27:58.725799, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning a [2012/08/30 15:27:58.725937, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning a [2012/08/30 15:27:58.726082, 10] locking/locking.c:1026(fetch_share_mode_unlocked) fetch_share_mode_unlocked: no share_mode record around (file not open) [2012/08/30 15:27:58.726217, 3] smbd/dir.c:1041(smbd_dirptr_get_entry) smbd_dirptr_get_entry mask=[pscript.ntf] found x64/3/pscript.ntf fname=pscript.ntf (pscript.ntf) [2012/08/30 15:27:58.726356, 10] smbd/trans2.c:1572(smbd_marshall_dir_entry) smbd_marshall_dir_entry: space_remaining = 16384 [2012/08/30 15:27:58.726503, 10] smbd/trans2.c:1721(smbd_marshall_dir_entry) smbd_marshall_dir_entry: SMB_FIND_FILE_BOTH_DIRECTORY_INFO [2012/08/30 15:27:58.726632, 5] smbd/trans2.c:2505(call_trans2findfirst) call_trans2findfirst - (2) closing dptr_num 256 [2012/08/30 15:27:58.726761, 4] smbd/dir.c:257(dptr_close_internal) closing dptr key 256 [2012/08/30 15:27:58.726920, 9] smbd/trans2.c:935(send_trans2_replies) t2_rep: params_sent_thistime = 10, data_sent_thistime = 116, useable_space = 131010 [2012/08/30 15:27:58.727044, 9] smbd/trans2.c:937(send_trans2_replies) t2_rep: params_to_send = 10, data_to_send = 116, paramsize = 10, datasize = 116 [2012/08/30 15:27:58.727207, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:58.727271, 5] lib/util.c:342(show_msg) size=184 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=2 smb_pid=292 smb_uid=100 smb_mid=17418 smt_wct=10 smb_vwv[ 0]= 10 (0xA) smb_vwv[ 1]= 116 (0x74) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 10 (0xA) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 116 (0x74) smb_vwv[ 7]= 68 (0x44) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=129 [2012/08/30 15:27:58.728973, 10] ../lib/util/util.c:415(dump_data) [0000] 00 FD FF 01 00 01 00 00 00 00 00 00 00 74 00 00 ........ .....t.. [0010] 00 00 00 00 00 42 5E D7 CB E3 86 CD 01 B1 C3 37 .....B^. .......7 [0020] D9 E3 86 CD 01 42 5E D7 CB E3 86 CD 01 42 5E D7 .....B^. .....B^. [0030] CB E3 86 CD 01 C4 2E 10 00 00 00 00 00 00 00 20 ........ ....... [0040] 00 00 00 00 00 20 00 00 00 16 00 00 00 00 00 00 ..... .. ........ [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0060] 00 00 00 00 00 00 00 00 00 00 00 70 00 73 00 63 ........ ...p.s.c [0070] 00 72 00 69 00 70 00 74 00 2E 00 6E 00 74 00 66 .r.i.p.t ...n.t.f [0080] 00 . [2012/08/30 15:27:58.730091, 4] smbd/trans2.c:2549(call_trans2findfirst) SMBtrans2 mask=pscript.ntf directory=x64/3 dirtype=22 numentries=1 [2012/08/30 15:27:58.732339, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 122 [2012/08/30 15:27:58.732549, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x7a [2012/08/30 15:27:58.732693, 3] smbd/process.c:1662(process_smb) Transaction 194 of length 126 (0 toread) [2012/08/30 15:27:58.732828, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:58.732907, 5] lib/util.c:342(show_msg) size=122 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=292 smb_uid=100 smb_mid=17482 smt_wct=24 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 9216 (0x2400) smb_vwv[ 3]= 5632 (0x1600) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]=35072 (0x8900) smb_vwv[ 8]= 512 (0x200) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 256 (0x100) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 256 (0x100) smb_vwv[18]= 0 (0x0) smb_vwv[19]=16384 (0x4000) smb_vwv[20]= 0 (0x0) smb_vwv[21]= 512 (0x200) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 768 (0x300) smb_bcc=39 [2012/08/30 15:27:58.735390, 10] ../lib/util/util.c:415(dump_data) [0000] 00 5C 00 78 00 36 00 34 00 5C 00 33 00 5C 00 70 .\.x.6.4 .\.3.\.p [0010] 00 73 00 63 00 72 00 69 00 70 00 74 00 2E 00 6E .s.c.r.i .p.t...n [0020] 00 74 00 66 00 00 00 .t.f... [2012/08/30 15:27:58.735693, 3] smbd/process.c:1467(switch_message) switch message SMBntcreateX (pid 3054) conn 0x7fd50c011730 [2012/08/30 15:27:58.735831, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/08/30 15:27:58.735972, 10] smbd/nttrans.c:500(reply_ntcreate_and_X) reply_ntcreate_and_X: flags = 0x16, access_mask = 0x20089 file_attributes = 0x0, share_access = 0x1, create_disposition = 0x1 create_options = 0x40 root_dir_fid = 0x0, fname = x64/3/pscript.ntf [2012/08/30 15:27:58.736130, 5] smbd/filename.c:257(unix_convert) unix_convert called on file "x64/3/pscript.ntf" [2012/08/30 15:27:58.736279, 10] smbd/statcache.c:283(stat_cache_lookup) stat_cache_lookup: lookup succeeded for name [X64/3/PSCRIPT.NTF] -> [x64/3/pscript.ntf] [2012/08/30 15:27:58.736407, 3] smbd/vfs.c:905(check_reduced_name) check_reduced_name [x64/3/pscript.ntf] [/var/lib/samba/printers] [2012/08/30 15:27:58.736571, 10] smbd/vfs.c:969(check_reduced_name) check_reduced_name realpath [x64/3/pscript.ntf] -> [/var/lib/samba/printers/x64/3/pscript.ntf] [2012/08/30 15:27:58.736692, 3] smbd/vfs.c:1039(check_reduced_name) check_reduced_name: x64/3/pscript.ntf reduced to /var/lib/samba/printers/x64/3/pscript.ntf [2012/08/30 15:27:58.736814, 10] smbd/open.c:3607(create_file_default) create_file: access_mask = 0x20089 file_attributes = 0x0, share_access = 0x1, create_disposition = 0x1 create_options = 0x40 oplock_request = 0x3 private_flags = 0x0 root_dir_fid = 0x0, ea_list = 0x(nil), sd = 0x(nil), fname = x64/3/pscript.ntf [2012/08/30 15:27:58.736939, 10] smbd/open.c:3127(create_file_unixpath) create_file_unixpath: access_mask = 0x20089 file_attributes = 0x0, share_access = 0x1, create_disposition = 0x1 create_options = 0x40 oplock_request = 0x3 private_flags = 0x0 ea_list = 0x(nil), sd = 0x(nil), fname = x64/3/pscript.ntf [2012/08/30 15:27:58.737083, 5] smbd/files.c:140(file_new) allocated file structure 13678, fnum = 17774 (6 used) [2012/08/30 15:27:58.737209, 10] smbd/files.c:705(file_name_hash) file_name_hash: /var/lib/samba/printers/x64/3/pscript.ntf hash 0x7d40e663 [2012/08/30 15:27:58.737332, 3] smbd/dosmode.c:159(unix_mode) unix_mode(x64/3/pscript.ntf) returning 0744 [2012/08/30 15:27:58.737468, 10] smbd/open.c:1605(open_file_ntcreate) open_file_ntcreate: fname=x64/3/pscript.ntf, dos_attrs=0x0 access_mask=0x20089 share_access=0x1 create_disposition = 0x1 create_options=0x40 unix mode=0744 oplock_request=3 private_flags = 0x0 [2012/08/30 15:27:58.737592, 8] smbd/dosmode.c:621(dos_mode) dos_mode: x64/3/pscript.ntf [2012/08/30 15:27:58.737729, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning a [2012/08/30 15:27:58.737873, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning a [2012/08/30 15:27:58.737995, 10] smbd/open.c:1778(open_file_ntcreate) open_file_ntcreate: fname=x64/3/pscript.ntf, after mapping access_mask=0x20089 [2012/08/30 15:27:58.738130, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 0108000000000000A93B [2012/08/30 15:27:58.738304, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fd50c0514e0 [2012/08/30 15:27:58.738425, 10] locking/brlock.c:1814(brl_get_locks_internal) brl_get_locks_internal: 0 current locks on file_id 801:23ba9:0 [2012/08/30 15:27:58.738590, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 0108000000000000A93B [2012/08/30 15:27:58.738746, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 0108000000000000A93B [2012/08/30 15:27:58.738887, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fd50c051720 [2012/08/30 15:27:58.739034, 10] smbd/open.c:1163(grant_fsp_oplock_type) grant_fsp_oplock_type: oplock type 0x3 on file x64/3/pscript.ntf [2012/08/30 15:27:58.739213, 4] smbd/open.c:2069(open_file_ntcreate) calling open_file with flags=0x0 flags2=0x0 mode=0744, access_mask = 0x20089, open_access_mask = 0x20089 [2012/08/30 15:27:58.739359, 10] smbd/open.c:189(fd_open) fd_open: name x64/3/pscript.ntf, flags = 00 mode = 0744, fd = 40. [2012/08/30 15:27:58.739488, 2] smbd/open.c:704(open_file) administrator opened file x64/3/pscript.ntf read=Yes write=No (numopen=5) [2012/08/30 15:27:58.739689, 3] smbd/oplock_linux.c:142(linux_set_kernel_oplock) linux_set_kernel_oplock: got kernel oplock on file x64/3/pscript.ntf, file_id = 801:23ba9:0 gen_id = 1302153920 [2012/08/30 15:27:58.739835, 5] smbd/oplock.c:92(set_file_oplock) set_file_oplock: granted oplock on file x64/3/pscript.ntf, 801:23ba9:0/1302153920, tv_sec = 503fbebe, tv_usec = b3f39 [2012/08/30 15:27:58.739967, 10] locking/locking.c:801(unparse_share_modes) unparse_share_modes: owrt: Thu Aug 30 15:15:20 2012 EDT cwrt: Wed Dec 31 19:00:00 1969 EST, ntok: 0, num: 1 [2012/08/30 15:27:58.740120, 10] locking/locking.c:536(print_share_mode_table) print_share_mode_table: share_mode_entry[0]: pid = 3054, share_access = 0x1, private_options = 0x0, access_mask = 0x20089, mid = 0x444a, type= 0x3, gen_id = 1302153920, uid = 10000, flags = 0, file_id 801:23ba9:0, name_hash = 0x7d40e663 [2012/08/30 15:27:58.740249, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 0108000000000000A93B [2012/08/30 15:27:58.740536, 10] smbd/open.c:3419(create_file_unixpath) create_file_unixpath: info=1 [2012/08/30 15:27:58.740668, 10] smbd/open.c:3695(create_file_default) create_file: info=1 [2012/08/30 15:27:58.740813, 8] smbd/dosmode.c:621(dos_mode) dos_mode: x64/3/pscript.ntf [2012/08/30 15:27:58.740951, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning a [2012/08/30 15:27:58.741075, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning a [2012/08/30 15:27:58.741208, 10] locking/locking.c:663(parse_share_modes) parse_share_modes: owrt: Thu Aug 30 15:15:20 2012 EDT, cwrt: Wed Dec 31 19:00:00 1969 EST, ntok: 0, num_share_modes: 1 [2012/08/30 15:27:58.741351, 10] locking/locking.c:725(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 3054, share_access = 0x1, private_options = 0x0, access_mask = 0x20089, mid = 0x444a, type= 0x3, gen_id = 1302153920, uid = 10000, flags = 0, file_id 801:23ba9:0, name_hash = 0x7d40e663 [2012/08/30 15:27:58.741504, 10] smbd/file_access.c:204(can_access_file_data) can_access_file_data: requesting 0x2 on file x64/3/pscript.ntf [2012/08/30 15:27:58.741659, 5] smbd/nttrans.c:725(reply_ntcreate_and_X) reply_ntcreate_and_X: fnum = 17774, open name = x64/3/pscript.ntf [2012/08/30 15:27:58.743172, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 72 [2012/08/30 15:27:58.743383, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x48 [2012/08/30 15:27:58.743589, 3] smbd/process.c:1662(process_smb) Transaction 195 of length 76 (0 toread) [2012/08/30 15:27:58.743740, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:58.743814, 5] lib/util.c:342(show_msg) size=72 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=292 smb_uid=100 smb_mid=17546 smt_wct=15 smb_vwv[ 0]= 4 (0x4) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 2 (0x2) smb_vwv[ 3]= 8 (0x8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 4 (0x4) smb_vwv[10]= 68 (0x44) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 1 (0x1) smb_vwv[14]= 7 (0x7) smb_bcc=7 [2012/08/30 15:27:58.746046, 10] ../lib/util/util.c:415(dump_data) [0000] 00 00 00 6E 45 EE 03 ...nE.. [2012/08/30 15:27:58.746244, 3] smbd/process.c:1467(switch_message) switch message SMBtrans2 (pid 3054) conn 0x7fd50c011730 [2012/08/30 15:27:58.746410, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/08/30 15:27:58.746573, 3] smbd/trans2.c:5026(call_trans2qfilepathinfo) call_trans2qfilepathinfo: TRANSACT2_QFILEINFO: level = 1006 [2012/08/30 15:27:58.747264, 10] locking/locking.c:663(parse_share_modes) parse_share_modes: owrt: Thu Aug 30 15:15:20 2012 EDT, cwrt: Wed Dec 31 19:00:00 1969 EST, ntok: 0, num_share_modes: 1 [2012/08/30 15:27:58.747477, 10] locking/locking.c:725(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 3054, share_access = 0x1, private_options = 0x0, access_mask = 0x20089, mid = 0x444a, type= 0x3, gen_id = 1302153920, uid = 10000, flags = 0, file_id 801:23ba9:0, name_hash = 0x7d40e663 [2012/08/30 15:27:58.747653, 10] locking/locking.c:1657(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0x7d40e663 [2012/08/30 15:27:58.747803, 3] smbd/trans2.c:5255(call_trans2qfilepathinfo) call_trans2qfilepathinfo x64/3/pscript.ntf (fnum = 17774) level=1006 call=7 total_data=0 [2012/08/30 15:27:58.747943, 5] smbd/trans2.c:4223(smbd_do_qfilepathinfo) smbd_do_qfilepathinfo: x64/3/pscript.ntf (fnum = 17774) level=1006 max_data=8 [2012/08/30 15:27:58.748124, 8] smbd/dosmode.c:621(dos_mode) dos_mode: x64/3/pscript.ntf [2012/08/30 15:27:58.748280, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning a [2012/08/30 15:27:58.748404, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning a [2012/08/30 15:27:58.748546, 10] smbd/trans2.c:4615(smbd_do_qfilepathinfo) smbd_do_qfilepathinfo: SMB_FILE_INTERNAL_INFORMATION [2012/08/30 15:27:58.748709, 9] smbd/trans2.c:935(send_trans2_replies) t2_rep: params_sent_thistime = 2, data_sent_thistime = 8, useable_space = 131010 [2012/08/30 15:27:58.748838, 9] smbd/trans2.c:937(send_trans2_replies) t2_rep: params_to_send = 2, data_to_send = 8, paramsize = 2, datasize = 8 [2012/08/30 15:27:58.749328, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:58.749411, 5] lib/util.c:342(show_msg) size=68 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=2 smb_pid=292 smb_uid=100 smb_mid=17546 smt_wct=10 smb_vwv[ 0]= 2 (0x2) smb_vwv[ 1]= 8 (0x8) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 2 (0x2) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 8 (0x8) smb_vwv[ 7]= 60 (0x3C) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=13 [2012/08/30 15:27:58.751250, 10] ../lib/util/util.c:415(dump_data) [0000] 00 00 00 00 00 A9 3B 02 00 00 00 00 00 ......;. ..... [2012/08/30 15:27:58.753260, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 59 [2012/08/30 15:27:58.753454, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x3b [2012/08/30 15:27:58.753597, 3] smbd/process.c:1662(process_smb) Transaction 196 of length 63 (0 toread) [2012/08/30 15:27:58.753748, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:58.753828, 5] lib/util.c:342(show_msg) size=59 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=59399 smb_tid=2 smb_pid=65279 smb_uid=100 smb_mid=17610 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]=17774 (0x456E) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 4096 (0x1000) smb_vwv[ 6]= 4096 (0x1000) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 4096 (0x1000) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=0 [2012/08/30 15:27:58.755783, 10] ../lib/util/util.c:415(dump_data) [2012/08/30 15:27:58.755857, 3] smbd/process.c:1467(switch_message) switch message SMBreadX (pid 3054) conn 0x7fd50c011730 [2012/08/30 15:27:58.755981, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/08/30 15:27:58.756109, 10] locking/locking.c:121(strict_lock_default) is_locked: optimisation - exclusive oplock on file x64/3/pscript.ntf [2012/08/30 15:27:58.756233, 10] locking/locking.c:163(strict_lock_default) strict_lock_default: flavour = WINDOWS_LOCK brl start=0 len=4096 unlocked for fnum 17774 file x64/3/pscript.ntf [2012/08/30 15:27:58.756387, 10] smbd/fileio.c:109(read_file) read_file (x64/3/pscript.ntf): pos = 0, size = 4096, returned 4096 [2012/08/30 15:27:58.756527, 3] smbd/reply.c:3702(send_file_readX) send_file_readX fnum=17774 max=4096 nread=4096 [2012/08/30 15:27:58.760461, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 41 [2012/08/30 15:27:58.760715, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x29 [2012/08/30 15:27:58.760863, 3] smbd/process.c:1662(process_smb) Transaction 197 of length 45 (0 toread) [2012/08/30 15:27:58.760993, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:58.761055, 5] lib/util.c:342(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=65279 smb_uid=100 smb_mid=17674 smt_wct=3 smb_vwv[ 0]=17774 (0x456E) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2012/08/30 15:27:58.762243, 10] ../lib/util/util.c:415(dump_data) [2012/08/30 15:27:58.762329, 3] smbd/process.c:1467(switch_message) switch message SMBclose (pid 3054) conn 0x7fd50c011730 [2012/08/30 15:27:58.762475, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/08/30 15:27:58.762633, 3] smbd/reply.c:4848(reply_close) close fd=40 fnum=17774 (numopen=5) [2012/08/30 15:27:58.762779, 6] smbd/close.c:532(set_close_write_time) close_write_time: Sun Feb 7 01:28:15 2106 [2012/08/30 15:27:58.762926, 10] smbd/oplock_linux.c:154(linux_release_kernel_oplock) linux_release_kernel_oplock: file x64/3/pscript.ntf, file_id = 801:23ba9:0 gen_id = 1302153920 has kernel oplock state of 1. [2012/08/30 15:27:58.763070, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 0108000000000000A93B [2012/08/30 15:27:58.763216, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fd50c052fe0 [2012/08/30 15:27:58.763367, 10] locking/locking.c:663(parse_share_modes) parse_share_modes: owrt: Thu Aug 30 15:15:20 2012 EDT, cwrt: Wed Dec 31 19:00:00 1969 EST, ntok: 0, num_share_modes: 1 [2012/08/30 15:27:58.763591, 10] locking/locking.c:725(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 3054, share_access = 0x1, private_options = 0x0, access_mask = 0x20089, mid = 0x444a, type= 0x3, gen_id = 1302153920, uid = 10000, flags = 0, file_id 801:23ba9:0, name_hash = 0x7d40e663 [2012/08/30 15:27:58.763730, 10] locking/locking.c:1657(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0x7d40e663 [2012/08/30 15:27:58.763876, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 0108000000000000A93B [2012/08/30 15:27:58.764021, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file x64/3/pscript.ntf = 0 [2012/08/30 15:27:58.764147, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file x64/3/pscript.ntf [2012/08/30 15:27:58.764305, 2] smbd/close.c:696(close_normal_file) administrator closed file x64/3/pscript.ntf (numopen=4) NT_STATUS_OK [2012/08/30 15:27:58.764430, 5] smbd/files.c:482(file_free) freed files structure 17774 (5 used) [2012/08/30 15:27:58.764570, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:58.764642, 5] lib/util.c:342(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=2 smb_pid=65279 smb_uid=100 smb_mid=17674 smt_wct=0 smb_bcc=0 [2012/08/30 15:27:58.765619, 10] ../lib/util/util.c:415(dump_data) [2012/08/30 15:27:58.766622, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 122 [2012/08/30 15:27:58.766801, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x7a [2012/08/30 15:27:58.766925, 3] smbd/process.c:1662(process_smb) Transaction 198 of length 126 (0 toread) [2012/08/30 15:27:58.767070, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:58.767139, 5] lib/util.c:342(show_msg) size=122 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=292 smb_uid=100 smb_mid=17738 smt_wct=24 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 9216 (0x2400) smb_vwv[ 3]= 5632 (0x1600) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]=35072 (0x8900) smb_vwv[ 8]= 512 (0x200) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 768 (0x300) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 256 (0x100) smb_vwv[18]= 0 (0x0) smb_vwv[19]= 0 (0x0) smb_vwv[20]= 0 (0x0) smb_vwv[21]= 512 (0x200) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 768 (0x300) smb_bcc=39 [2012/08/30 15:27:58.769645, 10] ../lib/util/util.c:415(dump_data) [0000] 00 5C 00 78 00 36 00 34 00 5C 00 33 00 5C 00 70 .\.x.6.4 .\.3.\.p [0010] 00 73 00 63 00 72 00 69 00 70 00 74 00 2E 00 6E .s.c.r.i .p.t...n [0020] 00 74 00 66 00 00 00 .t.f... [2012/08/30 15:27:58.769992, 3] smbd/process.c:1467(switch_message) switch message SMBntcreateX (pid 3054) conn 0x7fd50c011730 [2012/08/30 15:27:58.770158, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/08/30 15:27:58.770296, 10] smbd/nttrans.c:500(reply_ntcreate_and_X) reply_ntcreate_and_X: flags = 0x16, access_mask = 0x20089 file_attributes = 0x0, share_access = 0x3, create_disposition = 0x1 create_options = 0x0 root_dir_fid = 0x0, fname = x64/3/pscript.ntf [2012/08/30 15:27:58.770444, 5] smbd/filename.c:257(unix_convert) unix_convert called on file "x64/3/pscript.ntf" [2012/08/30 15:27:58.770586, 10] smbd/statcache.c:283(stat_cache_lookup) stat_cache_lookup: lookup succeeded for name [X64/3/PSCRIPT.NTF] -> [x64/3/pscript.ntf] [2012/08/30 15:27:58.770730, 3] smbd/vfs.c:905(check_reduced_name) check_reduced_name [x64/3/pscript.ntf] [/var/lib/samba/printers] [2012/08/30 15:27:58.770879, 10] smbd/vfs.c:969(check_reduced_name) check_reduced_name realpath [x64/3/pscript.ntf] -> [/var/lib/samba/printers/x64/3/pscript.ntf] [2012/08/30 15:27:58.771001, 3] smbd/vfs.c:1039(check_reduced_name) check_reduced_name: x64/3/pscript.ntf reduced to /var/lib/samba/printers/x64/3/pscript.ntf [2012/08/30 15:27:58.771123, 10] smbd/open.c:3607(create_file_default) create_file: access_mask = 0x20089 file_attributes = 0x0, share_access = 0x3, create_disposition = 0x1 create_options = 0x0 oplock_request = 0x3 private_flags = 0x0 root_dir_fid = 0x0, ea_list = 0x(nil), sd = 0x(nil), fname = x64/3/pscript.ntf [2012/08/30 15:27:58.771280, 10] smbd/open.c:3127(create_file_unixpath) create_file_unixpath: access_mask = 0x20089 file_attributes = 0x0, share_access = 0x3, create_disposition = 0x1 create_options = 0x0 oplock_request = 0x3 private_flags = 0x0 ea_list = 0x(nil), sd = 0x(nil), fname = x64/3/pscript.ntf [2012/08/30 15:27:58.771436, 5] smbd/files.c:140(file_new) allocated file structure 13679, fnum = 17775 (6 used) [2012/08/30 15:27:58.771638, 10] smbd/files.c:705(file_name_hash) file_name_hash: /var/lib/samba/printers/x64/3/pscript.ntf hash 0x7d40e663 [2012/08/30 15:27:58.771778, 3] smbd/dosmode.c:159(unix_mode) unix_mode(x64/3/pscript.ntf) returning 0744 [2012/08/30 15:27:58.771916, 10] smbd/open.c:1605(open_file_ntcreate) open_file_ntcreate: fname=x64/3/pscript.ntf, dos_attrs=0x0 access_mask=0x20089 share_access=0x3 create_disposition = 0x1 create_options=0x0 unix mode=0744 oplock_request=3 private_flags = 0x0 [2012/08/30 15:27:58.772052, 8] smbd/dosmode.c:621(dos_mode) dos_mode: x64/3/pscript.ntf [2012/08/30 15:27:58.772194, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning a [2012/08/30 15:27:58.772318, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning a [2012/08/30 15:27:58.772456, 10] smbd/open.c:1778(open_file_ntcreate) open_file_ntcreate: fname=x64/3/pscript.ntf, after mapping access_mask=0x20089 [2012/08/30 15:27:58.772600, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 0108000000000000A93B [2012/08/30 15:27:58.772731, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fd50c0514e0 [2012/08/30 15:27:58.772852, 10] locking/brlock.c:1814(brl_get_locks_internal) brl_get_locks_internal: 0 current locks on file_id 801:23ba9:0 [2012/08/30 15:27:58.772992, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 0108000000000000A93B [2012/08/30 15:27:58.773158, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 0108000000000000A93B [2012/08/30 15:27:58.773306, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fd50c051720 [2012/08/30 15:27:58.773463, 10] smbd/open.c:1163(grant_fsp_oplock_type) grant_fsp_oplock_type: oplock type 0x3 on file x64/3/pscript.ntf [2012/08/30 15:27:58.773601, 4] smbd/open.c:2069(open_file_ntcreate) calling open_file with flags=0x0 flags2=0x0 mode=0744, access_mask = 0x20089, open_access_mask = 0x20089 [2012/08/30 15:27:58.773743, 10] smbd/open.c:189(fd_open) fd_open: name x64/3/pscript.ntf, flags = 00 mode = 0744, fd = 40. [2012/08/30 15:27:58.773880, 2] smbd/open.c:704(open_file) administrator opened file x64/3/pscript.ntf read=Yes write=No (numopen=5) [2012/08/30 15:27:58.774023, 3] smbd/oplock_linux.c:142(linux_set_kernel_oplock) linux_set_kernel_oplock: got kernel oplock on file x64/3/pscript.ntf, file_id = 801:23ba9:0 gen_id = 1302153921 [2012/08/30 15:27:58.774157, 5] smbd/oplock.c:92(set_file_oplock) set_file_oplock: granted oplock on file x64/3/pscript.ntf, 801:23ba9:0/1302153921, tv_sec = 503fbebe, tv_usec = bc56a [2012/08/30 15:27:58.774300, 10] locking/locking.c:801(unparse_share_modes) unparse_share_modes: owrt: Thu Aug 30 15:15:20 2012 EDT cwrt: Wed Dec 31 19:00:00 1969 EST, ntok: 0, num: 1 [2012/08/30 15:27:58.774455, 10] locking/locking.c:536(print_share_mode_table) print_share_mode_table: share_mode_entry[0]: pid = 3054, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0x454a, type= 0x3, gen_id = 1302153921, uid = 10000, flags = 0, file_id 801:23ba9:0, name_hash = 0x7d40e663 [2012/08/30 15:27:58.774581, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 0108000000000000A93B [2012/08/30 15:27:58.774739, 10] smbd/open.c:3419(create_file_unixpath) create_file_unixpath: info=1 [2012/08/30 15:27:58.774875, 10] smbd/open.c:3695(create_file_default) create_file: info=1 [2012/08/30 15:27:58.774999, 8] smbd/dosmode.c:621(dos_mode) dos_mode: x64/3/pscript.ntf [2012/08/30 15:27:58.775149, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning a [2012/08/30 15:27:58.775286, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning a [2012/08/30 15:27:58.775414, 10] locking/locking.c:663(parse_share_modes) parse_share_modes: owrt: Thu Aug 30 15:15:20 2012 EDT, cwrt: Wed Dec 31 19:00:00 1969 EST, ntok: 0, num_share_modes: 1 [2012/08/30 15:27:58.775564, 10] locking/locking.c:725(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 3054, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0x454a, type= 0x3, gen_id = 1302153921, uid = 10000, flags = 0, file_id 801:23ba9:0, name_hash = 0x7d40e663 [2012/08/30 15:27:58.775706, 10] smbd/file_access.c:204(can_access_file_data) can_access_file_data: requesting 0x2 on file x64/3/pscript.ntf [2012/08/30 15:27:58.775838, 5] smbd/nttrans.c:725(reply_ntcreate_and_X) reply_ntcreate_and_X: fnum = 17775, open name = x64/3/pscript.ntf [2012/08/30 15:27:58.776871, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 41 [2012/08/30 15:27:58.777053, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x29 [2012/08/30 15:27:58.777190, 3] smbd/process.c:1662(process_smb) Transaction 199 of length 45 (0 toread) [2012/08/30 15:27:58.777314, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:58.777387, 5] lib/util.c:342(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=65279 smb_uid=100 smb_mid=17802 smt_wct=3 smb_vwv[ 0]=17775 (0x456F) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2012/08/30 15:27:58.778689, 10] ../lib/util/util.c:415(dump_data) [2012/08/30 15:27:58.778755, 3] smbd/process.c:1467(switch_message) switch message SMBclose (pid 3054) conn 0x7fd50c011730 [2012/08/30 15:27:58.778900, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/08/30 15:27:58.779028, 3] smbd/reply.c:4848(reply_close) close fd=40 fnum=17775 (numopen=5) [2012/08/30 15:27:58.779192, 6] smbd/close.c:532(set_close_write_time) close_write_time: Sun Feb 7 01:28:15 2106 [2012/08/30 15:27:58.779354, 10] smbd/oplock_linux.c:154(linux_release_kernel_oplock) linux_release_kernel_oplock: file x64/3/pscript.ntf, file_id = 801:23ba9:0 gen_id = 1302153921 has kernel oplock state of 1. [2012/08/30 15:27:58.779561, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 0108000000000000A93B [2012/08/30 15:27:58.779713, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fd50c052fe0 [2012/08/30 15:27:58.779836, 10] locking/locking.c:663(parse_share_modes) parse_share_modes: owrt: Thu Aug 30 15:15:20 2012 EDT, cwrt: Wed Dec 31 19:00:00 1969 EST, ntok: 0, num_share_modes: 1 [2012/08/30 15:27:58.779985, 10] locking/locking.c:725(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 3054, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0x454a, type= 0x3, gen_id = 1302153921, uid = 10000, flags = 0, file_id 801:23ba9:0, name_hash = 0x7d40e663 [2012/08/30 15:27:58.780135, 10] locking/locking.c:1657(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0x7d40e663 [2012/08/30 15:27:58.780290, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 0108000000000000A93B [2012/08/30 15:27:58.780441, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file x64/3/pscript.ntf = 0 [2012/08/30 15:27:58.780566, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file x64/3/pscript.ntf [2012/08/30 15:27:58.780723, 2] smbd/close.c:696(close_normal_file) administrator closed file x64/3/pscript.ntf (numopen=4) NT_STATUS_OK [2012/08/30 15:27:58.780848, 5] smbd/files.c:482(file_free) freed files structure 17775 (5 used) [2012/08/30 15:27:58.780988, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:58.781061, 5] lib/util.c:342(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=2 smb_pid=65279 smb_uid=100 smb_mid=17802 smt_wct=0 smb_bcc=0 [2012/08/30 15:27:58.782157, 10] ../lib/util/util.c:415(dump_data) [2012/08/30 15:27:58.782347, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2012/08/30 15:27:58.782511, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2012/08/30 15:27:58.782632, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2012/08/30 15:27:58.783017, 5] smbd/uid.c:400(change_to_root_user) change_to_root_user: now uid=(0,0) gid=(0,0) [2012/08/30 15:27:58.783186, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 122 [2012/08/30 15:27:58.783329, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x7a [2012/08/30 15:27:58.783454, 3] smbd/process.c:1662(process_smb) Transaction 200 of length 126 (0 toread) [2012/08/30 15:27:58.783636, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:58.783726, 5] lib/util.c:342(show_msg) size=122 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=292 smb_uid=100 smb_mid=17866 smt_wct=24 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 9216 (0x2400) smb_vwv[ 3]= 5632 (0x1600) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]=35072 (0x8900) smb_vwv[ 8]= 512 (0x200) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 1280 (0x500) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 256 (0x100) smb_vwv[18]= 0 (0x0) smb_vwv[19]= 1024 (0x400) smb_vwv[20]= 8192 (0x2000) smb_vwv[21]= 512 (0x200) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 768 (0x300) smb_bcc=39 [2012/08/30 15:27:58.786421, 10] ../lib/util/util.c:415(dump_data) [0000] 00 5C 00 78 00 36 00 34 00 5C 00 33 00 5C 00 70 .\.x.6.4 .\.3.\.p [0010] 00 73 00 63 00 72 00 69 00 70 00 74 00 2E 00 6E .s.c.r.i .p.t...n [0020] 00 74 00 66 00 00 00 .t.f... [2012/08/30 15:27:58.786732, 3] smbd/process.c:1467(switch_message) switch message SMBntcreateX (pid 3054) conn 0x7fd50c011730 [2012/08/30 15:27:58.786881, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (10000, 513) - sec_ctx_stack_ndx = 0 [2012/08/30 15:27:58.787007, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (14): SID[ 0]: S-1-5-21-3266308635-3715972288-3547500332-1001 SID[ 1]: S-1-5-21-3266308635-3715972288-3547500332-513 SID[ 2]: S-1-5-21-3266308635-3715972288-3547500332-512 SID[ 3]: S-1-5-21-3266308635-3715972288-3547500332-514 SID[ 4]: S-1-5-21-3266308635-3715972288-3547500332-515 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-10000 SID[ 10]: S-1-22-2-513 SID[ 11]: S-1-22-2-512 SID[ 12]: S-1-22-2-514 SID[ 13]: S-1-22-2-515 Privileges (0x 1FFFFFF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Privilege[ 8]: SeSecurityPrivilege Privilege[ 9]: SeSystemtimePrivilege Privilege[ 10]: SeShutdownPrivilege Privilege[ 11]: SeDebugPrivilege Privilege[ 12]: SeSystemEnvironmentPrivilege Privilege[ 13]: SeSystemProfilePrivilege Privilege[ 14]: SeProfileSingleProcessPrivilege Privilege[ 15]: SeIncreaseBasePriorityPrivilege Privilege[ 16]: SeLoadDriverPrivilege Privilege[ 17]: SeCreatePagefilePrivilege Privilege[ 18]: SeIncreaseQuotaPrivilege Privilege[ 19]: SeChangeNotifyPrivilege Privilege[ 20]: SeUndockPrivilege Privilege[ 21]: SeManageVolumePrivilege Privilege[ 22]: SeImpersonatePrivilege Privilege[ 23]: SeCreateGlobalPrivilege Privilege[ 24]: SeEnableDelegationPrivilege Rights (0x 0): [2012/08/30 15:27:58.790580, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 10000 Primary group is 513 and contains 4 supplementary groups Group[ 0]: 513 Group[ 1]: 512 Group[ 2]: 514 Group[ 3]: 515 [2012/08/30 15:27:58.791090, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,10000), gid=(0,513) [2012/08/30 15:27:58.791238, 10] smbd/nttrans.c:500(reply_ntcreate_and_X) reply_ntcreate_and_X: flags = 0x16, access_mask = 0x20089 file_attributes = 0x0, share_access = 0x5, create_disposition = 0x1 create_options = 0x200004 root_dir_fid = 0x0, fname = x64/3/pscript.ntf [2012/08/30 15:27:58.791381, 5] smbd/filename.c:257(unix_convert) unix_convert called on file "x64/3/pscript.ntf" [2012/08/30 15:27:58.791573, 10] smbd/statcache.c:283(stat_cache_lookup) stat_cache_lookup: lookup succeeded for name [X64/3/PSCRIPT.NTF] -> [x64/3/pscript.ntf] [2012/08/30 15:27:58.791715, 3] smbd/vfs.c:905(check_reduced_name) check_reduced_name [x64/3/pscript.ntf] [/var/lib/samba/printers] [2012/08/30 15:27:58.791881, 10] smbd/vfs.c:969(check_reduced_name) check_reduced_name realpath [x64/3/pscript.ntf] -> [/var/lib/samba/printers/x64/3/pscript.ntf] [2012/08/30 15:27:58.792145, 3] smbd/vfs.c:1039(check_reduced_name) check_reduced_name: x64/3/pscript.ntf reduced to /var/lib/samba/printers/x64/3/pscript.ntf [2012/08/30 15:27:58.792286, 10] smbd/open.c:3607(create_file_default) create_file: access_mask = 0x20089 file_attributes = 0x0, share_access = 0x5, create_disposition = 0x1 create_options = 0x200004 oplock_request = 0x3 private_flags = 0x0 root_dir_fid = 0x0, ea_list = 0x(nil), sd = 0x(nil), fname = x64/3/pscript.ntf [2012/08/30 15:27:58.792429, 10] smbd/open.c:3127(create_file_unixpath) create_file_unixpath: access_mask = 0x20089 file_attributes = 0x0, share_access = 0x5, create_disposition = 0x1 create_options = 0x200004 oplock_request = 0x3 private_flags = 0x0 ea_list = 0x(nil), sd = 0x(nil), fname = x64/3/pscript.ntf [2012/08/30 15:27:58.792603, 5] smbd/files.c:140(file_new) allocated file structure 13680, fnum = 17776 (6 used) [2012/08/30 15:27:58.792760, 10] smbd/files.c:705(file_name_hash) file_name_hash: /var/lib/samba/printers/x64/3/pscript.ntf hash 0x7d40e663 [2012/08/30 15:27:58.792899, 3] smbd/dosmode.c:159(unix_mode) unix_mode(x64/3/pscript.ntf) returning 0744 [2012/08/30 15:27:58.793038, 10] smbd/open.c:1605(open_file_ntcreate) open_file_ntcreate: fname=x64/3/pscript.ntf, dos_attrs=0x0 access_mask=0x20089 share_access=0x5 create_disposition = 0x1 create_options=0x200004 unix mode=0744 oplock_request=3 private_flags = 0x0 [2012/08/30 15:27:58.793189, 8] smbd/dosmode.c:621(dos_mode) dos_mode: x64/3/pscript.ntf [2012/08/30 15:27:58.793329, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning a [2012/08/30 15:27:58.793467, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning a [2012/08/30 15:27:58.793593, 10] smbd/open.c:1778(open_file_ntcreate) open_file_ntcreate: fname=x64/3/pscript.ntf, after mapping access_mask=0x20089 [2012/08/30 15:27:58.793786, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 0108000000000000A93B [2012/08/30 15:27:58.793938, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fd50c051540 [2012/08/30 15:27:58.794135, 10] locking/brlock.c:1814(brl_get_locks_internal) brl_get_locks_internal: 0 current locks on file_id 801:23ba9:0 [2012/08/30 15:27:58.794270, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 0108000000000000A93B [2012/08/30 15:27:58.794422, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 0108000000000000A93B [2012/08/30 15:27:58.794550, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fd50c051780 [2012/08/30 15:27:58.794689, 10] smbd/open.c:1163(grant_fsp_oplock_type) grant_fsp_oplock_type: oplock type 0x3 on file x64/3/pscript.ntf [2012/08/30 15:27:58.794826, 4] smbd/open.c:2069(open_file_ntcreate) calling open_file with flags=0x0 flags2=0x0 mode=0744, access_mask = 0x20089, open_access_mask = 0x20089 [2012/08/30 15:27:58.794982, 10] smbd/open.c:189(fd_open) fd_open: name x64/3/pscript.ntf, flags = 00 mode = 0744, fd = 40. [2012/08/30 15:27:58.795113, 2] smbd/open.c:704(open_file) administrator opened file x64/3/pscript.ntf read=Yes write=No (numopen=5) [2012/08/30 15:27:58.795239, 3] smbd/oplock_linux.c:142(linux_set_kernel_oplock) linux_set_kernel_oplock: got kernel oplock on file x64/3/pscript.ntf, file_id = 801:23ba9:0 gen_id = 1302153922 [2012/08/30 15:27:58.795405, 5] smbd/oplock.c:92(set_file_oplock) set_file_oplock: granted oplock on file x64/3/pscript.ntf, 801:23ba9:0/1302153922, tv_sec = 503fbebe, tv_usec = c181a [2012/08/30 15:27:58.795581, 10] locking/locking.c:801(unparse_share_modes) unparse_share_modes: owrt: Thu Aug 30 15:15:20 2012 EDT cwrt: Wed Dec 31 19:00:00 1969 EST, ntok: 0, num: 1 [2012/08/30 15:27:58.795742, 10] locking/locking.c:536(print_share_mode_table) print_share_mode_table: share_mode_entry[0]: pid = 3054, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0x45ca, type= 0x3, gen_id = 1302153922, uid = 10000, flags = 0, file_id 801:23ba9:0, name_hash = 0x7d40e663 [2012/08/30 15:27:58.795884, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 0108000000000000A93B [2012/08/30 15:27:58.796053, 10] smbd/open.c:3419(create_file_unixpath) create_file_unixpath: info=1 [2012/08/30 15:27:58.796196, 10] smbd/open.c:3695(create_file_default) create_file: info=1 [2012/08/30 15:27:58.796317, 8] smbd/dosmode.c:621(dos_mode) dos_mode: x64/3/pscript.ntf [2012/08/30 15:27:58.796455, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning a [2012/08/30 15:27:58.796592, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning a [2012/08/30 15:27:58.796764, 10] locking/locking.c:663(parse_share_modes) parse_share_modes: owrt: Thu Aug 30 15:15:20 2012 EDT, cwrt: Wed Dec 31 19:00:00 1969 EST, ntok: 0, num_share_modes: 1 [2012/08/30 15:27:58.796919, 10] locking/locking.c:725(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 3054, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0x45ca, type= 0x3, gen_id = 1302153922, uid = 10000, flags = 0, file_id 801:23ba9:0, name_hash = 0x7d40e663 [2012/08/30 15:27:58.797065, 10] smbd/file_access.c:204(can_access_file_data) can_access_file_data: requesting 0x2 on file x64/3/pscript.ntf [2012/08/30 15:27:58.797196, 5] smbd/nttrans.c:725(reply_ntcreate_and_X) reply_ntcreate_and_X: fnum = 17776, open name = x64/3/pscript.ntf [2012/08/30 15:27:58.798517, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 86 [2012/08/30 15:27:58.798686, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x56 [2012/08/30 15:27:58.798810, 3] smbd/process.c:1662(process_smb) Transaction 201 of length 90 (0 toread) [2012/08/30 15:27:58.798957, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:58.799040, 5] lib/util.c:342(show_msg) size=86 smb_com=0xa0 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=292 smb_uid=100 smb_mid=17930 smt_wct=23 smb_vwv[ 0]= 4 (0x4) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 512 (0x200) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]=21504 (0x5400) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 512 (0x200) smb_vwv[14]= 0 (0x0) smb_vwv[15]=21504 (0x5400) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 1024 (0x400) smb_vwv[18]= 2 (0x2) smb_vwv[19]= 452 (0x1C4) smb_vwv[20]= 20 (0x14) smb_vwv[21]=17776 (0x4570) smb_vwv[22]= 1 (0x1) smb_bcc=5 [2012/08/30 15:27:58.801419, 10] ../lib/util/util.c:415(dump_data) [0000] 00 00 00 07 16 ..... [2012/08/30 15:27:58.801736, 3] smbd/process.c:1467(switch_message) switch message SMBnttrans (pid 3054) conn 0x7fd50c011730 [2012/08/30 15:27:58.801880, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/08/30 15:27:58.802020, 10] smbd/nttrans.c:3108(reply_nttrans) num_setup=8, param_total=0, this_param=0, max_param=0, data_total=2, this_data=2, max_data=0, param_offset=84, data_offset=84 [2012/08/30 15:27:58.802154, 10] smbd/nttrans.c:3180(reply_nttrans) reply_nttrans: state->setup_count = 8 [2012/08/30 15:27:58.802279, 10] ../lib/util/util.c:415(dump_data) [0000] C4 01 14 00 70 45 01 00 ....pE.. [2012/08/30 15:27:58.802436, 10] smbd/nttrans.c:2481(call_nt_transact_ioctl) call_nt_transact_ioctl: function[0x001401C4] FID[0x4570] isFSctl[0x01] compfilter[0x00] [2012/08/30 15:27:58.802575, 3] smbd/error.c:81(error_packet_set) error packet at smbd/nttrans.c(2514) cmd=160 (SMBnttrans) NT_STATUS_NOT_SUPPORTED [2012/08/30 15:27:58.802704, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:58.802783, 5] lib/util.c:342(show_msg) size=35 smb_com=0xa0 smb_rcls=187 smb_reh=0 smb_err=49152 smb_flg=136 smb_flg2=51203 smb_tid=2 smb_pid=292 smb_uid=100 smb_mid=17930 smt_wct=0 smb_bcc=0 [2012/08/30 15:27:58.803748, 10] ../lib/util/util.c:415(dump_data) [2012/08/30 15:27:58.804339, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 72 [2012/08/30 15:27:58.804474, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x48 [2012/08/30 15:27:58.804594, 3] smbd/process.c:1662(process_smb) Transaction 202 of length 76 (0 toread) [2012/08/30 15:27:58.804730, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:58.804808, 5] lib/util.c:342(show_msg) size=72 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=292 smb_uid=100 smb_mid=17994 smt_wct=15 smb_vwv[ 0]= 4 (0x4) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 2 (0x2) smb_vwv[ 3]= 24 (0x18) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 4 (0x4) smb_vwv[10]= 68 (0x44) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 1 (0x1) smb_vwv[14]= 7 (0x7) smb_bcc=7 [2012/08/30 15:27:58.806771, 10] ../lib/util/util.c:415(dump_data) [0000] 00 00 00 70 45 ED 03 ...pE.. [2012/08/30 15:27:58.806935, 3] smbd/process.c:1467(switch_message) switch message SMBtrans2 (pid 3054) conn 0x7fd50c011730 [2012/08/30 15:27:58.807065, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/08/30 15:27:58.807215, 3] smbd/trans2.c:5026(call_trans2qfilepathinfo) call_trans2qfilepathinfo: TRANSACT2_QFILEINFO: level = 1005 [2012/08/30 15:27:58.807384, 10] locking/locking.c:663(parse_share_modes) parse_share_modes: owrt: Thu Aug 30 15:15:20 2012 EDT, cwrt: Wed Dec 31 19:00:00 1969 EST, ntok: 0, num_share_modes: 1 [2012/08/30 15:27:58.807563, 10] locking/locking.c:725(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 3054, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0x45ca, type= 0x3, gen_id = 1302153922, uid = 10000, flags = 0, file_id 801:23ba9:0, name_hash = 0x7d40e663 [2012/08/30 15:27:58.807729, 10] locking/locking.c:1657(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0x7d40e663 [2012/08/30 15:27:58.807873, 3] smbd/trans2.c:5255(call_trans2qfilepathinfo) call_trans2qfilepathinfo x64/3/pscript.ntf (fnum = 17776) level=1005 call=7 total_data=0 [2012/08/30 15:27:58.807998, 5] smbd/trans2.c:4223(smbd_do_qfilepathinfo) smbd_do_qfilepathinfo: x64/3/pscript.ntf (fnum = 17776) level=1005 max_data=24 [2012/08/30 15:27:58.808136, 8] smbd/dosmode.c:621(dos_mode) dos_mode: x64/3/pscript.ntf [2012/08/30 15:27:58.808287, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning a [2012/08/30 15:27:58.808408, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning a [2012/08/30 15:27:58.808550, 10] smbd/trans2.c:4473(smbd_do_qfilepathinfo) smbd_do_qfilepathinfo: SMB_FILE_STANDARD_INFORMATION [2012/08/30 15:27:58.808705, 9] smbd/trans2.c:935(send_trans2_replies) t2_rep: params_sent_thistime = 2, data_sent_thistime = 24, useable_space = 131010 [2012/08/30 15:27:58.808826, 9] smbd/trans2.c:937(send_trans2_replies) t2_rep: params_to_send = 2, data_to_send = 24, paramsize = 2, datasize = 24 [2012/08/30 15:27:58.808979, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:58.809042, 5] lib/util.c:342(show_msg) size=84 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=2 smb_pid=292 smb_uid=100 smb_mid=17994 smt_wct=10 smb_vwv[ 0]= 2 (0x2) smb_vwv[ 1]= 24 (0x18) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 2 (0x2) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 24 (0x18) smb_vwv[ 7]= 60 (0x3C) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=29 [2012/08/30 15:27:58.810655, 10] ../lib/util/util.c:415(dump_data) [0000] 00 00 00 00 00 00 00 20 00 00 00 00 00 C4 2E 10 ....... ........ [0010] 00 00 00 00 00 01 00 00 00 00 00 00 00 ........ ..... [2012/08/30 15:27:58.812851, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 72 [2012/08/30 15:27:58.813097, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x48 [2012/08/30 15:27:58.813225, 3] smbd/process.c:1662(process_smb) Transaction 203 of length 76 (0 toread) [2012/08/30 15:27:58.813366, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:58.813449, 5] lib/util.c:342(show_msg) size=72 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=292 smb_uid=100 smb_mid=18058 smt_wct=15 smb_vwv[ 0]= 4 (0x4) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 2 (0x2) smb_vwv[ 3]= 40 (0x28) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 4 (0x4) smb_vwv[10]= 68 (0x44) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 1 (0x1) smb_vwv[14]= 7 (0x7) smb_bcc=7 [2012/08/30 15:27:58.815564, 10] ../lib/util/util.c:415(dump_data) [0000] 00 00 00 70 45 EC 03 ...pE.. [2012/08/30 15:27:58.815743, 3] smbd/process.c:1467(switch_message) switch message SMBtrans2 (pid 3054) conn 0x7fd50c011730 [2012/08/30 15:27:58.815869, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/08/30 15:27:58.815997, 3] smbd/trans2.c:5026(call_trans2qfilepathinfo) call_trans2qfilepathinfo: TRANSACT2_QFILEINFO: level = 1004 [2012/08/30 15:27:58.816182, 10] locking/locking.c:663(parse_share_modes) parse_share_modes: owrt: Thu Aug 30 15:15:20 2012 EDT, cwrt: Wed Dec 31 19:00:00 1969 EST, ntok: 0, num_share_modes: 1 [2012/08/30 15:27:58.816327, 10] locking/locking.c:725(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 3054, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0x45ca, type= 0x3, gen_id = 1302153922, uid = 10000, flags = 0, file_id 801:23ba9:0, name_hash = 0x7d40e663 [2012/08/30 15:27:58.816492, 10] locking/locking.c:1657(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0x7d40e663 [2012/08/30 15:27:58.816659, 3] smbd/trans2.c:5255(call_trans2qfilepathinfo) call_trans2qfilepathinfo x64/3/pscript.ntf (fnum = 17776) level=1004 call=7 total_data=0 [2012/08/30 15:27:58.816790, 5] smbd/trans2.c:4223(smbd_do_qfilepathinfo) smbd_do_qfilepathinfo: x64/3/pscript.ntf (fnum = 17776) level=1004 max_data=40 [2012/08/30 15:27:58.816928, 8] smbd/dosmode.c:621(dos_mode) dos_mode: x64/3/pscript.ntf [2012/08/30 15:27:58.817069, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning a [2012/08/30 15:27:58.817200, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning a [2012/08/30 15:27:58.817347, 10] smbd/trans2.c:4452(smbd_do_qfilepathinfo) smbd_do_qfilepathinfo: SMB_FILE_BASIC_INFORMATION [2012/08/30 15:27:58.817469, 5] smbd/trans2.c:4462(smbd_do_qfilepathinfo) SMB_QFBI - create: Thu Aug 30 15:15:20 2012 access: Thu Aug 30 15:15:42 2012 write: Thu Aug 30 15:15:20 2012 change: Thu Aug 30 15:15:20 2012 mode: 20 [2012/08/30 15:27:58.818033, 9] smbd/trans2.c:935(send_trans2_replies) t2_rep: params_sent_thistime = 2, data_sent_thistime = 40, useable_space = 131010 [2012/08/30 15:27:58.818163, 9] smbd/trans2.c:937(send_trans2_replies) t2_rep: params_to_send = 2, data_to_send = 40, paramsize = 2, datasize = 40 [2012/08/30 15:27:58.818314, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:58.818394, 5] lib/util.c:342(show_msg) size=100 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=2 smb_pid=292 smb_uid=100 smb_mid=18058 smt_wct=10 smb_vwv[ 0]= 2 (0x2) smb_vwv[ 1]= 40 (0x28) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 2 (0x2) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 40 (0x28) smb_vwv[ 7]= 60 (0x3C) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=45 [2012/08/30 15:27:58.820091, 10] ../lib/util/util.c:415(dump_data) [0000] 00 00 00 00 00 42 5E D7 CB E3 86 CD 01 B1 C3 37 .....B^. .......7 [0010] D9 E3 86 CD 01 42 5E D7 CB E3 86 CD 01 42 5E D7 .....B^. .....B^. [0020] CB E3 86 CD 01 20 00 00 00 00 00 00 00 ..... .. ..... [2012/08/30 15:27:58.821568, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 72 [2012/08/30 15:27:58.821726, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x48 [2012/08/30 15:27:58.821869, 3] smbd/process.c:1662(process_smb) Transaction 204 of length 76 (0 toread) [2012/08/30 15:27:58.822020, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:58.822084, 5] lib/util.c:342(show_msg) size=72 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=292 smb_uid=100 smb_mid=18122 smt_wct=15 smb_vwv[ 0]= 4 (0x4) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 2 (0x2) smb_vwv[ 3]= 4094 (0xFFE) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 4 (0x4) smb_vwv[10]= 68 (0x44) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 1 (0x1) smb_vwv[14]= 7 (0x7) smb_bcc=7 [2012/08/30 15:27:58.824084, 10] ../lib/util/util.c:415(dump_data) [0000] 00 00 00 70 45 FE 03 ...pE.. [2012/08/30 15:27:58.824240, 3] smbd/process.c:1467(switch_message) switch message SMBtrans2 (pid 3054) conn 0x7fd50c011730 [2012/08/30 15:27:58.824399, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/08/30 15:27:58.824542, 3] smbd/trans2.c:5026(call_trans2qfilepathinfo) call_trans2qfilepathinfo: TRANSACT2_QFILEINFO: level = 1022 [2012/08/30 15:27:58.824722, 10] locking/locking.c:663(parse_share_modes) parse_share_modes: owrt: Thu Aug 30 15:15:20 2012 EDT, cwrt: Wed Dec 31 19:00:00 1969 EST, ntok: 0, num_share_modes: 1 [2012/08/30 15:27:58.824865, 10] locking/locking.c:725(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 3054, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0x45ca, type= 0x3, gen_id = 1302153922, uid = 10000, flags = 0, file_id 801:23ba9:0, name_hash = 0x7d40e663 [2012/08/30 15:27:58.824990, 10] locking/locking.c:1657(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0x7d40e663 [2012/08/30 15:27:58.825137, 3] smbd/trans2.c:5255(call_trans2qfilepathinfo) call_trans2qfilepathinfo x64/3/pscript.ntf (fnum = 17776) level=1022 call=7 total_data=0 [2012/08/30 15:27:58.825268, 5] smbd/trans2.c:4223(smbd_do_qfilepathinfo) smbd_do_qfilepathinfo: x64/3/pscript.ntf (fnum = 17776) level=1022 max_data=4094 [2012/08/30 15:27:58.825563, 8] smbd/dosmode.c:621(dos_mode) dos_mode: x64/3/pscript.ntf [2012/08/30 15:27:58.825709, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning a [2012/08/30 15:27:58.825876, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning a [2012/08/30 15:27:58.826010, 10] smbd/trans2.c:4675(smbd_do_qfilepathinfo) smbd_do_qfilepathinfo: SMB_FILE_STREAM_INFORMATION [2012/08/30 15:27:58.826153, 9] smbd/trans2.c:935(send_trans2_replies) t2_rep: params_sent_thistime = 2, data_sent_thistime = 38, useable_space = 131010 [2012/08/30 15:27:58.826306, 9] smbd/trans2.c:937(send_trans2_replies) t2_rep: params_to_send = 2, data_to_send = 38, paramsize = 2, datasize = 38 [2012/08/30 15:27:58.826429, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:58.826493, 5] lib/util.c:342(show_msg) size=98 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=2 smb_pid=292 smb_uid=100 smb_mid=18122 smt_wct=10 smb_vwv[ 0]= 2 (0x2) smb_vwv[ 1]= 38 (0x26) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 2 (0x2) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 38 (0x26) smb_vwv[ 7]= 60 (0x3C) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=43 [2012/08/30 15:27:58.828207, 10] ../lib/util/util.c:415(dump_data) [0000] 00 00 00 00 00 00 00 00 00 0E 00 00 00 C4 2E 10 ........ ........ [0010] 00 00 00 00 00 00 00 20 00 00 00 00 00 3A 00 3A ....... .....:.: [0020] 00 24 00 44 00 41 00 54 00 41 00 .$.D.A.T .A. [2012/08/30 15:27:58.828999, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 72 [2012/08/30 15:27:58.829150, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x48 [2012/08/30 15:27:58.829274, 3] smbd/process.c:1662(process_smb) Transaction 205 of length 76 (0 toread) [2012/08/30 15:27:58.829445, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:58.829516, 5] lib/util.c:342(show_msg) size=72 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=292 smb_uid=100 smb_mid=18186 smt_wct=15 smb_vwv[ 0]= 4 (0x4) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 2 (0x2) smb_vwv[ 3]= 40 (0x28) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 4 (0x4) smb_vwv[10]= 68 (0x44) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 1 (0x1) smb_vwv[14]= 7 (0x7) smb_bcc=7 [2012/08/30 15:27:58.831432, 10] ../lib/util/util.c:415(dump_data) [0000] 00 00 00 70 45 EC 03 ...pE.. [2012/08/30 15:27:58.831625, 3] smbd/process.c:1467(switch_message) switch message SMBtrans2 (pid 3054) conn 0x7fd50c011730 [2012/08/30 15:27:58.831755, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/08/30 15:27:58.831932, 3] smbd/trans2.c:5026(call_trans2qfilepathinfo) call_trans2qfilepathinfo: TRANSACT2_QFILEINFO: level = 1004 [2012/08/30 15:27:58.832068, 10] locking/locking.c:663(parse_share_modes) parse_share_modes: owrt: Thu Aug 30 15:15:20 2012 EDT, cwrt: Wed Dec 31 19:00:00 1969 EST, ntok: 0, num_share_modes: 1 [2012/08/30 15:27:58.832241, 10] locking/locking.c:725(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 3054, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0x45ca, type= 0x3, gen_id = 1302153922, uid = 10000, flags = 0, file_id 801:23ba9:0, name_hash = 0x7d40e663 [2012/08/30 15:27:58.832366, 10] locking/locking.c:1657(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0x7d40e663 [2012/08/30 15:27:58.832490, 3] smbd/trans2.c:5255(call_trans2qfilepathinfo) call_trans2qfilepathinfo x64/3/pscript.ntf (fnum = 17776) level=1004 call=7 total_data=0 [2012/08/30 15:27:58.832644, 5] smbd/trans2.c:4223(smbd_do_qfilepathinfo) smbd_do_qfilepathinfo: x64/3/pscript.ntf (fnum = 17776) level=1004 max_data=40 [2012/08/30 15:27:58.832768, 8] smbd/dosmode.c:621(dos_mode) dos_mode: x64/3/pscript.ntf [2012/08/30 15:27:58.832918, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning a [2012/08/30 15:27:58.833066, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning a [2012/08/30 15:27:58.833213, 10] smbd/trans2.c:4452(smbd_do_qfilepathinfo) smbd_do_qfilepathinfo: SMB_FILE_BASIC_INFORMATION [2012/08/30 15:27:58.833395, 5] smbd/trans2.c:4462(smbd_do_qfilepathinfo) SMB_QFBI - create: Thu Aug 30 15:15:20 2012 access: Thu Aug 30 15:15:42 2012 write: Thu Aug 30 15:15:20 2012 change: Thu Aug 30 15:15:20 2012 mode: 20 [2012/08/30 15:27:58.833875, 9] smbd/trans2.c:935(send_trans2_replies) t2_rep: params_sent_thistime = 2, data_sent_thistime = 40, useable_space = 131010 [2012/08/30 15:27:58.834865, 9] smbd/trans2.c:937(send_trans2_replies) t2_rep: params_to_send = 2, data_to_send = 40, paramsize = 2, datasize = 40 [2012/08/30 15:27:58.835019, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:58.835083, 5] lib/util.c:342(show_msg) size=100 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=2 smb_pid=292 smb_uid=100 smb_mid=18186 smt_wct=10 smb_vwv[ 0]= 2 (0x2) smb_vwv[ 1]= 40 (0x28) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 2 (0x2) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 40 (0x28) smb_vwv[ 7]= 60 (0x3C) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=45 [2012/08/30 15:27:58.836709, 10] ../lib/util/util.c:415(dump_data) [0000] 00 00 00 00 00 42 5E D7 CB E3 86 CD 01 B1 C3 37 .....B^. .......7 [0010] D9 E3 86 CD 01 42 5E D7 CB E3 86 CD 01 42 5E D7 .....B^. .....B^. [0020] CB E3 86 CD 01 20 00 00 00 00 00 00 00 ..... .. ..... [2012/08/30 15:27:58.838313, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 70 [2012/08/30 15:27:58.838534, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x46 [2012/08/30 15:27:58.838674, 3] smbd/process.c:1662(process_smb) Transaction 206 of length 74 (0 toread) [2012/08/30 15:27:58.838798, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:58.838880, 5] lib/util.c:342(show_msg) size=70 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=292 smb_uid=100 smb_mid=18250 smt_wct=15 smb_vwv[ 0]= 2 (0x2) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 560 (0x230) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 2 (0x2) smb_vwv[10]= 68 (0x44) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 1 (0x1) smb_vwv[14]= 3 (0x3) smb_bcc=5 [2012/08/30 15:27:58.841188, 10] ../lib/util/util.c:415(dump_data) [0000] 00 00 00 05 01 ..... [2012/08/30 15:27:58.841369, 3] smbd/process.c:1467(switch_message) switch message SMBtrans2 (pid 3054) conn 0x7fd50c011730 [2012/08/30 15:27:58.841501, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/08/30 15:27:58.841674, 3] smbd/trans2.c:3507(call_trans2qfsinfo) call_trans2qfsinfo: level = 261 [2012/08/30 15:27:58.841818, 3] smbd/trans2.c:2945(smbd_do_qfsinfo) smbd_do_qfsinfo: level = 261 [2012/08/30 15:27:58.841969, 9] smbd/trans2.c:935(send_trans2_replies) t2_rep: params_sent_thistime = 0, data_sent_thistime = 20, useable_space = 131012 [2012/08/30 15:27:58.842138, 9] smbd/trans2.c:937(send_trans2_replies) t2_rep: params_to_send = 0, data_to_send = 20, paramsize = 0, datasize = 20 [2012/08/30 15:27:58.842268, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:58.842332, 5] lib/util.c:342(show_msg) size=76 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=2 smb_pid=292 smb_uid=100 smb_mid=18250 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 20 (0x14) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 20 (0x14) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=21 [2012/08/30 15:27:58.844119, 10] ../lib/util/util.c:415(dump_data) [0000] 00 2F 00 01 00 FF 00 00 00 08 00 00 00 4E 00 54 ./...... .....N.T [0010] 00 46 00 53 00 .F.S. [2012/08/30 15:27:58.844460, 4] smbd/trans2.c:3523(call_trans2qfsinfo) SMBtrans2 info_level = 261 [2012/08/30 15:27:58.845311, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 59 [2012/08/30 15:27:58.845753, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x3b [2012/08/30 15:27:58.846013, 3] smbd/process.c:1662(process_smb) Transaction 207 of length 63 (0 toread) [2012/08/30 15:27:58.846286, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:58.846471, 5] lib/util.c:342(show_msg) size=59 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=65279 smb_uid=100 smb_mid=18314 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]=17776 (0x4570) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]=32768 (0x8000) smb_vwv[ 6]=32768 (0x8000) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]=32768 (0x8000) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=0 [2012/08/30 15:27:58.850041, 10] ../lib/util/util.c:415(dump_data) [2012/08/30 15:27:58.850141, 3] smbd/process.c:1467(switch_message) switch message SMBreadX (pid 3054) conn 0x7fd50c011730 [2012/08/30 15:27:58.850271, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/08/30 15:27:58.850451, 10] locking/locking.c:121(strict_lock_default) is_locked: optimisation - exclusive oplock on file x64/3/pscript.ntf [2012/08/30 15:27:58.850577, 10] locking/locking.c:163(strict_lock_default) strict_lock_default: flavour = WINDOWS_LOCK brl start=0 len=32768 unlocked for fnum 17776 file x64/3/pscript.ntf [2012/08/30 15:27:58.850740, 10] smbd/fileio.c:109(read_file) read_file (x64/3/pscript.ntf): pos = 0, size = 32768, returned 32768 [2012/08/30 15:27:58.850872, 3] smbd/reply.c:3702(send_file_readX) send_file_readX fnum=17776 max=32768 nread=32768 [2012/08/30 15:27:58.851273, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 59 [2012/08/30 15:27:58.851429, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x3b [2012/08/30 15:27:58.851718, 3] smbd/process.c:1662(process_smb) Transaction 208 of length 63 (0 toread) [2012/08/30 15:27:58.851839, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:58.851904, 5] lib/util.c:342(show_msg) size=59 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=65279 smb_uid=100 smb_mid=18379 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]=17776 (0x4570) smb_vwv[ 3]=32768 (0x8000) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]=32768 (0x8000) smb_vwv[ 6]=32768 (0x8000) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]=32768 (0x8000) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=0 [2012/08/30 15:27:58.853574, 10] ../lib/util/util.c:415(dump_data) [2012/08/30 15:27:58.853645, 3] smbd/process.c:1467(switch_message) switch message SMBreadX (pid 3054) conn 0x7fd50c011730 [2012/08/30 15:27:58.853782, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/08/30 15:27:58.853906, 10] locking/locking.c:121(strict_lock_default) is_locked: optimisation - exclusive oplock on file x64/3/pscript.ntf [2012/08/30 15:27:58.854060, 10] locking/locking.c:163(strict_lock_default) strict_lock_default: flavour = WINDOWS_LOCK brl start=32768 len=32768 unlocked for fnum 17776 file x64/3/pscript.ntf [2012/08/30 15:27:58.854221, 10] smbd/fileio.c:109(read_file) read_file (x64/3/pscript.ntf): pos = 32768, size = 32768, returned 32768 [2012/08/30 15:27:58.854343, 3] smbd/reply.c:3702(send_file_readX) send_file_readX fnum=17776 max=32768 nread=32768 [2012/08/30 15:27:58.854712, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 59 [2012/08/30 15:27:58.854839, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x3b [2012/08/30 15:27:58.855094, 3] smbd/process.c:1662(process_smb) Transaction 209 of length 63 (0 toread) [2012/08/30 15:27:58.855230, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:58.855293, 5] lib/util.c:342(show_msg) size=59 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=65279 smb_uid=100 smb_mid=18444 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]=17776 (0x4570) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 1 (0x1) smb_vwv[ 5]=32768 (0x8000) smb_vwv[ 6]=32768 (0x8000) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]=32768 (0x8000) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=0 [2012/08/30 15:27:58.856909, 10] ../lib/util/util.c:415(dump_data) [2012/08/30 15:27:58.856973, 3] smbd/process.c:1467(switch_message) switch message SMBreadX (pid 3054) conn 0x7fd50c011730 [2012/08/30 15:27:58.857095, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/08/30 15:27:58.857232, 10] locking/locking.c:121(strict_lock_default) is_locked: optimisation - exclusive oplock on file x64/3/pscript.ntf [2012/08/30 15:27:58.857350, 10] locking/locking.c:163(strict_lock_default) strict_lock_default: flavour = WINDOWS_LOCK brl start=65536 len=32768 unlocked for fnum 17776 file x64/3/pscript.ntf [2012/08/30 15:27:58.857492, 10] smbd/fileio.c:109(read_file) read_file (x64/3/pscript.ntf): pos = 65536, size = 32768, returned 32768 [2012/08/30 15:27:58.857623, 3] smbd/reply.c:3702(send_file_readX) send_file_readX fnum=17776 max=32768 nread=32768 [2012/08/30 15:27:58.857972, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 59 [2012/08/30 15:27:58.858100, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x3b [2012/08/30 15:27:58.858393, 3] smbd/process.c:1662(process_smb) Transaction 210 of length 63 (0 toread) [2012/08/30 15:27:58.858530, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:58.858707, 5] lib/util.c:342(show_msg) size=59 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=65279 smb_uid=100 smb_mid=18509 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]=17776 (0x4570) smb_vwv[ 3]=32768 (0x8000) smb_vwv[ 4]= 1 (0x1) smb_vwv[ 5]=32768 (0x8000) smb_vwv[ 6]=32768 (0x8000) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]=32768 (0x8000) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=0 [2012/08/30 15:27:58.860521, 10] ../lib/util/util.c:415(dump_data) [2012/08/30 15:27:58.860587, 3] smbd/process.c:1467(switch_message) switch message SMBreadX (pid 3054) conn 0x7fd50c011730 [2012/08/30 15:27:58.860730, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/08/30 15:27:58.860852, 10] locking/locking.c:121(strict_lock_default) is_locked: optimisation - exclusive oplock on file x64/3/pscript.ntf [2012/08/30 15:27:58.860987, 10] locking/locking.c:163(strict_lock_default) strict_lock_default: flavour = WINDOWS_LOCK brl start=98304 len=32768 unlocked for fnum 17776 file x64/3/pscript.ntf [2012/08/30 15:27:58.861144, 10] smbd/fileio.c:109(read_file) read_file (x64/3/pscript.ntf): pos = 98304, size = 32768, returned 32768 [2012/08/30 15:27:58.861265, 3] smbd/reply.c:3702(send_file_readX) send_file_readX fnum=17776 max=32768 nread=32768 [2012/08/30 15:27:58.861625, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 59 [2012/08/30 15:27:58.861766, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x3b [2012/08/30 15:27:58.862173, 3] smbd/process.c:1662(process_smb) Transaction 211 of length 63 (0 toread) [2012/08/30 15:27:58.862297, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:58.862359, 5] lib/util.c:342(show_msg) size=59 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=65279 smb_uid=100 smb_mid=18574 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]=17776 (0x4570) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 2 (0x2) smb_vwv[ 5]=32768 (0x8000) smb_vwv[ 6]=32768 (0x8000) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]=32768 (0x8000) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=0 [2012/08/30 15:27:58.864021, 10] ../lib/util/util.c:415(dump_data) [2012/08/30 15:27:58.864103, 3] smbd/process.c:1467(switch_message) switch message SMBreadX (pid 3054) conn 0x7fd50c011730 [2012/08/30 15:27:58.864222, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/08/30 15:27:58.864346, 10] locking/locking.c:121(strict_lock_default) is_locked: optimisation - exclusive oplock on file x64/3/pscript.ntf [2012/08/30 15:27:58.864476, 10] locking/locking.c:163(strict_lock_default) strict_lock_default: flavour = WINDOWS_LOCK brl start=131072 len=32768 unlocked for fnum 17776 file x64/3/pscript.ntf [2012/08/30 15:27:58.864623, 10] smbd/fileio.c:109(read_file) read_file (x64/3/pscript.ntf): pos = 131072, size = 32768, returned 32768 [2012/08/30 15:27:58.864747, 3] smbd/reply.c:3702(send_file_readX) send_file_readX fnum=17776 max=32768 nread=32768 [2012/08/30 15:27:58.865113, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 59 [2012/08/30 15:27:58.865359, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x3b [2012/08/30 15:27:58.865628, 3] smbd/process.c:1662(process_smb) Transaction 212 of length 63 (0 toread) [2012/08/30 15:27:58.865885, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:58.865957, 5] lib/util.c:342(show_msg) size=59 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=65279 smb_uid=100 smb_mid=18639 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]=17776 (0x4570) smb_vwv[ 3]=32768 (0x8000) smb_vwv[ 4]= 2 (0x2) smb_vwv[ 5]=32768 (0x8000) smb_vwv[ 6]=32768 (0x8000) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]=32768 (0x8000) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=0 [2012/08/30 15:27:58.867520, 10] ../lib/util/util.c:415(dump_data) [2012/08/30 15:27:58.867593, 3] smbd/process.c:1467(switch_message) switch message SMBreadX (pid 3054) conn 0x7fd50c011730 [2012/08/30 15:27:58.867712, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/08/30 15:27:58.867851, 10] locking/locking.c:121(strict_lock_default) is_locked: optimisation - exclusive oplock on file x64/3/pscript.ntf [2012/08/30 15:27:58.867972, 10] locking/locking.c:163(strict_lock_default) strict_lock_default: flavour = WINDOWS_LOCK brl start=163840 len=32768 unlocked for fnum 17776 file x64/3/pscript.ntf [2012/08/30 15:27:58.868137, 10] smbd/fileio.c:109(read_file) read_file (x64/3/pscript.ntf): pos = 163840, size = 32768, returned 32768 [2012/08/30 15:27:58.868396, 3] smbd/reply.c:3702(send_file_readX) send_file_readX fnum=17776 max=32768 nread=32768 [2012/08/30 15:27:58.868793, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 59 [2012/08/30 15:27:58.868928, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x3b [2012/08/30 15:27:58.869049, 3] smbd/process.c:1662(process_smb) Transaction 213 of length 63 (0 toread) [2012/08/30 15:27:58.869295, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:58.869370, 5] lib/util.c:342(show_msg) size=59 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=65279 smb_uid=100 smb_mid=18688 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]=17776 (0x4570) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 3 (0x3) smb_vwv[ 5]=32768 (0x8000) smb_vwv[ 6]=32768 (0x8000) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]=32768 (0x8000) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=0 [2012/08/30 15:27:58.871156, 10] ../lib/util/util.c:415(dump_data) [2012/08/30 15:27:58.871234, 3] smbd/process.c:1467(switch_message) switch message SMBreadX (pid 3054) conn 0x7fd50c011730 [2012/08/30 15:27:58.871355, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/08/30 15:27:58.871496, 10] locking/locking.c:121(strict_lock_default) is_locked: optimisation - exclusive oplock on file x64/3/pscript.ntf [2012/08/30 15:27:58.871698, 10] locking/locking.c:163(strict_lock_default) strict_lock_default: flavour = WINDOWS_LOCK brl start=196608 len=32768 unlocked for fnum 17776 file x64/3/pscript.ntf [2012/08/30 15:27:58.871855, 10] smbd/fileio.c:109(read_file) read_file (x64/3/pscript.ntf): pos = 196608, size = 32768, returned 32768 [2012/08/30 15:27:58.871985, 3] smbd/reply.c:3702(send_file_readX) send_file_readX fnum=17776 max=32768 nread=32768 [2012/08/30 15:27:58.872363, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 59 [2012/08/30 15:27:58.872493, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x3b [2012/08/30 15:27:58.872612, 3] smbd/process.c:1662(process_smb) Transaction 214 of length 63 (0 toread) [2012/08/30 15:27:58.872750, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:58.872812, 5] lib/util.c:342(show_msg) size=59 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=65279 smb_uid=100 smb_mid=18753 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]=17776 (0x4570) smb_vwv[ 3]=32768 (0x8000) smb_vwv[ 4]= 3 (0x3) smb_vwv[ 5]=32768 (0x8000) smb_vwv[ 6]=32768 (0x8000) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]=32768 (0x8000) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=0 [2012/08/30 15:27:58.874552, 10] ../lib/util/util.c:415(dump_data) [2012/08/30 15:27:58.874629, 3] smbd/process.c:1467(switch_message) switch message SMBreadX (pid 3054) conn 0x7fd50c011730 [2012/08/30 15:27:58.874748, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/08/30 15:27:58.874890, 10] locking/locking.c:121(strict_lock_default) is_locked: optimisation - exclusive oplock on file x64/3/pscript.ntf [2012/08/30 15:27:58.875011, 10] locking/locking.c:163(strict_lock_default) strict_lock_default: flavour = WINDOWS_LOCK brl start=229376 len=32768 unlocked for fnum 17776 file x64/3/pscript.ntf [2012/08/30 15:27:58.875176, 10] smbd/fileio.c:109(read_file) read_file (x64/3/pscript.ntf): pos = 229376, size = 32768, returned 32768 [2012/08/30 15:27:58.875302, 3] smbd/reply.c:3702(send_file_readX) send_file_readX fnum=17776 max=32768 nread=32768 [2012/08/30 15:27:58.876749, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 59 [2012/08/30 15:27:58.876940, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x3b [2012/08/30 15:27:58.877183, 3] smbd/process.c:1662(process_smb) Transaction 215 of length 63 (0 toread) [2012/08/30 15:27:58.877319, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:58.877382, 5] lib/util.c:342(show_msg) size=59 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=65279 smb_uid=100 smb_mid=18818 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]=17776 (0x4570) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 4 (0x4) smb_vwv[ 5]=32768 (0x8000) smb_vwv[ 6]=32768 (0x8000) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]=32768 (0x8000) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=0 [2012/08/30 15:27:58.879296, 10] ../lib/util/util.c:415(dump_data) [2012/08/30 15:27:58.879366, 3] smbd/process.c:1467(switch_message) switch message SMBreadX (pid 3054) conn 0x7fd50c011730 [2012/08/30 15:27:58.880372, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/08/30 15:27:58.880538, 10] locking/locking.c:121(strict_lock_default) is_locked: optimisation - exclusive oplock on file x64/3/pscript.ntf [2012/08/30 15:27:58.880669, 10] locking/locking.c:163(strict_lock_default) strict_lock_default: flavour = WINDOWS_LOCK brl start=262144 len=32768 unlocked for fnum 17776 file x64/3/pscript.ntf [2012/08/30 15:27:58.880822, 10] smbd/fileio.c:109(read_file) read_file (x64/3/pscript.ntf): pos = 262144, size = 32768, returned 32768 [2012/08/30 15:27:58.880960, 3] smbd/reply.c:3702(send_file_readX) send_file_readX fnum=17776 max=32768 nread=32768 [2012/08/30 15:27:58.881727, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 59 [2012/08/30 15:27:58.881874, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x3b [2012/08/30 15:27:58.881995, 3] smbd/process.c:1662(process_smb) Transaction 216 of length 63 (0 toread) [2012/08/30 15:27:58.882144, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:58.882208, 5] lib/util.c:342(show_msg) size=59 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=65279 smb_uid=100 smb_mid=18883 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]=17776 (0x4570) smb_vwv[ 3]=32768 (0x8000) smb_vwv[ 4]= 4 (0x4) smb_vwv[ 5]=32768 (0x8000) smb_vwv[ 6]=32768 (0x8000) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]=32768 (0x8000) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=0 [2012/08/30 15:27:58.888217, 10] ../lib/util/util.c:415(dump_data) [2012/08/30 15:27:58.888293, 3] smbd/process.c:1467(switch_message) switch message SMBreadX (pid 3054) conn 0x7fd50c011730 [2012/08/30 15:27:58.888543, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/08/30 15:27:58.888679, 10] locking/locking.c:121(strict_lock_default) is_locked: optimisation - exclusive oplock on file x64/3/pscript.ntf [2012/08/30 15:27:58.888816, 10] locking/locking.c:163(strict_lock_default) strict_lock_default: flavour = WINDOWS_LOCK brl start=294912 len=32768 unlocked for fnum 17776 file x64/3/pscript.ntf [2012/08/30 15:27:58.888965, 10] smbd/fileio.c:109(read_file) read_file (x64/3/pscript.ntf): pos = 294912, size = 32768, returned 32768 [2012/08/30 15:27:58.889087, 3] smbd/reply.c:3702(send_file_readX) send_file_readX fnum=17776 max=32768 nread=32768 [2012/08/30 15:27:58.889611, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 59 [2012/08/30 15:27:58.889922, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x3b [2012/08/30 15:27:58.890067, 3] smbd/process.c:1662(process_smb) Transaction 217 of length 63 (0 toread) [2012/08/30 15:27:58.890198, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:58.890266, 5] lib/util.c:342(show_msg) size=59 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=65279 smb_uid=100 smb_mid=18948 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]=17776 (0x4570) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 5 (0x5) smb_vwv[ 5]=32768 (0x8000) smb_vwv[ 6]=32768 (0x8000) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]=32768 (0x8000) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=0 [2012/08/30 15:27:58.893001, 10] ../lib/util/util.c:415(dump_data) [2012/08/30 15:27:58.893088, 3] smbd/process.c:1467(switch_message) switch message SMBreadX (pid 3054) conn 0x7fd50c011730 [2012/08/30 15:27:58.893258, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/08/30 15:27:58.893387, 10] locking/locking.c:121(strict_lock_default) is_locked: optimisation - exclusive oplock on file x64/3/pscript.ntf [2012/08/30 15:27:58.893530, 10] locking/locking.c:163(strict_lock_default) strict_lock_default: flavour = WINDOWS_LOCK brl start=327680 len=32768 unlocked for fnum 17776 file x64/3/pscript.ntf [2012/08/30 15:27:58.893704, 10] smbd/fileio.c:109(read_file) read_file (x64/3/pscript.ntf): pos = 327680, size = 32768, returned 32768 [2012/08/30 15:27:58.893831, 3] smbd/reply.c:3702(send_file_readX) send_file_readX fnum=17776 max=32768 nread=32768 [2012/08/30 15:27:58.894704, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 59 [2012/08/30 15:27:58.894873, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x3b [2012/08/30 15:27:58.894993, 3] smbd/process.c:1662(process_smb) Transaction 218 of length 63 (0 toread) [2012/08/30 15:27:58.895115, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:58.895177, 5] lib/util.c:342(show_msg) size=59 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=65279 smb_uid=100 smb_mid=19013 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]=17776 (0x4570) smb_vwv[ 3]=32768 (0x8000) smb_vwv[ 4]= 5 (0x5) smb_vwv[ 5]=32768 (0x8000) smb_vwv[ 6]=32768 (0x8000) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]=32768 (0x8000) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=0 [2012/08/30 15:27:58.896712, 10] ../lib/util/util.c:415(dump_data) [2012/08/30 15:27:58.896776, 3] smbd/process.c:1467(switch_message) switch message SMBreadX (pid 3054) conn 0x7fd50c011730 [2012/08/30 15:27:58.896912, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/08/30 15:27:58.897034, 10] locking/locking.c:121(strict_lock_default) is_locked: optimisation - exclusive oplock on file x64/3/pscript.ntf [2012/08/30 15:27:58.897156, 10] locking/locking.c:163(strict_lock_default) strict_lock_default: flavour = WINDOWS_LOCK brl start=360448 len=32768 unlocked for fnum 17776 file x64/3/pscript.ntf [2012/08/30 15:27:58.897301, 10] smbd/fileio.c:109(read_file) read_file (x64/3/pscript.ntf): pos = 360448, size = 32768, returned 32768 [2012/08/30 15:27:58.897576, 3] smbd/reply.c:3702(send_file_readX) send_file_readX fnum=17776 max=32768 nread=32768 [2012/08/30 15:27:58.901259, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 59 [2012/08/30 15:27:58.901467, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x3b [2012/08/30 15:27:58.901601, 3] smbd/process.c:1662(process_smb) Transaction 219 of length 63 (0 toread) [2012/08/30 15:27:58.901737, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:58.901799, 5] lib/util.c:342(show_msg) size=59 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=65279 smb_uid=100 smb_mid=19078 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]=17776 (0x4570) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 6 (0x6) smb_vwv[ 5]=32768 (0x8000) smb_vwv[ 6]=32768 (0x8000) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]=32768 (0x8000) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=0 [2012/08/30 15:27:58.903353, 10] ../lib/util/util.c:415(dump_data) [2012/08/30 15:27:58.903427, 3] smbd/process.c:1467(switch_message) switch message SMBreadX (pid 3054) conn 0x7fd50c011730 [2012/08/30 15:27:58.903647, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/08/30 15:27:58.903889, 10] locking/locking.c:121(strict_lock_default) is_locked: optimisation - exclusive oplock on file x64/3/pscript.ntf [2012/08/30 15:27:58.904013, 10] locking/locking.c:163(strict_lock_default) strict_lock_default: flavour = WINDOWS_LOCK brl start=393216 len=32768 unlocked for fnum 17776 file x64/3/pscript.ntf [2012/08/30 15:27:58.904168, 10] smbd/fileio.c:109(read_file) read_file (x64/3/pscript.ntf): pos = 393216, size = 32768, returned 32768 [2012/08/30 15:27:58.904296, 3] smbd/reply.c:3702(send_file_readX) send_file_readX fnum=17776 max=32768 nread=32768 [2012/08/30 15:27:58.905104, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 59 [2012/08/30 15:27:58.905265, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x3b [2012/08/30 15:27:58.906239, 3] smbd/process.c:1662(process_smb) Transaction 220 of length 63 (0 toread) [2012/08/30 15:27:58.906615, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:58.906687, 5] lib/util.c:342(show_msg) size=59 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=65279 smb_uid=100 smb_mid=19143 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]=17776 (0x4570) smb_vwv[ 3]=32768 (0x8000) smb_vwv[ 4]= 6 (0x6) smb_vwv[ 5]=32768 (0x8000) smb_vwv[ 6]=32768 (0x8000) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]=32768 (0x8000) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=0 [2012/08/30 15:27:58.908387, 10] ../lib/util/util.c:415(dump_data) [2012/08/30 15:27:58.908457, 3] smbd/process.c:1467(switch_message) switch message SMBreadX (pid 3054) conn 0x7fd50c011730 [2012/08/30 15:27:58.908619, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/08/30 15:27:58.908762, 10] locking/locking.c:121(strict_lock_default) is_locked: optimisation - exclusive oplock on file x64/3/pscript.ntf [2012/08/30 15:27:58.909137, 10] locking/locking.c:163(strict_lock_default) strict_lock_default: flavour = WINDOWS_LOCK brl start=425984 len=32768 unlocked for fnum 17776 file x64/3/pscript.ntf [2012/08/30 15:27:58.909352, 10] smbd/fileio.c:109(read_file) read_file (x64/3/pscript.ntf): pos = 425984, size = 32768, returned 32768 [2012/08/30 15:27:58.909502, 3] smbd/reply.c:3702(send_file_readX) send_file_readX fnum=17776 max=32768 nread=32768 [2012/08/30 15:27:58.909911, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 59 [2012/08/30 15:27:58.910250, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x3b [2012/08/30 15:27:58.910399, 3] smbd/process.c:1662(process_smb) Transaction 221 of length 63 (0 toread) [2012/08/30 15:27:58.910531, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:58.910596, 5] lib/util.c:342(show_msg) size=59 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=65279 smb_uid=100 smb_mid=19208 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]=17776 (0x4570) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 7 (0x7) smb_vwv[ 5]=32768 (0x8000) smb_vwv[ 6]=32768 (0x8000) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]=32768 (0x8000) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=0 [2012/08/30 15:27:58.914650, 10] ../lib/util/util.c:415(dump_data) [2012/08/30 15:27:58.914752, 3] smbd/process.c:1467(switch_message) switch message SMBreadX (pid 3054) conn 0x7fd50c011730 [2012/08/30 15:27:58.914918, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/08/30 15:27:58.915079, 10] locking/locking.c:121(strict_lock_default) is_locked: optimisation - exclusive oplock on file x64/3/pscript.ntf [2012/08/30 15:27:58.915229, 10] locking/locking.c:163(strict_lock_default) strict_lock_default: flavour = WINDOWS_LOCK brl start=458752 len=32768 unlocked for fnum 17776 file x64/3/pscript.ntf [2012/08/30 15:27:58.915416, 10] smbd/fileio.c:109(read_file) read_file (x64/3/pscript.ntf): pos = 458752, size = 32768, returned 32768 [2012/08/30 15:27:58.915577, 3] smbd/reply.c:3702(send_file_readX) send_file_readX fnum=17776 max=32768 nread=32768 [2012/08/30 15:27:58.916245, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 59 [2012/08/30 15:27:58.916411, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x3b [2012/08/30 15:27:58.916552, 3] smbd/process.c:1662(process_smb) Transaction 222 of length 63 (0 toread) [2012/08/30 15:27:58.916691, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:58.916757, 5] lib/util.c:342(show_msg) size=59 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=65279 smb_uid=100 smb_mid=19273 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]=17776 (0x4570) smb_vwv[ 3]=32768 (0x8000) smb_vwv[ 4]= 7 (0x7) smb_vwv[ 5]=32768 (0x8000) smb_vwv[ 6]=32768 (0x8000) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]=32768 (0x8000) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=0 [2012/08/30 15:27:58.918795, 10] ../lib/util/util.c:415(dump_data) [2012/08/30 15:27:58.918865, 3] smbd/process.c:1467(switch_message) switch message SMBreadX (pid 3054) conn 0x7fd50c011730 [2012/08/30 15:27:58.918990, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/08/30 15:27:58.919119, 10] locking/locking.c:121(strict_lock_default) is_locked: optimisation - exclusive oplock on file x64/3/pscript.ntf [2012/08/30 15:27:58.919240, 10] locking/locking.c:163(strict_lock_default) strict_lock_default: flavour = WINDOWS_LOCK brl start=491520 len=32768 unlocked for fnum 17776 file x64/3/pscript.ntf [2012/08/30 15:27:58.919428, 10] smbd/fileio.c:109(read_file) read_file (x64/3/pscript.ntf): pos = 491520, size = 32768, returned 32768 [2012/08/30 15:27:58.919621, 3] smbd/reply.c:3702(send_file_readX) send_file_readX fnum=17776 max=32768 nread=32768 [2012/08/30 15:27:58.921426, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 59 [2012/08/30 15:27:58.921593, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x3b [2012/08/30 15:27:58.921731, 3] smbd/process.c:1662(process_smb) Transaction 223 of length 63 (0 toread) [2012/08/30 15:27:58.921855, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:58.922078, 5] lib/util.c:342(show_msg) size=59 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=65279 smb_uid=100 smb_mid=19338 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]=17776 (0x4570) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 8 (0x8) smb_vwv[ 5]=32768 (0x8000) smb_vwv[ 6]=32768 (0x8000) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]=32768 (0x8000) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=0 [2012/08/30 15:27:58.923818, 10] ../lib/util/util.c:415(dump_data) [2012/08/30 15:27:58.923903, 3] smbd/process.c:1467(switch_message) switch message SMBreadX (pid 3054) conn 0x7fd50c011730 [2012/08/30 15:27:58.924024, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/08/30 15:27:58.924168, 10] locking/locking.c:121(strict_lock_default) is_locked: optimisation - exclusive oplock on file x64/3/pscript.ntf [2012/08/30 15:27:58.924335, 10] locking/locking.c:163(strict_lock_default) strict_lock_default: flavour = WINDOWS_LOCK brl start=524288 len=32768 unlocked for fnum 17776 file x64/3/pscript.ntf [2012/08/30 15:27:58.924490, 10] smbd/fileio.c:109(read_file) read_file (x64/3/pscript.ntf): pos = 524288, size = 32768, returned 32768 [2012/08/30 15:27:58.924626, 3] smbd/reply.c:3702(send_file_readX) send_file_readX fnum=17776 max=32768 nread=32768 [2012/08/30 15:27:58.925004, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 59 [2012/08/30 15:27:58.925167, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x3b [2012/08/30 15:27:58.925428, 3] smbd/process.c:1662(process_smb) Transaction 224 of length 63 (0 toread) [2012/08/30 15:27:58.925568, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:58.925658, 5] lib/util.c:342(show_msg) size=59 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=65279 smb_uid=100 smb_mid=19403 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]=17776 (0x4570) smb_vwv[ 3]=32768 (0x8000) smb_vwv[ 4]= 8 (0x8) smb_vwv[ 5]=32768 (0x8000) smb_vwv[ 6]=32768 (0x8000) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]=32768 (0x8000) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=0 [2012/08/30 15:27:58.927593, 10] ../lib/util/util.c:415(dump_data) [2012/08/30 15:27:58.927661, 3] smbd/process.c:1467(switch_message) switch message SMBreadX (pid 3054) conn 0x7fd50c011730 [2012/08/30 15:27:58.927782, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/08/30 15:27:58.927925, 10] locking/locking.c:121(strict_lock_default) is_locked: optimisation - exclusive oplock on file x64/3/pscript.ntf [2012/08/30 15:27:58.928090, 10] locking/locking.c:163(strict_lock_default) strict_lock_default: flavour = WINDOWS_LOCK brl start=557056 len=32768 unlocked for fnum 17776 file x64/3/pscript.ntf [2012/08/30 15:27:58.928241, 10] smbd/fileio.c:109(read_file) read_file (x64/3/pscript.ntf): pos = 557056, size = 32768, returned 32768 [2012/08/30 15:27:58.928383, 3] smbd/reply.c:3702(send_file_readX) send_file_readX fnum=17776 max=32768 nread=32768 [2012/08/30 15:27:58.928763, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 59 [2012/08/30 15:27:58.929063, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x3b [2012/08/30 15:27:58.929211, 3] smbd/process.c:1662(process_smb) Transaction 225 of length 63 (0 toread) [2012/08/30 15:27:58.929351, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:58.929415, 5] lib/util.c:342(show_msg) size=59 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=65279 smb_uid=100 smb_mid=19468 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]=17776 (0x4570) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 9 (0x9) smb_vwv[ 5]=32768 (0x8000) smb_vwv[ 6]=32768 (0x8000) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]=32768 (0x8000) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=0 [2012/08/30 15:27:58.931170, 10] ../lib/util/util.c:415(dump_data) [2012/08/30 15:27:58.931242, 3] smbd/process.c:1467(switch_message) switch message SMBreadX (pid 3054) conn 0x7fd50c011730 [2012/08/30 15:27:58.931363, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/08/30 15:27:58.931559, 10] locking/locking.c:121(strict_lock_default) is_locked: optimisation - exclusive oplock on file x64/3/pscript.ntf [2012/08/30 15:27:58.931700, 10] locking/locking.c:163(strict_lock_default) strict_lock_default: flavour = WINDOWS_LOCK brl start=589824 len=32768 unlocked for fnum 17776 file x64/3/pscript.ntf [2012/08/30 15:27:58.931850, 10] smbd/fileio.c:109(read_file) read_file (x64/3/pscript.ntf): pos = 589824, size = 32768, returned 32768 [2012/08/30 15:27:58.931992, 3] smbd/reply.c:3702(send_file_readX) send_file_readX fnum=17776 max=32768 nread=32768 [2012/08/30 15:27:58.932366, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 59 [2012/08/30 15:27:58.932651, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x3b [2012/08/30 15:27:58.933095, 3] smbd/process.c:1662(process_smb) Transaction 226 of length 63 (0 toread) [2012/08/30 15:27:58.933241, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:58.933306, 5] lib/util.c:342(show_msg) size=59 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=65279 smb_uid=100 smb_mid=19533 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]=17776 (0x4570) smb_vwv[ 3]=32768 (0x8000) smb_vwv[ 4]= 9 (0x9) smb_vwv[ 5]=32768 (0x8000) smb_vwv[ 6]=32768 (0x8000) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]=32768 (0x8000) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=0 [2012/08/30 15:27:58.935150, 10] ../lib/util/util.c:415(dump_data) [2012/08/30 15:27:58.935224, 3] smbd/process.c:1467(switch_message) switch message SMBreadX (pid 3054) conn 0x7fd50c011730 [2012/08/30 15:27:58.935351, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/08/30 15:27:58.935482, 10] locking/locking.c:121(strict_lock_default) is_locked: optimisation - exclusive oplock on file x64/3/pscript.ntf [2012/08/30 15:27:58.935641, 10] locking/locking.c:163(strict_lock_default) strict_lock_default: flavour = WINDOWS_LOCK brl start=622592 len=32768 unlocked for fnum 17776 file x64/3/pscript.ntf [2012/08/30 15:27:58.935803, 10] smbd/fileio.c:109(read_file) read_file (x64/3/pscript.ntf): pos = 622592, size = 32768, returned 32768 [2012/08/30 15:27:58.935949, 3] smbd/reply.c:3702(send_file_readX) send_file_readX fnum=17776 max=32768 nread=32768 [2012/08/30 15:27:58.937519, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 59 [2012/08/30 15:27:58.937683, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x3b [2012/08/30 15:27:58.937944, 3] smbd/process.c:1662(process_smb) Transaction 227 of length 63 (0 toread) [2012/08/30 15:27:58.938065, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:58.938154, 5] lib/util.c:342(show_msg) size=59 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=65279 smb_uid=100 smb_mid=19598 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]=17776 (0x4570) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 10 (0xA) smb_vwv[ 5]=32768 (0x8000) smb_vwv[ 6]=32768 (0x8000) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]=32768 (0x8000) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=0 [2012/08/30 15:27:58.939869, 10] ../lib/util/util.c:415(dump_data) [2012/08/30 15:27:58.939936, 3] smbd/process.c:1467(switch_message) switch message SMBreadX (pid 3054) conn 0x7fd50c011730 [2012/08/30 15:27:58.940074, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/08/30 15:27:58.940230, 10] locking/locking.c:121(strict_lock_default) is_locked: optimisation - exclusive oplock on file x64/3/pscript.ntf [2012/08/30 15:27:58.940355, 10] locking/locking.c:163(strict_lock_default) strict_lock_default: flavour = WINDOWS_LOCK brl start=655360 len=32768 unlocked for fnum 17776 file x64/3/pscript.ntf [2012/08/30 15:27:58.940496, 10] smbd/fileio.c:109(read_file) read_file (x64/3/pscript.ntf): pos = 655360, size = 32768, returned 32768 [2012/08/30 15:27:58.940749, 3] smbd/reply.c:3702(send_file_readX) send_file_readX fnum=17776 max=32768 nread=32768 [2012/08/30 15:27:58.942124, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 59 [2012/08/30 15:27:58.942299, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x3b [2012/08/30 15:27:58.942458, 3] smbd/process.c:1662(process_smb) Transaction 228 of length 63 (0 toread) [2012/08/30 15:27:58.942595, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:58.942659, 5] lib/util.c:342(show_msg) size=59 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=65279 smb_uid=100 smb_mid=19663 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]=17776 (0x4570) smb_vwv[ 3]=32768 (0x8000) smb_vwv[ 4]= 10 (0xA) smb_vwv[ 5]=32768 (0x8000) smb_vwv[ 6]=32768 (0x8000) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]=32768 (0x8000) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=0 [2012/08/30 15:27:58.944432, 10] ../lib/util/util.c:415(dump_data) [2012/08/30 15:27:58.944500, 3] smbd/process.c:1467(switch_message) switch message SMBreadX (pid 3054) conn 0x7fd50c011730 [2012/08/30 15:27:58.944633, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/08/30 15:27:58.944766, 10] locking/locking.c:121(strict_lock_default) is_locked: optimisation - exclusive oplock on file x64/3/pscript.ntf [2012/08/30 15:27:58.944889, 10] locking/locking.c:163(strict_lock_default) strict_lock_default: flavour = WINDOWS_LOCK brl start=688128 len=32768 unlocked for fnum 17776 file x64/3/pscript.ntf [2012/08/30 15:27:58.945056, 10] smbd/fileio.c:109(read_file) read_file (x64/3/pscript.ntf): pos = 688128, size = 32768, returned 32768 [2012/08/30 15:27:58.945198, 3] smbd/reply.c:3702(send_file_readX) send_file_readX fnum=17776 max=32768 nread=32768 [2012/08/30 15:27:58.949963, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 59 [2012/08/30 15:27:58.950221, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x3b [2012/08/30 15:27:58.950344, 3] smbd/process.c:1662(process_smb) Transaction 229 of length 63 (0 toread) [2012/08/30 15:27:58.950498, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:58.950560, 5] lib/util.c:342(show_msg) size=59 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=65279 smb_uid=100 smb_mid=19713 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]=17776 (0x4570) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 11 (0xB) smb_vwv[ 5]=32768 (0x8000) smb_vwv[ 6]=32768 (0x8000) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]=32768 (0x8000) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=0 [2012/08/30 15:27:58.952330, 10] ../lib/util/util.c:415(dump_data) [2012/08/30 15:27:58.952411, 3] smbd/process.c:1467(switch_message) switch message SMBreadX (pid 3054) conn 0x7fd50c011730 [2012/08/30 15:27:58.952550, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/08/30 15:27:58.952679, 10] locking/locking.c:121(strict_lock_default) is_locked: optimisation - exclusive oplock on file x64/3/pscript.ntf [2012/08/30 15:27:58.952813, 10] locking/locking.c:163(strict_lock_default) strict_lock_default: flavour = WINDOWS_LOCK brl start=720896 len=32768 unlocked for fnum 17776 file x64/3/pscript.ntf [2012/08/30 15:27:58.952981, 10] smbd/fileio.c:109(read_file) read_file (x64/3/pscript.ntf): pos = 720896, size = 32768, returned 32768 [2012/08/30 15:27:58.953138, 3] smbd/reply.c:3702(send_file_readX) send_file_readX fnum=17776 max=32768 nread=32768 [2012/08/30 15:27:58.953861, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 59 [2012/08/30 15:27:58.954058, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x3b [2012/08/30 15:27:58.954189, 3] smbd/process.c:1662(process_smb) Transaction 230 of length 63 (0 toread) [2012/08/30 15:27:58.954337, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:58.954416, 5] lib/util.c:342(show_msg) size=59 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=65279 smb_uid=100 smb_mid=19776 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]=17776 (0x4570) smb_vwv[ 3]=32768 (0x8000) smb_vwv[ 4]= 11 (0xB) smb_vwv[ 5]=32768 (0x8000) smb_vwv[ 6]=32768 (0x8000) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]=32768 (0x8000) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=0 [2012/08/30 15:27:58.956116, 10] ../lib/util/util.c:415(dump_data) [2012/08/30 15:27:58.956184, 3] smbd/process.c:1467(switch_message) switch message SMBreadX (pid 3054) conn 0x7fd50c011730 [2012/08/30 15:27:58.956305, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/08/30 15:27:58.956461, 10] locking/locking.c:121(strict_lock_default) is_locked: optimisation - exclusive oplock on file x64/3/pscript.ntf [2012/08/30 15:27:58.956620, 10] locking/locking.c:163(strict_lock_default) strict_lock_default: flavour = WINDOWS_LOCK brl start=753664 len=32768 unlocked for fnum 17776 file x64/3/pscript.ntf [2012/08/30 15:27:58.956796, 10] smbd/fileio.c:109(read_file) read_file (x64/3/pscript.ntf): pos = 753664, size = 32768, returned 32768 [2012/08/30 15:27:58.956949, 3] smbd/reply.c:3702(send_file_readX) send_file_readX fnum=17776 max=32768 nread=32768 [2012/08/30 15:27:58.957326, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 59 [2012/08/30 15:27:58.957472, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x3b [2012/08/30 15:27:58.957603, 3] smbd/process.c:1662(process_smb) Transaction 231 of length 63 (0 toread) [2012/08/30 15:27:58.957750, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:58.957834, 5] lib/util.c:342(show_msg) size=59 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=65279 smb_uid=100 smb_mid=19842 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]=17776 (0x4570) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 12 (0xC) smb_vwv[ 5]=32768 (0x8000) smb_vwv[ 6]=32768 (0x8000) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]=32768 (0x8000) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=0 [2012/08/30 15:27:58.959775, 10] ../lib/util/util.c:415(dump_data) [2012/08/30 15:27:58.959843, 3] smbd/process.c:1467(switch_message) switch message SMBreadX (pid 3054) conn 0x7fd50c011730 [2012/08/30 15:27:58.959980, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/08/30 15:27:58.960120, 10] locking/locking.c:121(strict_lock_default) is_locked: optimisation - exclusive oplock on file x64/3/pscript.ntf [2012/08/30 15:27:58.960258, 10] locking/locking.c:163(strict_lock_default) strict_lock_default: flavour = WINDOWS_LOCK brl start=786432 len=32768 unlocked for fnum 17776 file x64/3/pscript.ntf [2012/08/30 15:27:58.960415, 10] smbd/fileio.c:109(read_file) read_file (x64/3/pscript.ntf): pos = 786432, size = 32768, returned 32768 [2012/08/30 15:27:58.960542, 3] smbd/reply.c:3702(send_file_readX) send_file_readX fnum=17776 max=32768 nread=32768 [2012/08/30 15:27:58.960896, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 59 [2012/08/30 15:27:58.961026, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x3b [2012/08/30 15:27:58.961165, 3] smbd/process.c:1662(process_smb) Transaction 232 of length 63 (0 toread) [2012/08/30 15:27:58.961303, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:58.961377, 5] lib/util.c:342(show_msg) size=59 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=65279 smb_uid=100 smb_mid=19907 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]=17776 (0x4570) smb_vwv[ 3]=32768 (0x8000) smb_vwv[ 4]= 12 (0xC) smb_vwv[ 5]=32768 (0x8000) smb_vwv[ 6]=32768 (0x8000) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]=32768 (0x8000) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=0 [2012/08/30 15:27:58.963233, 10] ../lib/util/util.c:415(dump_data) [2012/08/30 15:27:58.963325, 3] smbd/process.c:1467(switch_message) switch message SMBreadX (pid 3054) conn 0x7fd50c011730 [2012/08/30 15:27:58.963454, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/08/30 15:27:58.963633, 10] locking/locking.c:121(strict_lock_default) is_locked: optimisation - exclusive oplock on file x64/3/pscript.ntf [2012/08/30 15:27:58.963771, 10] locking/locking.c:163(strict_lock_default) strict_lock_default: flavour = WINDOWS_LOCK brl start=819200 len=32768 unlocked for fnum 17776 file x64/3/pscript.ntf [2012/08/30 15:27:58.963934, 10] smbd/fileio.c:109(read_file) read_file (x64/3/pscript.ntf): pos = 819200, size = 32768, returned 32768 [2012/08/30 15:27:58.964085, 3] smbd/reply.c:3702(send_file_readX) send_file_readX fnum=17776 max=32768 nread=32768 [2012/08/30 15:27:58.964434, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 59 [2012/08/30 15:27:58.964570, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x3b [2012/08/30 15:27:58.964805, 3] smbd/process.c:1662(process_smb) Transaction 233 of length 63 (0 toread) [2012/08/30 15:27:58.964967, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:58.965037, 5] lib/util.c:342(show_msg) size=59 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=65279 smb_uid=100 smb_mid=19972 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]=17776 (0x4570) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 13 (0xD) smb_vwv[ 5]=32768 (0x8000) smb_vwv[ 6]=32768 (0x8000) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]=32768 (0x8000) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=0 [2012/08/30 15:27:58.966820, 10] ../lib/util/util.c:415(dump_data) [2012/08/30 15:27:58.966888, 3] smbd/process.c:1467(switch_message) switch message SMBreadX (pid 3054) conn 0x7fd50c011730 [2012/08/30 15:27:58.967026, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/08/30 15:27:58.967176, 10] locking/locking.c:121(strict_lock_default) is_locked: optimisation - exclusive oplock on file x64/3/pscript.ntf [2012/08/30 15:27:58.967313, 10] locking/locking.c:163(strict_lock_default) strict_lock_default: flavour = WINDOWS_LOCK brl start=851968 len=32768 unlocked for fnum 17776 file x64/3/pscript.ntf [2012/08/30 15:27:58.967473, 10] smbd/fileio.c:109(read_file) read_file (x64/3/pscript.ntf): pos = 851968, size = 32768, returned 32768 [2012/08/30 15:27:58.967638, 3] smbd/reply.c:3702(send_file_readX) send_file_readX fnum=17776 max=32768 nread=32768 [2012/08/30 15:27:59.212956, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 59 [2012/08/30 15:27:59.213164, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x3b [2012/08/30 15:27:59.213288, 3] smbd/process.c:1662(process_smb) Transaction 234 of length 63 (0 toread) [2012/08/30 15:27:59.213406, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:59.213468, 5] lib/util.c:342(show_msg) size=59 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=65279 smb_uid=100 smb_mid=20037 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]=17776 (0x4570) smb_vwv[ 3]=32768 (0x8000) smb_vwv[ 4]= 13 (0xD) smb_vwv[ 5]=32768 (0x8000) smb_vwv[ 6]=32768 (0x8000) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]=32768 (0x8000) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=0 [2012/08/30 15:27:59.215252, 10] ../lib/util/util.c:415(dump_data) [2012/08/30 15:27:59.215328, 3] smbd/process.c:1467(switch_message) switch message SMBreadX (pid 3054) conn 0x7fd50c011730 [2012/08/30 15:27:59.215467, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/08/30 15:27:59.215640, 10] locking/locking.c:121(strict_lock_default) is_locked: optimisation - exclusive oplock on file x64/3/pscript.ntf [2012/08/30 15:27:59.215784, 10] locking/locking.c:163(strict_lock_default) strict_lock_default: flavour = WINDOWS_LOCK brl start=884736 len=32768 unlocked for fnum 17776 file x64/3/pscript.ntf [2012/08/30 15:27:59.215956, 10] smbd/fileio.c:109(read_file) read_file (x64/3/pscript.ntf): pos = 884736, size = 32768, returned 32768 [2012/08/30 15:27:59.216100, 3] smbd/reply.c:3702(send_file_readX) send_file_readX fnum=17776 max=32768 nread=32768 [2012/08/30 15:27:59.216567, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 59 [2012/08/30 15:27:59.216721, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x3b [2012/08/30 15:27:59.216858, 3] smbd/process.c:1662(process_smb) Transaction 235 of length 63 (0 toread) [2012/08/30 15:27:59.217005, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:59.217091, 5] lib/util.c:342(show_msg) size=59 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=65279 smb_uid=100 smb_mid=20102 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]=17776 (0x4570) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 14 (0xE) smb_vwv[ 5]=32768 (0x8000) smb_vwv[ 6]=32768 (0x8000) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]=32768 (0x8000) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=0 [2012/08/30 15:27:59.218850, 10] ../lib/util/util.c:415(dump_data) [2012/08/30 15:27:59.218924, 3] smbd/process.c:1467(switch_message) switch message SMBreadX (pid 3054) conn 0x7fd50c011730 [2012/08/30 15:27:59.219062, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/08/30 15:27:59.219202, 10] locking/locking.c:121(strict_lock_default) is_locked: optimisation - exclusive oplock on file x64/3/pscript.ntf [2012/08/30 15:27:59.219339, 10] locking/locking.c:163(strict_lock_default) strict_lock_default: flavour = WINDOWS_LOCK brl start=917504 len=32768 unlocked for fnum 17776 file x64/3/pscript.ntf [2012/08/30 15:27:59.219497, 10] smbd/fileio.c:109(read_file) read_file (x64/3/pscript.ntf): pos = 917504, size = 32768, returned 32768 [2012/08/30 15:27:59.219637, 3] smbd/reply.c:3702(send_file_readX) send_file_readX fnum=17776 max=32768 nread=32768 [2012/08/30 15:27:59.219802, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 59 [2012/08/30 15:27:59.219943, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x3b [2012/08/30 15:27:59.220080, 3] smbd/process.c:1662(process_smb) Transaction 236 of length 63 (0 toread) [2012/08/30 15:27:59.220217, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:59.220289, 5] lib/util.c:342(show_msg) size=59 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=65279 smb_uid=100 smb_mid=20167 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]=17776 (0x4570) smb_vwv[ 3]=32768 (0x8000) smb_vwv[ 4]= 14 (0xE) smb_vwv[ 5]=32768 (0x8000) smb_vwv[ 6]=32768 (0x8000) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]=32768 (0x8000) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=0 [2012/08/30 15:27:59.222163, 10] ../lib/util/util.c:415(dump_data) [2012/08/30 15:27:59.222236, 3] smbd/process.c:1467(switch_message) switch message SMBreadX (pid 3054) conn 0x7fd50c011730 [2012/08/30 15:27:59.222373, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/08/30 15:27:59.222537, 10] locking/locking.c:121(strict_lock_default) is_locked: optimisation - exclusive oplock on file x64/3/pscript.ntf [2012/08/30 15:27:59.222677, 10] locking/locking.c:163(strict_lock_default) strict_lock_default: flavour = WINDOWS_LOCK brl start=950272 len=32768 unlocked for fnum 17776 file x64/3/pscript.ntf [2012/08/30 15:27:59.222972, 10] smbd/fileio.c:109(read_file) read_file (x64/3/pscript.ntf): pos = 950272, size = 32768, returned 32768 [2012/08/30 15:27:59.223559, 3] smbd/reply.c:3702(send_file_readX) send_file_readX fnum=17776 max=32768 nread=32768 [2012/08/30 15:27:59.223837, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 59 [2012/08/30 15:27:59.223979, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x3b [2012/08/30 15:27:59.224117, 3] smbd/process.c:1662(process_smb) Transaction 237 of length 63 (0 toread) [2012/08/30 15:27:59.224254, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:59.224326, 5] lib/util.c:342(show_msg) size=59 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=65279 smb_uid=100 smb_mid=20232 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]=17776 (0x4570) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 15 (0xF) smb_vwv[ 5]=32768 (0x8000) smb_vwv[ 6]=32768 (0x8000) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]=32768 (0x8000) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=0 [2012/08/30 15:27:59.226638, 10] ../lib/util/util.c:415(dump_data) [2012/08/30 15:27:59.226711, 3] smbd/process.c:1467(switch_message) switch message SMBreadX (pid 3054) conn 0x7fd50c011730 [2012/08/30 15:27:59.226833, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/08/30 15:27:59.226957, 10] locking/locking.c:121(strict_lock_default) is_locked: optimisation - exclusive oplock on file x64/3/pscript.ntf [2012/08/30 15:27:59.227077, 10] locking/locking.c:163(strict_lock_default) strict_lock_default: flavour = WINDOWS_LOCK brl start=983040 len=32768 unlocked for fnum 17776 file x64/3/pscript.ntf [2012/08/30 15:27:59.227223, 10] smbd/fileio.c:109(read_file) read_file (x64/3/pscript.ntf): pos = 983040, size = 32768, returned 32768 [2012/08/30 15:27:59.227346, 3] smbd/reply.c:3702(send_file_readX) send_file_readX fnum=17776 max=32768 nread=32768 [2012/08/30 15:27:59.227919, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 59 [2012/08/30 15:27:59.228172, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x3b [2012/08/30 15:27:59.228302, 3] smbd/process.c:1662(process_smb) Transaction 238 of length 63 (0 toread) [2012/08/30 15:27:59.228422, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:59.228484, 5] lib/util.c:342(show_msg) size=59 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=65279 smb_uid=100 smb_mid=20297 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]=17776 (0x4570) smb_vwv[ 3]=32768 (0x8000) smb_vwv[ 4]= 15 (0xF) smb_vwv[ 5]=32768 (0x8000) smb_vwv[ 6]=32768 (0x8000) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]=32768 (0x8000) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=0 [2012/08/30 15:27:59.229969, 10] ../lib/util/util.c:415(dump_data) [2012/08/30 15:27:59.230041, 3] smbd/process.c:1467(switch_message) switch message SMBreadX (pid 3054) conn 0x7fd50c011730 [2012/08/30 15:27:59.230162, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/08/30 15:27:59.230303, 10] locking/locking.c:121(strict_lock_default) is_locked: optimisation - exclusive oplock on file x64/3/pscript.ntf [2012/08/30 15:27:59.230424, 10] locking/locking.c:163(strict_lock_default) strict_lock_default: flavour = WINDOWS_LOCK brl start=1015808 len=32768 unlocked for fnum 17776 file x64/3/pscript.ntf [2012/08/30 15:27:59.230571, 10] smbd/fileio.c:109(read_file) read_file (x64/3/pscript.ntf): pos = 1015808, size = 32768, returned 32768 [2012/08/30 15:27:59.230694, 3] smbd/reply.c:3702(send_file_readX) send_file_readX fnum=17776 max=32768 nread=32768 [2012/08/30 15:27:59.231054, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 59 [2012/08/30 15:27:59.231181, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x3b [2012/08/30 15:27:59.231301, 3] smbd/process.c:1662(process_smb) Transaction 239 of length 63 (0 toread) [2012/08/30 15:27:59.231549, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:59.231640, 5] lib/util.c:342(show_msg) size=59 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=65279 smb_uid=100 smb_mid=20362 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]=17776 (0x4570) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 16 (0x10) smb_vwv[ 5]=11972 (0x2EC4) smb_vwv[ 6]=11972 (0x2EC4) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]=11972 (0x2EC4) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=0 [2012/08/30 15:27:59.233106, 10] ../lib/util/util.c:415(dump_data) [2012/08/30 15:27:59.233172, 3] smbd/process.c:1467(switch_message) switch message SMBreadX (pid 3054) conn 0x7fd50c011730 [2012/08/30 15:27:59.233291, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/08/30 15:27:59.233422, 10] locking/locking.c:121(strict_lock_default) is_locked: optimisation - exclusive oplock on file x64/3/pscript.ntf [2012/08/30 15:27:59.233541, 10] locking/locking.c:163(strict_lock_default) strict_lock_default: flavour = WINDOWS_LOCK brl start=1048576 len=11972 unlocked for fnum 17776 file x64/3/pscript.ntf [2012/08/30 15:27:59.233821, 10] smbd/fileio.c:109(read_file) read_file (x64/3/pscript.ntf): pos = 1048576, size = 11972, returned 11972 [2012/08/30 15:27:59.233944, 3] smbd/reply.c:3702(send_file_readX) send_file_readX fnum=17776 max=11972 nread=11972 [2012/08/30 15:27:59.237517, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 114 [2012/08/30 15:27:59.237777, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x72 [2012/08/30 15:27:59.237930, 3] smbd/process.c:1662(process_smb) Transaction 240 of length 118 (0 toread) [2012/08/30 15:27:59.238101, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:59.238181, 5] lib/util.c:342(show_msg) size=114 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=292 smb_uid=100 smb_mid=20426 smt_wct=15 smb_vwv[ 0]= 46 (0x2E) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 10 (0xA) smb_vwv[ 3]=16384 (0x4000) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 46 (0x2E) smb_vwv[10]= 68 (0x44) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 1 (0x1) smb_vwv[14]= 1 (0x1) smb_bcc=49 [2012/08/30 15:27:59.240203, 10] ../lib/util/util.c:415(dump_data) [0000] 00 00 00 16 00 56 05 07 00 04 01 00 00 00 00 5C .....V.. .......\ [0010] 00 78 00 36 00 34 00 5C 00 33 00 5C 00 63 00 75 .x.6.4.\ .3.\.c.u [0020] 00 70 00 73 00 36 00 2E 00 69 00 6E 00 69 00 00 .p.s.6.. .i.n.i.. [0030] 00 . [2012/08/30 15:27:59.240592, 3] smbd/process.c:1467(switch_message) switch message SMBtrans2 (pid 3054) conn 0x7fd50c011730 [2012/08/30 15:27:59.240730, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/08/30 15:27:59.240894, 3] smbd/trans2.c:2286(call_trans2findfirst) call_trans2findfirst: dirtype = 16, maxentries = 1366, close_after_first=1, close_if_end = 1 requires_resume_key = 1 level = 0x104, max_data_bytes = 16384 [2012/08/30 15:27:59.241046, 5] smbd/filename.c:257(unix_convert) unix_convert called on file "x64/3/cups6.ini" [2012/08/30 15:27:59.241209, 10] smbd/statcache.c:244(stat_cache_lookup) stat_cache_lookup: lookup failed for name [X64/3/CUPS6.INI] [2012/08/30 15:27:59.241348, 10] smbd/statcache.c:283(stat_cache_lookup) stat_cache_lookup: lookup succeeded for name [X64/3] -> [x64/3] [2012/08/30 15:27:59.241491, 5] smbd/filename.c:416(unix_convert) unix_convert begin: name = x64/3/cups6.ini, dirpath = x64/3, start = cups6.ini [2012/08/30 15:27:59.241662, 5] smbd/statcache.c:143(stat_cache_add) stat_cache_add: Added entry (7fd50c053060:size f) X64/3/CUPS6.INI -> x64/3/cups6.ini [2012/08/30 15:27:59.241800, 5] smbd/filename.c:439(unix_convert) conversion of base_name finished x64/3/cups6.ini -> x64/3/cups6.ini [2012/08/30 15:27:59.241938, 3] smbd/vfs.c:905(check_reduced_name) check_reduced_name [x64/3/cups6.ini] [/var/lib/samba/printers] [2012/08/30 15:27:59.242090, 10] smbd/vfs.c:969(check_reduced_name) check_reduced_name realpath [x64/3/cups6.ini] -> [/var/lib/samba/printers/x64/3/cups6.ini] [2012/08/30 15:27:59.242247, 3] smbd/vfs.c:1039(check_reduced_name) check_reduced_name: x64/3/cups6.ini reduced to /var/lib/samba/printers/x64/3/cups6.ini [2012/08/30 15:27:59.242384, 5] smbd/trans2.c:2371(call_trans2findfirst) dir=x64/3, mask = cups6.ini [2012/08/30 15:27:59.242525, 5] smbd/dir.c:439(dptr_create) dptr_create dir=x64/3 [2012/08/30 15:27:59.242662, 3] smbd/vfs.c:905(check_reduced_name) check_reduced_name [x64/3] [/var/lib/samba/printers] [2012/08/30 15:27:59.242818, 10] smbd/vfs.c:969(check_reduced_name) check_reduced_name realpath [x64/3] -> [/var/lib/samba/printers/x64/3] [2012/08/30 15:27:59.242956, 3] smbd/vfs.c:1039(check_reduced_name) check_reduced_name: x64/3 reduced to /var/lib/samba/printers/x64/3 [2012/08/30 15:27:59.243251, 3] smbd/dir.c:578(dptr_create) creating new dirptr 256 for path x64/3, expect_close = 1 [2012/08/30 15:27:59.243397, 4] smbd/trans2.c:2439(call_trans2findfirst) dptr_num is 256, wcard = cups6.ini, attr = 22 [2012/08/30 15:27:59.243596, 8] smbd/trans2.c:2448(call_trans2findfirst) dirpath= dontdescend=<> [2012/08/30 15:27:59.243750, 6] smbd/dir.c:969(smbd_dirptr_get_entry) smbd_dirptr_get_entry: dirptr 0x7fd50c012c20 now at offset -1 [2012/08/30 15:27:59.243892, 8] smbd/dosmode.c:621(dos_mode) dos_mode: x64/3/cups6.ini [2012/08/30 15:27:59.244032, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning a [2012/08/30 15:27:59.244169, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning a [2012/08/30 15:27:59.244341, 10] locking/locking.c:1026(fetch_share_mode_unlocked) fetch_share_mode_unlocked: no share_mode record around (file not open) [2012/08/30 15:27:59.244479, 3] smbd/dir.c:1041(smbd_dirptr_get_entry) smbd_dirptr_get_entry mask=[cups6.ini] found x64/3/cups6.ini fname=cups6.ini (cups6.ini) [2012/08/30 15:27:59.244624, 10] smbd/trans2.c:1572(smbd_marshall_dir_entry) smbd_marshall_dir_entry: space_remaining = 16384 [2012/08/30 15:27:59.244778, 10] smbd/trans2.c:1721(smbd_marshall_dir_entry) smbd_marshall_dir_entry: SMB_FIND_FILE_BOTH_DIRECTORY_INFO [2012/08/30 15:27:59.244927, 5] smbd/trans2.c:2505(call_trans2findfirst) call_trans2findfirst - (2) closing dptr_num 256 [2012/08/30 15:27:59.245066, 4] smbd/dir.c:257(dptr_close_internal) closing dptr key 256 [2012/08/30 15:27:59.245216, 9] smbd/trans2.c:935(send_trans2_replies) t2_rep: params_sent_thistime = 10, data_sent_thistime = 112, useable_space = 131010 [2012/08/30 15:27:59.245356, 9] smbd/trans2.c:937(send_trans2_replies) t2_rep: params_to_send = 10, data_to_send = 112, paramsize = 10, datasize = 112 [2012/08/30 15:27:59.245495, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:59.245743, 5] lib/util.c:342(show_msg) size=180 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=2 smb_pid=292 smb_uid=100 smb_mid=20426 smt_wct=10 smb_vwv[ 0]= 10 (0xA) smb_vwv[ 1]= 112 (0x70) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 10 (0xA) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 112 (0x70) smb_vwv[ 7]= 68 (0x44) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=125 [2012/08/30 15:27:59.247426, 10] ../lib/util/util.c:415(dump_data) [0000] 00 FD FF 01 00 01 00 00 00 00 00 00 00 70 00 00 ........ .....p.. [0010] 00 00 00 00 00 CA C2 00 CC E3 86 CD 01 B4 76 49 ........ ......vI [0020] D9 E3 86 CD 01 CA C2 00 CC E3 86 CD 01 CA C2 00 ........ ........ [0030] CC E3 86 CD 01 48 00 00 00 00 00 00 00 00 00 10 .....H.. ........ [0040] 00 00 00 00 00 20 00 00 00 12 00 00 00 00 00 00 ..... .. ........ [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0060] 00 00 00 00 00 00 00 00 00 00 00 63 00 75 00 70 ........ ...c.u.p [0070] 00 73 00 36 00 2E 00 69 00 6E 00 69 00 .s.6...i .n.i. [2012/08/30 15:27:59.248466, 4] smbd/trans2.c:2549(call_trans2findfirst) SMBtrans2 mask=cups6.ini directory=x64/3 dirtype=22 numentries=1 [2012/08/30 15:27:59.251567, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 114 [2012/08/30 15:27:59.251746, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x72 [2012/08/30 15:27:59.251866, 3] smbd/process.c:1662(process_smb) Transaction 241 of length 118 (0 toread) [2012/08/30 15:27:59.251985, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:59.252046, 5] lib/util.c:342(show_msg) size=114 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=292 smb_uid=100 smb_mid=20490 smt_wct=15 smb_vwv[ 0]= 46 (0x2E) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 10 (0xA) smb_vwv[ 3]=16384 (0x4000) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 46 (0x2E) smb_vwv[10]= 68 (0x44) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 1 (0x1) smb_vwv[14]= 1 (0x1) smb_bcc=49 [2012/08/30 15:27:59.253680, 10] ../lib/util/util.c:415(dump_data) [0000] 00 00 00 16 00 56 05 07 00 04 01 00 00 00 00 5C .....V.. .......\ [0010] 00 78 00 36 00 34 00 5C 00 33 00 5C 00 63 00 75 .x.6.4.\ .3.\.c.u [0020] 00 70 00 73 00 36 00 2E 00 69 00 6E 00 69 00 00 .p.s.6.. .i.n.i.. [0030] 00 . [2012/08/30 15:27:59.254030, 3] smbd/process.c:1467(switch_message) switch message SMBtrans2 (pid 3054) conn 0x7fd50c011730 [2012/08/30 15:27:59.254149, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/08/30 15:27:59.254274, 3] smbd/trans2.c:2286(call_trans2findfirst) call_trans2findfirst: dirtype = 16, maxentries = 1366, close_after_first=1, close_if_end = 1 requires_resume_key = 1 level = 0x104, max_data_bytes = 16384 [2012/08/30 15:27:59.254401, 5] smbd/filename.c:257(unix_convert) unix_convert called on file "x64/3/cups6.ini" [2012/08/30 15:27:59.254524, 10] smbd/statcache.c:283(stat_cache_lookup) stat_cache_lookup: lookup succeeded for name [X64/3/CUPS6.INI] -> [x64/3/cups6.ini] [2012/08/30 15:27:59.254652, 3] smbd/vfs.c:905(check_reduced_name) check_reduced_name [x64/3/cups6.ini] [/var/lib/samba/printers] [2012/08/30 15:27:59.254781, 10] smbd/vfs.c:969(check_reduced_name) check_reduced_name realpath [x64/3/cups6.ini] -> [/var/lib/samba/printers/x64/3/cups6.ini] [2012/08/30 15:27:59.254898, 3] smbd/vfs.c:1039(check_reduced_name) check_reduced_name: x64/3/cups6.ini reduced to /var/lib/samba/printers/x64/3/cups6.ini [2012/08/30 15:27:59.255016, 5] smbd/trans2.c:2371(call_trans2findfirst) dir=x64/3, mask = cups6.ini [2012/08/30 15:27:59.255134, 5] smbd/dir.c:439(dptr_create) dptr_create dir=x64/3 [2012/08/30 15:27:59.255251, 3] smbd/vfs.c:905(check_reduced_name) check_reduced_name [x64/3] [/var/lib/samba/printers] [2012/08/30 15:27:59.255377, 10] smbd/vfs.c:969(check_reduced_name) check_reduced_name realpath [x64/3] -> [/var/lib/samba/printers/x64/3] [2012/08/30 15:27:59.255519, 3] smbd/vfs.c:1039(check_reduced_name) check_reduced_name: x64/3 reduced to /var/lib/samba/printers/x64/3 [2012/08/30 15:27:59.255656, 3] smbd/dir.c:578(dptr_create) creating new dirptr 256 for path x64/3, expect_close = 1 [2012/08/30 15:27:59.255773, 4] smbd/trans2.c:2439(call_trans2findfirst) dptr_num is 256, wcard = cups6.ini, attr = 22 [2012/08/30 15:27:59.255890, 8] smbd/trans2.c:2448(call_trans2findfirst) dirpath= dontdescend=<> [2012/08/30 15:27:59.256017, 6] smbd/dir.c:969(smbd_dirptr_get_entry) smbd_dirptr_get_entry: dirptr 0x7fd50c029190 now at offset -1 [2012/08/30 15:27:59.257051, 8] smbd/dosmode.c:621(dos_mode) dos_mode: x64/3/cups6.ini [2012/08/30 15:27:59.257176, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning a [2012/08/30 15:27:59.257295, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning a [2012/08/30 15:27:59.257427, 10] locking/locking.c:1026(fetch_share_mode_unlocked) fetch_share_mode_unlocked: no share_mode record around (file not open) [2012/08/30 15:27:59.257696, 3] smbd/dir.c:1041(smbd_dirptr_get_entry) smbd_dirptr_get_entry mask=[cups6.ini] found x64/3/cups6.ini fname=cups6.ini (cups6.ini) [2012/08/30 15:27:59.257820, 10] smbd/trans2.c:1572(smbd_marshall_dir_entry) smbd_marshall_dir_entry: space_remaining = 16384 [2012/08/30 15:27:59.257958, 10] smbd/trans2.c:1721(smbd_marshall_dir_entry) smbd_marshall_dir_entry: SMB_FIND_FILE_BOTH_DIRECTORY_INFO [2012/08/30 15:27:59.258088, 5] smbd/trans2.c:2505(call_trans2findfirst) call_trans2findfirst - (2) closing dptr_num 256 [2012/08/30 15:27:59.258214, 4] smbd/dir.c:257(dptr_close_internal) closing dptr key 256 [2012/08/30 15:27:59.258342, 9] smbd/trans2.c:935(send_trans2_replies) t2_rep: params_sent_thistime = 10, data_sent_thistime = 112, useable_space = 131010 [2012/08/30 15:27:59.258460, 9] smbd/trans2.c:937(send_trans2_replies) t2_rep: params_to_send = 10, data_to_send = 112, paramsize = 10, datasize = 112 [2012/08/30 15:27:59.258578, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:59.258639, 5] lib/util.c:342(show_msg) size=180 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=2 smb_pid=292 smb_uid=100 smb_mid=20490 smt_wct=10 smb_vwv[ 0]= 10 (0xA) smb_vwv[ 1]= 112 (0x70) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 10 (0xA) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 112 (0x70) smb_vwv[ 7]= 68 (0x44) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=125 [2012/08/30 15:27:59.260010, 10] ../lib/util/util.c:415(dump_data) [0000] 00 FD FF 01 00 01 00 00 00 00 00 00 00 70 00 00 ........ .....p.. [0010] 00 00 00 00 00 CA C2 00 CC E3 86 CD 01 B4 76 49 ........ ......vI [0020] D9 E3 86 CD 01 CA C2 00 CC E3 86 CD 01 CA C2 00 ........ ........ [0030] CC E3 86 CD 01 48 00 00 00 00 00 00 00 00 00 10 .....H.. ........ [0040] 00 00 00 00 00 20 00 00 00 12 00 00 00 00 00 00 ..... .. ........ [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0060] 00 00 00 00 00 00 00 00 00 00 00 63 00 75 00 70 ........ ...c.u.p [0070] 00 73 00 36 00 2E 00 69 00 6E 00 69 00 .s.6...i .n.i. [2012/08/30 15:27:59.260759, 4] smbd/trans2.c:2549(call_trans2findfirst) SMBtrans2 mask=cups6.ini directory=x64/3 dirtype=22 numentries=1 [2012/08/30 15:27:59.262439, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 118 [2012/08/30 15:27:59.262594, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x76 [2012/08/30 15:27:59.262714, 3] smbd/process.c:1662(process_smb) Transaction 242 of length 122 (0 toread) [2012/08/30 15:27:59.262853, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:59.262915, 5] lib/util.c:342(show_msg) size=118 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=292 smb_uid=100 smb_mid=20554 smt_wct=24 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 8192 (0x2000) smb_vwv[ 3]= 5632 (0x1600) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]=35072 (0x8900) smb_vwv[ 8]= 512 (0x200) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 256 (0x100) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 256 (0x100) smb_vwv[18]= 0 (0x0) smb_vwv[19]=16384 (0x4000) smb_vwv[20]= 0 (0x0) smb_vwv[21]= 512 (0x200) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 768 (0x300) smb_bcc=35 [2012/08/30 15:27:59.265090, 10] ../lib/util/util.c:415(dump_data) [0000] 00 5C 00 78 00 36 00 34 00 5C 00 33 00 5C 00 63 .\.x.6.4 .\.3.\.c [0010] 00 75 00 70 00 73 00 36 00 2E 00 69 00 6E 00 69 .u.p.s.6 ...i.n.i [0020] 00 00 00 ... [2012/08/30 15:27:59.265405, 3] smbd/process.c:1467(switch_message) switch message SMBntcreateX (pid 3054) conn 0x7fd50c011730 [2012/08/30 15:27:59.265527, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/08/30 15:27:59.265650, 10] smbd/nttrans.c:500(reply_ntcreate_and_X) reply_ntcreate_and_X: flags = 0x16, access_mask = 0x20089 file_attributes = 0x0, share_access = 0x1, create_disposition = 0x1 create_options = 0x40 root_dir_fid = 0x0, fname = x64/3/cups6.ini [2012/08/30 15:27:59.265775, 5] smbd/filename.c:257(unix_convert) unix_convert called on file "x64/3/cups6.ini" [2012/08/30 15:27:59.265898, 10] smbd/statcache.c:283(stat_cache_lookup) stat_cache_lookup: lookup succeeded for name [X64/3/CUPS6.INI] -> [x64/3/cups6.ini] [2012/08/30 15:27:59.266050, 3] smbd/vfs.c:905(check_reduced_name) check_reduced_name [x64/3/cups6.ini] [/var/lib/samba/printers] [2012/08/30 15:27:59.266180, 10] smbd/vfs.c:969(check_reduced_name) check_reduced_name realpath [x64/3/cups6.ini] -> [/var/lib/samba/printers/x64/3/cups6.ini] [2012/08/30 15:27:59.266297, 3] smbd/vfs.c:1039(check_reduced_name) check_reduced_name: x64/3/cups6.ini reduced to /var/lib/samba/printers/x64/3/cups6.ini [2012/08/30 15:27:59.266415, 10] smbd/open.c:3607(create_file_default) create_file: access_mask = 0x20089 file_attributes = 0x0, share_access = 0x1, create_disposition = 0x1 create_options = 0x40 oplock_request = 0x3 private_flags = 0x0 root_dir_fid = 0x0, ea_list = 0x(nil), sd = 0x(nil), fname = x64/3/cups6.ini [2012/08/30 15:27:59.266538, 10] smbd/open.c:3127(create_file_unixpath) create_file_unixpath: access_mask = 0x20089 file_attributes = 0x0, share_access = 0x1, create_disposition = 0x1 create_options = 0x40 oplock_request = 0x3 private_flags = 0x0 ea_list = 0x(nil), sd = 0x(nil), fname = x64/3/cups6.ini [2012/08/30 15:27:59.266663, 5] smbd/files.c:140(file_new) allocated file structure 13681, fnum = 17777 (7 used) [2012/08/30 15:27:59.266813, 10] smbd/files.c:705(file_name_hash) file_name_hash: /var/lib/samba/printers/x64/3/cups6.ini hash 0x3d0916cb [2012/08/30 15:27:59.266933, 3] smbd/dosmode.c:159(unix_mode) unix_mode(x64/3/cups6.ini) returning 0744 [2012/08/30 15:27:59.267051, 10] smbd/open.c:1605(open_file_ntcreate) open_file_ntcreate: fname=x64/3/cups6.ini, dos_attrs=0x0 access_mask=0x20089 share_access=0x1 create_disposition = 0x1 create_options=0x40 unix mode=0744 oplock_request=3 private_flags = 0x0 [2012/08/30 15:27:59.267173, 8] smbd/dosmode.c:621(dos_mode) dos_mode: x64/3/cups6.ini [2012/08/30 15:27:59.267291, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning a [2012/08/30 15:27:59.267409, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning a [2012/08/30 15:27:59.267570, 10] smbd/open.c:1778(open_file_ntcreate) open_file_ntcreate: fname=x64/3/cups6.ini, after mapping access_mask=0x20089 [2012/08/30 15:27:59.267706, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 0108000000000000AA3B [2012/08/30 15:27:59.267832, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fd50c0534b0 [2012/08/30 15:27:59.267949, 10] locking/brlock.c:1814(brl_get_locks_internal) brl_get_locks_internal: 0 current locks on file_id 801:23baa:0 [2012/08/30 15:27:59.268069, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 0108000000000000AA3B [2012/08/30 15:27:59.268200, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 0108000000000000AA3B [2012/08/30 15:27:59.268323, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fd50c0536f0 [2012/08/30 15:27:59.268442, 10] smbd/open.c:1163(grant_fsp_oplock_type) grant_fsp_oplock_type: oplock type 0x3 on file x64/3/cups6.ini [2012/08/30 15:27:59.268560, 4] smbd/open.c:2069(open_file_ntcreate) calling open_file with flags=0x0 flags2=0x0 mode=0744, access_mask = 0x20089, open_access_mask = 0x20089 [2012/08/30 15:27:59.268686, 10] smbd/open.c:189(fd_open) fd_open: name x64/3/cups6.ini, flags = 00 mode = 0744, fd = 41. [2012/08/30 15:27:59.268804, 2] smbd/open.c:704(open_file) administrator opened file x64/3/cups6.ini read=Yes write=No (numopen=6) [2012/08/30 15:27:59.268929, 3] smbd/oplock_linux.c:142(linux_set_kernel_oplock) linux_set_kernel_oplock: got kernel oplock on file x64/3/cups6.ini, file_id = 801:23baa:0 gen_id = 1302153923 [2012/08/30 15:27:59.269050, 5] smbd/oplock.c:92(set_file_oplock) set_file_oplock: granted oplock on file x64/3/cups6.ini, 801:23baa:0/1302153923, tv_sec = 503fbebf, tv_usec = 411a5 [2012/08/30 15:27:59.269176, 10] locking/locking.c:801(unparse_share_modes) unparse_share_modes: owrt: Thu Aug 30 15:15:20 2012 EDT cwrt: Wed Dec 31 19:00:00 1969 EST, ntok: 0, num: 1 [2012/08/30 15:27:59.269472, 10] locking/locking.c:536(print_share_mode_table) print_share_mode_table: share_mode_entry[0]: pid = 3054, share_access = 0x1, private_options = 0x0, access_mask = 0x20089, mid = 0x504a, type= 0x3, gen_id = 1302153923, uid = 10000, flags = 0, file_id 801:23baa:0, name_hash = 0x3d0916cb [2012/08/30 15:27:59.269603, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 0108000000000000AA3B [2012/08/30 15:27:59.269730, 10] smbd/open.c:3419(create_file_unixpath) create_file_unixpath: info=1 [2012/08/30 15:27:59.269847, 10] smbd/open.c:3695(create_file_default) create_file: info=1 [2012/08/30 15:27:59.269965, 8] smbd/dosmode.c:621(dos_mode) dos_mode: x64/3/cups6.ini [2012/08/30 15:27:59.270085, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning a [2012/08/30 15:27:59.270202, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning a [2012/08/30 15:27:59.270328, 10] locking/locking.c:663(parse_share_modes) parse_share_modes: owrt: Thu Aug 30 15:15:20 2012 EDT, cwrt: Wed Dec 31 19:00:00 1969 EST, ntok: 0, num_share_modes: 1 [2012/08/30 15:27:59.270463, 10] locking/locking.c:725(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 3054, share_access = 0x1, private_options = 0x0, access_mask = 0x20089, mid = 0x504a, type= 0x3, gen_id = 1302153923, uid = 10000, flags = 0, file_id 801:23baa:0, name_hash = 0x3d0916cb [2012/08/30 15:27:59.270590, 10] smbd/file_access.c:204(can_access_file_data) can_access_file_data: requesting 0x2 on file x64/3/cups6.ini [2012/08/30 15:27:59.270709, 5] smbd/nttrans.c:725(reply_ntcreate_and_X) reply_ntcreate_and_X: fnum = 17777, open name = x64/3/cups6.ini [2012/08/30 15:27:59.271378, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 72 [2012/08/30 15:27:59.271573, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x48 [2012/08/30 15:27:59.271703, 3] smbd/process.c:1662(process_smb) Transaction 243 of length 76 (0 toread) [2012/08/30 15:27:59.271820, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:59.271881, 5] lib/util.c:342(show_msg) size=72 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=292 smb_uid=100 smb_mid=20618 smt_wct=15 smb_vwv[ 0]= 4 (0x4) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 2 (0x2) smb_vwv[ 3]= 8 (0x8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 4 (0x4) smb_vwv[10]= 68 (0x44) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 1 (0x1) smb_vwv[14]= 7 (0x7) smb_bcc=7 [2012/08/30 15:27:59.273564, 10] ../lib/util/util.c:415(dump_data) [0000] 00 00 00 71 45 EE 03 ...qE.. [2012/08/30 15:27:59.273698, 3] smbd/process.c:1467(switch_message) switch message SMBtrans2 (pid 3054) conn 0x7fd50c011730 [2012/08/30 15:27:59.273817, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/08/30 15:27:59.273938, 3] smbd/trans2.c:5026(call_trans2qfilepathinfo) call_trans2qfilepathinfo: TRANSACT2_QFILEINFO: level = 1006 [2012/08/30 15:27:59.274091, 10] locking/locking.c:663(parse_share_modes) parse_share_modes: owrt: Thu Aug 30 15:15:20 2012 EDT, cwrt: Wed Dec 31 19:00:00 1969 EST, ntok: 0, num_share_modes: 1 [2012/08/30 15:27:59.274230, 10] locking/locking.c:725(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 3054, share_access = 0x1, private_options = 0x0, access_mask = 0x20089, mid = 0x504a, type= 0x3, gen_id = 1302153923, uid = 10000, flags = 0, file_id 801:23baa:0, name_hash = 0x3d0916cb [2012/08/30 15:27:59.274350, 10] locking/locking.c:1657(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0x3d0916cb [2012/08/30 15:27:59.274471, 3] smbd/trans2.c:5255(call_trans2qfilepathinfo) call_trans2qfilepathinfo x64/3/cups6.ini (fnum = 17777) level=1006 call=7 total_data=0 [2012/08/30 15:27:59.274591, 5] smbd/trans2.c:4223(smbd_do_qfilepathinfo) smbd_do_qfilepathinfo: x64/3/cups6.ini (fnum = 17777) level=1006 max_data=8 [2012/08/30 15:27:59.274712, 8] smbd/dosmode.c:621(dos_mode) dos_mode: x64/3/cups6.ini [2012/08/30 15:27:59.274841, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning a [2012/08/30 15:27:59.274978, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning a [2012/08/30 15:27:59.275101, 10] smbd/trans2.c:4615(smbd_do_qfilepathinfo) smbd_do_qfilepathinfo: SMB_FILE_INTERNAL_INFORMATION [2012/08/30 15:27:59.275221, 9] smbd/trans2.c:935(send_trans2_replies) t2_rep: params_sent_thistime = 2, data_sent_thistime = 8, useable_space = 131010 [2012/08/30 15:27:59.275340, 9] smbd/trans2.c:937(send_trans2_replies) t2_rep: params_to_send = 2, data_to_send = 8, paramsize = 2, datasize = 8 [2012/08/30 15:27:59.275458, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:59.275562, 5] lib/util.c:342(show_msg) size=68 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=2 smb_pid=292 smb_uid=100 smb_mid=20618 smt_wct=10 smb_vwv[ 0]= 2 (0x2) smb_vwv[ 1]= 8 (0x8) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 2 (0x2) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 8 (0x8) smb_vwv[ 7]= 60 (0x3C) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=13 [2012/08/30 15:27:59.276983, 10] ../lib/util/util.c:415(dump_data) [0000] 00 00 00 00 00 AA 3B 02 00 00 00 00 00 ......;. ..... [2012/08/30 15:27:59.287308, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 59 [2012/08/30 15:27:59.288425, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x3b [2012/08/30 15:27:59.288560, 3] smbd/process.c:1662(process_smb) Transaction 244 of length 63 (0 toread) [2012/08/30 15:27:59.289775, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:59.290570, 5] lib/util.c:342(show_msg) size=59 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=59399 smb_tid=2 smb_pid=65279 smb_uid=100 smb_mid=20682 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]=17777 (0x4571) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 72 (0x48) smb_vwv[ 6]= 72 (0x48) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 72 (0x48) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=0 [2012/08/30 15:27:59.293649, 10] ../lib/util/util.c:415(dump_data) [2012/08/30 15:27:59.293717, 3] smbd/process.c:1467(switch_message) switch message SMBreadX (pid 3054) conn 0x7fd50c011730 [2012/08/30 15:27:59.293932, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/08/30 15:27:59.294079, 10] locking/locking.c:121(strict_lock_default) is_locked: optimisation - exclusive oplock on file x64/3/cups6.ini [2012/08/30 15:27:59.294202, 10] locking/locking.c:163(strict_lock_default) strict_lock_default: flavour = WINDOWS_LOCK brl start=0 len=72 unlocked for fnum 17777 file x64/3/cups6.ini [2012/08/30 15:27:59.294336, 10] smbd/fileio.c:109(read_file) read_file (x64/3/cups6.ini): pos = 0, size = 72, returned 72 [2012/08/30 15:27:59.294457, 3] smbd/reply.c:3702(send_file_readX) send_file_readX fnum=17777 max=72 nread=72 [2012/08/30 15:27:59.297660, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 41 [2012/08/30 15:27:59.297874, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x29 [2012/08/30 15:27:59.297998, 3] smbd/process.c:1662(process_smb) Transaction 245 of length 45 (0 toread) [2012/08/30 15:27:59.298117, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:59.298179, 5] lib/util.c:342(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=65279 smb_uid=100 smb_mid=20746 smt_wct=3 smb_vwv[ 0]=17777 (0x4571) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2012/08/30 15:27:59.299168, 10] ../lib/util/util.c:415(dump_data) [2012/08/30 15:27:59.299234, 3] smbd/process.c:1467(switch_message) switch message SMBclose (pid 3054) conn 0x7fd50c011730 [2012/08/30 15:27:59.299354, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/08/30 15:27:59.299486, 3] smbd/reply.c:4848(reply_close) close fd=41 fnum=17777 (numopen=6) [2012/08/30 15:27:59.299794, 6] smbd/close.c:532(set_close_write_time) close_write_time: Sun Feb 7 01:28:15 2106 [2012/08/30 15:27:59.299936, 10] smbd/oplock_linux.c:154(linux_release_kernel_oplock) linux_release_kernel_oplock: file x64/3/cups6.ini, file_id = 801:23baa:0 gen_id = 1302153923 has kernel oplock state of 1. [2012/08/30 15:27:59.300082, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 0108000000000000AA3B [2012/08/30 15:27:59.300220, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fd50c055040 [2012/08/30 15:27:59.300338, 10] locking/locking.c:663(parse_share_modes) parse_share_modes: owrt: Thu Aug 30 15:15:20 2012 EDT, cwrt: Wed Dec 31 19:00:00 1969 EST, ntok: 0, num_share_modes: 1 [2012/08/30 15:27:59.300497, 10] locking/locking.c:725(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 3054, share_access = 0x1, private_options = 0x0, access_mask = 0x20089, mid = 0x504a, type= 0x3, gen_id = 1302153923, uid = 10000, flags = 0, file_id 801:23baa:0, name_hash = 0x3d0916cb [2012/08/30 15:27:59.300619, 10] locking/locking.c:1657(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0x3d0916cb [2012/08/30 15:27:59.300740, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 0108000000000000AA3B [2012/08/30 15:27:59.300867, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file x64/3/cups6.ini = 0 [2012/08/30 15:27:59.300990, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file x64/3/cups6.ini [2012/08/30 15:27:59.301117, 2] smbd/close.c:696(close_normal_file) administrator closed file x64/3/cups6.ini (numopen=5) NT_STATUS_OK [2012/08/30 15:27:59.301255, 5] smbd/files.c:482(file_free) freed files structure 17777 (6 used) [2012/08/30 15:27:59.301400, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:59.301462, 5] lib/util.c:342(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=2 smb_pid=65279 smb_uid=100 smb_mid=20746 smt_wct=0 smb_bcc=0 [2012/08/30 15:27:59.302235, 10] ../lib/util/util.c:415(dump_data) [2012/08/30 15:27:59.302983, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 118 [2012/08/30 15:27:59.303274, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x76 [2012/08/30 15:27:59.303399, 3] smbd/process.c:1662(process_smb) Transaction 246 of length 122 (0 toread) [2012/08/30 15:27:59.303575, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:59.303652, 5] lib/util.c:342(show_msg) size=118 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=292 smb_uid=100 smb_mid=20810 smt_wct=24 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 8192 (0x2000) smb_vwv[ 3]= 5632 (0x1600) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]=35072 (0x8900) smb_vwv[ 8]= 512 (0x200) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 768 (0x300) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 256 (0x100) smb_vwv[18]= 0 (0x0) smb_vwv[19]= 0 (0x0) smb_vwv[20]= 0 (0x0) smb_vwv[21]= 512 (0x200) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 768 (0x300) smb_bcc=35 [2012/08/30 15:27:59.306438, 10] ../lib/util/util.c:415(dump_data) [0000] 00 5C 00 78 00 36 00 34 00 5C 00 33 00 5C 00 63 .\.x.6.4 .\.3.\.c [0010] 00 75 00 70 00 73 00 36 00 2E 00 69 00 6E 00 69 .u.p.s.6 ...i.n.i [0020] 00 00 00 ... [2012/08/30 15:27:59.306717, 3] smbd/process.c:1467(switch_message) switch message SMBntcreateX (pid 3054) conn 0x7fd50c011730 [2012/08/30 15:27:59.306838, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/08/30 15:27:59.306998, 10] smbd/nttrans.c:500(reply_ntcreate_and_X) reply_ntcreate_and_X: flags = 0x16, access_mask = 0x20089 file_attributes = 0x0, share_access = 0x3, create_disposition = 0x1 create_options = 0x0 root_dir_fid = 0x0, fname = x64/3/cups6.ini [2012/08/30 15:27:59.307123, 5] smbd/filename.c:257(unix_convert) unix_convert called on file "x64/3/cups6.ini" [2012/08/30 15:27:59.307264, 10] smbd/statcache.c:283(stat_cache_lookup) stat_cache_lookup: lookup succeeded for name [X64/3/CUPS6.INI] -> [x64/3/cups6.ini] [2012/08/30 15:27:59.307392, 3] smbd/vfs.c:905(check_reduced_name) check_reduced_name [x64/3/cups6.ini] [/var/lib/samba/printers] [2012/08/30 15:27:59.307545, 10] smbd/vfs.c:969(check_reduced_name) check_reduced_name realpath [x64/3/cups6.ini] -> [/var/lib/samba/printers/x64/3/cups6.ini] [2012/08/30 15:27:59.307731, 3] smbd/vfs.c:1039(check_reduced_name) check_reduced_name: x64/3/cups6.ini reduced to /var/lib/samba/printers/x64/3/cups6.ini [2012/08/30 15:27:59.307853, 10] smbd/open.c:3607(create_file_default) create_file: access_mask = 0x20089 file_attributes = 0x0, share_access = 0x3, create_disposition = 0x1 create_options = 0x0 oplock_request = 0x3 private_flags = 0x0 root_dir_fid = 0x0, ea_list = 0x(nil), sd = 0x(nil), fname = x64/3/cups6.ini [2012/08/30 15:27:59.307978, 10] smbd/open.c:3127(create_file_unixpath) create_file_unixpath: access_mask = 0x20089 file_attributes = 0x0, share_access = 0x3, create_disposition = 0x1 create_options = 0x0 oplock_request = 0x3 private_flags = 0x0 ea_list = 0x(nil), sd = 0x(nil), fname = x64/3/cups6.ini [2012/08/30 15:27:59.308103, 5] smbd/files.c:140(file_new) allocated file structure 13682, fnum = 17778 (7 used) [2012/08/30 15:27:59.308228, 10] smbd/files.c:705(file_name_hash) file_name_hash: /var/lib/samba/printers/x64/3/cups6.ini hash 0x3d0916cb [2012/08/30 15:27:59.308350, 3] smbd/dosmode.c:159(unix_mode) unix_mode(x64/3/cups6.ini) returning 0744 [2012/08/30 15:27:59.308470, 10] smbd/open.c:1605(open_file_ntcreate) open_file_ntcreate: fname=x64/3/cups6.ini, dos_attrs=0x0 access_mask=0x20089 share_access=0x3 create_disposition = 0x1 create_options=0x0 unix mode=0744 oplock_request=3 private_flags = 0x0 [2012/08/30 15:27:59.308615, 8] smbd/dosmode.c:621(dos_mode) dos_mode: x64/3/cups6.ini [2012/08/30 15:27:59.308770, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning a [2012/08/30 15:27:59.308890, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning a [2012/08/30 15:27:59.309010, 10] smbd/open.c:1778(open_file_ntcreate) open_file_ntcreate: fname=x64/3/cups6.ini, after mapping access_mask=0x20089 [2012/08/30 15:27:59.309137, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 0108000000000000AA3B [2012/08/30 15:27:59.309265, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fd50c0534b0 [2012/08/30 15:27:59.309429, 10] locking/brlock.c:1814(brl_get_locks_internal) brl_get_locks_internal: 0 current locks on file_id 801:23baa:0 [2012/08/30 15:27:59.309552, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 0108000000000000AA3B [2012/08/30 15:27:59.309685, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 0108000000000000AA3B [2012/08/30 15:27:59.309807, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fd50c0536f0 [2012/08/30 15:27:59.309926, 10] smbd/open.c:1163(grant_fsp_oplock_type) grant_fsp_oplock_type: oplock type 0x3 on file x64/3/cups6.ini [2012/08/30 15:27:59.310044, 4] smbd/open.c:2069(open_file_ntcreate) calling open_file with flags=0x0 flags2=0x0 mode=0744, access_mask = 0x20089, open_access_mask = 0x20089 [2012/08/30 15:27:59.310194, 10] smbd/open.c:189(fd_open) fd_open: name x64/3/cups6.ini, flags = 00 mode = 0744, fd = 41. [2012/08/30 15:27:59.310313, 2] smbd/open.c:704(open_file) administrator opened file x64/3/cups6.ini read=Yes write=No (numopen=6) [2012/08/30 15:27:59.310436, 3] smbd/oplock_linux.c:142(linux_set_kernel_oplock) linux_set_kernel_oplock: got kernel oplock on file x64/3/cups6.ini, file_id = 801:23baa:0 gen_id = 1302153924 [2012/08/30 15:27:59.310567, 5] smbd/oplock.c:92(set_file_oplock) set_file_oplock: granted oplock on file x64/3/cups6.ini, 801:23baa:0/1302153924, tv_sec = 503fbebf, tv_usec = 4b386 [2012/08/30 15:27:59.310692, 10] locking/locking.c:801(unparse_share_modes) unparse_share_modes: owrt: Thu Aug 30 15:15:20 2012 EDT cwrt: Wed Dec 31 19:00:00 1969 EST, ntok: 0, num: 1 [2012/08/30 15:27:59.310829, 10] locking/locking.c:536(print_share_mode_table) print_share_mode_table: share_mode_entry[0]: pid = 3054, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0x514a, type= 0x3, gen_id = 1302153924, uid = 10000, flags = 0, file_id 801:23baa:0, name_hash = 0x3d0916cb [2012/08/30 15:27:59.310969, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 0108000000000000AA3B [2012/08/30 15:27:59.311096, 10] smbd/open.c:3419(create_file_unixpath) create_file_unixpath: info=1 [2012/08/30 15:27:59.311213, 10] smbd/open.c:3695(create_file_default) create_file: info=1 [2012/08/30 15:27:59.311331, 8] smbd/dosmode.c:621(dos_mode) dos_mode: x64/3/cups6.ini [2012/08/30 15:27:59.311449, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning a [2012/08/30 15:27:59.311620, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning a [2012/08/30 15:27:59.311762, 10] locking/locking.c:663(parse_share_modes) parse_share_modes: owrt: Thu Aug 30 15:15:20 2012 EDT, cwrt: Wed Dec 31 19:00:00 1969 EST, ntok: 0, num_share_modes: 1 [2012/08/30 15:27:59.311897, 10] locking/locking.c:725(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 3054, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0x514a, type= 0x3, gen_id = 1302153924, uid = 10000, flags = 0, file_id 801:23baa:0, name_hash = 0x3d0916cb [2012/08/30 15:27:59.312024, 10] smbd/file_access.c:204(can_access_file_data) can_access_file_data: requesting 0x2 on file x64/3/cups6.ini [2012/08/30 15:27:59.312142, 5] smbd/nttrans.c:725(reply_ntcreate_and_X) reply_ntcreate_and_X: fnum = 17778, open name = x64/3/cups6.ini [2012/08/30 15:27:59.313324, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 41 [2012/08/30 15:27:59.313482, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x29 [2012/08/30 15:27:59.313601, 3] smbd/process.c:1662(process_smb) Transaction 247 of length 45 (0 toread) [2012/08/30 15:27:59.313719, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:59.313780, 5] lib/util.c:342(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=65279 smb_uid=100 smb_mid=20874 smt_wct=3 smb_vwv[ 0]=17778 (0x4572) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2012/08/30 15:27:59.314734, 10] ../lib/util/util.c:415(dump_data) [2012/08/30 15:27:59.314799, 3] smbd/process.c:1467(switch_message) switch message SMBclose (pid 3054) conn 0x7fd50c011730 [2012/08/30 15:27:59.314917, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/08/30 15:27:59.315054, 3] smbd/reply.c:4848(reply_close) close fd=41 fnum=17778 (numopen=6) [2012/08/30 15:27:59.315172, 6] smbd/close.c:532(set_close_write_time) close_write_time: Sun Feb 7 01:28:15 2106 [2012/08/30 15:27:59.315306, 10] smbd/oplock_linux.c:154(linux_release_kernel_oplock) linux_release_kernel_oplock: file x64/3/cups6.ini, file_id = 801:23baa:0 gen_id = 1302153924 has kernel oplock state of 1. [2012/08/30 15:27:59.315442, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 0108000000000000AA3B [2012/08/30 15:27:59.315621, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fd50c055040 [2012/08/30 15:27:59.315752, 10] locking/locking.c:663(parse_share_modes) parse_share_modes: owrt: Thu Aug 30 15:15:20 2012 EDT, cwrt: Wed Dec 31 19:00:00 1969 EST, ntok: 0, num_share_modes: 1 [2012/08/30 15:27:59.315894, 10] locking/locking.c:725(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 3054, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0x514a, type= 0x3, gen_id = 1302153924, uid = 10000, flags = 0, file_id 801:23baa:0, name_hash = 0x3d0916cb [2012/08/30 15:27:59.316024, 10] locking/locking.c:1657(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0x3d0916cb [2012/08/30 15:27:59.316145, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 0108000000000000AA3B [2012/08/30 15:27:59.316272, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file x64/3/cups6.ini = 0 [2012/08/30 15:27:59.316391, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file x64/3/cups6.ini [2012/08/30 15:27:59.316805, 2] smbd/close.c:696(close_normal_file) administrator closed file x64/3/cups6.ini (numopen=5) NT_STATUS_OK [2012/08/30 15:27:59.316927, 5] smbd/files.c:482(file_free) freed files structure 17778 (6 used) [2012/08/30 15:27:59.317047, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:59.317108, 5] lib/util.c:342(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=2 smb_pid=65279 smb_uid=100 smb_mid=20874 smt_wct=0 smb_bcc=0 [2012/08/30 15:27:59.318088, 10] ../lib/util/util.c:415(dump_data) [2012/08/30 15:27:59.318883, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 118 [2012/08/30 15:27:59.319026, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x76 [2012/08/30 15:27:59.319148, 3] smbd/process.c:1662(process_smb) Transaction 248 of length 122 (0 toread) [2012/08/30 15:27:59.319265, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:59.319326, 5] lib/util.c:342(show_msg) size=118 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=292 smb_uid=100 smb_mid=20938 smt_wct=24 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 8192 (0x2000) smb_vwv[ 3]= 5632 (0x1600) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]=35072 (0x8900) smb_vwv[ 8]= 512 (0x200) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 1280 (0x500) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 256 (0x100) smb_vwv[18]= 0 (0x0) smb_vwv[19]= 1024 (0x400) smb_vwv[20]= 8192 (0x2000) smb_vwv[21]= 512 (0x200) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 768 (0x300) smb_bcc=35 [2012/08/30 15:27:59.321602, 10] ../lib/util/util.c:415(dump_data) [0000] 00 5C 00 78 00 36 00 34 00 5C 00 33 00 5C 00 63 .\.x.6.4 .\.3.\.c [0010] 00 75 00 70 00 73 00 36 00 2E 00 69 00 6E 00 69 .u.p.s.6 ...i.n.i [0020] 00 00 00 ... [2012/08/30 15:27:59.321876, 3] smbd/process.c:1467(switch_message) switch message SMBntcreateX (pid 3054) conn 0x7fd50c011730 [2012/08/30 15:27:59.321996, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/08/30 15:27:59.322120, 10] smbd/nttrans.c:500(reply_ntcreate_and_X) reply_ntcreate_and_X: flags = 0x16, access_mask = 0x20089 file_attributes = 0x0, share_access = 0x5, create_disposition = 0x1 create_options = 0x200004 root_dir_fid = 0x0, fname = x64/3/cups6.ini [2012/08/30 15:27:59.322248, 5] smbd/filename.c:257(unix_convert) unix_convert called on file "x64/3/cups6.ini" [2012/08/30 15:27:59.322376, 10] smbd/statcache.c:283(stat_cache_lookup) stat_cache_lookup: lookup succeeded for name [X64/3/CUPS6.INI] -> [x64/3/cups6.ini] [2012/08/30 15:27:59.322500, 3] smbd/vfs.c:905(check_reduced_name) check_reduced_name [x64/3/cups6.ini] [/var/lib/samba/printers] [2012/08/30 15:27:59.322630, 10] smbd/vfs.c:969(check_reduced_name) check_reduced_name realpath [x64/3/cups6.ini] -> [/var/lib/samba/printers/x64/3/cups6.ini] [2012/08/30 15:27:59.322747, 3] smbd/vfs.c:1039(check_reduced_name) check_reduced_name: x64/3/cups6.ini reduced to /var/lib/samba/printers/x64/3/cups6.ini [2012/08/30 15:27:59.322873, 10] smbd/open.c:3607(create_file_default) create_file: access_mask = 0x20089 file_attributes = 0x0, share_access = 0x5, create_disposition = 0x1 create_options = 0x200004 oplock_request = 0x3 private_flags = 0x0 root_dir_fid = 0x0, ea_list = 0x(nil), sd = 0x(nil), fname = x64/3/cups6.ini [2012/08/30 15:27:59.322996, 10] smbd/open.c:3127(create_file_unixpath) create_file_unixpath: access_mask = 0x20089 file_attributes = 0x0, share_access = 0x5, create_disposition = 0x1 create_options = 0x200004 oplock_request = 0x3 private_flags = 0x0 ea_list = 0x(nil), sd = 0x(nil), fname = x64/3/cups6.ini [2012/08/30 15:27:59.323120, 5] smbd/files.c:140(file_new) allocated file structure 13683, fnum = 17779 (7 used) [2012/08/30 15:27:59.323245, 10] smbd/files.c:705(file_name_hash) file_name_hash: /var/lib/samba/printers/x64/3/cups6.ini hash 0x3d0916cb [2012/08/30 15:27:59.323365, 3] smbd/dosmode.c:159(unix_mode) unix_mode(x64/3/cups6.ini) returning 0744 [2012/08/30 15:27:59.323484, 10] smbd/open.c:1605(open_file_ntcreate) open_file_ntcreate: fname=x64/3/cups6.ini, dos_attrs=0x0 access_mask=0x20089 share_access=0x5 create_disposition = 0x1 create_options=0x200004 unix mode=0744 oplock_request=3 private_flags = 0x0 [2012/08/30 15:27:59.324417, 8] smbd/dosmode.c:621(dos_mode) dos_mode: x64/3/cups6.ini [2012/08/30 15:27:59.324539, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning a [2012/08/30 15:27:59.324659, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning a [2012/08/30 15:27:59.324799, 10] smbd/open.c:1778(open_file_ntcreate) open_file_ntcreate: fname=x64/3/cups6.ini, after mapping access_mask=0x20089 [2012/08/30 15:27:59.324929, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 0108000000000000AA3B [2012/08/30 15:27:59.325055, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fd50c0534b0 [2012/08/30 15:27:59.325174, 10] locking/brlock.c:1814(brl_get_locks_internal) brl_get_locks_internal: 0 current locks on file_id 801:23baa:0 [2012/08/30 15:27:59.325295, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 0108000000000000AA3B [2012/08/30 15:27:59.325429, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 0108000000000000AA3B [2012/08/30 15:27:59.325555, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fd50c0536f0 [2012/08/30 15:27:59.325675, 10] smbd/open.c:1163(grant_fsp_oplock_type) grant_fsp_oplock_type: oplock type 0x3 on file x64/3/cups6.ini [2012/08/30 15:27:59.325793, 4] smbd/open.c:2069(open_file_ntcreate) calling open_file with flags=0x0 flags2=0x0 mode=0744, access_mask = 0x20089, open_access_mask = 0x20089 [2012/08/30 15:27:59.325951, 10] smbd/open.c:189(fd_open) fd_open: name x64/3/cups6.ini, flags = 00 mode = 0744, fd = 41. [2012/08/30 15:27:59.326072, 2] smbd/open.c:704(open_file) administrator opened file x64/3/cups6.ini read=Yes write=No (numopen=6) [2012/08/30 15:27:59.326197, 3] smbd/oplock_linux.c:142(linux_set_kernel_oplock) linux_set_kernel_oplock: got kernel oplock on file x64/3/cups6.ini, file_id = 801:23baa:0 gen_id = 1302153925 [2012/08/30 15:27:59.326323, 5] smbd/oplock.c:92(set_file_oplock) set_file_oplock: granted oplock on file x64/3/cups6.ini, 801:23baa:0/1302153925, tv_sec = 503fbebf, tv_usec = 4ee2e [2012/08/30 15:27:59.326447, 10] locking/locking.c:801(unparse_share_modes) unparse_share_modes: owrt: Thu Aug 30 15:15:20 2012 EDT cwrt: Wed Dec 31 19:00:00 1969 EST, ntok: 0, num: 1 [2012/08/30 15:27:59.326585, 10] locking/locking.c:536(print_share_mode_table) print_share_mode_table: share_mode_entry[0]: pid = 3054, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0x51ca, type= 0x3, gen_id = 1302153925, uid = 10000, flags = 0, file_id 801:23baa:0, name_hash = 0x3d0916cb [2012/08/30 15:27:59.326709, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 0108000000000000AA3B [2012/08/30 15:27:59.326840, 10] smbd/open.c:3419(create_file_unixpath) create_file_unixpath: info=1 [2012/08/30 15:27:59.326958, 10] smbd/open.c:3695(create_file_default) create_file: info=1 [2012/08/30 15:27:59.327091, 8] smbd/dosmode.c:621(dos_mode) dos_mode: x64/3/cups6.ini [2012/08/30 15:27:59.327250, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning a [2012/08/30 15:27:59.327369, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning a [2012/08/30 15:27:59.327497, 10] locking/locking.c:663(parse_share_modes) parse_share_modes: owrt: Thu Aug 30 15:15:20 2012 EDT, cwrt: Wed Dec 31 19:00:00 1969 EST, ntok: 0, num_share_modes: 1 [2012/08/30 15:27:59.327639, 10] locking/locking.c:725(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 3054, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0x51ca, type= 0x3, gen_id = 1302153925, uid = 10000, flags = 0, file_id 801:23baa:0, name_hash = 0x3d0916cb [2012/08/30 15:27:59.327772, 10] smbd/file_access.c:204(can_access_file_data) can_access_file_data: requesting 0x2 on file x64/3/cups6.ini [2012/08/30 15:27:59.327914, 5] smbd/nttrans.c:725(reply_ntcreate_and_X) reply_ntcreate_and_X: fnum = 17779, open name = x64/3/cups6.ini [2012/08/30 15:27:59.329127, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 86 [2012/08/30 15:27:59.329301, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x56 [2012/08/30 15:27:59.329422, 3] smbd/process.c:1662(process_smb) Transaction 249 of length 90 (0 toread) [2012/08/30 15:27:59.329543, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:59.329605, 5] lib/util.c:342(show_msg) size=86 smb_com=0xa0 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=292 smb_uid=100 smb_mid=21002 smt_wct=23 smb_vwv[ 0]= 4 (0x4) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 512 (0x200) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]=21504 (0x5400) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 512 (0x200) smb_vwv[14]= 0 (0x0) smb_vwv[15]=21504 (0x5400) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 1024 (0x400) smb_vwv[18]= 2 (0x2) smb_vwv[19]= 452 (0x1C4) smb_vwv[20]= 20 (0x14) smb_vwv[21]=17779 (0x4573) smb_vwv[22]= 1 (0x1) smb_bcc=5 [2012/08/30 15:27:59.331834, 10] ../lib/util/util.c:415(dump_data) [0000] 00 00 00 07 16 ..... [2012/08/30 15:27:59.331967, 3] smbd/process.c:1467(switch_message) switch message SMBnttrans (pid 3054) conn 0x7fd50c011730 [2012/08/30 15:27:59.332200, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/08/30 15:27:59.332321, 10] smbd/nttrans.c:3108(reply_nttrans) num_setup=8, param_total=0, this_param=0, max_param=0, data_total=2, this_data=2, max_data=0, param_offset=84, data_offset=84 [2012/08/30 15:27:59.332442, 10] smbd/nttrans.c:3180(reply_nttrans) reply_nttrans: state->setup_count = 8 [2012/08/30 15:27:59.332589, 10] ../lib/util/util.c:415(dump_data) [0000] C4 01 14 00 73 45 01 00 ....sE.. [2012/08/30 15:27:59.332717, 10] smbd/nttrans.c:2481(call_nt_transact_ioctl) call_nt_transact_ioctl: function[0x001401C4] FID[0x4573] isFSctl[0x01] compfilter[0x00] [2012/08/30 15:27:59.332840, 3] smbd/error.c:81(error_packet_set) error packet at smbd/nttrans.c(2514) cmd=160 (SMBnttrans) NT_STATUS_NOT_SUPPORTED [2012/08/30 15:27:59.332960, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:59.333021, 5] lib/util.c:342(show_msg) size=35 smb_com=0xa0 smb_rcls=187 smb_reh=0 smb_err=49152 smb_flg=136 smb_flg2=51203 smb_tid=2 smb_pid=292 smb_uid=100 smb_mid=21002 smt_wct=0 smb_bcc=0 [2012/08/30 15:27:59.333837, 10] ../lib/util/util.c:415(dump_data) [2012/08/30 15:27:59.334437, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2012/08/30 15:27:59.334572, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2012/08/30 15:27:59.334689, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2012/08/30 15:27:59.334886, 5] smbd/uid.c:400(change_to_root_user) change_to_root_user: now uid=(0,0) gid=(0,0) [2012/08/30 15:27:59.335017, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 72 [2012/08/30 15:27:59.335137, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x48 [2012/08/30 15:27:59.335257, 3] smbd/process.c:1662(process_smb) Transaction 250 of length 76 (0 toread) [2012/08/30 15:27:59.335374, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:59.335436, 5] lib/util.c:342(show_msg) size=72 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=292 smb_uid=100 smb_mid=21066 smt_wct=15 smb_vwv[ 0]= 4 (0x4) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 2 (0x2) smb_vwv[ 3]= 24 (0x18) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 4 (0x4) smb_vwv[10]= 68 (0x44) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 1 (0x1) smb_vwv[14]= 7 (0x7) smb_bcc=7 [2012/08/30 15:27:59.337762, 10] ../lib/util/util.c:415(dump_data) [0000] 00 00 00 73 45 ED 03 ...sE.. [2012/08/30 15:27:59.337894, 3] smbd/process.c:1467(switch_message) switch message SMBtrans2 (pid 3054) conn 0x7fd50c011730 [2012/08/30 15:27:59.338053, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (10000, 513) - sec_ctx_stack_ndx = 0 [2012/08/30 15:27:59.338173, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (14): SID[ 0]: S-1-5-21-3266308635-3715972288-3547500332-1001 SID[ 1]: S-1-5-21-3266308635-3715972288-3547500332-513 SID[ 2]: S-1-5-21-3266308635-3715972288-3547500332-512 SID[ 3]: S-1-5-21-3266308635-3715972288-3547500332-514 SID[ 4]: S-1-5-21-3266308635-3715972288-3547500332-515 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-10000 SID[ 10]: S-1-22-2-513 SID[ 11]: S-1-22-2-512 SID[ 12]: S-1-22-2-514 SID[ 13]: S-1-22-2-515 Privileges (0x 1FFFFFF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Privilege[ 8]: SeSecurityPrivilege Privilege[ 9]: SeSystemtimePrivilege Privilege[ 10]: SeShutdownPrivilege Privilege[ 11]: SeDebugPrivilege Privilege[ 12]: SeSystemEnvironmentPrivilege Privilege[ 13]: SeSystemProfilePrivilege Privilege[ 14]: SeProfileSingleProcessPrivilege Privilege[ 15]: SeIncreaseBasePriorityPrivilege Privilege[ 16]: SeLoadDriverPrivilege Privilege[ 17]: SeCreatePagefilePrivilege Privilege[ 18]: SeIncreaseQuotaPrivilege Privilege[ 19]: SeChangeNotifyPrivilege Privilege[ 20]: SeUndockPrivilege Privilege[ 21]: SeManageVolumePrivilege Privilege[ 22]: SeImpersonatePrivilege Privilege[ 23]: SeCreateGlobalPrivilege Privilege[ 24]: SeEnableDelegationPrivilege Rights (0x 0): [2012/08/30 15:27:59.340769, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 10000 Primary group is 513 and contains 4 supplementary groups Group[ 0]: 513 Group[ 1]: 512 Group[ 2]: 514 Group[ 3]: 515 [2012/08/30 15:27:59.341260, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,10000), gid=(0,513) [2012/08/30 15:27:59.341385, 3] smbd/trans2.c:5026(call_trans2qfilepathinfo) call_trans2qfilepathinfo: TRANSACT2_QFILEINFO: level = 1005 [2012/08/30 15:27:59.341697, 10] locking/locking.c:663(parse_share_modes) parse_share_modes: owrt: Thu Aug 30 15:15:20 2012 EDT, cwrt: Wed Dec 31 19:00:00 1969 EST, ntok: 0, num_share_modes: 1 [2012/08/30 15:27:59.341844, 10] locking/locking.c:725(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 3054, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0x51ca, type= 0x3, gen_id = 1302153925, uid = 10000, flags = 0, file_id 801:23baa:0, name_hash = 0x3d0916cb [2012/08/30 15:27:59.341964, 10] locking/locking.c:1657(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0x3d0916cb [2012/08/30 15:27:59.342083, 3] smbd/trans2.c:5255(call_trans2qfilepathinfo) call_trans2qfilepathinfo x64/3/cups6.ini (fnum = 17779) level=1005 call=7 total_data=0 [2012/08/30 15:27:59.342203, 5] smbd/trans2.c:4223(smbd_do_qfilepathinfo) smbd_do_qfilepathinfo: x64/3/cups6.ini (fnum = 17779) level=1005 max_data=24 [2012/08/30 15:27:59.342322, 8] smbd/dosmode.c:621(dos_mode) dos_mode: x64/3/cups6.ini [2012/08/30 15:27:59.342462, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning a [2012/08/30 15:27:59.342582, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning a [2012/08/30 15:27:59.342704, 10] smbd/trans2.c:4473(smbd_do_qfilepathinfo) smbd_do_qfilepathinfo: SMB_FILE_STANDARD_INFORMATION [2012/08/30 15:27:59.342823, 9] smbd/trans2.c:935(send_trans2_replies) t2_rep: params_sent_thistime = 2, data_sent_thistime = 24, useable_space = 131010 [2012/08/30 15:27:59.342941, 9] smbd/trans2.c:937(send_trans2_replies) t2_rep: params_to_send = 2, data_to_send = 24, paramsize = 2, datasize = 24 [2012/08/30 15:27:59.343058, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:59.343119, 5] lib/util.c:342(show_msg) size=84 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=2 smb_pid=292 smb_uid=100 smb_mid=21066 smt_wct=10 smb_vwv[ 0]= 2 (0x2) smb_vwv[ 1]= 24 (0x18) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 2 (0x2) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 24 (0x18) smb_vwv[ 7]= 60 (0x3C) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=29 [2012/08/30 15:27:59.344549, 10] ../lib/util/util.c:415(dump_data) [0000] 00 00 00 00 00 00 00 10 00 00 00 00 00 48 00 00 ........ .....H.. [0010] 00 00 00 00 00 01 00 00 00 00 00 00 00 ........ ..... [2012/08/30 15:27:59.345285, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 72 [2012/08/30 15:27:59.345436, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x48 [2012/08/30 15:27:59.345584, 3] smbd/process.c:1662(process_smb) Transaction 251 of length 76 (0 toread) [2012/08/30 15:27:59.345713, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:59.345775, 5] lib/util.c:342(show_msg) size=72 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=292 smb_uid=100 smb_mid=21130 smt_wct=15 smb_vwv[ 0]= 4 (0x4) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 2 (0x2) smb_vwv[ 3]= 40 (0x28) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 4 (0x4) smb_vwv[10]= 68 (0x44) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 1 (0x1) smb_vwv[14]= 7 (0x7) smb_bcc=7 [2012/08/30 15:27:59.347439, 10] ../lib/util/util.c:415(dump_data) [0000] 00 00 00 73 45 EC 03 ...sE.. [2012/08/30 15:27:59.347615, 3] smbd/process.c:1467(switch_message) switch message SMBtrans2 (pid 3054) conn 0x7fd50c011730 [2012/08/30 15:27:59.347735, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/08/30 15:27:59.347888, 3] smbd/trans2.c:5026(call_trans2qfilepathinfo) call_trans2qfilepathinfo: TRANSACT2_QFILEINFO: level = 1004 [2012/08/30 15:27:59.348020, 10] locking/locking.c:663(parse_share_modes) parse_share_modes: owrt: Thu Aug 30 15:15:20 2012 EDT, cwrt: Wed Dec 31 19:00:00 1969 EST, ntok: 0, num_share_modes: 1 [2012/08/30 15:27:59.348160, 10] locking/locking.c:725(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 3054, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0x51ca, type= 0x3, gen_id = 1302153925, uid = 10000, flags = 0, file_id 801:23baa:0, name_hash = 0x3d0916cb [2012/08/30 15:27:59.348288, 10] locking/locking.c:1657(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0x3d0916cb [2012/08/30 15:27:59.348408, 3] smbd/trans2.c:5255(call_trans2qfilepathinfo) call_trans2qfilepathinfo x64/3/cups6.ini (fnum = 17779) level=1004 call=7 total_data=0 [2012/08/30 15:27:59.348527, 5] smbd/trans2.c:4223(smbd_do_qfilepathinfo) smbd_do_qfilepathinfo: x64/3/cups6.ini (fnum = 17779) level=1004 max_data=40 [2012/08/30 15:27:59.348646, 8] smbd/dosmode.c:621(dos_mode) dos_mode: x64/3/cups6.ini [2012/08/30 15:27:59.348765, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning a [2012/08/30 15:27:59.348886, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning a [2012/08/30 15:27:59.349008, 10] smbd/trans2.c:4452(smbd_do_qfilepathinfo) smbd_do_qfilepathinfo: SMB_FILE_BASIC_INFORMATION [2012/08/30 15:27:59.349125, 5] smbd/trans2.c:4462(smbd_do_qfilepathinfo) SMB_QFBI - create: Thu Aug 30 15:15:20 2012 access: Thu Aug 30 15:15:42 2012 write: Thu Aug 30 15:15:20 2012 change: Thu Aug 30 15:15:20 2012 mode: 20 [2012/08/30 15:27:59.349504, 9] smbd/trans2.c:935(send_trans2_replies) t2_rep: params_sent_thistime = 2, data_sent_thistime = 40, useable_space = 131010 [2012/08/30 15:27:59.349628, 9] smbd/trans2.c:937(send_trans2_replies) t2_rep: params_to_send = 2, data_to_send = 40, paramsize = 2, datasize = 40 [2012/08/30 15:27:59.349763, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:59.349824, 5] lib/util.c:342(show_msg) size=100 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=2 smb_pid=292 smb_uid=100 smb_mid=21130 smt_wct=10 smb_vwv[ 0]= 2 (0x2) smb_vwv[ 1]= 40 (0x28) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 2 (0x2) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 40 (0x28) smb_vwv[ 7]= 60 (0x3C) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=45 [2012/08/30 15:27:59.351168, 10] ../lib/util/util.c:415(dump_data) [0000] 00 00 00 00 00 CA C2 00 CC E3 86 CD 01 B4 76 49 ........ ......vI [0010] D9 E3 86 CD 01 CA C2 00 CC E3 86 CD 01 CA C2 00 ........ ........ [0020] CC E3 86 CD 01 20 00 00 00 00 00 00 00 ..... .. ..... [2012/08/30 15:27:59.351879, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 72 [2012/08/30 15:27:59.352015, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x48 [2012/08/30 15:27:59.352139, 3] smbd/process.c:1662(process_smb) Transaction 252 of length 76 (0 toread) [2012/08/30 15:27:59.352257, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:59.352319, 5] lib/util.c:342(show_msg) size=72 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=292 smb_uid=100 smb_mid=21194 smt_wct=15 smb_vwv[ 0]= 4 (0x4) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 2 (0x2) smb_vwv[ 3]= 4094 (0xFFE) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 4 (0x4) smb_vwv[10]= 68 (0x44) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 1 (0x1) smb_vwv[14]= 7 (0x7) smb_bcc=7 [2012/08/30 15:27:59.354124, 10] ../lib/util/util.c:415(dump_data) [0000] 00 00 00 73 45 FE 03 ...sE.. [2012/08/30 15:27:59.354253, 3] smbd/process.c:1467(switch_message) switch message SMBtrans2 (pid 3054) conn 0x7fd50c011730 [2012/08/30 15:27:59.354372, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/08/30 15:27:59.354492, 3] smbd/trans2.c:5026(call_trans2qfilepathinfo) call_trans2qfilepathinfo: TRANSACT2_QFILEINFO: level = 1022 [2012/08/30 15:27:59.354642, 10] locking/locking.c:663(parse_share_modes) parse_share_modes: owrt: Thu Aug 30 15:15:20 2012 EDT, cwrt: Wed Dec 31 19:00:00 1969 EST, ntok: 0, num_share_modes: 1 [2012/08/30 15:27:59.354803, 10] locking/locking.c:725(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 3054, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0x51ca, type= 0x3, gen_id = 1302153925, uid = 10000, flags = 0, file_id 801:23baa:0, name_hash = 0x3d0916cb [2012/08/30 15:27:59.354924, 10] locking/locking.c:1657(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0x3d0916cb [2012/08/30 15:27:59.355042, 3] smbd/trans2.c:5255(call_trans2qfilepathinfo) call_trans2qfilepathinfo x64/3/cups6.ini (fnum = 17779) level=1022 call=7 total_data=0 [2012/08/30 15:27:59.355161, 5] smbd/trans2.c:4223(smbd_do_qfilepathinfo) smbd_do_qfilepathinfo: x64/3/cups6.ini (fnum = 17779) level=1022 max_data=4094 [2012/08/30 15:27:59.355280, 8] smbd/dosmode.c:621(dos_mode) dos_mode: x64/3/cups6.ini [2012/08/30 15:27:59.355400, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning a [2012/08/30 15:27:59.355556, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning a [2012/08/30 15:27:59.355689, 10] smbd/trans2.c:4675(smbd_do_qfilepathinfo) smbd_do_qfilepathinfo: SMB_FILE_STREAM_INFORMATION [2012/08/30 15:27:59.355813, 9] smbd/trans2.c:935(send_trans2_replies) t2_rep: params_sent_thistime = 2, data_sent_thistime = 38, useable_space = 131010 [2012/08/30 15:27:59.355931, 9] smbd/trans2.c:937(send_trans2_replies) t2_rep: params_to_send = 2, data_to_send = 38, paramsize = 2, datasize = 38 [2012/08/30 15:27:59.356066, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:59.356127, 5] lib/util.c:342(show_msg) size=98 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=2 smb_pid=292 smb_uid=100 smb_mid=21194 smt_wct=10 smb_vwv[ 0]= 2 (0x2) smb_vwv[ 1]= 38 (0x26) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 2 (0x2) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 38 (0x26) smb_vwv[ 7]= 60 (0x3C) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=43 [2012/08/30 15:27:59.357528, 10] ../lib/util/util.c:415(dump_data) [0000] 00 00 00 00 00 00 00 00 00 0E 00 00 00 48 00 00 ........ .....H.. [0010] 00 00 00 00 00 00 00 10 00 00 00 00 00 3A 00 3A ........ .....:.: [0020] 00 24 00 44 00 41 00 54 00 41 00 .$.D.A.T .A. [2012/08/30 15:27:59.358229, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 72 [2012/08/30 15:27:59.358359, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x48 [2012/08/30 15:27:59.358477, 3] smbd/process.c:1662(process_smb) Transaction 253 of length 76 (0 toread) [2012/08/30 15:27:59.358600, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:59.358662, 5] lib/util.c:342(show_msg) size=72 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=292 smb_uid=100 smb_mid=21258 smt_wct=15 smb_vwv[ 0]= 4 (0x4) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 2 (0x2) smb_vwv[ 3]= 40 (0x28) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 4 (0x4) smb_vwv[10]= 68 (0x44) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 1 (0x1) smb_vwv[14]= 7 (0x7) smb_bcc=7 [2012/08/30 15:27:59.360365, 10] ../lib/util/util.c:415(dump_data) [0000] 00 00 00 73 45 EC 03 ...sE.. [2012/08/30 15:27:59.360494, 3] smbd/process.c:1467(switch_message) switch message SMBtrans2 (pid 3054) conn 0x7fd50c011730 [2012/08/30 15:27:59.360612, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/08/30 15:27:59.360746, 3] smbd/trans2.c:5026(call_trans2qfilepathinfo) call_trans2qfilepathinfo: TRANSACT2_QFILEINFO: level = 1004 [2012/08/30 15:27:59.360876, 10] locking/locking.c:663(parse_share_modes) parse_share_modes: owrt: Thu Aug 30 15:15:20 2012 EDT, cwrt: Wed Dec 31 19:00:00 1969 EST, ntok: 0, num_share_modes: 1 [2012/08/30 15:27:59.361023, 10] locking/locking.c:725(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 3054, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0x51ca, type= 0x3, gen_id = 1302153925, uid = 10000, flags = 0, file_id 801:23baa:0, name_hash = 0x3d0916cb [2012/08/30 15:27:59.361143, 10] locking/locking.c:1657(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0x3d0916cb [2012/08/30 15:27:59.361264, 3] smbd/trans2.c:5255(call_trans2qfilepathinfo) call_trans2qfilepathinfo x64/3/cups6.ini (fnum = 17779) level=1004 call=7 total_data=0 [2012/08/30 15:27:59.361407, 5] smbd/trans2.c:4223(smbd_do_qfilepathinfo) smbd_do_qfilepathinfo: x64/3/cups6.ini (fnum = 17779) level=1004 max_data=40 [2012/08/30 15:27:59.361525, 8] smbd/dosmode.c:621(dos_mode) dos_mode: x64/3/cups6.ini [2012/08/30 15:27:59.361644, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning a [2012/08/30 15:27:59.361761, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning a [2012/08/30 15:27:59.361885, 10] smbd/trans2.c:4452(smbd_do_qfilepathinfo) smbd_do_qfilepathinfo: SMB_FILE_BASIC_INFORMATION [2012/08/30 15:27:59.362001, 5] smbd/trans2.c:4462(smbd_do_qfilepathinfo) SMB_QFBI - create: Thu Aug 30 15:15:20 2012 access: Thu Aug 30 15:15:42 2012 write: Thu Aug 30 15:15:20 2012 change: Thu Aug 30 15:15:20 2012 mode: 20 [2012/08/30 15:27:59.362375, 9] smbd/trans2.c:935(send_trans2_replies) t2_rep: params_sent_thistime = 2, data_sent_thistime = 40, useable_space = 131010 [2012/08/30 15:27:59.362493, 9] smbd/trans2.c:937(send_trans2_replies) t2_rep: params_to_send = 2, data_to_send = 40, paramsize = 2, datasize = 40 [2012/08/30 15:27:59.362610, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:59.362688, 5] lib/util.c:342(show_msg) size=100 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=2 smb_pid=292 smb_uid=100 smb_mid=21258 smt_wct=10 smb_vwv[ 0]= 2 (0x2) smb_vwv[ 1]= 40 (0x28) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 2 (0x2) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 40 (0x28) smb_vwv[ 7]= 60 (0x3C) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=45 [2012/08/30 15:27:59.364064, 10] ../lib/util/util.c:415(dump_data) [0000] 00 00 00 00 00 CA C2 00 CC E3 86 CD 01 B4 76 49 ........ ......vI [0010] D9 E3 86 CD 01 CA C2 00 CC E3 86 CD 01 CA C2 00 ........ ........ [0020] CC E3 86 CD 01 20 00 00 00 00 00 00 00 ..... .. ..... [2012/08/30 15:27:59.365476, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 70 [2012/08/30 15:27:59.365645, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x46 [2012/08/30 15:27:59.365764, 3] smbd/process.c:1662(process_smb) Transaction 254 of length 74 (0 toread) [2012/08/30 15:27:59.365883, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:59.365946, 5] lib/util.c:342(show_msg) size=70 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=292 smb_uid=100 smb_mid=21322 smt_wct=15 smb_vwv[ 0]= 2 (0x2) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 560 (0x230) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 2 (0x2) smb_vwv[10]= 68 (0x44) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 1 (0x1) smb_vwv[14]= 3 (0x3) smb_bcc=5 [2012/08/30 15:27:59.367684, 10] ../lib/util/util.c:415(dump_data) [0000] 00 00 00 05 01 ..... [2012/08/30 15:27:59.367824, 3] smbd/process.c:1467(switch_message) switch message SMBtrans2 (pid 3054) conn 0x7fd50c011730 [2012/08/30 15:27:59.367945, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/08/30 15:27:59.368067, 3] smbd/trans2.c:3507(call_trans2qfsinfo) call_trans2qfsinfo: level = 261 [2012/08/30 15:27:59.368192, 3] smbd/trans2.c:2945(smbd_do_qfsinfo) smbd_do_qfsinfo: level = 261 [2012/08/30 15:27:59.368333, 9] smbd/trans2.c:935(send_trans2_replies) t2_rep: params_sent_thistime = 0, data_sent_thistime = 20, useable_space = 131012 [2012/08/30 15:27:59.368472, 9] smbd/trans2.c:937(send_trans2_replies) t2_rep: params_to_send = 0, data_to_send = 20, paramsize = 0, datasize = 20 [2012/08/30 15:27:59.368591, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:59.368653, 5] lib/util.c:342(show_msg) size=76 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=2 smb_pid=292 smb_uid=100 smb_mid=21322 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 20 (0x14) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 20 (0x14) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=21 [2012/08/30 15:27:59.370068, 10] ../lib/util/util.c:415(dump_data) [0000] 00 2F 00 01 00 FF 00 00 00 08 00 00 00 4E 00 54 ./...... .....N.T [0010] 00 46 00 53 00 .F.S. [2012/08/30 15:27:59.370436, 4] smbd/trans2.c:3523(call_trans2qfsinfo) SMBtrans2 info_level = 261 [2012/08/30 15:27:59.372268, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 59 [2012/08/30 15:27:59.372435, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x3b [2012/08/30 15:27:59.372555, 3] smbd/process.c:1662(process_smb) Transaction 255 of length 63 (0 toread) [2012/08/30 15:27:59.372678, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:59.372739, 5] lib/util.c:342(show_msg) size=59 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=65279 smb_uid=100 smb_mid=21386 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]=17779 (0x4573) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 72 (0x48) smb_vwv[ 6]= 72 (0x48) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 72 (0x48) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=0 [2012/08/30 15:27:59.374281, 10] ../lib/util/util.c:415(dump_data) [2012/08/30 15:27:59.374346, 3] smbd/process.c:1467(switch_message) switch message SMBreadX (pid 3054) conn 0x7fd50c011730 [2012/08/30 15:27:59.374465, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/08/30 15:27:59.374589, 10] locking/locking.c:121(strict_lock_default) is_locked: optimisation - exclusive oplock on file x64/3/cups6.ini [2012/08/30 15:27:59.374707, 10] locking/locking.c:163(strict_lock_default) strict_lock_default: flavour = WINDOWS_LOCK brl start=0 len=72 unlocked for fnum 17779 file x64/3/cups6.ini [2012/08/30 15:27:59.374838, 10] smbd/fileio.c:109(read_file) read_file (x64/3/cups6.ini): pos = 0, size = 72, returned 72 [2012/08/30 15:27:59.374976, 3] smbd/reply.c:3702(send_file_readX) send_file_readX fnum=17779 max=72 nread=72 [2012/08/30 15:27:59.379686, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 118 [2012/08/30 15:27:59.379872, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x76 [2012/08/30 15:27:59.379992, 3] smbd/process.c:1662(process_smb) Transaction 256 of length 122 (0 toread) [2012/08/30 15:27:59.380110, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:59.380171, 5] lib/util.c:342(show_msg) size=118 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=292 smb_uid=100 smb_mid=21450 smt_wct=15 smb_vwv[ 0]= 50 (0x32) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 10 (0xA) smb_vwv[ 3]=16384 (0x4000) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 50 (0x32) smb_vwv[10]= 68 (0x44) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 1 (0x1) smb_vwv[14]= 1 (0x1) smb_bcc=53 [2012/08/30 15:27:59.381996, 10] ../lib/util/util.c:415(dump_data) [0000] 00 00 00 16 00 56 05 07 00 04 01 00 00 00 00 5C .....V.. .......\ [0010] 00 78 00 36 00 34 00 5C 00 33 00 5C 00 63 00 75 .x.6.4.\ .3.\.c.u [0020] 00 70 00 73 00 70 00 73 00 36 00 2E 00 64 00 6C .p.s.p.s .6...d.l [0030] 00 6C 00 00 00 .l... [2012/08/30 15:27:59.382367, 3] smbd/process.c:1467(switch_message) switch message SMBtrans2 (pid 3054) conn 0x7fd50c011730 [2012/08/30 15:27:59.382488, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/08/30 15:27:59.382613, 3] smbd/trans2.c:2286(call_trans2findfirst) call_trans2findfirst: dirtype = 16, maxentries = 1366, close_after_first=1, close_if_end = 1 requires_resume_key = 1 level = 0x104, max_data_bytes = 16384 [2012/08/30 15:27:59.382740, 5] smbd/filename.c:257(unix_convert) unix_convert called on file "x64/3/cupsps6.dll" [2012/08/30 15:27:59.382880, 10] smbd/statcache.c:244(stat_cache_lookup) stat_cache_lookup: lookup failed for name [X64/3/CUPSPS6.DLL] [2012/08/30 15:27:59.383003, 10] smbd/statcache.c:283(stat_cache_lookup) stat_cache_lookup: lookup succeeded for name [X64/3] -> [x64/3] [2012/08/30 15:27:59.383126, 5] smbd/filename.c:416(unix_convert) unix_convert begin: name = x64/3/cupsps6.dll, dirpath = x64/3, start = cupsps6.dll [2012/08/30 15:27:59.383251, 5] smbd/statcache.c:143(stat_cache_add) stat_cache_add: Added entry (7fd50c0550e0:size 11) X64/3/CUPSPS6.DLL -> x64/3/cupsps6.dll [2012/08/30 15:27:59.383369, 5] smbd/filename.c:439(unix_convert) conversion of base_name finished x64/3/cupsps6.dll -> x64/3/cupsps6.dll [2012/08/30 15:27:59.383487, 3] smbd/vfs.c:905(check_reduced_name) check_reduced_name [x64/3/cupsps6.dll] [/var/lib/samba/printers] [2012/08/30 15:27:59.383667, 10] smbd/vfs.c:969(check_reduced_name) check_reduced_name realpath [x64/3/cupsps6.dll] -> [/var/lib/samba/printers/x64/3/cupsps6.dll] [2012/08/30 15:27:59.383832, 3] smbd/vfs.c:1039(check_reduced_name) check_reduced_name: x64/3/cupsps6.dll reduced to /var/lib/samba/printers/x64/3/cupsps6.dll [2012/08/30 15:27:59.383951, 5] smbd/trans2.c:2371(call_trans2findfirst) dir=x64/3, mask = cupsps6.dll [2012/08/30 15:27:59.384070, 5] smbd/dir.c:439(dptr_create) dptr_create dir=x64/3 [2012/08/30 15:27:59.384188, 3] smbd/vfs.c:905(check_reduced_name) check_reduced_name [x64/3] [/var/lib/samba/printers] [2012/08/30 15:27:59.384312, 10] smbd/vfs.c:969(check_reduced_name) check_reduced_name realpath [x64/3] -> [/var/lib/samba/printers/x64/3] [2012/08/30 15:27:59.384431, 3] smbd/vfs.c:1039(check_reduced_name) check_reduced_name: x64/3 reduced to /var/lib/samba/printers/x64/3 [2012/08/30 15:27:59.384565, 3] smbd/dir.c:578(dptr_create) creating new dirptr 256 for path x64/3, expect_close = 1 [2012/08/30 15:27:59.384684, 4] smbd/trans2.c:2439(call_trans2findfirst) dptr_num is 256, wcard = cupsps6.dll, attr = 22 [2012/08/30 15:27:59.384802, 8] smbd/trans2.c:2448(call_trans2findfirst) dirpath= dontdescend=<> [2012/08/30 15:27:59.384931, 6] smbd/dir.c:969(smbd_dirptr_get_entry) smbd_dirptr_get_entry: dirptr 0x7fd50c029190 now at offset -1 [2012/08/30 15:27:59.385054, 8] smbd/dosmode.c:621(dos_mode) dos_mode: x64/3/cupsps6.dll [2012/08/30 15:27:59.385174, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning a [2012/08/30 15:27:59.385296, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning a [2012/08/30 15:27:59.385430, 10] locking/locking.c:1026(fetch_share_mode_unlocked) fetch_share_mode_unlocked: no share_mode record around (file not open) [2012/08/30 15:27:59.385549, 3] smbd/dir.c:1041(smbd_dirptr_get_entry) smbd_dirptr_get_entry mask=[cupsps6.dll] found x64/3/cupsps6.dll fname=cupsps6.dll (cupsps6.dll) [2012/08/30 15:27:59.385675, 10] smbd/trans2.c:1572(smbd_marshall_dir_entry) smbd_marshall_dir_entry: space_remaining = 16384 [2012/08/30 15:27:59.385821, 10] smbd/trans2.c:1721(smbd_marshall_dir_entry) smbd_marshall_dir_entry: SMB_FIND_FILE_BOTH_DIRECTORY_INFO [2012/08/30 15:27:59.385951, 5] smbd/trans2.c:2505(call_trans2findfirst) call_trans2findfirst - (2) closing dptr_num 256 [2012/08/30 15:27:59.386083, 4] smbd/dir.c:257(dptr_close_internal) closing dptr key 256 [2012/08/30 15:27:59.386213, 9] smbd/trans2.c:935(send_trans2_replies) t2_rep: params_sent_thistime = 10, data_sent_thistime = 116, useable_space = 131010 [2012/08/30 15:27:59.386332, 9] smbd/trans2.c:937(send_trans2_replies) t2_rep: params_to_send = 10, data_to_send = 116, paramsize = 10, datasize = 116 [2012/08/30 15:27:59.386451, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:59.386514, 5] lib/util.c:342(show_msg) size=184 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=2 smb_pid=292 smb_uid=100 smb_mid=21450 smt_wct=10 smb_vwv[ 0]= 10 (0xA) smb_vwv[ 1]= 116 (0x74) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 10 (0xA) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 116 (0x74) smb_vwv[ 7]= 68 (0x44) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=129 [2012/08/30 15:27:59.387936, 10] ../lib/util/util.c:415(dump_data) [0000] 00 FD FF 01 00 01 00 00 00 00 00 00 00 74 00 00 ........ .....t.. [0010] 00 00 00 00 00 9E A4 D2 2E 28 7B CD 01 68 FE 25 ........ .({..h.% [0020] CC E3 86 CD 01 9E A4 D2 2E 28 7B CD 01 9E A4 D2 ........ .({..... [0030] 2E 28 7B CD 01 00 44 00 00 00 00 00 00 00 00 10 .({...D. ........ [0040] 00 00 00 00 00 20 00 00 00 16 00 00 00 00 00 00 ..... .. ........ [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0060] 00 00 00 00 00 00 00 00 00 00 00 63 00 75 00 70 ........ ...c.u.p [0070] 00 73 00 70 00 73 00 36 00 2E 00 64 00 6C 00 6C .s.p.s.6 ...d.l.l [0080] 00 . [2012/08/30 15:27:59.388827, 4] smbd/trans2.c:2549(call_trans2findfirst) SMBtrans2 mask=cupsps6.dll directory=x64/3 dirtype=22 numentries=1 [2012/08/30 15:27:59.392970, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 118 [2012/08/30 15:27:59.393180, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x76 [2012/08/30 15:27:59.393303, 3] smbd/process.c:1662(process_smb) Transaction 257 of length 122 (0 toread) [2012/08/30 15:27:59.393423, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:59.393485, 5] lib/util.c:342(show_msg) size=118 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=292 smb_uid=100 smb_mid=21514 smt_wct=15 smb_vwv[ 0]= 50 (0x32) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 10 (0xA) smb_vwv[ 3]=16384 (0x4000) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 50 (0x32) smb_vwv[10]= 68 (0x44) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 1 (0x1) smb_vwv[14]= 1 (0x1) smb_bcc=53 [2012/08/30 15:27:59.395162, 10] ../lib/util/util.c:415(dump_data) [0000] 00 00 00 16 00 56 05 07 00 04 01 00 00 00 00 5C .....V.. .......\ [0010] 00 78 00 36 00 34 00 5C 00 33 00 5C 00 63 00 75 .x.6.4.\ .3.\.c.u [0020] 00 70 00 73 00 70 00 73 00 36 00 2E 00 64 00 6C .p.s.p.s .6...d.l [0030] 00 6C 00 00 00 .l... [2012/08/30 15:27:59.395566, 3] smbd/process.c:1467(switch_message) switch message SMBtrans2 (pid 3054) conn 0x7fd50c011730 [2012/08/30 15:27:59.395700, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/08/30 15:27:59.395826, 3] smbd/trans2.c:2286(call_trans2findfirst) call_trans2findfirst: dirtype = 16, maxentries = 1366, close_after_first=1, close_if_end = 1 requires_resume_key = 1 level = 0x104, max_data_bytes = 16384 [2012/08/30 15:27:59.395959, 5] smbd/filename.c:257(unix_convert) unix_convert called on file "x64/3/cupsps6.dll" [2012/08/30 15:27:59.396084, 10] smbd/statcache.c:283(stat_cache_lookup) stat_cache_lookup: lookup succeeded for name [X64/3/CUPSPS6.DLL] -> [x64/3/cupsps6.dll] [2012/08/30 15:27:59.396211, 3] smbd/vfs.c:905(check_reduced_name) check_reduced_name [x64/3/cupsps6.dll] [/var/lib/samba/printers] [2012/08/30 15:27:59.396354, 10] smbd/vfs.c:969(check_reduced_name) check_reduced_name realpath [x64/3/cupsps6.dll] -> [/var/lib/samba/printers/x64/3/cupsps6.dll] [2012/08/30 15:27:59.396473, 3] smbd/vfs.c:1039(check_reduced_name) check_reduced_name: x64/3/cupsps6.dll reduced to /var/lib/samba/printers/x64/3/cupsps6.dll [2012/08/30 15:27:59.396592, 5] smbd/trans2.c:2371(call_trans2findfirst) dir=x64/3, mask = cupsps6.dll [2012/08/30 15:27:59.396724, 5] smbd/dir.c:439(dptr_create) dptr_create dir=x64/3 [2012/08/30 15:27:59.396849, 3] smbd/vfs.c:905(check_reduced_name) check_reduced_name [x64/3] [/var/lib/samba/printers] [2012/08/30 15:27:59.396974, 10] smbd/vfs.c:969(check_reduced_name) check_reduced_name realpath [x64/3] -> [/var/lib/samba/printers/x64/3] [2012/08/30 15:27:59.397092, 3] smbd/vfs.c:1039(check_reduced_name) check_reduced_name: x64/3 reduced to /var/lib/samba/printers/x64/3 [2012/08/30 15:27:59.397223, 3] smbd/dir.c:578(dptr_create) creating new dirptr 256 for path x64/3, expect_close = 1 [2012/08/30 15:27:59.397341, 4] smbd/trans2.c:2439(call_trans2findfirst) dptr_num is 256, wcard = cupsps6.dll, attr = 22 [2012/08/30 15:27:59.397460, 8] smbd/trans2.c:2448(call_trans2findfirst) dirpath= dontdescend=<> [2012/08/30 15:27:59.397608, 6] smbd/dir.c:969(smbd_dirptr_get_entry) smbd_dirptr_get_entry: dirptr 0x7fd50c014be0 now at offset -1 [2012/08/30 15:27:59.397748, 8] smbd/dosmode.c:621(dos_mode) dos_mode: x64/3/cupsps6.dll [2012/08/30 15:27:59.397877, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning a [2012/08/30 15:27:59.397997, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning a [2012/08/30 15:27:59.398131, 10] locking/locking.c:1026(fetch_share_mode_unlocked) fetch_share_mode_unlocked: no share_mode record around (file not open) [2012/08/30 15:27:59.398250, 3] smbd/dir.c:1041(smbd_dirptr_get_entry) smbd_dirptr_get_entry mask=[cupsps6.dll] found x64/3/cupsps6.dll fname=cupsps6.dll (cupsps6.dll) [2012/08/30 15:27:59.398378, 10] smbd/trans2.c:1572(smbd_marshall_dir_entry) smbd_marshall_dir_entry: space_remaining = 16384 [2012/08/30 15:27:59.398496, 10] smbd/trans2.c:1721(smbd_marshall_dir_entry) smbd_marshall_dir_entry: SMB_FIND_FILE_BOTH_DIRECTORY_INFO [2012/08/30 15:27:59.398618, 5] smbd/trans2.c:2505(call_trans2findfirst) call_trans2findfirst - (2) closing dptr_num 256 [2012/08/30 15:27:59.398736, 4] smbd/dir.c:257(dptr_close_internal) closing dptr key 256 [2012/08/30 15:27:59.398862, 9] smbd/trans2.c:935(send_trans2_replies) t2_rep: params_sent_thistime = 10, data_sent_thistime = 116, useable_space = 131010 [2012/08/30 15:27:59.398980, 9] smbd/trans2.c:937(send_trans2_replies) t2_rep: params_to_send = 10, data_to_send = 116, paramsize = 10, datasize = 116 [2012/08/30 15:27:59.399098, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:59.399162, 5] lib/util.c:342(show_msg) size=184 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=2 smb_pid=292 smb_uid=100 smb_mid=21514 smt_wct=10 smb_vwv[ 0]= 10 (0xA) smb_vwv[ 1]= 116 (0x74) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 10 (0xA) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 116 (0x74) smb_vwv[ 7]= 68 (0x44) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=129 [2012/08/30 15:27:59.401008, 10] ../lib/util/util.c:415(dump_data) [0000] 00 FD FF 01 00 01 00 00 00 00 00 00 00 74 00 00 ........ .....t.. [0010] 00 00 00 00 00 9E A4 D2 2E 28 7B CD 01 68 FE 25 ........ .({..h.% [0020] CC E3 86 CD 01 9E A4 D2 2E 28 7B CD 01 9E A4 D2 ........ .({..... [0030] 2E 28 7B CD 01 00 44 00 00 00 00 00 00 00 00 10 .({...D. ........ [0040] 00 00 00 00 00 20 00 00 00 16 00 00 00 00 00 00 ..... .. ........ [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0060] 00 00 00 00 00 00 00 00 00 00 00 63 00 75 00 70 ........ ...c.u.p [0070] 00 73 00 70 00 73 00 36 00 2E 00 64 00 6C 00 6C .s.p.s.6 ...d.l.l [0080] 00 . [2012/08/30 15:27:59.403386, 4] smbd/trans2.c:2549(call_trans2findfirst) SMBtrans2 mask=cupsps6.dll directory=x64/3 dirtype=22 numentries=1 [2012/08/30 15:27:59.403597, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 122 [2012/08/30 15:27:59.403731, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x7a [2012/08/30 15:27:59.403850, 3] smbd/process.c:1662(process_smb) Transaction 258 of length 126 (0 toread) [2012/08/30 15:27:59.403979, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:59.404046, 5] lib/util.c:342(show_msg) size=122 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=292 smb_uid=100 smb_mid=21578 smt_wct=24 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 9216 (0x2400) smb_vwv[ 3]= 5632 (0x1600) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]=35072 (0x8900) smb_vwv[ 8]= 512 (0x200) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 256 (0x100) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 256 (0x100) smb_vwv[18]= 0 (0x0) smb_vwv[19]=16384 (0x4000) smb_vwv[20]= 0 (0x0) smb_vwv[21]= 512 (0x200) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 768 (0x300) smb_bcc=39 [2012/08/30 15:27:59.406223, 10] ../lib/util/util.c:415(dump_data) [0000] 00 5C 00 78 00 36 00 34 00 5C 00 33 00 5C 00 63 .\.x.6.4 .\.3.\.c [0010] 00 75 00 70 00 73 00 70 00 73 00 36 00 2E 00 64 .u.p.s.p .s.6...d [0020] 00 6C 00 6C 00 00 00 .l.l... [2012/08/30 15:27:59.406501, 3] smbd/process.c:1467(switch_message) switch message SMBntcreateX (pid 3054) conn 0x7fd50c011730 [2012/08/30 15:27:59.406623, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/08/30 15:27:59.406747, 10] smbd/nttrans.c:500(reply_ntcreate_and_X) reply_ntcreate_and_X: flags = 0x16, access_mask = 0x20089 file_attributes = 0x0, share_access = 0x1, create_disposition = 0x1 create_options = 0x40 root_dir_fid = 0x0, fname = x64/3/cupsps6.dll [2012/08/30 15:27:59.406872, 5] smbd/filename.c:257(unix_convert) unix_convert called on file "x64/3/cupsps6.dll" [2012/08/30 15:27:59.406994, 10] smbd/statcache.c:283(stat_cache_lookup) stat_cache_lookup: lookup succeeded for name [X64/3/CUPSPS6.DLL] -> [x64/3/cupsps6.dll] [2012/08/30 15:27:59.407118, 3] smbd/vfs.c:905(check_reduced_name) check_reduced_name [x64/3/cupsps6.dll] [/var/lib/samba/printers] [2012/08/30 15:27:59.407281, 10] smbd/vfs.c:969(check_reduced_name) check_reduced_name realpath [x64/3/cupsps6.dll] -> [/var/lib/samba/printers/x64/3/cupsps6.dll] [2012/08/30 15:27:59.407399, 3] smbd/vfs.c:1039(check_reduced_name) check_reduced_name: x64/3/cupsps6.dll reduced to /var/lib/samba/printers/x64/3/cupsps6.dll [2012/08/30 15:27:59.407562, 10] smbd/open.c:3607(create_file_default) create_file: access_mask = 0x20089 file_attributes = 0x0, share_access = 0x1, create_disposition = 0x1 create_options = 0x40 oplock_request = 0x3 private_flags = 0x0 root_dir_fid = 0x0, ea_list = 0x(nil), sd = 0x(nil), fname = x64/3/cupsps6.dll [2012/08/30 15:27:59.407707, 10] smbd/open.c:3127(create_file_unixpath) create_file_unixpath: access_mask = 0x20089 file_attributes = 0x0, share_access = 0x1, create_disposition = 0x1 create_options = 0x40 oplock_request = 0x3 private_flags = 0x0 ea_list = 0x(nil), sd = 0x(nil), fname = x64/3/cupsps6.dll [2012/08/30 15:27:59.407837, 5] smbd/files.c:140(file_new) allocated file structure 13684, fnum = 17780 (8 used) [2012/08/30 15:27:59.407961, 10] smbd/files.c:705(file_name_hash) file_name_hash: /var/lib/samba/printers/x64/3/cupsps6.dll hash 0x8e4b266b [2012/08/30 15:27:59.408086, 3] smbd/dosmode.c:159(unix_mode) unix_mode(x64/3/cupsps6.dll) returning 0744 [2012/08/30 15:27:59.408206, 10] smbd/open.c:1605(open_file_ntcreate) open_file_ntcreate: fname=x64/3/cupsps6.dll, dos_attrs=0x0 access_mask=0x20089 share_access=0x1 create_disposition = 0x1 create_options=0x40 unix mode=0744 oplock_request=3 private_flags = 0x0 [2012/08/30 15:27:59.408340, 8] smbd/dosmode.c:621(dos_mode) dos_mode: x64/3/cupsps6.dll [2012/08/30 15:27:59.408461, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning a [2012/08/30 15:27:59.408581, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning a [2012/08/30 15:27:59.408702, 10] smbd/open.c:1778(open_file_ntcreate) open_file_ntcreate: fname=x64/3/cupsps6.dll, after mapping access_mask=0x20089 [2012/08/30 15:27:59.408852, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 0108000000000000AB3B [2012/08/30 15:27:59.408984, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fd50c0555c0 [2012/08/30 15:27:59.409104, 10] locking/brlock.c:1814(brl_get_locks_internal) brl_get_locks_internal: 0 current locks on file_id 801:23bab:0 [2012/08/30 15:27:59.409225, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 0108000000000000AB3B [2012/08/30 15:27:59.409359, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 0108000000000000AB3B [2012/08/30 15:27:59.409481, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fd50c055800 [2012/08/30 15:27:59.409655, 10] smbd/open.c:1163(grant_fsp_oplock_type) grant_fsp_oplock_type: oplock type 0x3 on file x64/3/cupsps6.dll [2012/08/30 15:27:59.409775, 4] smbd/open.c:2069(open_file_ntcreate) calling open_file with flags=0x0 flags2=0x0 mode=0744, access_mask = 0x20089, open_access_mask = 0x20089 [2012/08/30 15:27:59.409905, 10] smbd/open.c:189(fd_open) fd_open: name x64/3/cupsps6.dll, flags = 00 mode = 0744, fd = 42. [2012/08/30 15:27:59.410024, 2] smbd/open.c:704(open_file) administrator opened file x64/3/cupsps6.dll read=Yes write=No (numopen=7) [2012/08/30 15:27:59.410152, 3] smbd/oplock_linux.c:142(linux_set_kernel_oplock) linux_set_kernel_oplock: got kernel oplock on file x64/3/cupsps6.dll, file_id = 801:23bab:0 gen_id = 1302153926 [2012/08/30 15:27:59.410274, 5] smbd/oplock.c:92(set_file_oplock) set_file_oplock: granted oplock on file x64/3/cupsps6.dll, 801:23bab:0/1302153926, tv_sec = 503fbebf, tv_usec = 6391c [2012/08/30 15:27:59.410452, 10] locking/locking.c:801(unparse_share_modes) unparse_share_modes: owrt: Wed Aug 15 16:54:38 2012 EDT cwrt: Wed Dec 31 19:00:00 1969 EST, ntok: 0, num: 1 [2012/08/30 15:27:59.410590, 10] locking/locking.c:536(print_share_mode_table) print_share_mode_table: share_mode_entry[0]: pid = 3054, share_access = 0x1, private_options = 0x0, access_mask = 0x20089, mid = 0x544a, type= 0x3, gen_id = 1302153926, uid = 10000, flags = 0, file_id 801:23bab:0, name_hash = 0x8e4b266b [2012/08/30 15:27:59.410715, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 0108000000000000AB3B [2012/08/30 15:27:59.410843, 10] smbd/open.c:3419(create_file_unixpath) create_file_unixpath: info=1 [2012/08/30 15:27:59.410961, 10] smbd/open.c:3695(create_file_default) create_file: info=1 [2012/08/30 15:27:59.411080, 8] smbd/dosmode.c:621(dos_mode) dos_mode: x64/3/cupsps6.dll [2012/08/30 15:27:59.411199, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning a [2012/08/30 15:27:59.411333, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning a [2012/08/30 15:27:59.411457, 10] locking/locking.c:663(parse_share_modes) parse_share_modes: owrt: Wed Aug 15 16:54:38 2012 EDT, cwrt: Wed Dec 31 19:00:00 1969 EST, ntok: 0, num_share_modes: 1 [2012/08/30 15:27:59.411630, 10] locking/locking.c:725(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 3054, share_access = 0x1, private_options = 0x0, access_mask = 0x20089, mid = 0x544a, type= 0x3, gen_id = 1302153926, uid = 10000, flags = 0, file_id 801:23bab:0, name_hash = 0x8e4b266b [2012/08/30 15:27:59.411757, 10] smbd/file_access.c:204(can_access_file_data) can_access_file_data: requesting 0x2 on file x64/3/cupsps6.dll [2012/08/30 15:27:59.411875, 5] smbd/nttrans.c:725(reply_ntcreate_and_X) reply_ntcreate_and_X: fnum = 17780, open name = x64/3/cupsps6.dll [2012/08/30 15:27:59.412674, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 72 [2012/08/30 15:27:59.412822, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x48 [2012/08/30 15:27:59.412942, 3] smbd/process.c:1662(process_smb) Transaction 259 of length 76 (0 toread) [2012/08/30 15:27:59.413059, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:59.413121, 5] lib/util.c:342(show_msg) size=72 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=292 smb_uid=100 smb_mid=21642 smt_wct=15 smb_vwv[ 0]= 4 (0x4) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 2 (0x2) smb_vwv[ 3]= 8 (0x8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 4 (0x4) smb_vwv[10]= 68 (0x44) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 1 (0x1) smb_vwv[14]= 7 (0x7) smb_bcc=7 [2012/08/30 15:27:59.417648, 10] ../lib/util/util.c:415(dump_data) [0000] 00 00 00 74 45 EE 03 ...tE.. [2012/08/30 15:27:59.417790, 3] smbd/process.c:1467(switch_message) switch message SMBtrans2 (pid 3054) conn 0x7fd50c011730 [2012/08/30 15:27:59.417944, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/08/30 15:27:59.418068, 3] smbd/trans2.c:5026(call_trans2qfilepathinfo) call_trans2qfilepathinfo: TRANSACT2_QFILEINFO: level = 1006 [2012/08/30 15:27:59.418206, 10] locking/locking.c:663(parse_share_modes) parse_share_modes: owrt: Wed Aug 15 16:54:38 2012 EDT, cwrt: Wed Dec 31 19:00:00 1969 EST, ntok: 0, num_share_modes: 1 [2012/08/30 15:27:59.418346, 10] locking/locking.c:725(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 3054, share_access = 0x1, private_options = 0x0, access_mask = 0x20089, mid = 0x544a, type= 0x3, gen_id = 1302153926, uid = 10000, flags = 0, file_id 801:23bab:0, name_hash = 0x8e4b266b [2012/08/30 15:27:59.418466, 10] locking/locking.c:1657(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0x8e4b266b [2012/08/30 15:27:59.418585, 3] smbd/trans2.c:5255(call_trans2qfilepathinfo) call_trans2qfilepathinfo x64/3/cupsps6.dll (fnum = 17780) level=1006 call=7 total_data=0 [2012/08/30 15:27:59.418706, 5] smbd/trans2.c:4223(smbd_do_qfilepathinfo) smbd_do_qfilepathinfo: x64/3/cupsps6.dll (fnum = 17780) level=1006 max_data=8 [2012/08/30 15:27:59.418825, 8] smbd/dosmode.c:621(dos_mode) dos_mode: x64/3/cupsps6.dll [2012/08/30 15:27:59.418946, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning a [2012/08/30 15:27:59.419084, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning a [2012/08/30 15:27:59.419208, 10] smbd/trans2.c:4615(smbd_do_qfilepathinfo) smbd_do_qfilepathinfo: SMB_FILE_INTERNAL_INFORMATION [2012/08/30 15:27:59.419328, 9] smbd/trans2.c:935(send_trans2_replies) t2_rep: params_sent_thistime = 2, data_sent_thistime = 8, useable_space = 131010 [2012/08/30 15:27:59.419446, 9] smbd/trans2.c:937(send_trans2_replies) t2_rep: params_to_send = 2, data_to_send = 8, paramsize = 2, datasize = 8 [2012/08/30 15:27:59.419617, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:59.419679, 5] lib/util.c:342(show_msg) size=68 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=2 smb_pid=292 smb_uid=100 smb_mid=21642 smt_wct=10 smb_vwv[ 0]= 2 (0x2) smb_vwv[ 1]= 8 (0x8) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 2 (0x2) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 8 (0x8) smb_vwv[ 7]= 60 (0x3C) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=13 [2012/08/30 15:27:59.421030, 10] ../lib/util/util.c:415(dump_data) [0000] 00 00 00 00 00 AB 3B 02 00 00 00 00 00 ......;. ..... [2012/08/30 15:27:59.424441, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 59 [2012/08/30 15:27:59.424639, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x3b [2012/08/30 15:27:59.424764, 3] smbd/process.c:1662(process_smb) Transaction 260 of length 63 (0 toread) [2012/08/30 15:27:59.424894, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:59.424956, 5] lib/util.c:342(show_msg) size=59 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=59399 smb_tid=2 smb_pid=65279 smb_uid=100 smb_mid=21706 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]=17780 (0x4574) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 4096 (0x1000) smb_vwv[ 6]= 4096 (0x1000) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 4096 (0x1000) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=0 [2012/08/30 15:27:59.426598, 10] ../lib/util/util.c:415(dump_data) [2012/08/30 15:27:59.426664, 3] smbd/process.c:1467(switch_message) switch message SMBreadX (pid 3054) conn 0x7fd50c011730 [2012/08/30 15:27:59.426904, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/08/30 15:27:59.427032, 10] locking/locking.c:121(strict_lock_default) is_locked: optimisation - exclusive oplock on file x64/3/cupsps6.dll [2012/08/30 15:27:59.427151, 10] locking/locking.c:163(strict_lock_default) strict_lock_default: flavour = WINDOWS_LOCK brl start=0 len=4096 unlocked for fnum 17780 file x64/3/cupsps6.dll [2012/08/30 15:27:59.427287, 10] smbd/fileio.c:109(read_file) read_file (x64/3/cupsps6.dll): pos = 0, size = 4096, returned 4096 [2012/08/30 15:27:59.427407, 3] smbd/reply.c:3702(send_file_readX) send_file_readX fnum=17780 max=4096 nread=4096 [2012/08/30 15:27:59.430242, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 41 [2012/08/30 15:27:59.430451, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x29 [2012/08/30 15:27:59.430572, 3] smbd/process.c:1662(process_smb) Transaction 261 of length 45 (0 toread) [2012/08/30 15:27:59.430725, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:59.430788, 5] lib/util.c:342(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=65279 smb_uid=100 smb_mid=21770 smt_wct=3 smb_vwv[ 0]=17780 (0x4574) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2012/08/30 15:27:59.431960, 10] ../lib/util/util.c:415(dump_data) [2012/08/30 15:27:59.432036, 3] smbd/process.c:1467(switch_message) switch message SMBclose (pid 3054) conn 0x7fd50c011730 [2012/08/30 15:27:59.432155, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/08/30 15:27:59.432277, 3] smbd/reply.c:4848(reply_close) close fd=42 fnum=17780 (numopen=7) [2012/08/30 15:27:59.432396, 6] smbd/close.c:532(set_close_write_time) close_write_time: Sun Feb 7 01:28:15 2106 [2012/08/30 15:27:59.432539, 10] smbd/oplock_linux.c:154(linux_release_kernel_oplock) linux_release_kernel_oplock: file x64/3/cupsps6.dll, file_id = 801:23bab:0 gen_id = 1302153926 has kernel oplock state of 1. [2012/08/30 15:27:59.432685, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 0108000000000000AB3B [2012/08/30 15:27:59.432817, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fd50c0570c0 [2012/08/30 15:27:59.432936, 10] locking/locking.c:663(parse_share_modes) parse_share_modes: owrt: Wed Aug 15 16:54:38 2012 EDT, cwrt: Wed Dec 31 19:00:00 1969 EST, ntok: 0, num_share_modes: 1 [2012/08/30 15:27:59.433076, 10] locking/locking.c:725(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 3054, share_access = 0x1, private_options = 0x0, access_mask = 0x20089, mid = 0x544a, type= 0x3, gen_id = 1302153926, uid = 10000, flags = 0, file_id 801:23bab:0, name_hash = 0x8e4b266b [2012/08/30 15:27:59.433200, 10] locking/locking.c:1657(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0x8e4b266b [2012/08/30 15:27:59.433325, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 0108000000000000AB3B [2012/08/30 15:27:59.433472, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file x64/3/cupsps6.dll = 0 [2012/08/30 15:27:59.433594, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file x64/3/cupsps6.dll [2012/08/30 15:27:59.433792, 2] smbd/close.c:696(close_normal_file) administrator closed file x64/3/cupsps6.dll (numopen=6) NT_STATUS_OK [2012/08/30 15:27:59.433915, 5] smbd/files.c:482(file_free) freed files structure 17780 (7 used) [2012/08/30 15:27:59.434154, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:59.434216, 5] lib/util.c:342(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=2 smb_pid=65279 smb_uid=100 smb_mid=21770 smt_wct=0 smb_bcc=0 [2012/08/30 15:27:59.434987, 10] ../lib/util/util.c:415(dump_data) [2012/08/30 15:27:59.435873, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 122 [2012/08/30 15:27:59.436027, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x7a [2012/08/30 15:27:59.436146, 3] smbd/process.c:1662(process_smb) Transaction 262 of length 126 (0 toread) [2012/08/30 15:27:59.436263, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:59.436327, 5] lib/util.c:342(show_msg) size=122 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=292 smb_uid=100 smb_mid=21834 smt_wct=24 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 9216 (0x2400) smb_vwv[ 3]= 5632 (0x1600) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]=35072 (0x8900) smb_vwv[ 8]= 512 (0x200) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 768 (0x300) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 256 (0x100) smb_vwv[18]= 0 (0x0) smb_vwv[19]= 0 (0x0) smb_vwv[20]= 0 (0x0) smb_vwv[21]= 512 (0x200) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 768 (0x300) smb_bcc=39 [2012/08/30 15:27:59.438704, 10] ../lib/util/util.c:415(dump_data) [0000] 00 5C 00 78 00 36 00 34 00 5C 00 33 00 5C 00 63 .\.x.6.4 .\.3.\.c [0010] 00 75 00 70 00 73 00 70 00 73 00 36 00 2E 00 64 .u.p.s.p .s.6...d [0020] 00 6C 00 6C 00 00 00 .l.l... [2012/08/30 15:27:59.439306, 3] smbd/process.c:1467(switch_message) switch message SMBntcreateX (pid 3054) conn 0x7fd50c011730 [2012/08/30 15:27:59.439427, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/08/30 15:27:59.439583, 10] smbd/nttrans.c:500(reply_ntcreate_and_X) reply_ntcreate_and_X: flags = 0x16, access_mask = 0x20089 file_attributes = 0x0, share_access = 0x3, create_disposition = 0x1 create_options = 0x0 root_dir_fid = 0x0, fname = x64/3/cupsps6.dll [2012/08/30 15:27:59.439707, 5] smbd/filename.c:257(unix_convert) unix_convert called on file "x64/3/cupsps6.dll" [2012/08/30 15:27:59.439829, 10] smbd/statcache.c:283(stat_cache_lookup) stat_cache_lookup: lookup succeeded for name [X64/3/CUPSPS6.DLL] -> [x64/3/cupsps6.dll] [2012/08/30 15:27:59.439953, 3] smbd/vfs.c:905(check_reduced_name) check_reduced_name [x64/3/cupsps6.dll] [/var/lib/samba/printers] [2012/08/30 15:27:59.440082, 10] smbd/vfs.c:969(check_reduced_name) check_reduced_name realpath [x64/3/cupsps6.dll] -> [/var/lib/samba/printers/x64/3/cupsps6.dll] [2012/08/30 15:27:59.440199, 3] smbd/vfs.c:1039(check_reduced_name) check_reduced_name: x64/3/cupsps6.dll reduced to /var/lib/samba/printers/x64/3/cupsps6.dll [2012/08/30 15:27:59.440370, 10] smbd/open.c:3607(create_file_default) create_file: access_mask = 0x20089 file_attributes = 0x0, share_access = 0x3, create_disposition = 0x1 create_options = 0x0 oplock_request = 0x3 private_flags = 0x0 root_dir_fid = 0x0, ea_list = 0x(nil), sd = 0x(nil), fname = x64/3/cupsps6.dll [2012/08/30 15:27:59.440493, 10] smbd/open.c:3127(create_file_unixpath) create_file_unixpath: access_mask = 0x20089 file_attributes = 0x0, share_access = 0x3, create_disposition = 0x1 create_options = 0x0 oplock_request = 0x3 private_flags = 0x0 ea_list = 0x(nil), sd = 0x(nil), fname = x64/3/cupsps6.dll [2012/08/30 15:27:59.440655, 5] smbd/files.c:140(file_new) allocated file structure 13685, fnum = 17781 (8 used) [2012/08/30 15:27:59.440778, 10] smbd/files.c:705(file_name_hash) file_name_hash: /var/lib/samba/printers/x64/3/cupsps6.dll hash 0x8e4b266b [2012/08/30 15:27:59.440891, 3] smbd/dosmode.c:159(unix_mode) unix_mode(x64/3/cupsps6.dll) returning 0744 [2012/08/30 15:27:59.441091, 10] smbd/open.c:1605(open_file_ntcreate) open_file_ntcreate: fname=x64/3/cupsps6.dll, dos_attrs=0x0 access_mask=0x20089 share_access=0x3 create_disposition = 0x1 create_options=0x0 unix mode=0744 oplock_request=3 private_flags = 0x0 [2012/08/30 15:27:59.441212, 8] smbd/dosmode.c:621(dos_mode) dos_mode: x64/3/cupsps6.dll [2012/08/30 15:27:59.441331, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning a [2012/08/30 15:27:59.441470, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning a [2012/08/30 15:27:59.441653, 10] smbd/open.c:1778(open_file_ntcreate) open_file_ntcreate: fname=x64/3/cupsps6.dll, after mapping access_mask=0x20089 [2012/08/30 15:27:59.441814, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 0108000000000000AB3B [2012/08/30 15:27:59.441940, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fd50c0555c0 [2012/08/30 15:27:59.442080, 10] locking/brlock.c:1814(brl_get_locks_internal) brl_get_locks_internal: 0 current locks on file_id 801:23bab:0 [2012/08/30 15:27:59.442200, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 0108000000000000AB3B [2012/08/30 15:27:59.442332, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 0108000000000000AB3B [2012/08/30 15:27:59.442453, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fd50c055800 [2012/08/30 15:27:59.442571, 10] smbd/open.c:1163(grant_fsp_oplock_type) grant_fsp_oplock_type: oplock type 0x3 on file x64/3/cupsps6.dll [2012/08/30 15:27:59.442689, 4] smbd/open.c:2069(open_file_ntcreate) calling open_file with flags=0x0 flags2=0x0 mode=0744, access_mask = 0x20089, open_access_mask = 0x20089 [2012/08/30 15:27:59.444509, 10] smbd/open.c:189(fd_open) fd_open: name x64/3/cupsps6.dll, flags = 00 mode = 0744, fd = 42. [2012/08/30 15:27:59.444673, 2] smbd/open.c:704(open_file) administrator opened file x64/3/cupsps6.dll read=Yes write=No (numopen=7) [2012/08/30 15:27:59.444799, 3] smbd/oplock_linux.c:142(linux_set_kernel_oplock) linux_set_kernel_oplock: got kernel oplock on file x64/3/cupsps6.dll, file_id = 801:23bab:0 gen_id = 1302153927 [2012/08/30 15:27:59.444922, 5] smbd/oplock.c:92(set_file_oplock) set_file_oplock: granted oplock on file x64/3/cupsps6.dll, 801:23bab:0/1302153927, tv_sec = 503fbebf, tv_usec = 6b94d [2012/08/30 15:27:59.445047, 10] locking/locking.c:801(unparse_share_modes) unparse_share_modes: owrt: Wed Aug 15 16:54:38 2012 EDT cwrt: Wed Dec 31 19:00:00 1969 EST, ntok: 0, num: 1 [2012/08/30 15:27:59.445184, 10] locking/locking.c:536(print_share_mode_table) print_share_mode_table: share_mode_entry[0]: pid = 3054, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0x554a, type= 0x3, gen_id = 1302153927, uid = 10000, flags = 0, file_id 801:23bab:0, name_hash = 0x8e4b266b [2012/08/30 15:27:59.445307, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 0108000000000000AB3B [2012/08/30 15:27:59.445440, 10] smbd/open.c:3419(create_file_unixpath) create_file_unixpath: info=1 [2012/08/30 15:27:59.445560, 10] smbd/open.c:3695(create_file_default) create_file: info=1 [2012/08/30 15:27:59.445680, 8] smbd/dosmode.c:621(dos_mode) dos_mode: x64/3/cupsps6.dll [2012/08/30 15:27:59.445798, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning a [2012/08/30 15:27:59.445928, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning a [2012/08/30 15:27:59.446053, 10] locking/locking.c:663(parse_share_modes) parse_share_modes: owrt: Wed Aug 15 16:54:38 2012 EDT, cwrt: Wed Dec 31 19:00:00 1969 EST, ntok: 0, num_share_modes: 1 [2012/08/30 15:27:59.446197, 10] locking/locking.c:725(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 3054, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0x554a, type= 0x3, gen_id = 1302153927, uid = 10000, flags = 0, file_id 801:23bab:0, name_hash = 0x8e4b266b [2012/08/30 15:27:59.446324, 10] smbd/file_access.c:204(can_access_file_data) can_access_file_data: requesting 0x2 on file x64/3/cupsps6.dll [2012/08/30 15:27:59.446443, 5] smbd/nttrans.c:725(reply_ntcreate_and_X) reply_ntcreate_and_X: fnum = 17781, open name = x64/3/cupsps6.dll [2012/08/30 15:27:59.448248, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 41 [2012/08/30 15:27:59.448429, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x29 [2012/08/30 15:27:59.448550, 3] smbd/process.c:1662(process_smb) Transaction 263 of length 45 (0 toread) [2012/08/30 15:27:59.448669, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:59.448727, 5] lib/util.c:342(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=65279 smb_uid=100 smb_mid=21898 smt_wct=3 smb_vwv[ 0]=17781 (0x4575) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2012/08/30 15:27:59.450820, 10] ../lib/util/util.c:415(dump_data) [2012/08/30 15:27:59.450894, 3] smbd/process.c:1467(switch_message) switch message SMBclose (pid 3054) conn 0x7fd50c011730 [2012/08/30 15:27:59.451014, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/08/30 15:27:59.451134, 3] smbd/reply.c:4848(reply_close) close fd=42 fnum=17781 (numopen=7) [2012/08/30 15:27:59.451253, 6] smbd/close.c:532(set_close_write_time) close_write_time: Sun Feb 7 01:28:15 2106 [2012/08/30 15:27:59.451389, 10] smbd/oplock_linux.c:154(linux_release_kernel_oplock) linux_release_kernel_oplock: file x64/3/cupsps6.dll, file_id = 801:23bab:0 gen_id = 1302153927 has kernel oplock state of 1. [2012/08/30 15:27:59.451580, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 0108000000000000AB3B [2012/08/30 15:27:59.451720, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fd50c0570c0 [2012/08/30 15:27:59.451838, 10] locking/locking.c:663(parse_share_modes) parse_share_modes: owrt: Wed Aug 15 16:54:38 2012 EDT, cwrt: Wed Dec 31 19:00:00 1969 EST, ntok: 0, num_share_modes: 1 [2012/08/30 15:27:59.451975, 10] locking/locking.c:725(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 3054, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0x554a, type= 0x3, gen_id = 1302153927, uid = 10000, flags = 0, file_id 801:23bab:0, name_hash = 0x8e4b266b [2012/08/30 15:27:59.452096, 10] locking/locking.c:1657(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0x8e4b266b [2012/08/30 15:27:59.452218, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 0108000000000000AB3B [2012/08/30 15:27:59.452345, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file x64/3/cupsps6.dll = 0 [2012/08/30 15:27:59.452464, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file x64/3/cupsps6.dll [2012/08/30 15:27:59.452609, 2] smbd/close.c:696(close_normal_file) administrator closed file x64/3/cupsps6.dll (numopen=6) NT_STATUS_OK [2012/08/30 15:27:59.452730, 5] smbd/files.c:482(file_free) freed files structure 17781 (7 used) [2012/08/30 15:27:59.452850, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:59.452912, 5] lib/util.c:342(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=2 smb_pid=65279 smb_uid=100 smb_mid=21898 smt_wct=0 smb_bcc=0 [2012/08/30 15:27:59.453682, 10] ../lib/util/util.c:415(dump_data) [2012/08/30 15:27:59.454488, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 122 [2012/08/30 15:27:59.454643, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x7a [2012/08/30 15:27:59.454766, 3] smbd/process.c:1662(process_smb) Transaction 264 of length 126 (0 toread) [2012/08/30 15:27:59.454891, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:59.454952, 5] lib/util.c:342(show_msg) size=122 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=292 smb_uid=100 smb_mid=21962 smt_wct=24 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 9216 (0x2400) smb_vwv[ 3]= 5632 (0x1600) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]=35072 (0x8900) smb_vwv[ 8]= 512 (0x200) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 1280 (0x500) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 256 (0x100) smb_vwv[18]= 0 (0x0) smb_vwv[19]= 1024 (0x400) smb_vwv[20]= 8192 (0x2000) smb_vwv[21]= 512 (0x200) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 768 (0x300) smb_bcc=39 [2012/08/30 15:27:59.457278, 10] ../lib/util/util.c:415(dump_data) [0000] 68 5C 00 78 00 36 00 34 00 5C 00 33 00 5C 00 63 h\.x.6.4 .\.3.\.c [0010] 00 75 00 70 00 73 00 70 00 73 00 36 00 2E 00 64 .u.p.s.p .s.6...d [0020] 00 6C 00 6C 00 00 00 .l.l... [2012/08/30 15:27:59.457565, 3] smbd/process.c:1467(switch_message) switch message SMBntcreateX (pid 3054) conn 0x7fd50c011730 [2012/08/30 15:27:59.457684, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/08/30 15:27:59.457831, 10] smbd/nttrans.c:500(reply_ntcreate_and_X) reply_ntcreate_and_X: flags = 0x16, access_mask = 0x20089 file_attributes = 0x0, share_access = 0x5, create_disposition = 0x1 create_options = 0x200004 root_dir_fid = 0x0, fname = x64/3/cupsps6.dll [2012/08/30 15:27:59.457956, 5] smbd/filename.c:257(unix_convert) unix_convert called on file "x64/3/cupsps6.dll" [2012/08/30 15:27:59.458121, 10] smbd/statcache.c:283(stat_cache_lookup) stat_cache_lookup: lookup succeeded for name [X64/3/CUPSPS6.DLL] -> [x64/3/cupsps6.dll] [2012/08/30 15:27:59.458253, 3] smbd/vfs.c:905(check_reduced_name) check_reduced_name [x64/3/cupsps6.dll] [/var/lib/samba/printers] [2012/08/30 15:27:59.458384, 10] smbd/vfs.c:969(check_reduced_name) check_reduced_name realpath [x64/3/cupsps6.dll] -> [/var/lib/samba/printers/x64/3/cupsps6.dll] [2012/08/30 15:27:59.458502, 3] smbd/vfs.c:1039(check_reduced_name) check_reduced_name: x64/3/cupsps6.dll reduced to /var/lib/samba/printers/x64/3/cupsps6.dll [2012/08/30 15:27:59.458620, 10] smbd/open.c:3607(create_file_default) create_file: access_mask = 0x20089 file_attributes = 0x0, share_access = 0x5, create_disposition = 0x1 create_options = 0x200004 oplock_request = 0x3 private_flags = 0x0 root_dir_fid = 0x0, ea_list = 0x(nil), sd = 0x(nil), fname = x64/3/cupsps6.dll [2012/08/30 15:27:59.458743, 10] smbd/open.c:3127(create_file_unixpath) create_file_unixpath: access_mask = 0x20089 file_attributes = 0x0, share_access = 0x5, create_disposition = 0x1 create_options = 0x200004 oplock_request = 0x3 private_flags = 0x0 ea_list = 0x(nil), sd = 0x(nil), fname = x64/3/cupsps6.dll [2012/08/30 15:27:59.458867, 5] smbd/files.c:140(file_new) allocated file structure 13686, fnum = 17782 (8 used) [2012/08/30 15:27:59.458990, 10] smbd/files.c:705(file_name_hash) file_name_hash: /var/lib/samba/printers/x64/3/cupsps6.dll hash 0x8e4b266b [2012/08/30 15:27:59.459110, 3] smbd/dosmode.c:159(unix_mode) unix_mode(x64/3/cupsps6.dll) returning 0744 [2012/08/30 15:27:59.459229, 10] smbd/open.c:1605(open_file_ntcreate) open_file_ntcreate: fname=x64/3/cupsps6.dll, dos_attrs=0x0 access_mask=0x20089 share_access=0x5 create_disposition = 0x1 create_options=0x200004 unix mode=0744 oplock_request=3 private_flags = 0x0 [2012/08/30 15:27:59.459354, 8] smbd/dosmode.c:621(dos_mode) dos_mode: x64/3/cupsps6.dll [2012/08/30 15:27:59.459476, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning a [2012/08/30 15:27:59.459617, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning a [2012/08/30 15:27:59.459739, 10] smbd/open.c:1778(open_file_ntcreate) open_file_ntcreate: fname=x64/3/cupsps6.dll, after mapping access_mask=0x20089 [2012/08/30 15:27:59.459867, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 0108000000000000AB3B [2012/08/30 15:27:59.459993, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fd50c0555c0 [2012/08/30 15:27:59.460110, 10] locking/brlock.c:1814(brl_get_locks_internal) brl_get_locks_internal: 0 current locks on file_id 801:23bab:0 [2012/08/30 15:27:59.460230, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 0108000000000000AB3B [2012/08/30 15:27:59.460362, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 0108000000000000AB3B [2012/08/30 15:27:59.460487, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fd50c055800 [2012/08/30 15:27:59.460606, 10] smbd/open.c:1163(grant_fsp_oplock_type) grant_fsp_oplock_type: oplock type 0x3 on file x64/3/cupsps6.dll [2012/08/30 15:27:59.460724, 4] smbd/open.c:2069(open_file_ntcreate) calling open_file with flags=0x0 flags2=0x0 mode=0744, access_mask = 0x20089, open_access_mask = 0x20089 [2012/08/30 15:27:59.460852, 10] smbd/open.c:189(fd_open) fd_open: name x64/3/cupsps6.dll, flags = 00 mode = 0744, fd = 42. [2012/08/30 15:27:59.460970, 2] smbd/open.c:704(open_file) administrator opened file x64/3/cupsps6.dll read=Yes write=No (numopen=7) [2012/08/30 15:27:59.461092, 3] smbd/oplock_linux.c:142(linux_set_kernel_oplock) linux_set_kernel_oplock: got kernel oplock on file x64/3/cupsps6.dll, file_id = 801:23bab:0 gen_id = 1302153928 [2012/08/30 15:27:59.461213, 5] smbd/oplock.c:92(set_file_oplock) set_file_oplock: granted oplock on file x64/3/cupsps6.dll, 801:23bab:0/1302153928, tv_sec = 503fbebf, tv_usec = 70072 [2012/08/30 15:27:59.461336, 10] locking/locking.c:801(unparse_share_modes) unparse_share_modes: owrt: Wed Aug 15 16:54:38 2012 EDT cwrt: Wed Dec 31 19:00:00 1969 EST, ntok: 0, num: 1 [2012/08/30 15:27:59.461472, 10] locking/locking.c:536(print_share_mode_table) print_share_mode_table: share_mode_entry[0]: pid = 3054, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0x55ca, type= 0x3, gen_id = 1302153928, uid = 10000, flags = 0, file_id 801:23bab:0, name_hash = 0x8e4b266b [2012/08/30 15:27:59.461761, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 0108000000000000AB3B [2012/08/30 15:27:59.461887, 10] smbd/open.c:3419(create_file_unixpath) create_file_unixpath: info=1 [2012/08/30 15:27:59.462008, 10] smbd/open.c:3695(create_file_default) create_file: info=1 [2012/08/30 15:27:59.462127, 8] smbd/dosmode.c:621(dos_mode) dos_mode: x64/3/cupsps6.dll [2012/08/30 15:27:59.462246, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning a [2012/08/30 15:27:59.462366, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning a [2012/08/30 15:27:59.462492, 10] locking/locking.c:663(parse_share_modes) parse_share_modes: owrt: Wed Aug 15 16:54:38 2012 EDT, cwrt: Wed Dec 31 19:00:00 1969 EST, ntok: 0, num_share_modes: 1 [2012/08/30 15:27:59.462628, 10] locking/locking.c:725(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 3054, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0x55ca, type= 0x3, gen_id = 1302153928, uid = 10000, flags = 0, file_id 801:23bab:0, name_hash = 0x8e4b266b [2012/08/30 15:27:59.462757, 10] smbd/file_access.c:204(can_access_file_data) can_access_file_data: requesting 0x2 on file x64/3/cupsps6.dll [2012/08/30 15:27:59.462879, 5] smbd/nttrans.c:725(reply_ntcreate_and_X) reply_ntcreate_and_X: fnum = 17782, open name = x64/3/cupsps6.dll [2012/08/30 15:27:59.464100, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 86 [2012/08/30 15:27:59.464255, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x56 [2012/08/30 15:27:59.464409, 3] smbd/process.c:1662(process_smb) Transaction 265 of length 90 (0 toread) [2012/08/30 15:27:59.464537, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:59.464599, 5] lib/util.c:342(show_msg) size=86 smb_com=0xa0 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=292 smb_uid=100 smb_mid=22026 smt_wct=23 smb_vwv[ 0]= 4 (0x4) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 512 (0x200) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]=21504 (0x5400) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 512 (0x200) smb_vwv[14]= 0 (0x0) smb_vwv[15]=21504 (0x5400) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 1024 (0x400) smb_vwv[18]= 2 (0x2) smb_vwv[19]= 452 (0x1C4) smb_vwv[20]= 20 (0x14) smb_vwv[21]=17782 (0x4576) smb_vwv[22]= 1 (0x1) smb_bcc=5 [2012/08/30 15:27:59.466737, 10] ../lib/util/util.c:415(dump_data) [0000] 00 00 00 07 16 ..... [2012/08/30 15:27:59.466867, 3] smbd/process.c:1467(switch_message) switch message SMBnttrans (pid 3054) conn 0x7fd50c011730 [2012/08/30 15:27:59.466986, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/08/30 15:27:59.467236, 10] smbd/nttrans.c:3108(reply_nttrans) num_setup=8, param_total=0, this_param=0, max_param=0, data_total=2, this_data=2, max_data=0, param_offset=84, data_offset=84 [2012/08/30 15:27:59.467359, 10] smbd/nttrans.c:3180(reply_nttrans) reply_nttrans: state->setup_count = 8 [2012/08/30 15:27:59.467480, 10] ../lib/util/util.c:415(dump_data) [0000] C4 01 14 00 76 45 01 00 ....vE.. [2012/08/30 15:27:59.467614, 10] smbd/nttrans.c:2481(call_nt_transact_ioctl) call_nt_transact_ioctl: function[0x001401C4] FID[0x4576] isFSctl[0x01] compfilter[0x00] [2012/08/30 15:27:59.467735, 3] smbd/error.c:81(error_packet_set) error packet at smbd/nttrans.c(2514) cmd=160 (SMBnttrans) NT_STATUS_NOT_SUPPORTED [2012/08/30 15:27:59.467861, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:59.467939, 5] lib/util.c:342(show_msg) size=35 smb_com=0xa0 smb_rcls=187 smb_reh=0 smb_err=49152 smb_flg=136 smb_flg2=51203 smb_tid=2 smb_pid=292 smb_uid=100 smb_mid=22026 smt_wct=0 smb_bcc=0 [2012/08/30 15:27:59.468711, 10] ../lib/util/util.c:415(dump_data) [2012/08/30 15:27:59.469252, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 72 [2012/08/30 15:27:59.469385, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x48 [2012/08/30 15:27:59.469503, 3] smbd/process.c:1662(process_smb) Transaction 266 of length 76 (0 toread) [2012/08/30 15:27:59.469636, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:59.469698, 5] lib/util.c:342(show_msg) size=72 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=292 smb_uid=100 smb_mid=22090 smt_wct=15 smb_vwv[ 0]= 4 (0x4) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 2 (0x2) smb_vwv[ 3]= 24 (0x18) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 4 (0x4) smb_vwv[10]= 68 (0x44) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 1 (0x1) smb_vwv[14]= 7 (0x7) smb_bcc=7 [2012/08/30 15:27:59.471326, 10] ../lib/util/util.c:415(dump_data) [0000] 00 00 00 76 45 ED 03 ...vE.. [2012/08/30 15:27:59.471455, 3] smbd/process.c:1467(switch_message) switch message SMBtrans2 (pid 3054) conn 0x7fd50c011730 [2012/08/30 15:27:59.471624, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/08/30 15:27:59.471745, 3] smbd/trans2.c:5026(call_trans2qfilepathinfo) call_trans2qfilepathinfo: TRANSACT2_QFILEINFO: level = 1005 [2012/08/30 15:27:59.471884, 10] locking/locking.c:663(parse_share_modes) parse_share_modes: owrt: Wed Aug 15 16:54:38 2012 EDT, cwrt: Wed Dec 31 19:00:00 1969 EST, ntok: 0, num_share_modes: 1 [2012/08/30 15:27:59.472046, 10] locking/locking.c:725(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 3054, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0x55ca, type= 0x3, gen_id = 1302153928, uid = 10000, flags = 0, file_id 801:23bab:0, name_hash = 0x8e4b266b [2012/08/30 15:27:59.472166, 10] locking/locking.c:1657(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0x8e4b266b [2012/08/30 15:27:59.472285, 3] smbd/trans2.c:5255(call_trans2qfilepathinfo) call_trans2qfilepathinfo x64/3/cupsps6.dll (fnum = 17782) level=1005 call=7 total_data=0 [2012/08/30 15:27:59.472404, 5] smbd/trans2.c:4223(smbd_do_qfilepathinfo) smbd_do_qfilepathinfo: x64/3/cupsps6.dll (fnum = 17782) level=1005 max_data=24 [2012/08/30 15:27:59.472523, 8] smbd/dosmode.c:621(dos_mode) dos_mode: x64/3/cupsps6.dll [2012/08/30 15:27:59.472641, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning a [2012/08/30 15:27:59.472759, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning a [2012/08/30 15:27:59.472881, 10] smbd/trans2.c:4473(smbd_do_qfilepathinfo) smbd_do_qfilepathinfo: SMB_FILE_STANDARD_INFORMATION [2012/08/30 15:27:59.473004, 9] smbd/trans2.c:935(send_trans2_replies) t2_rep: params_sent_thistime = 2, data_sent_thistime = 24, useable_space = 131010 [2012/08/30 15:27:59.473123, 9] smbd/trans2.c:937(send_trans2_replies) t2_rep: params_to_send = 2, data_to_send = 24, paramsize = 2, datasize = 24 [2012/08/30 15:27:59.473240, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:59.473302, 5] lib/util.c:342(show_msg) size=84 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=2 smb_pid=292 smb_uid=100 smb_mid=22090 smt_wct=10 smb_vwv[ 0]= 2 (0x2) smb_vwv[ 1]= 24 (0x18) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 2 (0x2) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 24 (0x18) smb_vwv[ 7]= 60 (0x3C) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=29 [2012/08/30 15:27:59.474811, 10] ../lib/util/util.c:415(dump_data) [0000] 00 00 00 00 00 00 00 10 00 00 00 00 00 00 44 00 ........ ......D. [0010] 00 00 00 00 00 01 00 00 00 00 00 00 00 ........ ..... [2012/08/30 15:27:59.475983, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 72 [2012/08/30 15:27:59.476150, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x48 [2012/08/30 15:27:59.476270, 3] smbd/process.c:1662(process_smb) Transaction 267 of length 76 (0 toread) [2012/08/30 15:27:59.476388, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:59.476449, 5] lib/util.c:342(show_msg) size=72 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=292 smb_uid=100 smb_mid=22154 smt_wct=15 smb_vwv[ 0]= 4 (0x4) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 2 (0x2) smb_vwv[ 3]= 40 (0x28) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 4 (0x4) smb_vwv[10]= 68 (0x44) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 1 (0x1) smb_vwv[14]= 7 (0x7) smb_bcc=7 [2012/08/30 15:27:59.479241, 10] ../lib/util/util.c:415(dump_data) [0000] 00 00 00 76 45 EC 03 ...vE.. [2012/08/30 15:27:59.479396, 3] smbd/process.c:1467(switch_message) switch message SMBtrans2 (pid 3054) conn 0x7fd50c011730 [2012/08/30 15:27:59.479586, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/08/30 15:27:59.479721, 3] smbd/trans2.c:5026(call_trans2qfilepathinfo) call_trans2qfilepathinfo: TRANSACT2_QFILEINFO: level = 1004 [2012/08/30 15:27:59.479862, 10] locking/locking.c:663(parse_share_modes) parse_share_modes: owrt: Wed Aug 15 16:54:38 2012 EDT, cwrt: Wed Dec 31 19:00:00 1969 EST, ntok: 0, num_share_modes: 1 [2012/08/30 15:27:59.480002, 10] locking/locking.c:725(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 3054, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0x55ca, type= 0x3, gen_id = 1302153928, uid = 10000, flags = 0, file_id 801:23bab:0, name_hash = 0x8e4b266b [2012/08/30 15:27:59.480488, 10] locking/locking.c:1657(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0x8e4b266b [2012/08/30 15:27:59.480608, 3] smbd/trans2.c:5255(call_trans2qfilepathinfo) call_trans2qfilepathinfo x64/3/cupsps6.dll (fnum = 17782) level=1004 call=7 total_data=0 [2012/08/30 15:27:59.480729, 5] smbd/trans2.c:4223(smbd_do_qfilepathinfo) smbd_do_qfilepathinfo: x64/3/cupsps6.dll (fnum = 17782) level=1004 max_data=40 [2012/08/30 15:27:59.480847, 8] smbd/dosmode.c:621(dos_mode) dos_mode: x64/3/cupsps6.dll [2012/08/30 15:27:59.480984, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning a [2012/08/30 15:27:59.481103, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning a [2012/08/30 15:27:59.481225, 10] smbd/trans2.c:4452(smbd_do_qfilepathinfo) smbd_do_qfilepathinfo: SMB_FILE_BASIC_INFORMATION [2012/08/30 15:27:59.481343, 5] smbd/trans2.c:4462(smbd_do_qfilepathinfo) SMB_QFBI - create: Wed Aug 15 16:54:38 2012 access: Thu Aug 30 15:15:20 2012 write: Wed Aug 15 16:54:38 2012 change: Wed Aug 15 16:54:38 2012 mode: 20 [2012/08/30 15:27:59.481718, 9] smbd/trans2.c:935(send_trans2_replies) t2_rep: params_sent_thistime = 2, data_sent_thistime = 40, useable_space = 131010 [2012/08/30 15:27:59.481836, 9] smbd/trans2.c:937(send_trans2_replies) t2_rep: params_to_send = 2, data_to_send = 40, paramsize = 2, datasize = 40 [2012/08/30 15:27:59.481958, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:59.482019, 5] lib/util.c:342(show_msg) size=100 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=2 smb_pid=292 smb_uid=100 smb_mid=22154 smt_wct=10 smb_vwv[ 0]= 2 (0x2) smb_vwv[ 1]= 40 (0x28) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 2 (0x2) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 40 (0x28) smb_vwv[ 7]= 60 (0x3C) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=45 [2012/08/30 15:27:59.483346, 10] ../lib/util/util.c:415(dump_data) [0000] 00 00 00 00 00 9E A4 D2 2E 28 7B CD 01 68 FE 25 ........ .({..h.% [0010] CC E3 86 CD 01 9E A4 D2 2E 28 7B CD 01 9E A4 D2 ........ .({..... [0020] 2E 28 7B CD 01 20 00 00 00 00 00 00 00 .({.. .. ..... [2012/08/30 15:27:59.484371, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 72 [2012/08/30 15:27:59.484516, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x48 [2012/08/30 15:27:59.484652, 3] smbd/process.c:1662(process_smb) Transaction 268 of length 76 (0 toread) [2012/08/30 15:27:59.484770, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:59.484832, 5] lib/util.c:342(show_msg) size=72 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=292 smb_uid=100 smb_mid=22218 smt_wct=15 smb_vwv[ 0]= 4 (0x4) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 2 (0x2) smb_vwv[ 3]= 4094 (0xFFE) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 4 (0x4) smb_vwv[10]= 68 (0x44) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 1 (0x1) smb_vwv[14]= 7 (0x7) smb_bcc=7 [2012/08/30 15:27:59.486637, 10] ../lib/util/util.c:415(dump_data) [0000] 00 00 00 76 45 FE 03 ...vE.. [2012/08/30 15:27:59.486765, 3] smbd/process.c:1467(switch_message) switch message SMBtrans2 (pid 3054) conn 0x7fd50c011730 [2012/08/30 15:27:59.486884, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/08/30 15:27:59.487005, 3] smbd/trans2.c:5026(call_trans2qfilepathinfo) call_trans2qfilepathinfo: TRANSACT2_QFILEINFO: level = 1022 [2012/08/30 15:27:59.487345, 10] locking/locking.c:663(parse_share_modes) parse_share_modes: owrt: Wed Aug 15 16:54:38 2012 EDT, cwrt: Wed Dec 31 19:00:00 1969 EST, ntok: 0, num_share_modes: 1 [2012/08/30 15:27:59.487558, 10] locking/locking.c:725(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 3054, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0x55ca, type= 0x3, gen_id = 1302153928, uid = 10000, flags = 0, file_id 801:23bab:0, name_hash = 0x8e4b266b [2012/08/30 15:27:59.487689, 10] locking/locking.c:1657(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0x8e4b266b [2012/08/30 15:27:59.487839, 3] smbd/trans2.c:5255(call_trans2qfilepathinfo) call_trans2qfilepathinfo x64/3/cupsps6.dll (fnum = 17782) level=1022 call=7 total_data=0 [2012/08/30 15:27:59.487959, 5] smbd/trans2.c:4223(smbd_do_qfilepathinfo) smbd_do_qfilepathinfo: x64/3/cupsps6.dll (fnum = 17782) level=1022 max_data=4094 [2012/08/30 15:27:59.488109, 8] smbd/dosmode.c:621(dos_mode) dos_mode: x64/3/cupsps6.dll [2012/08/30 15:27:59.488227, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning a [2012/08/30 15:27:59.488345, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning a [2012/08/30 15:27:59.488484, 10] smbd/trans2.c:4675(smbd_do_qfilepathinfo) smbd_do_qfilepathinfo: SMB_FILE_STREAM_INFORMATION [2012/08/30 15:27:59.488608, 9] smbd/trans2.c:935(send_trans2_replies) t2_rep: params_sent_thistime = 2, data_sent_thistime = 38, useable_space = 131010 [2012/08/30 15:27:59.488726, 9] smbd/trans2.c:937(send_trans2_replies) t2_rep: params_to_send = 2, data_to_send = 38, paramsize = 2, datasize = 38 [2012/08/30 15:27:59.488873, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:59.488934, 5] lib/util.c:342(show_msg) size=98 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=2 smb_pid=292 smb_uid=100 smb_mid=22218 smt_wct=10 smb_vwv[ 0]= 2 (0x2) smb_vwv[ 1]= 38 (0x26) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 2 (0x2) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 38 (0x26) smb_vwv[ 7]= 60 (0x3C) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=43 [2012/08/30 15:27:59.490414, 10] ../lib/util/util.c:415(dump_data) [0000] 00 00 00 00 00 00 00 00 00 0E 00 00 00 00 44 00 ........ ......D. [0010] 00 00 00 00 00 00 00 10 00 00 00 00 00 3A 00 3A ........ .....:.: [0020] 00 24 00 44 00 41 00 54 00 41 00 .$.D.A.T .A. [2012/08/30 15:27:59.491222, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 72 [2012/08/30 15:27:59.491366, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x48 [2012/08/30 15:27:59.491484, 3] smbd/process.c:1662(process_smb) Transaction 269 of length 76 (0 toread) [2012/08/30 15:27:59.491611, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:59.491673, 5] lib/util.c:342(show_msg) size=72 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=292 smb_uid=100 smb_mid=22282 smt_wct=15 smb_vwv[ 0]= 4 (0x4) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 2 (0x2) smb_vwv[ 3]= 40 (0x28) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 4 (0x4) smb_vwv[10]= 68 (0x44) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 1 (0x1) smb_vwv[14]= 7 (0x7) smb_bcc=7 [2012/08/30 15:27:59.493405, 10] ../lib/util/util.c:415(dump_data) [0000] 00 00 00 76 45 EC 03 ...vE.. [2012/08/30 15:27:59.493536, 3] smbd/process.c:1467(switch_message) switch message SMBtrans2 (pid 3054) conn 0x7fd50c011730 [2012/08/30 15:27:59.493659, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/08/30 15:27:59.493781, 3] smbd/trans2.c:5026(call_trans2qfilepathinfo) call_trans2qfilepathinfo: TRANSACT2_QFILEINFO: level = 1004 [2012/08/30 15:27:59.493915, 10] locking/locking.c:663(parse_share_modes) parse_share_modes: owrt: Wed Aug 15 16:54:38 2012 EDT, cwrt: Wed Dec 31 19:00:00 1969 EST, ntok: 0, num_share_modes: 1 [2012/08/30 15:27:59.494061, 10] locking/locking.c:725(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 3054, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0x55ca, type= 0x3, gen_id = 1302153928, uid = 10000, flags = 0, file_id 801:23bab:0, name_hash = 0x8e4b266b [2012/08/30 15:27:59.494182, 10] locking/locking.c:1657(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0x8e4b266b [2012/08/30 15:27:59.494301, 3] smbd/trans2.c:5255(call_trans2qfilepathinfo) call_trans2qfilepathinfo x64/3/cupsps6.dll (fnum = 17782) level=1004 call=7 total_data=0 [2012/08/30 15:27:59.494423, 5] smbd/trans2.c:4223(smbd_do_qfilepathinfo) smbd_do_qfilepathinfo: x64/3/cupsps6.dll (fnum = 17782) level=1004 max_data=40 [2012/08/30 15:27:59.494542, 8] smbd/dosmode.c:621(dos_mode) dos_mode: x64/3/cupsps6.dll [2012/08/30 15:27:59.494666, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning a [2012/08/30 15:27:59.494785, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning a [2012/08/30 15:27:59.494909, 10] smbd/trans2.c:4452(smbd_do_qfilepathinfo) smbd_do_qfilepathinfo: SMB_FILE_BASIC_INFORMATION [2012/08/30 15:27:59.495029, 5] smbd/trans2.c:4462(smbd_do_qfilepathinfo) SMB_QFBI - create: Wed Aug 15 16:54:38 2012 access: Thu Aug 30 15:15:20 2012 write: Wed Aug 15 16:54:38 2012 change: Wed Aug 15 16:54:38 2012 mode: 20 [2012/08/30 15:27:59.495391, 9] smbd/trans2.c:935(send_trans2_replies) t2_rep: params_sent_thistime = 2, data_sent_thistime = 40, useable_space = 131010 [2012/08/30 15:27:59.495552, 9] smbd/trans2.c:937(send_trans2_replies) t2_rep: params_to_send = 2, data_to_send = 40, paramsize = 2, datasize = 40 [2012/08/30 15:27:59.495695, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:59.495757, 5] lib/util.c:342(show_msg) size=100 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=2 smb_pid=292 smb_uid=100 smb_mid=22282 smt_wct=10 smb_vwv[ 0]= 2 (0x2) smb_vwv[ 1]= 40 (0x28) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 2 (0x2) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 40 (0x28) smb_vwv[ 7]= 60 (0x3C) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=45 [2012/08/30 15:27:59.497251, 10] ../lib/util/util.c:415(dump_data) [0000] 00 00 00 00 00 9E A4 D2 2E 28 7B CD 01 68 FE 25 ........ .({..h.% [0010] CC E3 86 CD 01 9E A4 D2 2E 28 7B CD 01 9E A4 D2 ........ .({..... [0020] 2E 28 7B CD 01 20 00 00 00 00 00 00 00 .({.. .. ..... [2012/08/30 15:27:59.498790, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 70 [2012/08/30 15:27:59.498947, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x46 [2012/08/30 15:27:59.499068, 3] smbd/process.c:1662(process_smb) Transaction 270 of length 74 (0 toread) [2012/08/30 15:27:59.499187, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:59.499249, 5] lib/util.c:342(show_msg) size=70 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=292 smb_uid=100 smb_mid=22346 smt_wct=15 smb_vwv[ 0]= 2 (0x2) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 560 (0x230) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 2 (0x2) smb_vwv[10]= 68 (0x44) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 1 (0x1) smb_vwv[14]= 3 (0x3) smb_bcc=5 [2012/08/30 15:27:59.502201, 10] ../lib/util/util.c:415(dump_data) [0000] 00 00 00 05 01 ..... [2012/08/30 15:27:59.502335, 3] smbd/process.c:1467(switch_message) switch message SMBtrans2 (pid 3054) conn 0x7fd50c011730 [2012/08/30 15:27:59.502455, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/08/30 15:27:59.502577, 3] smbd/trans2.c:3507(call_trans2qfsinfo) call_trans2qfsinfo: level = 261 [2012/08/30 15:27:59.502712, 3] smbd/trans2.c:2945(smbd_do_qfsinfo) smbd_do_qfsinfo: level = 261 [2012/08/30 15:27:59.502845, 9] smbd/trans2.c:935(send_trans2_replies) t2_rep: params_sent_thistime = 0, data_sent_thistime = 20, useable_space = 131012 [2012/08/30 15:27:59.502962, 9] smbd/trans2.c:937(send_trans2_replies) t2_rep: params_to_send = 0, data_to_send = 20, paramsize = 0, datasize = 20 [2012/08/30 15:27:59.503080, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:59.503141, 5] lib/util.c:342(show_msg) size=76 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=2 smb_pid=292 smb_uid=100 smb_mid=22346 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 20 (0x14) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 20 (0x14) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=21 [2012/08/30 15:27:59.504525, 10] ../lib/util/util.c:415(dump_data) [0000] 00 2F 00 01 00 FF 00 00 00 08 00 00 00 4E 00 54 ./...... .....N.T [0010] 00 46 00 53 00 .F.S. [2012/08/30 15:27:59.504838, 4] smbd/trans2.c:3523(call_trans2qfsinfo) SMBtrans2 info_level = 261 [2012/08/30 15:27:59.505908, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 59 [2012/08/30 15:27:59.506376, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x3b [2012/08/30 15:27:59.506499, 3] smbd/process.c:1662(process_smb) Transaction 271 of length 63 (0 toread) [2012/08/30 15:27:59.506618, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:59.506700, 5] lib/util.c:342(show_msg) size=59 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=65279 smb_uid=100 smb_mid=22410 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]=17782 (0x4576) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]=17408 (0x4400) smb_vwv[ 6]=17408 (0x4400) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]=17408 (0x4400) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=0 [2012/08/30 15:27:59.508242, 10] ../lib/util/util.c:415(dump_data) [2012/08/30 15:27:59.508469, 3] smbd/process.c:1467(switch_message) switch message SMBreadX (pid 3054) conn 0x7fd50c011730 [2012/08/30 15:27:59.508592, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/08/30 15:27:59.508719, 10] locking/locking.c:121(strict_lock_default) is_locked: optimisation - exclusive oplock on file x64/3/cupsps6.dll [2012/08/30 15:27:59.508859, 10] locking/locking.c:163(strict_lock_default) strict_lock_default: flavour = WINDOWS_LOCK brl start=0 len=17408 unlocked for fnum 17782 file x64/3/cupsps6.dll [2012/08/30 15:27:59.511704, 10] smbd/fileio.c:109(read_file) read_file (x64/3/cupsps6.dll): pos = 0, size = 17408, returned 17408 [2012/08/30 15:27:59.511840, 3] smbd/reply.c:3702(send_file_readX) send_file_readX fnum=17782 max=17408 nread=17408 [2012/08/30 15:27:59.515296, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 118 [2012/08/30 15:27:59.515481, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x76 [2012/08/30 15:27:59.515615, 3] smbd/process.c:1662(process_smb) Transaction 272 of length 122 (0 toread) [2012/08/30 15:27:59.515753, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:59.515815, 5] lib/util.c:342(show_msg) size=118 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=292 smb_uid=100 smb_mid=22474 smt_wct=15 smb_vwv[ 0]= 50 (0x32) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 10 (0xA) smb_vwv[ 3]=16384 (0x4000) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 50 (0x32) smb_vwv[10]= 68 (0x44) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 1 (0x1) smb_vwv[14]= 1 (0x1) smb_bcc=53 [2012/08/30 15:27:59.517442, 10] ../lib/util/util.c:415(dump_data) [0000] 00 00 00 16 00 56 05 07 00 04 01 00 00 00 00 5C .....V.. .......\ [0010] 00 78 00 36 00 34 00 5C 00 33 00 5C 00 63 00 75 .x.6.4.\ .3.\.c.u [0020] 00 70 00 73 00 75 00 69 00 36 00 2E 00 64 00 6C .p.s.u.i .6...d.l [0030] 00 6C 00 00 00 .l... [2012/08/30 15:27:59.517800, 3] smbd/process.c:1467(switch_message) switch message SMBtrans2 (pid 3054) conn 0x7fd50c011730 [2012/08/30 15:27:59.519706, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/08/30 15:27:59.519847, 3] smbd/trans2.c:2286(call_trans2findfirst) call_trans2findfirst: dirtype = 16, maxentries = 1366, close_after_first=1, close_if_end = 1 requires_resume_key = 1 level = 0x104, max_data_bytes = 16384 [2012/08/30 15:27:59.519976, 5] smbd/filename.c:257(unix_convert) unix_convert called on file "x64/3/cupsui6.dll" [2012/08/30 15:27:59.520103, 10] smbd/statcache.c:244(stat_cache_lookup) stat_cache_lookup: lookup failed for name [X64/3/CUPSUI6.DLL] [2012/08/30 15:27:59.520244, 10] smbd/statcache.c:283(stat_cache_lookup) stat_cache_lookup: lookup succeeded for name [X64/3] -> [x64/3] [2012/08/30 15:27:59.520369, 5] smbd/filename.c:416(unix_convert) unix_convert begin: name = x64/3/cupsui6.dll, dirpath = x64/3, start = cupsui6.dll [2012/08/30 15:27:59.520493, 5] smbd/statcache.c:143(stat_cache_add) stat_cache_add: Added entry (7fd50c057150:size 11) X64/3/CUPSUI6.DLL -> x64/3/cupsui6.dll [2012/08/30 15:27:59.520611, 5] smbd/filename.c:439(unix_convert) conversion of base_name finished x64/3/cupsui6.dll -> x64/3/cupsui6.dll [2012/08/30 15:27:59.520729, 3] smbd/vfs.c:905(check_reduced_name) check_reduced_name [x64/3/cupsui6.dll] [/var/lib/samba/printers] [2012/08/30 15:27:59.520859, 10] smbd/vfs.c:969(check_reduced_name) check_reduced_name realpath [x64/3/cupsui6.dll] -> [/var/lib/samba/printers/x64/3/cupsui6.dll] [2012/08/30 15:27:59.520977, 3] smbd/vfs.c:1039(check_reduced_name) check_reduced_name: x64/3/cupsui6.dll reduced to /var/lib/samba/printers/x64/3/cupsui6.dll [2012/08/30 15:27:59.521095, 5] smbd/trans2.c:2371(call_trans2findfirst) dir=x64/3, mask = cupsui6.dll [2012/08/30 15:27:59.521231, 5] smbd/dir.c:439(dptr_create) dptr_create dir=x64/3 [2012/08/30 15:27:59.521519, 3] smbd/vfs.c:905(check_reduced_name) check_reduced_name [x64/3] [/var/lib/samba/printers] [2012/08/30 15:27:59.521644, 10] smbd/vfs.c:969(check_reduced_name) check_reduced_name realpath [x64/3] -> [/var/lib/samba/printers/x64/3] [2012/08/30 15:27:59.521762, 3] smbd/vfs.c:1039(check_reduced_name) check_reduced_name: x64/3 reduced to /var/lib/samba/printers/x64/3 [2012/08/30 15:27:59.521928, 3] smbd/dir.c:578(dptr_create) creating new dirptr 256 for path x64/3, expect_close = 1 [2012/08/30 15:27:59.522046, 4] smbd/trans2.c:2439(call_trans2findfirst) dptr_num is 256, wcard = cupsui6.dll, attr = 22 [2012/08/30 15:27:59.522164, 8] smbd/trans2.c:2448(call_trans2findfirst) dirpath= dontdescend=<> [2012/08/30 15:27:59.522412, 6] smbd/dir.c:969(smbd_dirptr_get_entry) smbd_dirptr_get_entry: dirptr 0x7fd50c029190 now at offset -1 [2012/08/30 15:27:59.522542, 8] smbd/dosmode.c:621(dos_mode) dos_mode: x64/3/cupsui6.dll [2012/08/30 15:27:59.522664, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning a [2012/08/30 15:27:59.522783, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning a [2012/08/30 15:27:59.522935, 10] locking/locking.c:1026(fetch_share_mode_unlocked) fetch_share_mode_unlocked: no share_mode record around (file not open) [2012/08/30 15:27:59.523053, 3] smbd/dir.c:1041(smbd_dirptr_get_entry) smbd_dirptr_get_entry mask=[cupsui6.dll] found x64/3/cupsui6.dll fname=cupsui6.dll (cupsui6.dll) [2012/08/30 15:27:59.523178, 10] smbd/trans2.c:1572(smbd_marshall_dir_entry) smbd_marshall_dir_entry: space_remaining = 16384 [2012/08/30 15:27:59.523296, 10] smbd/trans2.c:1721(smbd_marshall_dir_entry) smbd_marshall_dir_entry: SMB_FIND_FILE_BOTH_DIRECTORY_INFO [2012/08/30 15:27:59.523427, 5] smbd/trans2.c:2505(call_trans2findfirst) call_trans2findfirst - (2) closing dptr_num 256 [2012/08/30 15:27:59.523621, 4] smbd/dir.c:257(dptr_close_internal) closing dptr key 256 [2012/08/30 15:27:59.523748, 9] smbd/trans2.c:935(send_trans2_replies) t2_rep: params_sent_thistime = 10, data_sent_thistime = 116, useable_space = 131010 [2012/08/30 15:27:59.523867, 9] smbd/trans2.c:937(send_trans2_replies) t2_rep: params_to_send = 10, data_to_send = 116, paramsize = 10, datasize = 116 [2012/08/30 15:27:59.523985, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:59.524047, 5] lib/util.c:342(show_msg) size=184 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=2 smb_pid=292 smb_uid=100 smb_mid=22474 smt_wct=10 smb_vwv[ 0]= 10 (0xA) smb_vwv[ 1]= 116 (0x74) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 10 (0xA) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 116 (0x74) smb_vwv[ 7]= 68 (0x44) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=129 [2012/08/30 15:27:59.525442, 10] ../lib/util/util.c:415(dump_data) [0000] 00 FD FF 01 00 01 00 00 00 00 00 00 00 74 00 00 ........ .....t.. [0010] 00 00 00 00 00 1B FE D3 2E 28 7B CD 01 68 FE 25 ........ .({..h.% [0020] CC E3 86 CD 01 1B FE D3 2E 28 7B CD 01 1B FE D3 ........ .({..... [0030] 2E 28 7B CD 01 00 4C 00 00 00 00 00 00 00 00 10 .({...L. ........ [0040] 00 00 00 00 00 20 00 00 00 16 00 00 00 00 00 00 ..... .. ........ [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0060] 00 00 00 00 00 00 00 00 00 00 00 63 00 75 00 70 ........ ...c.u.p [0070] 00 73 00 75 00 69 00 36 00 2E 00 64 00 6C 00 6C .s.u.i.6 ...d.l.l [0080] 00 . [2012/08/30 15:27:59.533190, 4] smbd/trans2.c:2549(call_trans2findfirst) SMBtrans2 mask=cupsui6.dll directory=x64/3 dirtype=22 numentries=1 [2012/08/30 15:27:59.533840, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 118 [2012/08/30 15:27:59.533972, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x76 [2012/08/30 15:27:59.534091, 3] smbd/process.c:1662(process_smb) Transaction 273 of length 122 (0 toread) [2012/08/30 15:27:59.534209, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:59.534270, 5] lib/util.c:342(show_msg) size=118 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=292 smb_uid=100 smb_mid=22538 smt_wct=15 smb_vwv[ 0]= 50 (0x32) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 10 (0xA) smb_vwv[ 3]=16384 (0x4000) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 50 (0x32) smb_vwv[10]= 68 (0x44) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 1 (0x1) smb_vwv[14]= 1 (0x1) smb_bcc=53 [2012/08/30 15:27:59.536681, 10] ../lib/util/util.c:415(dump_data) [0000] 00 00 00 16 00 56 05 07 00 04 01 00 00 00 00 5C .....V.. .......\ [0010] 00 78 00 36 00 34 00 5C 00 33 00 5C 00 63 00 75 .x.6.4.\ .3.\.c.u [0020] 00 70 00 73 00 75 00 69 00 36 00 2E 00 64 00 6C .p.s.u.i .6...d.l [0030] 00 6C 00 00 00 .l... [2012/08/30 15:27:59.537017, 3] smbd/process.c:1467(switch_message) switch message SMBtrans2 (pid 3054) conn 0x7fd50c011730 [2012/08/30 15:27:59.537136, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/08/30 15:27:59.537260, 3] smbd/trans2.c:2286(call_trans2findfirst) call_trans2findfirst: dirtype = 16, maxentries = 1366, close_after_first=1, close_if_end = 1 requires_resume_key = 1 level = 0x104, max_data_bytes = 16384 [2012/08/30 15:27:59.537387, 5] smbd/filename.c:257(unix_convert) unix_convert called on file "x64/3/cupsui6.dll" [2012/08/30 15:27:59.537509, 10] smbd/statcache.c:283(stat_cache_lookup) stat_cache_lookup: lookup succeeded for name [X64/3/CUPSUI6.DLL] -> [x64/3/cupsui6.dll] [2012/08/30 15:27:59.537643, 3] smbd/vfs.c:905(check_reduced_name) check_reduced_name [x64/3/cupsui6.dll] [/var/lib/samba/printers] [2012/08/30 15:27:59.537773, 10] smbd/vfs.c:969(check_reduced_name) check_reduced_name realpath [x64/3/cupsui6.dll] -> [/var/lib/samba/printers/x64/3/cupsui6.dll] [2012/08/30 15:27:59.537941, 3] smbd/vfs.c:1039(check_reduced_name) check_reduced_name: x64/3/cupsui6.dll reduced to /var/lib/samba/printers/x64/3/cupsui6.dll [2012/08/30 15:27:59.538060, 5] smbd/trans2.c:2371(call_trans2findfirst) dir=x64/3, mask = cupsui6.dll [2012/08/30 15:27:59.538235, 5] smbd/dir.c:439(dptr_create) dptr_create dir=x64/3 [2012/08/30 15:27:59.538354, 3] smbd/vfs.c:905(check_reduced_name) check_reduced_name [x64/3] [/var/lib/samba/printers] [2012/08/30 15:27:59.538479, 10] smbd/vfs.c:969(check_reduced_name) check_reduced_name realpath [x64/3] -> [/var/lib/samba/printers/x64/3] [2012/08/30 15:27:59.538597, 3] smbd/vfs.c:1039(check_reduced_name) check_reduced_name: x64/3 reduced to /var/lib/samba/printers/x64/3 [2012/08/30 15:27:59.538726, 3] smbd/dir.c:578(dptr_create) creating new dirptr 256 for path x64/3, expect_close = 1 [2012/08/30 15:27:59.538844, 4] smbd/trans2.c:2439(call_trans2findfirst) dptr_num is 256, wcard = cupsui6.dll, attr = 22 [2012/08/30 15:27:59.538963, 8] smbd/trans2.c:2448(call_trans2findfirst) dirpath= dontdescend=<> [2012/08/30 15:27:59.539095, 6] smbd/dir.c:969(smbd_dirptr_get_entry) smbd_dirptr_get_entry: dirptr 0x7fd50c014be0 now at offset -1 [2012/08/30 15:27:59.539216, 8] smbd/dosmode.c:621(dos_mode) dos_mode: x64/3/cupsui6.dll [2012/08/30 15:27:59.539451, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning a [2012/08/30 15:27:59.539618, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning a [2012/08/30 15:27:59.539752, 10] locking/locking.c:1026(fetch_share_mode_unlocked) fetch_share_mode_unlocked: no share_mode record around (file not open) [2012/08/30 15:27:59.539871, 3] smbd/dir.c:1041(smbd_dirptr_get_entry) smbd_dirptr_get_entry mask=[cupsui6.dll] found x64/3/cupsui6.dll fname=cupsui6.dll (cupsui6.dll) [2012/08/30 15:27:59.539995, 10] smbd/trans2.c:1572(smbd_marshall_dir_entry) smbd_marshall_dir_entry: space_remaining = 16384 [2012/08/30 15:27:59.540126, 10] smbd/trans2.c:1721(smbd_marshall_dir_entry) smbd_marshall_dir_entry: SMB_FIND_FILE_BOTH_DIRECTORY_INFO [2012/08/30 15:27:59.540254, 5] smbd/trans2.c:2505(call_trans2findfirst) call_trans2findfirst - (2) closing dptr_num 256 [2012/08/30 15:27:59.540373, 4] smbd/dir.c:257(dptr_close_internal) closing dptr key 256 [2012/08/30 15:27:59.540500, 9] smbd/trans2.c:935(send_trans2_replies) t2_rep: params_sent_thistime = 10, data_sent_thistime = 116, useable_space = 131010 [2012/08/30 15:27:59.540620, 9] smbd/trans2.c:937(send_trans2_replies) t2_rep: params_to_send = 10, data_to_send = 116, paramsize = 10, datasize = 116 [2012/08/30 15:27:59.540738, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:59.540800, 5] lib/util.c:342(show_msg) size=184 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=2 smb_pid=292 smb_uid=100 smb_mid=22538 smt_wct=10 smb_vwv[ 0]= 10 (0xA) smb_vwv[ 1]= 116 (0x74) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 10 (0xA) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 116 (0x74) smb_vwv[ 7]= 68 (0x44) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=129 [2012/08/30 15:27:59.542353, 10] ../lib/util/util.c:415(dump_data) [0000] 00 FD FF 01 00 01 00 00 00 00 00 00 00 74 00 00 ........ .....t.. [0010] 00 00 00 00 00 1B FE D3 2E 28 7B CD 01 68 FE 25 ........ .({..h.% [0020] CC E3 86 CD 01 1B FE D3 2E 28 7B CD 01 1B FE D3 ........ .({..... [0030] 2E 28 7B CD 01 00 4C 00 00 00 00 00 00 00 00 10 .({...L. ........ [0040] 00 00 00 00 00 20 00 00 00 16 00 00 00 00 00 00 ..... .. ........ [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0060] 00 00 00 00 00 00 00 00 00 00 00 63 00 75 00 70 ........ ...c.u.p [0070] 00 73 00 75 00 69 00 36 00 2E 00 64 00 6C 00 6C .s.u.i.6 ...d.l.l [0080] 00 . [2012/08/30 15:27:59.543177, 4] smbd/trans2.c:2549(call_trans2findfirst) SMBtrans2 mask=cupsui6.dll directory=x64/3 dirtype=22 numentries=1 [2012/08/30 15:27:59.544787, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 122 [2012/08/30 15:27:59.544947, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x7a [2012/08/30 15:27:59.545089, 3] smbd/process.c:1662(process_smb) Transaction 274 of length 126 (0 toread) [2012/08/30 15:27:59.545208, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:59.545271, 5] lib/util.c:342(show_msg) size=122 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=292 smb_uid=100 smb_mid=22602 smt_wct=24 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 9216 (0x2400) smb_vwv[ 3]= 5632 (0x1600) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]=35072 (0x8900) smb_vwv[ 8]= 512 (0x200) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 256 (0x100) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 256 (0x100) smb_vwv[18]= 0 (0x0) smb_vwv[19]=16384 (0x4000) smb_vwv[20]= 0 (0x0) smb_vwv[21]= 512 (0x200) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 768 (0x300) smb_bcc=39 [2012/08/30 15:27:59.547620, 10] ../lib/util/util.c:415(dump_data) [0000] 00 5C 00 78 00 36 00 34 00 5C 00 33 00 5C 00 63 .\.x.6.4 .\.3.\.c [0010] 00 75 00 70 00 73 00 75 00 69 00 36 00 2E 00 64 .u.p.s.u .i.6...d [0020] 00 6C 00 6C 00 00 00 .l.l... [2012/08/30 15:27:59.547888, 3] smbd/process.c:1467(switch_message) switch message SMBntcreateX (pid 3054) conn 0x7fd50c011730 [2012/08/30 15:27:59.548015, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/08/30 15:27:59.548259, 10] smbd/nttrans.c:500(reply_ntcreate_and_X) reply_ntcreate_and_X: flags = 0x16, access_mask = 0x20089 file_attributes = 0x0, share_access = 0x1, create_disposition = 0x1 create_options = 0x40 root_dir_fid = 0x0, fname = x64/3/cupsui6.dll [2012/08/30 15:27:59.548384, 5] smbd/filename.c:257(unix_convert) unix_convert called on file "x64/3/cupsui6.dll" [2012/08/30 15:27:59.548506, 10] smbd/statcache.c:283(stat_cache_lookup) stat_cache_lookup: lookup succeeded for name [X64/3/CUPSUI6.DLL] -> [x64/3/cupsui6.dll] [2012/08/30 15:27:59.548635, 3] smbd/vfs.c:905(check_reduced_name) check_reduced_name [x64/3/cupsui6.dll] [/var/lib/samba/printers] [2012/08/30 15:27:59.548765, 10] smbd/vfs.c:969(check_reduced_name) check_reduced_name realpath [x64/3/cupsui6.dll] -> [/var/lib/samba/printers/x64/3/cupsui6.dll] [2012/08/30 15:27:59.548882, 3] smbd/vfs.c:1039(check_reduced_name) check_reduced_name: x64/3/cupsui6.dll reduced to /var/lib/samba/printers/x64/3/cupsui6.dll [2012/08/30 15:27:59.549001, 10] smbd/open.c:3607(create_file_default) create_file: access_mask = 0x20089 file_attributes = 0x0, share_access = 0x1, create_disposition = 0x1 create_options = 0x40 oplock_request = 0x3 private_flags = 0x0 root_dir_fid = 0x0, ea_list = 0x(nil), sd = 0x(nil), fname = x64/3/cupsui6.dll [2012/08/30 15:27:59.549123, 10] smbd/open.c:3127(create_file_unixpath) create_file_unixpath: access_mask = 0x20089 file_attributes = 0x0, share_access = 0x1, create_disposition = 0x1 create_options = 0x40 oplock_request = 0x3 private_flags = 0x0 ea_list = 0x(nil), sd = 0x(nil), fname = x64/3/cupsui6.dll [2012/08/30 15:27:59.549251, 5] smbd/files.c:140(file_new) allocated file structure 13687, fnum = 17783 (9 used) [2012/08/30 15:27:59.549373, 10] smbd/files.c:705(file_name_hash) file_name_hash: /var/lib/samba/printers/x64/3/cupsui6.dll hash 0x3ff5f0d4 [2012/08/30 15:27:59.549493, 3] smbd/dosmode.c:159(unix_mode) unix_mode(x64/3/cupsui6.dll) returning 0744 [2012/08/30 15:27:59.549621, 10] smbd/open.c:1605(open_file_ntcreate) open_file_ntcreate: fname=x64/3/cupsui6.dll, dos_attrs=0x0 access_mask=0x20089 share_access=0x1 create_disposition = 0x1 create_options=0x40 unix mode=0744 oplock_request=3 private_flags = 0x0 [2012/08/30 15:27:59.549777, 8] smbd/dosmode.c:621(dos_mode) dos_mode: x64/3/cupsui6.dll [2012/08/30 15:27:59.549896, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning a [2012/08/30 15:27:59.550015, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning a [2012/08/30 15:27:59.550134, 10] smbd/open.c:1778(open_file_ntcreate) open_file_ntcreate: fname=x64/3/cupsui6.dll, after mapping access_mask=0x20089 [2012/08/30 15:27:59.550259, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 0108000000000000AC3B [2012/08/30 15:27:59.550399, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fd50c057630 [2012/08/30 15:27:59.550523, 10] locking/brlock.c:1814(brl_get_locks_internal) brl_get_locks_internal: 0 current locks on file_id 801:23bac:0 [2012/08/30 15:27:59.550643, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 0108000000000000AC3B [2012/08/30 15:27:59.550795, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 0108000000000000AC3B [2012/08/30 15:27:59.550917, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fd50c057870 [2012/08/30 15:27:59.551036, 10] smbd/open.c:1163(grant_fsp_oplock_type) grant_fsp_oplock_type: oplock type 0x3 on file x64/3/cupsui6.dll [2012/08/30 15:27:59.551154, 4] smbd/open.c:2069(open_file_ntcreate) calling open_file with flags=0x0 flags2=0x0 mode=0744, access_mask = 0x20089, open_access_mask = 0x20089 [2012/08/30 15:27:59.551281, 10] smbd/open.c:189(fd_open) fd_open: name x64/3/cupsui6.dll, flags = 00 mode = 0744, fd = 43. [2012/08/30 15:27:59.551399, 2] smbd/open.c:704(open_file) administrator opened file x64/3/cupsui6.dll read=Yes write=No (numopen=8) [2012/08/30 15:27:59.551595, 3] smbd/oplock_linux.c:142(linux_set_kernel_oplock) linux_set_kernel_oplock: got kernel oplock on file x64/3/cupsui6.dll, file_id = 801:23bac:0 gen_id = 1302153929 [2012/08/30 15:27:59.551717, 5] smbd/oplock.c:92(set_file_oplock) set_file_oplock: granted oplock on file x64/3/cupsui6.dll, 801:23bac:0/1302153929, tv_sec = 503fbebf, tv_usec = 86181 [2012/08/30 15:27:59.551841, 10] locking/locking.c:801(unparse_share_modes) unparse_share_modes: owrt: Wed Aug 15 16:54:38 2012 EDT cwrt: Wed Dec 31 19:00:00 1969 EST, ntok: 0, num: 1 [2012/08/30 15:27:59.551979, 10] locking/locking.c:536(print_share_mode_table) print_share_mode_table: share_mode_entry[0]: pid = 3054, share_access = 0x1, private_options = 0x0, access_mask = 0x20089, mid = 0x584a, type= 0x3, gen_id = 1302153929, uid = 10000, flags = 0, file_id 801:23bac:0, name_hash = 0x3ff5f0d4 [2012/08/30 15:27:59.552101, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 0108000000000000AC3B [2012/08/30 15:27:59.552227, 10] smbd/open.c:3419(create_file_unixpath) create_file_unixpath: info=1 [2012/08/30 15:27:59.552345, 10] smbd/open.c:3695(create_file_default) create_file: info=1 [2012/08/30 15:27:59.552462, 8] smbd/dosmode.c:621(dos_mode) dos_mode: x64/3/cupsui6.dll [2012/08/30 15:27:59.552580, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning a [2012/08/30 15:27:59.552717, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning a [2012/08/30 15:27:59.552842, 10] locking/locking.c:663(parse_share_modes) parse_share_modes: owrt: Wed Aug 15 16:54:38 2012 EDT, cwrt: Wed Dec 31 19:00:00 1969 EST, ntok: 0, num_share_modes: 1 [2012/08/30 15:27:59.552977, 10] locking/locking.c:725(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 3054, share_access = 0x1, private_options = 0x0, access_mask = 0x20089, mid = 0x584a, type= 0x3, gen_id = 1302153929, uid = 10000, flags = 0, file_id 801:23bac:0, name_hash = 0x3ff5f0d4 [2012/08/30 15:27:59.553105, 10] smbd/file_access.c:204(can_access_file_data) can_access_file_data: requesting 0x2 on file x64/3/cupsui6.dll [2012/08/30 15:27:59.553230, 5] smbd/nttrans.c:725(reply_ntcreate_and_X) reply_ntcreate_and_X: fnum = 17783, open name = x64/3/cupsui6.dll [2012/08/30 15:27:59.553917, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 72 [2012/08/30 15:27:59.554091, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x48 [2012/08/30 15:27:59.554209, 3] smbd/process.c:1662(process_smb) Transaction 275 of length 76 (0 toread) [2012/08/30 15:27:59.554327, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:59.554388, 5] lib/util.c:342(show_msg) size=72 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=292 smb_uid=100 smb_mid=22666 smt_wct=15 smb_vwv[ 0]= 4 (0x4) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 2 (0x2) smb_vwv[ 3]= 8 (0x8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 4 (0x4) smb_vwv[10]= 68 (0x44) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 1 (0x1) smb_vwv[14]= 7 (0x7) smb_bcc=7 [2012/08/30 15:27:59.556061, 10] ../lib/util/util.c:415(dump_data) [0000] 00 00 00 77 45 EE 03 ...wE.. [2012/08/30 15:27:59.556193, 3] smbd/process.c:1467(switch_message) switch message SMBtrans2 (pid 3054) conn 0x7fd50c011730 [2012/08/30 15:27:59.556313, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/08/30 15:27:59.556436, 3] smbd/trans2.c:5026(call_trans2qfilepathinfo) call_trans2qfilepathinfo: TRANSACT2_QFILEINFO: level = 1006 [2012/08/30 15:27:59.556571, 10] locking/locking.c:663(parse_share_modes) parse_share_modes: owrt: Wed Aug 15 16:54:38 2012 EDT, cwrt: Wed Dec 31 19:00:00 1969 EST, ntok: 0, num_share_modes: 1 [2012/08/30 15:27:59.556709, 10] locking/locking.c:725(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 3054, share_access = 0x1, private_options = 0x0, access_mask = 0x20089, mid = 0x584a, type= 0x3, gen_id = 1302153929, uid = 10000, flags = 0, file_id 801:23bac:0, name_hash = 0x3ff5f0d4 [2012/08/30 15:27:59.556830, 10] locking/locking.c:1657(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0x3ff5f0d4 [2012/08/30 15:27:59.556950, 3] smbd/trans2.c:5255(call_trans2qfilepathinfo) call_trans2qfilepathinfo x64/3/cupsui6.dll (fnum = 17783) level=1006 call=7 total_data=0 [2012/08/30 15:27:59.557070, 5] smbd/trans2.c:4223(smbd_do_qfilepathinfo) smbd_do_qfilepathinfo: x64/3/cupsui6.dll (fnum = 17783) level=1006 max_data=8 [2012/08/30 15:27:59.557192, 8] smbd/dosmode.c:621(dos_mode) dos_mode: x64/3/cupsui6.dll [2012/08/30 15:27:59.557310, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning a [2012/08/30 15:27:59.557428, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning a [2012/08/30 15:27:59.557716, 10] smbd/trans2.c:4615(smbd_do_qfilepathinfo) smbd_do_qfilepathinfo: SMB_FILE_INTERNAL_INFORMATION [2012/08/30 15:27:59.557836, 9] smbd/trans2.c:935(send_trans2_replies) t2_rep: params_sent_thistime = 2, data_sent_thistime = 8, useable_space = 131010 [2012/08/30 15:27:59.557966, 9] smbd/trans2.c:937(send_trans2_replies) t2_rep: params_to_send = 2, data_to_send = 8, paramsize = 2, datasize = 8 [2012/08/30 15:27:59.558090, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:59.558151, 5] lib/util.c:342(show_msg) size=68 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=2 smb_pid=292 smb_uid=100 smb_mid=22666 smt_wct=10 smb_vwv[ 0]= 2 (0x2) smb_vwv[ 1]= 8 (0x8) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 2 (0x2) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 8 (0x8) smb_vwv[ 7]= 60 (0x3C) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=13 [2012/08/30 15:27:59.559552, 10] ../lib/util/util.c:415(dump_data) [0000] 00 00 00 00 00 AC 3B 02 00 00 00 00 00 ......;. ..... [2012/08/30 15:27:59.561418, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 59 [2012/08/30 15:27:59.561930, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x3b [2012/08/30 15:27:59.562054, 3] smbd/process.c:1662(process_smb) Transaction 276 of length 63 (0 toread) [2012/08/30 15:27:59.562173, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:59.562239, 5] lib/util.c:342(show_msg) size=59 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=59399 smb_tid=2 smb_pid=65279 smb_uid=100 smb_mid=22730 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]=17783 (0x4577) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 4096 (0x1000) smb_vwv[ 6]= 4096 (0x1000) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 4096 (0x1000) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=0 [2012/08/30 15:27:59.564315, 10] ../lib/util/util.c:415(dump_data) [2012/08/30 15:27:59.564386, 3] smbd/process.c:1467(switch_message) switch message SMBreadX (pid 3054) conn 0x7fd50c011730 [2012/08/30 15:27:59.564509, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/08/30 15:27:59.564635, 10] locking/locking.c:121(strict_lock_default) is_locked: optimisation - exclusive oplock on file x64/3/cupsui6.dll [2012/08/30 15:27:59.564754, 10] locking/locking.c:163(strict_lock_default) strict_lock_default: flavour = WINDOWS_LOCK brl start=0 len=4096 unlocked for fnum 17783 file x64/3/cupsui6.dll [2012/08/30 15:27:59.564899, 10] smbd/fileio.c:109(read_file) read_file (x64/3/cupsui6.dll): pos = 0, size = 4096, returned 4096 [2012/08/30 15:27:59.565025, 3] smbd/reply.c:3702(send_file_readX) send_file_readX fnum=17783 max=4096 nread=4096 [2012/08/30 15:27:59.571606, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 41 [2012/08/30 15:27:59.571801, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x29 [2012/08/30 15:27:59.571937, 3] smbd/process.c:1662(process_smb) Transaction 277 of length 45 (0 toread) [2012/08/30 15:27:59.572056, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:59.572117, 5] lib/util.c:342(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=65279 smb_uid=100 smb_mid=22794 smt_wct=3 smb_vwv[ 0]=17783 (0x4577) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2012/08/30 15:27:59.573106, 10] ../lib/util/util.c:415(dump_data) [2012/08/30 15:27:59.573178, 3] smbd/process.c:1467(switch_message) switch message SMBclose (pid 3054) conn 0x7fd50c011730 [2012/08/30 15:27:59.573298, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/08/30 15:27:59.573434, 3] smbd/reply.c:4848(reply_close) close fd=43 fnum=17783 (numopen=8) [2012/08/30 15:27:59.573951, 6] smbd/close.c:532(set_close_write_time) close_write_time: Sun Feb 7 01:28:15 2106 [2012/08/30 15:27:59.574090, 10] smbd/oplock_linux.c:154(linux_release_kernel_oplock) linux_release_kernel_oplock: file x64/3/cupsui6.dll, file_id = 801:23bac:0 gen_id = 1302153929 has kernel oplock state of 1. [2012/08/30 15:27:59.574249, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 0108000000000000AC3B [2012/08/30 15:27:59.574378, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fd50c059130 [2012/08/30 15:27:59.574496, 10] locking/locking.c:663(parse_share_modes) parse_share_modes: owrt: Wed Aug 15 16:54:38 2012 EDT, cwrt: Wed Dec 31 19:00:00 1969 EST, ntok: 0, num_share_modes: 1 [2012/08/30 15:27:59.574650, 10] locking/locking.c:725(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 3054, share_access = 0x1, private_options = 0x0, access_mask = 0x20089, mid = 0x584a, type= 0x3, gen_id = 1302153929, uid = 10000, flags = 0, file_id 801:23bac:0, name_hash = 0x3ff5f0d4 [2012/08/30 15:27:59.574772, 10] locking/locking.c:1657(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0x3ff5f0d4 [2012/08/30 15:27:59.574903, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 0108000000000000AC3B [2012/08/30 15:27:59.575050, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file x64/3/cupsui6.dll = 0 [2012/08/30 15:27:59.575169, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file x64/3/cupsui6.dll [2012/08/30 15:27:59.575295, 2] smbd/close.c:696(close_normal_file) administrator closed file x64/3/cupsui6.dll (numopen=7) NT_STATUS_OK [2012/08/30 15:27:59.575418, 5] smbd/files.c:482(file_free) freed files structure 17783 (8 used) [2012/08/30 15:27:59.575573, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:59.575646, 5] lib/util.c:342(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=2 smb_pid=65279 smb_uid=100 smb_mid=22794 smt_wct=0 smb_bcc=0 [2012/08/30 15:27:59.576456, 10] ../lib/util/util.c:415(dump_data) [2012/08/30 15:27:59.577318, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 122 [2012/08/30 15:27:59.577488, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x7a [2012/08/30 15:27:59.577610, 3] smbd/process.c:1662(process_smb) Transaction 278 of length 126 (0 toread) [2012/08/30 15:27:59.577753, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:59.577815, 5] lib/util.c:342(show_msg) size=122 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=292 smb_uid=100 smb_mid=22858 smt_wct=24 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 9216 (0x2400) smb_vwv[ 3]= 5632 (0x1600) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]=35072 (0x8900) smb_vwv[ 8]= 512 (0x200) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 768 (0x300) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 256 (0x100) smb_vwv[18]= 0 (0x0) smb_vwv[19]= 0 (0x0) smb_vwv[20]= 0 (0x0) smb_vwv[21]= 512 (0x200) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 768 (0x300) smb_bcc=39 [2012/08/30 15:27:59.580089, 10] ../lib/util/util.c:415(dump_data) [0000] FF 5C 00 78 00 36 00 34 00 5C 00 33 00 5C 00 63 .\.x.6.4 .\.3.\.c [0010] 00 75 00 70 00 73 00 75 00 69 00 36 00 2E 00 64 .u.p.s.u .i.6...d [0020] 00 6C 00 6C 00 00 00 .l.l... [2012/08/30 15:27:59.580366, 3] smbd/process.c:1467(switch_message) switch message SMBntcreateX (pid 3054) conn 0x7fd50c011730 [2012/08/30 15:27:59.580485, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/08/30 15:27:59.580609, 10] smbd/nttrans.c:500(reply_ntcreate_and_X) reply_ntcreate_and_X: flags = 0x16, access_mask = 0x20089 file_attributes = 0x0, share_access = 0x3, create_disposition = 0x1 create_options = 0x0 root_dir_fid = 0x0, fname = x64/3/cupsui6.dll [2012/08/30 15:27:59.580751, 5] smbd/filename.c:257(unix_convert) unix_convert called on file "x64/3/cupsui6.dll" [2012/08/30 15:27:59.580879, 10] smbd/statcache.c:283(stat_cache_lookup) stat_cache_lookup: lookup succeeded for name [X64/3/CUPSUI6.DLL] -> [x64/3/cupsui6.dll] [2012/08/30 15:27:59.581003, 3] smbd/vfs.c:905(check_reduced_name) check_reduced_name [x64/3/cupsui6.dll] [/var/lib/samba/printers] [2012/08/30 15:27:59.581152, 10] smbd/vfs.c:969(check_reduced_name) check_reduced_name realpath [x64/3/cupsui6.dll] -> [/var/lib/samba/printers/x64/3/cupsui6.dll] [2012/08/30 15:27:59.581269, 3] smbd/vfs.c:1039(check_reduced_name) check_reduced_name: x64/3/cupsui6.dll reduced to /var/lib/samba/printers/x64/3/cupsui6.dll [2012/08/30 15:27:59.581547, 10] smbd/open.c:3607(create_file_default) create_file: access_mask = 0x20089 file_attributes = 0x0, share_access = 0x3, create_disposition = 0x1 create_options = 0x0 oplock_request = 0x3 private_flags = 0x0 root_dir_fid = 0x0, ea_list = 0x(nil), sd = 0x(nil), fname = x64/3/cupsui6.dll [2012/08/30 15:27:59.581683, 10] smbd/open.c:3127(create_file_unixpath) create_file_unixpath: access_mask = 0x20089 file_attributes = 0x0, share_access = 0x3, create_disposition = 0x1 create_options = 0x0 oplock_request = 0x3 private_flags = 0x0 ea_list = 0x(nil), sd = 0x(nil), fname = x64/3/cupsui6.dll [2012/08/30 15:27:59.581808, 5] smbd/files.c:140(file_new) allocated file structure 13688, fnum = 17784 (9 used) [2012/08/30 15:27:59.581934, 10] smbd/files.c:705(file_name_hash) file_name_hash: /var/lib/samba/printers/x64/3/cupsui6.dll hash 0x3ff5f0d4 [2012/08/30 15:27:59.582057, 3] smbd/dosmode.c:159(unix_mode) unix_mode(x64/3/cupsui6.dll) returning 0744 [2012/08/30 15:27:59.582176, 10] smbd/open.c:1605(open_file_ntcreate) open_file_ntcreate: fname=x64/3/cupsui6.dll, dos_attrs=0x0 access_mask=0x20089 share_access=0x3 create_disposition = 0x1 create_options=0x0 unix mode=0744 oplock_request=3 private_flags = 0x0 [2012/08/30 15:27:59.582318, 8] smbd/dosmode.c:621(dos_mode) dos_mode: x64/3/cupsui6.dll [2012/08/30 15:27:59.582455, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning a [2012/08/30 15:27:59.582573, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning a [2012/08/30 15:27:59.582709, 10] smbd/open.c:1778(open_file_ntcreate) open_file_ntcreate: fname=x64/3/cupsui6.dll, after mapping access_mask=0x20089 [2012/08/30 15:27:59.582834, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 0108000000000000AC3B [2012/08/30 15:27:59.582978, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fd50c057630 [2012/08/30 15:27:59.583106, 10] locking/brlock.c:1814(brl_get_locks_internal) brl_get_locks_internal: 0 current locks on file_id 801:23bac:0 [2012/08/30 15:27:59.583248, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 0108000000000000AC3B [2012/08/30 15:27:59.583382, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 0108000000000000AC3B [2012/08/30 15:27:59.583557, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fd50c057870 [2012/08/30 15:27:59.583686, 10] smbd/open.c:1163(grant_fsp_oplock_type) grant_fsp_oplock_type: oplock type 0x3 on file x64/3/cupsui6.dll [2012/08/30 15:27:59.583805, 4] smbd/open.c:2069(open_file_ntcreate) calling open_file with flags=0x0 flags2=0x0 mode=0744, access_mask = 0x20089, open_access_mask = 0x20089 [2012/08/30 15:27:59.583964, 10] smbd/open.c:189(fd_open) fd_open: name x64/3/cupsui6.dll, flags = 00 mode = 0744, fd = 43. [2012/08/30 15:27:59.584083, 2] smbd/open.c:704(open_file) administrator opened file x64/3/cupsui6.dll read=Yes write=No (numopen=8) [2012/08/30 15:27:59.584208, 3] smbd/oplock_linux.c:142(linux_set_kernel_oplock) linux_set_kernel_oplock: got kernel oplock on file x64/3/cupsui6.dll, file_id = 801:23bac:0 gen_id = 1302153930 [2012/08/30 15:27:59.584330, 5] smbd/oplock.c:92(set_file_oplock) set_file_oplock: granted oplock on file x64/3/cupsui6.dll, 801:23bac:0/1302153930, tv_sec = 503fbebf, tv_usec = 8e0af [2012/08/30 15:27:59.584453, 10] locking/locking.c:801(unparse_share_modes) unparse_share_modes: owrt: Wed Aug 15 16:54:38 2012 EDT cwrt: Wed Dec 31 19:00:00 1969 EST, ntok: 0, num: 1 [2012/08/30 15:27:59.584604, 10] locking/locking.c:536(print_share_mode_table) print_share_mode_table: share_mode_entry[0]: pid = 3054, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0x594a, type= 0x3, gen_id = 1302153930, uid = 10000, flags = 0, file_id 801:23bac:0, name_hash = 0x3ff5f0d4 [2012/08/30 15:27:59.584727, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 0108000000000000AC3B [2012/08/30 15:27:59.584852, 10] smbd/open.c:3419(create_file_unixpath) create_file_unixpath: info=1 [2012/08/30 15:27:59.584972, 10] smbd/open.c:3695(create_file_default) create_file: info=1 [2012/08/30 15:27:59.585090, 8] smbd/dosmode.c:621(dos_mode) dos_mode: x64/3/cupsui6.dll [2012/08/30 15:27:59.585208, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning a [2012/08/30 15:27:59.585347, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning a [2012/08/30 15:27:59.585543, 10] locking/locking.c:663(parse_share_modes) parse_share_modes: owrt: Wed Aug 15 16:54:38 2012 EDT, cwrt: Wed Dec 31 19:00:00 1969 EST, ntok: 0, num_share_modes: 1 [2012/08/30 15:27:59.585679, 10] locking/locking.c:725(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 3054, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0x594a, type= 0x3, gen_id = 1302153930, uid = 10000, flags = 0, file_id 801:23bac:0, name_hash = 0x3ff5f0d4 [2012/08/30 15:27:59.585823, 10] smbd/file_access.c:204(can_access_file_data) can_access_file_data: requesting 0x2 on file x64/3/cupsui6.dll [2012/08/30 15:27:59.585944, 5] smbd/nttrans.c:725(reply_ntcreate_and_X) reply_ntcreate_and_X: fnum = 17784, open name = x64/3/cupsui6.dll [2012/08/30 15:27:59.586828, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 41 [2012/08/30 15:27:59.586991, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x29 [2012/08/30 15:27:59.587110, 3] smbd/process.c:1662(process_smb) Transaction 279 of length 45 (0 toread) [2012/08/30 15:27:59.587228, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:59.587292, 5] lib/util.c:342(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=65279 smb_uid=100 smb_mid=22922 smt_wct=3 smb_vwv[ 0]=17784 (0x4578) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2012/08/30 15:27:59.588359, 10] ../lib/util/util.c:415(dump_data) [2012/08/30 15:27:59.588463, 3] smbd/process.c:1467(switch_message) switch message SMBclose (pid 3054) conn 0x7fd50c011730 [2012/08/30 15:27:59.588601, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/08/30 15:27:59.588721, 3] smbd/reply.c:4848(reply_close) close fd=43 fnum=17784 (numopen=8) [2012/08/30 15:27:59.588843, 6] smbd/close.c:532(set_close_write_time) close_write_time: Sun Feb 7 01:28:15 2106 [2012/08/30 15:27:59.588995, 10] smbd/oplock_linux.c:154(linux_release_kernel_oplock) linux_release_kernel_oplock: file x64/3/cupsui6.dll, file_id = 801:23bac:0 gen_id = 1302153930 has kernel oplock state of 1. [2012/08/30 15:27:59.589152, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 0108000000000000AC3B [2012/08/30 15:27:59.589282, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fd50c059130 [2012/08/30 15:27:59.589423, 10] locking/locking.c:663(parse_share_modes) parse_share_modes: owrt: Wed Aug 15 16:54:38 2012 EDT, cwrt: Wed Dec 31 19:00:00 1969 EST, ntok: 0, num_share_modes: 1 [2012/08/30 15:27:59.589562, 10] locking/locking.c:725(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 3054, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0x594a, type= 0x3, gen_id = 1302153930, uid = 10000, flags = 0, file_id 801:23bac:0, name_hash = 0x3ff5f0d4 [2012/08/30 15:27:59.589684, 10] locking/locking.c:1657(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0x3ff5f0d4 [2012/08/30 15:27:59.589804, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 0108000000000000AC3B [2012/08/30 15:27:59.589945, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file x64/3/cupsui6.dll = 0 [2012/08/30 15:27:59.590071, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file x64/3/cupsui6.dll [2012/08/30 15:27:59.590196, 2] smbd/close.c:696(close_normal_file) administrator closed file x64/3/cupsui6.dll (numopen=7) NT_STATUS_OK [2012/08/30 15:27:59.590321, 5] smbd/files.c:482(file_free) freed files structure 17784 (8 used) [2012/08/30 15:27:59.590442, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:59.590504, 5] lib/util.c:342(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=2 smb_pid=65279 smb_uid=100 smb_mid=22922 smt_wct=0 smb_bcc=0 [2012/08/30 15:27:59.591308, 10] ../lib/util/util.c:415(dump_data) [2012/08/30 15:27:59.592111, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 122 [2012/08/30 15:27:59.592269, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x7a [2012/08/30 15:27:59.592390, 3] smbd/process.c:1662(process_smb) Transaction 280 of length 126 (0 toread) [2012/08/30 15:27:59.592510, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:59.592576, 5] lib/util.c:342(show_msg) size=122 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=292 smb_uid=100 smb_mid=22986 smt_wct=24 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 9216 (0x2400) smb_vwv[ 3]= 5632 (0x1600) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]=35072 (0x8900) smb_vwv[ 8]= 512 (0x200) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 1280 (0x500) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 256 (0x100) smb_vwv[18]= 0 (0x0) smb_vwv[19]= 1024 (0x400) smb_vwv[20]= 8192 (0x2000) smb_vwv[21]= 512 (0x200) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 768 (0x300) smb_bcc=39 [2012/08/30 15:27:59.594944, 10] ../lib/util/util.c:415(dump_data) [0000] FF 5C 00 78 00 36 00 34 00 5C 00 33 00 5C 00 63 .\.x.6.4 .\.3.\.c [0010] 00 75 00 70 00 73 00 75 00 69 00 36 00 2E 00 64 .u.p.s.u .i.6...d [0020] 00 6C 00 6C 00 00 00 .l.l... [2012/08/30 15:27:59.595219, 3] smbd/process.c:1467(switch_message) switch message SMBntcreateX (pid 3054) conn 0x7fd50c011730 [2012/08/30 15:27:59.595341, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/08/30 15:27:59.595465, 10] smbd/nttrans.c:500(reply_ntcreate_and_X) reply_ntcreate_and_X: flags = 0x16, access_mask = 0x20089 file_attributes = 0x0, share_access = 0x5, create_disposition = 0x1 create_options = 0x200004 root_dir_fid = 0x0, fname = x64/3/cupsui6.dll [2012/08/30 15:27:59.595638, 5] smbd/filename.c:257(unix_convert) unix_convert called on file "x64/3/cupsui6.dll" [2012/08/30 15:27:59.595761, 10] smbd/statcache.c:283(stat_cache_lookup) stat_cache_lookup: lookup succeeded for name [X64/3/CUPSUI6.DLL] -> [x64/3/cupsui6.dll] [2012/08/30 15:27:59.595885, 3] smbd/vfs.c:905(check_reduced_name) check_reduced_name [x64/3/cupsui6.dll] [/var/lib/samba/printers] [2012/08/30 15:27:59.596031, 10] smbd/vfs.c:969(check_reduced_name) check_reduced_name realpath [x64/3/cupsui6.dll] -> [/var/lib/samba/printers/x64/3/cupsui6.dll] [2012/08/30 15:27:59.596149, 3] smbd/vfs.c:1039(check_reduced_name) check_reduced_name: x64/3/cupsui6.dll reduced to /var/lib/samba/printers/x64/3/cupsui6.dll [2012/08/30 15:27:59.596266, 10] smbd/open.c:3607(create_file_default) create_file: access_mask = 0x20089 file_attributes = 0x0, share_access = 0x5, create_disposition = 0x1 create_options = 0x200004 oplock_request = 0x3 private_flags = 0x0 root_dir_fid = 0x0, ea_list = 0x(nil), sd = 0x(nil), fname = x64/3/cupsui6.dll [2012/08/30 15:27:59.596391, 10] smbd/open.c:3127(create_file_unixpath) create_file_unixpath: access_mask = 0x20089 file_attributes = 0x0, share_access = 0x5, create_disposition = 0x1 create_options = 0x200004 oplock_request = 0x3 private_flags = 0x0 ea_list = 0x(nil), sd = 0x(nil), fname = x64/3/cupsui6.dll [2012/08/30 15:27:59.596515, 5] smbd/files.c:140(file_new) allocated file structure 13689, fnum = 17785 (9 used) [2012/08/30 15:27:59.596637, 10] smbd/files.c:705(file_name_hash) file_name_hash: /var/lib/samba/printers/x64/3/cupsui6.dll hash 0x3ff5f0d4 [2012/08/30 15:27:59.596756, 3] smbd/dosmode.c:159(unix_mode) unix_mode(x64/3/cupsui6.dll) returning 0744 [2012/08/30 15:27:59.596877, 10] smbd/open.c:1605(open_file_ntcreate) open_file_ntcreate: fname=x64/3/cupsui6.dll, dos_attrs=0x0 access_mask=0x20089 share_access=0x5 create_disposition = 0x1 create_options=0x200004 unix mode=0744 oplock_request=3 private_flags = 0x0 [2012/08/30 15:27:59.596998, 8] smbd/dosmode.c:621(dos_mode) dos_mode: x64/3/cupsui6.dll [2012/08/30 15:27:59.597125, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning a [2012/08/30 15:27:59.597279, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning a [2012/08/30 15:27:59.597399, 10] smbd/open.c:1778(open_file_ntcreate) open_file_ntcreate: fname=x64/3/cupsui6.dll, after mapping access_mask=0x20089 [2012/08/30 15:27:59.597524, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 0108000000000000AC3B [2012/08/30 15:27:59.597654, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fd50c057630 [2012/08/30 15:27:59.597770, 10] locking/brlock.c:1814(brl_get_locks_internal) brl_get_locks_internal: 0 current locks on file_id 801:23bac:0 [2012/08/30 15:27:59.597890, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 0108000000000000AC3B [2012/08/30 15:27:59.598024, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 0108000000000000AC3B [2012/08/30 15:27:59.598145, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fd50c057870 [2012/08/30 15:27:59.598262, 10] smbd/open.c:1163(grant_fsp_oplock_type) grant_fsp_oplock_type: oplock type 0x3 on file x64/3/cupsui6.dll [2012/08/30 15:27:59.598383, 4] smbd/open.c:2069(open_file_ntcreate) calling open_file with flags=0x0 flags2=0x0 mode=0744, access_mask = 0x20089, open_access_mask = 0x20089 [2012/08/30 15:27:59.598510, 10] smbd/open.c:189(fd_open) fd_open: name x64/3/cupsui6.dll, flags = 00 mode = 0744, fd = 43. [2012/08/30 15:27:59.598628, 2] smbd/open.c:704(open_file) administrator opened file x64/3/cupsui6.dll read=Yes write=No (numopen=8) [2012/08/30 15:27:59.598754, 3] smbd/oplock_linux.c:142(linux_set_kernel_oplock) linux_set_kernel_oplock: got kernel oplock on file x64/3/cupsui6.dll, file_id = 801:23bac:0 gen_id = 1302153931 [2012/08/30 15:27:59.598875, 5] smbd/oplock.c:92(set_file_oplock) set_file_oplock: granted oplock on file x64/3/cupsui6.dll, 801:23bac:0/1302153931, tv_sec = 503fbebf, tv_usec = 91a21 [2012/08/30 15:27:59.598998, 10] locking/locking.c:801(unparse_share_modes) unparse_share_modes: owrt: Wed Aug 15 16:54:38 2012 EDT cwrt: Wed Dec 31 19:00:00 1969 EST, ntok: 0, num: 1 [2012/08/30 15:27:59.599152, 10] locking/locking.c:536(print_share_mode_table) print_share_mode_table: share_mode_entry[0]: pid = 3054, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0x59ca, type= 0x3, gen_id = 1302153931, uid = 10000, flags = 0, file_id 801:23bac:0, name_hash = 0x3ff5f0d4 [2012/08/30 15:27:59.599274, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 0108000000000000AC3B [2012/08/30 15:27:59.599399, 10] smbd/open.c:3419(create_file_unixpath) create_file_unixpath: info=1 [2012/08/30 15:27:59.599554, 10] smbd/open.c:3695(create_file_default) create_file: info=1 [2012/08/30 15:27:59.599682, 8] smbd/dosmode.c:621(dos_mode) dos_mode: x64/3/cupsui6.dll [2012/08/30 15:27:59.599802, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning a [2012/08/30 15:27:59.599919, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning a [2012/08/30 15:27:59.600042, 10] locking/locking.c:663(parse_share_modes) parse_share_modes: owrt: Wed Aug 15 16:54:38 2012 EDT, cwrt: Wed Dec 31 19:00:00 1969 EST, ntok: 0, num_share_modes: 1 [2012/08/30 15:27:59.600193, 10] locking/locking.c:725(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 3054, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0x59ca, type= 0x3, gen_id = 1302153931, uid = 10000, flags = 0, file_id 801:23bac:0, name_hash = 0x3ff5f0d4 [2012/08/30 15:27:59.600319, 10] smbd/file_access.c:204(can_access_file_data) can_access_file_data: requesting 0x2 on file x64/3/cupsui6.dll [2012/08/30 15:27:59.600437, 5] smbd/nttrans.c:725(reply_ntcreate_and_X) reply_ntcreate_and_X: fnum = 17785, open name = x64/3/cupsui6.dll [2012/08/30 15:27:59.601437, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 86 [2012/08/30 15:27:59.601582, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x56 [2012/08/30 15:27:59.601721, 3] smbd/process.c:1662(process_smb) Transaction 281 of length 90 (0 toread) [2012/08/30 15:27:59.601845, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:59.601907, 5] lib/util.c:342(show_msg) size=86 smb_com=0xa0 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=292 smb_uid=100 smb_mid=23050 smt_wct=23 smb_vwv[ 0]= 4 (0x4) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 512 (0x200) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]=21504 (0x5400) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 512 (0x200) smb_vwv[14]= 0 (0x0) smb_vwv[15]=21504 (0x5400) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 1024 (0x400) smb_vwv[18]= 2 (0x2) smb_vwv[19]= 452 (0x1C4) smb_vwv[20]= 20 (0x14) smb_vwv[21]=17785 (0x4579) smb_vwv[22]= 1 (0x1) smb_bcc=5 [2012/08/30 15:27:59.604079, 10] ../lib/util/util.c:415(dump_data) [0000] 00 00 00 07 16 ..... [2012/08/30 15:27:59.604210, 3] smbd/process.c:1467(switch_message) switch message SMBnttrans (pid 3054) conn 0x7fd50c011730 [2012/08/30 15:27:59.604329, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/08/30 15:27:59.604469, 10] smbd/nttrans.c:3108(reply_nttrans) num_setup=8, param_total=0, this_param=0, max_param=0, data_total=2, this_data=2, max_data=0, param_offset=84, data_offset=84 [2012/08/30 15:27:59.604590, 10] smbd/nttrans.c:3180(reply_nttrans) reply_nttrans: state->setup_count = 8 [2012/08/30 15:27:59.604708, 10] ../lib/util/util.c:415(dump_data) [0000] C4 01 14 00 79 45 01 00 ....yE.. [2012/08/30 15:27:59.604852, 10] smbd/nttrans.c:2481(call_nt_transact_ioctl) call_nt_transact_ioctl: function[0x001401C4] FID[0x4579] isFSctl[0x01] compfilter[0x00] [2012/08/30 15:27:59.605126, 3] smbd/error.c:81(error_packet_set) error packet at smbd/nttrans.c(2514) cmd=160 (SMBnttrans) NT_STATUS_NOT_SUPPORTED [2012/08/30 15:27:59.605248, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:59.605314, 5] lib/util.c:342(show_msg) size=35 smb_com=0xa0 smb_rcls=187 smb_reh=0 smb_err=49152 smb_flg=136 smb_flg2=51203 smb_tid=2 smb_pid=292 smb_uid=100 smb_mid=23050 smt_wct=0 smb_bcc=0 [2012/08/30 15:27:59.606114, 10] ../lib/util/util.c:415(dump_data) [2012/08/30 15:27:59.611046, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 72 [2012/08/30 15:27:59.611249, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x48 [2012/08/30 15:27:59.611369, 3] smbd/process.c:1662(process_smb) Transaction 282 of length 76 (0 toread) [2012/08/30 15:27:59.612331, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:59.612403, 5] lib/util.c:342(show_msg) size=72 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=292 smb_uid=100 smb_mid=23114 smt_wct=15 smb_vwv[ 0]= 4 (0x4) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 2 (0x2) smb_vwv[ 3]= 24 (0x18) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 4 (0x4) smb_vwv[10]= 68 (0x44) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 1 (0x1) smb_vwv[14]= 7 (0x7) smb_bcc=7 [2012/08/30 15:27:59.614028, 10] ../lib/util/util.c:415(dump_data) [0000] 00 00 00 79 45 ED 03 ...yE.. [2012/08/30 15:27:59.614176, 3] smbd/process.c:1467(switch_message) switch message SMBtrans2 (pid 3054) conn 0x7fd50c011730 [2012/08/30 15:27:59.614295, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/08/30 15:27:59.614418, 3] smbd/trans2.c:5026(call_trans2qfilepathinfo) call_trans2qfilepathinfo: TRANSACT2_QFILEINFO: level = 1005 [2012/08/30 15:27:59.614576, 10] locking/locking.c:663(parse_share_modes) parse_share_modes: owrt: Wed Aug 15 16:54:38 2012 EDT, cwrt: Wed Dec 31 19:00:00 1969 EST, ntok: 0, num_share_modes: 1 [2012/08/30 15:27:59.614717, 10] locking/locking.c:725(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 3054, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0x59ca, type= 0x3, gen_id = 1302153931, uid = 10000, flags = 0, file_id 801:23bac:0, name_hash = 0x3ff5f0d4 [2012/08/30 15:27:59.614839, 10] locking/locking.c:1657(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0x3ff5f0d4 [2012/08/30 15:27:59.614975, 3] smbd/trans2.c:5255(call_trans2qfilepathinfo) call_trans2qfilepathinfo x64/3/cupsui6.dll (fnum = 17785) level=1005 call=7 total_data=0 [2012/08/30 15:27:59.615095, 5] smbd/trans2.c:4223(smbd_do_qfilepathinfo) smbd_do_qfilepathinfo: x64/3/cupsui6.dll (fnum = 17785) level=1005 max_data=24 [2012/08/30 15:27:59.615213, 8] smbd/dosmode.c:621(dos_mode) dos_mode: x64/3/cupsui6.dll [2012/08/30 15:27:59.615349, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning a [2012/08/30 15:27:59.615467, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning a [2012/08/30 15:27:59.615629, 10] smbd/trans2.c:4473(smbd_do_qfilepathinfo) smbd_do_qfilepathinfo: SMB_FILE_STANDARD_INFORMATION [2012/08/30 15:27:59.615749, 9] smbd/trans2.c:935(send_trans2_replies) t2_rep: params_sent_thistime = 2, data_sent_thistime = 24, useable_space = 131010 [2012/08/30 15:27:59.615868, 9] smbd/trans2.c:937(send_trans2_replies) t2_rep: params_to_send = 2, data_to_send = 24, paramsize = 2, datasize = 24 [2012/08/30 15:27:59.615988, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:59.616049, 5] lib/util.c:342(show_msg) size=84 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=2 smb_pid=292 smb_uid=100 smb_mid=23114 smt_wct=10 smb_vwv[ 0]= 2 (0x2) smb_vwv[ 1]= 24 (0x18) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 2 (0x2) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 24 (0x18) smb_vwv[ 7]= 60 (0x3C) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=29 [2012/08/30 15:27:59.617393, 10] ../lib/util/util.c:415(dump_data) [0000] 00 00 00 00 00 00 00 10 00 00 00 00 00 00 4C 00 ........ ......L. [0010] 00 00 00 00 00 01 00 00 00 00 00 00 00 ........ ..... [2012/08/30 15:27:59.618542, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 72 [2012/08/30 15:27:59.618684, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x48 [2012/08/30 15:27:59.618806, 3] smbd/process.c:1662(process_smb) Transaction 283 of length 76 (0 toread) [2012/08/30 15:27:59.618925, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:59.618986, 5] lib/util.c:342(show_msg) size=72 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=292 smb_uid=100 smb_mid=23178 smt_wct=15 smb_vwv[ 0]= 4 (0x4) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 2 (0x2) smb_vwv[ 3]= 40 (0x28) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 4 (0x4) smb_vwv[10]= 68 (0x44) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 1 (0x1) smb_vwv[14]= 7 (0x7) smb_bcc=7 [2012/08/30 15:27:59.620654, 10] ../lib/util/util.c:415(dump_data) [0000] 00 00 00 79 45 EC 03 ...yE.. [2012/08/30 15:27:59.620789, 3] smbd/process.c:1467(switch_message) switch message SMBtrans2 (pid 3054) conn 0x7fd50c011730 [2012/08/30 15:27:59.620907, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/08/30 15:27:59.621030, 3] smbd/trans2.c:5026(call_trans2qfilepathinfo) call_trans2qfilepathinfo: TRANSACT2_QFILEINFO: level = 1004 [2012/08/30 15:27:59.621160, 10] locking/locking.c:663(parse_share_modes) parse_share_modes: owrt: Wed Aug 15 16:54:38 2012 EDT, cwrt: Wed Dec 31 19:00:00 1969 EST, ntok: 0, num_share_modes: 1 [2012/08/30 15:27:59.621304, 10] locking/locking.c:725(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 3054, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0x59ca, type= 0x3, gen_id = 1302153931, uid = 10000, flags = 0, file_id 801:23bac:0, name_hash = 0x3ff5f0d4 [2012/08/30 15:27:59.621428, 10] locking/locking.c:1657(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0x3ff5f0d4 [2012/08/30 15:27:59.621546, 3] smbd/trans2.c:5255(call_trans2qfilepathinfo) call_trans2qfilepathinfo x64/3/cupsui6.dll (fnum = 17785) level=1004 call=7 total_data=0 [2012/08/30 15:27:59.621665, 5] smbd/trans2.c:4223(smbd_do_qfilepathinfo) smbd_do_qfilepathinfo: x64/3/cupsui6.dll (fnum = 17785) level=1004 max_data=40 [2012/08/30 15:27:59.621823, 8] smbd/dosmode.c:621(dos_mode) dos_mode: x64/3/cupsui6.dll [2012/08/30 15:27:59.621941, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning a [2012/08/30 15:27:59.622059, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning a [2012/08/30 15:27:59.622197, 10] smbd/trans2.c:4452(smbd_do_qfilepathinfo) smbd_do_qfilepathinfo: SMB_FILE_BASIC_INFORMATION [2012/08/30 15:27:59.622315, 5] smbd/trans2.c:4462(smbd_do_qfilepathinfo) SMB_QFBI - create: Wed Aug 15 16:54:38 2012 access: Thu Aug 30 15:15:20 2012 write: Wed Aug 15 16:54:38 2012 change: Wed Aug 15 16:54:38 2012 mode: 20 [2012/08/30 15:27:59.622679, 9] smbd/trans2.c:935(send_trans2_replies) t2_rep: params_sent_thistime = 2, data_sent_thistime = 40, useable_space = 131010 [2012/08/30 15:27:59.623029, 9] smbd/trans2.c:937(send_trans2_replies) t2_rep: params_to_send = 2, data_to_send = 40, paramsize = 2, datasize = 40 [2012/08/30 15:27:59.623156, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:59.623221, 5] lib/util.c:342(show_msg) size=100 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=2 smb_pid=292 smb_uid=100 smb_mid=23178 smt_wct=10 smb_vwv[ 0]= 2 (0x2) smb_vwv[ 1]= 40 (0x28) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 2 (0x2) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 40 (0x28) smb_vwv[ 7]= 60 (0x3C) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=45 [2012/08/30 15:27:59.624667, 10] ../lib/util/util.c:415(dump_data) [0000] 00 00 00 00 00 1B FE D3 2E 28 7B CD 01 68 FE 25 ........ .({..h.% [0010] CC E3 86 CD 01 1B FE D3 2E 28 7B CD 01 1B FE D3 ........ .({..... [0020] 2E 28 7B CD 01 20 00 00 00 00 00 00 00 .({.. .. ..... [2012/08/30 15:27:59.625833, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 72 [2012/08/30 15:27:59.626035, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x48 [2012/08/30 15:27:59.626160, 3] smbd/process.c:1662(process_smb) Transaction 284 of length 76 (0 toread) [2012/08/30 15:27:59.626357, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:59.626448, 5] lib/util.c:342(show_msg) size=72 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=292 smb_uid=100 smb_mid=23242 smt_wct=15 smb_vwv[ 0]= 4 (0x4) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 2 (0x2) smb_vwv[ 3]= 4094 (0xFFE) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 4 (0x4) smb_vwv[10]= 68 (0x44) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 1 (0x1) smb_vwv[14]= 7 (0x7) smb_bcc=7 [2012/08/30 15:27:59.628268, 10] ../lib/util/util.c:415(dump_data) [0000] 00 00 00 79 45 FE 03 ...yE.. [2012/08/30 15:27:59.628423, 3] smbd/process.c:1467(switch_message) switch message SMBtrans2 (pid 3054) conn 0x7fd50c011730 [2012/08/30 15:27:59.628543, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/08/30 15:27:59.628684, 3] smbd/trans2.c:5026(call_trans2qfilepathinfo) call_trans2qfilepathinfo: TRANSACT2_QFILEINFO: level = 1022 [2012/08/30 15:27:59.629254, 10] locking/locking.c:663(parse_share_modes) parse_share_modes: owrt: Wed Aug 15 16:54:38 2012 EDT, cwrt: Wed Dec 31 19:00:00 1969 EST, ntok: 0, num_share_modes: 1 [2012/08/30 15:27:59.629440, 10] locking/locking.c:725(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 3054, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0x59ca, type= 0x3, gen_id = 1302153931, uid = 10000, flags = 0, file_id 801:23bac:0, name_hash = 0x3ff5f0d4 [2012/08/30 15:27:59.629722, 10] locking/locking.c:1657(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0x3ff5f0d4 [2012/08/30 15:27:59.629860, 3] smbd/trans2.c:5255(call_trans2qfilepathinfo) call_trans2qfilepathinfo x64/3/cupsui6.dll (fnum = 17785) level=1022 call=7 total_data=0 [2012/08/30 15:27:59.629985, 5] smbd/trans2.c:4223(smbd_do_qfilepathinfo) smbd_do_qfilepathinfo: x64/3/cupsui6.dll (fnum = 17785) level=1022 max_data=4094 [2012/08/30 15:27:59.630137, 8] smbd/dosmode.c:621(dos_mode) dos_mode: x64/3/cupsui6.dll [2012/08/30 15:27:59.630256, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning a [2012/08/30 15:27:59.630392, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning a [2012/08/30 15:27:59.630544, 10] smbd/trans2.c:4675(smbd_do_qfilepathinfo) smbd_do_qfilepathinfo: SMB_FILE_STREAM_INFORMATION [2012/08/30 15:27:59.630696, 9] smbd/trans2.c:935(send_trans2_replies) t2_rep: params_sent_thistime = 2, data_sent_thistime = 38, useable_space = 131010 [2012/08/30 15:27:59.630817, 9] smbd/trans2.c:937(send_trans2_replies) t2_rep: params_to_send = 2, data_to_send = 38, paramsize = 2, datasize = 38 [2012/08/30 15:27:59.630946, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:59.631013, 5] lib/util.c:342(show_msg) size=98 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=2 smb_pid=292 smb_uid=100 smb_mid=23242 smt_wct=10 smb_vwv[ 0]= 2 (0x2) smb_vwv[ 1]= 38 (0x26) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 2 (0x2) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 38 (0x26) smb_vwv[ 7]= 60 (0x3C) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=43 [2012/08/30 15:27:59.632555, 10] ../lib/util/util.c:415(dump_data) [0000] 00 00 00 00 00 00 00 00 00 0E 00 00 00 00 4C 00 ........ ......L. [0010] 00 00 00 00 00 00 00 10 00 00 00 00 00 3A 00 3A ........ .....:.: [0020] 00 24 00 44 00 41 00 54 00 41 00 .$.D.A.T .A. [2012/08/30 15:27:59.633504, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 72 [2012/08/30 15:27:59.634155, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x48 [2012/08/30 15:27:59.634284, 3] smbd/process.c:1662(process_smb) Transaction 285 of length 76 (0 toread) [2012/08/30 15:27:59.634402, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:59.634481, 5] lib/util.c:342(show_msg) size=72 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=292 smb_uid=100 smb_mid=23306 smt_wct=15 smb_vwv[ 0]= 4 (0x4) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 2 (0x2) smb_vwv[ 3]= 40 (0x28) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 4 (0x4) smb_vwv[10]= 68 (0x44) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 1 (0x1) smb_vwv[14]= 7 (0x7) smb_bcc=7 [2012/08/30 15:27:59.636590, 10] ../lib/util/util.c:415(dump_data) [0000] 00 00 00 79 45 EC 03 ...yE.. [2012/08/30 15:27:59.636728, 3] smbd/process.c:1467(switch_message) switch message SMBtrans2 (pid 3054) conn 0x7fd50c011730 [2012/08/30 15:27:59.636864, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/08/30 15:27:59.636985, 3] smbd/trans2.c:5026(call_trans2qfilepathinfo) call_trans2qfilepathinfo: TRANSACT2_QFILEINFO: level = 1004 [2012/08/30 15:27:59.637136, 10] locking/locking.c:663(parse_share_modes) parse_share_modes: owrt: Wed Aug 15 16:54:38 2012 EDT, cwrt: Wed Dec 31 19:00:00 1969 EST, ntok: 0, num_share_modes: 1 [2012/08/30 15:27:59.637285, 10] locking/locking.c:725(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 3054, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0x59ca, type= 0x3, gen_id = 1302153931, uid = 10000, flags = 0, file_id 801:23bac:0, name_hash = 0x3ff5f0d4 [2012/08/30 15:27:59.637406, 10] locking/locking.c:1657(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0x3ff5f0d4 [2012/08/30 15:27:59.637538, 3] smbd/trans2.c:5255(call_trans2qfilepathinfo) call_trans2qfilepathinfo x64/3/cupsui6.dll (fnum = 17785) level=1004 call=7 total_data=0 [2012/08/30 15:27:59.637658, 5] smbd/trans2.c:4223(smbd_do_qfilepathinfo) smbd_do_qfilepathinfo: x64/3/cupsui6.dll (fnum = 17785) level=1004 max_data=40 [2012/08/30 15:27:59.637838, 8] smbd/dosmode.c:621(dos_mode) dos_mode: x64/3/cupsui6.dll [2012/08/30 15:27:59.637981, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning a [2012/08/30 15:27:59.638099, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning a [2012/08/30 15:27:59.638255, 10] smbd/trans2.c:4452(smbd_do_qfilepathinfo) smbd_do_qfilepathinfo: SMB_FILE_BASIC_INFORMATION [2012/08/30 15:27:59.638379, 5] smbd/trans2.c:4462(smbd_do_qfilepathinfo) SMB_QFBI - create: Wed Aug 15 16:54:38 2012 access: Thu Aug 30 15:15:20 2012 write: Wed Aug 15 16:54:38 2012 change: Wed Aug 15 16:54:38 2012 mode: 20 [2012/08/30 15:27:59.638742, 9] smbd/trans2.c:935(send_trans2_replies) t2_rep: params_sent_thistime = 2, data_sent_thistime = 40, useable_space = 131010 [2012/08/30 15:27:59.638890, 9] smbd/trans2.c:937(send_trans2_replies) t2_rep: params_to_send = 2, data_to_send = 40, paramsize = 2, datasize = 40 [2012/08/30 15:27:59.639142, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:59.639206, 5] lib/util.c:342(show_msg) size=100 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=2 smb_pid=292 smb_uid=100 smb_mid=23306 smt_wct=10 smb_vwv[ 0]= 2 (0x2) smb_vwv[ 1]= 40 (0x28) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 2 (0x2) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 40 (0x28) smb_vwv[ 7]= 60 (0x3C) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=45 [2012/08/30 15:27:59.640672, 10] ../lib/util/util.c:415(dump_data) [0000] 00 00 00 00 00 1B FE D3 2E 28 7B CD 01 68 FE 25 ........ .({..h.% [0010] CC E3 86 CD 01 1B FE D3 2E 28 7B CD 01 1B FE D3 ........ .({..... [0020] 2E 28 7B CD 01 20 00 00 00 00 00 00 00 .({.. .. ..... [2012/08/30 15:27:59.642117, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 70 [2012/08/30 15:27:59.642276, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x46 [2012/08/30 15:27:59.642413, 3] smbd/process.c:1662(process_smb) Transaction 286 of length 74 (0 toread) [2012/08/30 15:27:59.642534, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:59.642596, 5] lib/util.c:342(show_msg) size=70 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=292 smb_uid=100 smb_mid=23370 smt_wct=15 smb_vwv[ 0]= 2 (0x2) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 560 (0x230) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 2 (0x2) smb_vwv[10]= 68 (0x44) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 1 (0x1) smb_vwv[14]= 3 (0x3) smb_bcc=5 [2012/08/30 15:27:59.644297, 10] ../lib/util/util.c:415(dump_data) [0000] 00 00 00 05 01 ..... [2012/08/30 15:27:59.644426, 3] smbd/process.c:1467(switch_message) switch message SMBtrans2 (pid 3054) conn 0x7fd50c011730 [2012/08/30 15:27:59.644547, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/08/30 15:27:59.644693, 3] smbd/trans2.c:3507(call_trans2qfsinfo) call_trans2qfsinfo: level = 261 [2012/08/30 15:27:59.644833, 3] smbd/trans2.c:2945(smbd_do_qfsinfo) smbd_do_qfsinfo: level = 261 [2012/08/30 15:27:59.644984, 9] smbd/trans2.c:935(send_trans2_replies) t2_rep: params_sent_thistime = 0, data_sent_thistime = 20, useable_space = 131012 [2012/08/30 15:27:59.645103, 9] smbd/trans2.c:937(send_trans2_replies) t2_rep: params_to_send = 0, data_to_send = 20, paramsize = 0, datasize = 20 [2012/08/30 15:27:59.645238, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:59.645299, 5] lib/util.c:342(show_msg) size=76 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=2 smb_pid=292 smb_uid=100 smb_mid=23370 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 20 (0x14) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 20 (0x14) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=21 [2012/08/30 15:27:59.646760, 10] ../lib/util/util.c:415(dump_data) [0000] 00 2F 00 01 00 FF 00 00 00 08 00 00 00 4E 00 54 ./...... .....N.T [0010] 00 46 00 53 00 .F.S. [2012/08/30 15:27:59.647057, 4] smbd/trans2.c:3523(call_trans2qfsinfo) SMBtrans2 info_level = 261 [2012/08/30 15:27:59.647898, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 59 [2012/08/30 15:27:59.648058, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x3b [2012/08/30 15:27:59.648177, 3] smbd/process.c:1662(process_smb) Transaction 287 of length 63 (0 toread) [2012/08/30 15:27:59.648312, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:59.648374, 5] lib/util.c:342(show_msg) size=59 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=65279 smb_uid=100 smb_mid=23434 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]=17785 (0x4579) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]=19456 (0x4C00) smb_vwv[ 6]=19456 (0x4C00) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]=19456 (0x4C00) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=0 [2012/08/30 15:27:59.650068, 10] ../lib/util/util.c:415(dump_data) [2012/08/30 15:27:59.650140, 3] smbd/process.c:1467(switch_message) switch message SMBreadX (pid 3054) conn 0x7fd50c011730 [2012/08/30 15:27:59.650338, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/08/30 15:27:59.650481, 10] locking/locking.c:121(strict_lock_default) is_locked: optimisation - exclusive oplock on file x64/3/cupsui6.dll [2012/08/30 15:27:59.650600, 10] locking/locking.c:163(strict_lock_default) strict_lock_default: flavour = WINDOWS_LOCK brl start=0 len=19456 unlocked for fnum 17785 file x64/3/cupsui6.dll [2012/08/30 15:27:59.650760, 10] smbd/fileio.c:109(read_file) read_file (x64/3/cupsui6.dll): pos = 0, size = 19456, returned 19456 [2012/08/30 15:27:59.650893, 3] smbd/reply.c:3702(send_file_readX) send_file_readX fnum=17785 max=19456 nread=19456 [2012/08/30 15:28:00.868140, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 128 [2012/08/30 15:28:00.868377, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x80 [2012/08/30 15:28:00.868506, 3] smbd/process.c:1662(process_smb) Transaction 288 of length 132 (0 toread) [2012/08/30 15:28:00.868646, 5] lib/util.c:332(show_msg) [2012/08/30 15:28:00.868709, 5] lib/util.c:342(show_msg) size=128 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=1080 smb_uid=100 smb_mid=23498 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 44 (0x2C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4136 (0x1028) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 44 (0x2C) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=17758 (0x455E) smb_bcc=61 [2012/08/30 15:28:00.870687, 10] ../lib/util/util.c:415(dump_data) [0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [0010] 00 05 00 00 03 10 00 00 00 2C 00 00 00 04 00 00 ........ .,...... [0020] 00 14 00 00 00 00 00 1D 00 00 00 00 00 32 00 00 ........ .....2.. [0030] 00 00 00 00 00 3F 50 B9 BE EE 0B 00 00 .....?P. ..... [2012/08/30 15:28:00.871034, 3] smbd/process.c:1467(switch_message) switch message SMBtrans (pid 3054) conn 0x7fd50c02fa20 [2012/08/30 15:28:00.871161, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (10000, 513) - sec_ctx_stack_ndx = 0 [2012/08/30 15:28:00.871303, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (14): SID[ 0]: S-1-5-21-3266308635-3715972288-3547500332-1001 SID[ 1]: S-1-5-21-3266308635-3715972288-3547500332-513 SID[ 2]: S-1-5-21-3266308635-3715972288-3547500332-512 SID[ 3]: S-1-5-21-3266308635-3715972288-3547500332-514 SID[ 4]: S-1-5-21-3266308635-3715972288-3547500332-515 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-10000 SID[ 10]: S-1-22-2-513 SID[ 11]: S-1-22-2-512 SID[ 12]: S-1-22-2-514 SID[ 13]: S-1-22-2-515 Privileges (0x 1FFFFFF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Privilege[ 8]: SeSecurityPrivilege Privilege[ 9]: SeSystemtimePrivilege Privilege[ 10]: SeShutdownPrivilege Privilege[ 11]: SeDebugPrivilege Privilege[ 12]: SeSystemEnvironmentPrivilege Privilege[ 13]: SeSystemProfilePrivilege Privilege[ 14]: SeProfileSingleProcessPrivilege Privilege[ 15]: SeIncreaseBasePriorityPrivilege Privilege[ 16]: SeLoadDriverPrivilege Privilege[ 17]: SeCreatePagefilePrivilege Privilege[ 18]: SeIncreaseQuotaPrivilege Privilege[ 19]: SeChangeNotifyPrivilege Privilege[ 20]: SeUndockPrivilege Privilege[ 21]: SeManageVolumePrivilege Privilege[ 22]: SeImpersonatePrivilege Privilege[ 23]: SeCreateGlobalPrivilege Privilege[ 24]: SeEnableDelegationPrivilege Rights (0x 0): [2012/08/30 15:28:00.874674, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 10000 Primary group is 513 and contains 4 supplementary groups Group[ 0]: 513 Group[ 1]: 512 Group[ 2]: 514 Group[ 3]: 515 [2012/08/30 15:28:00.875104, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,10000), gid=(0,513) [2012/08/30 15:28:00.875231, 4] smbd/vfs.c:780(vfs_ChDir) vfs_ChDir to /tmp [2012/08/30 15:28:00.875361, 3] smbd/ipc.c:560(handle_trans) trans <\PIPE\> data=44 params=0 setup=2 [2012/08/30 15:28:00.875482, 5] smbd/ipc.c:593(handle_trans) calling named_pipe [2012/08/30 15:28:00.875626, 3] smbd/ipc.c:511(named_pipe) named pipe command on <> name [2012/08/30 15:28:00.875745, 5] smbd/ipc.c:434(api_fd_reply) api_fd_reply [2012/08/30 15:28:00.875863, 3] smbd/ipc.c:475(api_fd_reply) Got API command 0x26 on pipe "spoolss" (pnum 455e) [2012/08/30 15:28:00.875982, 10] smbd/ipc.c:477(api_fd_reply) api_fd_reply: p:0x7fd50c026d50 max_trans_reply: 4136 [2012/08/30 15:28:00.879187, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 44 [2012/08/30 15:28:00.879343, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 44 [2012/08/30 15:28:00.879464, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 44 [2012/08/30 15:28:00.879657, 10] rpc_server/srv_pipe_hnd.c:50(fill_rpc_header) fill_rpc_header: data_to_copy = 44, len_needed_to_complete_hdr = 16, receive_len = 0 [2012/08/30 15:28:00.879821, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 16 [2012/08/30 15:28:00.880862, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 28 [2012/08/30 15:28:00.881034, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 28 [2012/08/30 15:28:00.881155, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 0 [2012/08/30 15:28:00.881315, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 28 [2012/08/30 15:28:00.881434, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 28, incoming data = 28 [2012/08/30 15:28:00.881554, 10] rpc_server/srv_pipe.c:1877(process_complete_pdu) PDU is in Little Endian format! [2012/08/30 15:28:00.881680, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_REQUEST (0) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x002c (44) auth_length : 0x0000 (0) call_id : 0x00000004 (4) u : union dcerpc_payload(case 0) request: struct dcerpc_request alloc_hint : 0x00000014 (20) context_id : 0x0000 (0) opnum : 0x001d (29) object : union dcerpc_object(case 0) empty: struct dcerpc_empty _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=20 [0000] 00 00 00 00 32 00 00 00 00 00 00 00 3F 50 B9 BE ....2... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:28:00.894560, 10] rpc_server/srv_pipe.c:1890(process_complete_pdu) Processing packet type 0 [2012/08/30 15:28:00.894731, 10] rpc_server/srv_pipe.c:1734(dcesrv_auth_request) Checking request auth. [2012/08/30 15:28:00.894883, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) Requested \PIPE\\spoolss [2012/08/30 15:28:00.895038, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) api_rpcTNP: \spoolss op 0x1d - api_rpcTNP: rpc command: SPOOLSS_CLOSEPRINTER [2012/08/30 15:28:00.895187, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) api_rpc_cmds[29].fn == 0x7fd50aed00b0 [2012/08/30 15:28:00.895338, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) spoolss_ClosePrinter: struct spoolss_ClosePrinter in: struct spoolss_ClosePrinter handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000032-0000-0000-3f50-b9beee0b0000 [2012/08/30 15:28:00.896630, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 32 00 00 00 00 00 00 00 3F 50 B9 BE ....2... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:28:00.896874, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 32 00 00 00 00 00 00 00 3F 50 B9 BE ....2... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:28:00.897087, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 32 00 00 00 00 00 00 00 3F 50 B9 BE ....2... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:28:00.897374, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/08/30 15:28:00.897521, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) spoolss_ClosePrinter: struct spoolss_ClosePrinter out: struct spoolss_ClosePrinter handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2012/08/30 15:28:00.898087, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP) api_rpcTNP: called \spoolss successfully [2012/08/30 15:28:00.898186, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 28 [2012/08/30 15:28:00.898437, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) name: \spoolss len: 4136 [2012/08/30 15:28:00.898588, 10] rpc_server/srv_pipe_hnd.c:346(read_from_internal_pipe) read_from_pipe: \spoolss: fault_state = 0 : data_sent_length = 0, p->out_data.rdata.length = 24. [2012/08/30 15:28:00.898755, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) &r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_RESPONSE (2) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0030 (48) auth_length : 0x0000 (0) call_id : 0x00000004 (4) u : union dcerpc_payload(case 2) response: struct dcerpc_response alloc_hint : 0x00000018 (24) context_id : 0x0000 (0) cancel_count : 0x00 (0) _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=24 [0000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0010] 00 00 00 00 00 00 00 00 ........ [2012/08/30 15:28:00.900231, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) free_pipe_context: destroying talloc pool of size 29 [2012/08/30 15:28:00.900360, 10] rpc_server/srv_pipe_hnd.c:788(np_read_recv) Received 48 bytes. There is no more data outstanding [2012/08/30 15:28:00.900764, 5] smbd/ipc.c:62(copy_trans_params_and_data) copy_trans_params_and_data: params[0..0] data[0..48] (align 0) [2012/08/30 15:28:00.900886, 5] lib/util.c:332(show_msg) [2012/08/30 15:28:00.900948, 5] lib/util.c:342(show_msg) size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=1 smb_pid=1080 smb_uid=100 smb_mid=23498 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [2012/08/30 15:28:00.902489, 10] ../lib/util/util.c:415(dump_data) [0000] 00 05 00 02 03 10 00 00 00 30 00 00 00 04 00 00 ........ .0...... [0010] 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0030] 00 . [2012/08/30 15:28:00.905692, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 41 [2012/08/30 15:28:00.905889, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x29 [2012/08/30 15:28:00.906017, 3] smbd/process.c:1662(process_smb) Transaction 289 of length 45 (0 toread) [2012/08/30 15:28:00.906216, 5] lib/util.c:332(show_msg) [2012/08/30 15:28:00.906283, 5] lib/util.c:342(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=100 smb_mid=23562 smt_wct=3 smb_vwv[ 0]=17758 (0x455E) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2012/08/30 15:28:00.907270, 10] ../lib/util/util.c:415(dump_data) [2012/08/30 15:28:00.907418, 3] smbd/process.c:1467(switch_message) switch message SMBclose (pid 3054) conn 0x7fd50c02fa20 [2012/08/30 15:28:00.907564, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/08/30 15:28:00.907697, 3] smbd/reply.c:4848(reply_close) close fd=-1 fnum=17758 (numopen=1) [2012/08/30 15:28:00.907949, 6] smbd/close.c:532(set_close_write_time) close_write_time: Sun Feb 7 01:28:15 2106 [2012/08/30 15:28:00.908100, 10] rpc_server/rpc_handles.c:307(close_policy_by_pipe) close_policy_by_pipe: deleted handle list for pipe \spoolss [2012/08/30 15:28:00.908232, 5] smbd/files.c:482(file_free) freed files structure 17758 (8 used) [2012/08/30 15:28:00.908384, 5] lib/util.c:332(show_msg) [2012/08/30 15:28:00.908447, 5] lib/util.c:342(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=1 smb_pid=65279 smb_uid=100 smb_mid=23562 smt_wct=0 smb_bcc=0 [2012/08/30 15:28:00.909242, 10] ../lib/util/util.c:415(dump_data) [2012/08/30 15:28:09.283599, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 41 [2012/08/30 15:28:09.283862, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x29 [2012/08/30 15:28:09.283988, 3] smbd/process.c:1662(process_smb) Transaction 290 of length 45 (0 toread) [2012/08/30 15:28:09.284110, 5] lib/util.c:332(show_msg) [2012/08/30 15:28:09.284174, 5] lib/util.c:342(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=65279 smb_uid=100 smb_mid=23626 smt_wct=3 smb_vwv[ 0]=17764 (0x4564) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2012/08/30 15:28:09.288608, 10] ../lib/util/util.c:415(dump_data) [2012/08/30 15:28:09.288696, 3] smbd/process.c:1467(switch_message) switch message SMBclose (pid 3054) conn 0x7fd50c011730 [2012/08/30 15:28:09.288827, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (10000, 513) - sec_ctx_stack_ndx = 0 [2012/08/30 15:28:09.289062, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (14): SID[ 0]: S-1-5-21-3266308635-3715972288-3547500332-1001 SID[ 1]: S-1-5-21-3266308635-3715972288-3547500332-513 SID[ 2]: S-1-5-21-3266308635-3715972288-3547500332-512 SID[ 3]: S-1-5-21-3266308635-3715972288-3547500332-514 SID[ 4]: S-1-5-21-3266308635-3715972288-3547500332-515 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-10000 SID[ 10]: S-1-22-2-513 SID[ 11]: S-1-22-2-512 SID[ 12]: S-1-22-2-514 SID[ 13]: S-1-22-2-515 Privileges (0x 1FFFFFF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Privilege[ 8]: SeSecurityPrivilege Privilege[ 9]: SeSystemtimePrivilege Privilege[ 10]: SeShutdownPrivilege Privilege[ 11]: SeDebugPrivilege Privilege[ 12]: SeSystemEnvironmentPrivilege Privilege[ 13]: SeSystemProfilePrivilege Privilege[ 14]: SeProfileSingleProcessPrivilege Privilege[ 15]: SeIncreaseBasePriorityPrivilege Privilege[ 16]: SeLoadDriverPrivilege Privilege[ 17]: SeCreatePagefilePrivilege Privilege[ 18]: SeIncreaseQuotaPrivilege Privilege[ 19]: SeChangeNotifyPrivilege Privilege[ 20]: SeUndockPrivilege Privilege[ 21]: SeManageVolumePrivilege Privilege[ 22]: SeImpersonatePrivilege Privilege[ 23]: SeCreateGlobalPrivilege Privilege[ 24]: SeEnableDelegationPrivilege Rights (0x 0): [2012/08/30 15:28:09.296952, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 10000 Primary group is 513 and contains 4 supplementary groups Group[ 0]: 513 Group[ 1]: 512 Group[ 2]: 514 Group[ 3]: 515 [2012/08/30 15:28:09.297565, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,10000), gid=(0,513) [2012/08/30 15:28:09.297691, 4] smbd/vfs.c:780(vfs_ChDir) vfs_ChDir to /var/lib/samba/printers [2012/08/30 15:28:09.297818, 3] smbd/reply.c:4848(reply_close) close fd=36 fnum=17764 (numopen=8) [2012/08/30 15:28:09.297936, 6] smbd/close.c:532(set_close_write_time) close_write_time: Sun Feb 7 01:28:15 2106 [2012/08/30 15:28:09.298228, 10] smbd/oplock_linux.c:154(linux_release_kernel_oplock) linux_release_kernel_oplock: file x64/3/pscript5.dll, file_id = 801:23ba5:0 gen_id = 1302153910 has kernel oplock state of 1. [2012/08/30 15:28:09.298375, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 0108000000000000A53B [2012/08/30 15:28:09.298508, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fd50c059190 [2012/08/30 15:28:09.298629, 10] locking/locking.c:663(parse_share_modes) parse_share_modes: owrt: Wed Aug 15 16:54:38 2012 EDT, cwrt: Wed Dec 31 19:00:00 1969 EST, ntok: 0, num_share_modes: 1 [2012/08/30 15:28:09.298771, 10] locking/locking.c:725(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 3054, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0x2c40, type= 0x3, gen_id = 1302153910, uid = 10000, flags = 0, file_id 801:23ba5:0, name_hash = 0xdec2eda5 [2012/08/30 15:28:09.298894, 10] locking/locking.c:1657(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0xdec2eda5 [2012/08/30 15:28:09.299019, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 0108000000000000A53B [2012/08/30 15:28:09.299152, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file x64/3/pscript5.dll = 0 [2012/08/30 15:28:09.302748, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file x64/3/pscript5.dll [2012/08/30 15:28:09.303040, 2] smbd/close.c:696(close_normal_file) administrator closed file x64/3/pscript5.dll (numopen=7) NT_STATUS_OK [2012/08/30 15:28:09.303292, 5] smbd/files.c:482(file_free) freed files structure 17764 (7 used) [2012/08/30 15:28:09.303533, 5] lib/util.c:332(show_msg) [2012/08/30 15:28:09.313899, 5] lib/util.c:342(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=2 smb_pid=65279 smb_uid=100 smb_mid=23626 smt_wct=0 smb_bcc=0 [2012/08/30 15:28:09.315015, 10] ../lib/util/util.c:415(dump_data) [2012/08/30 15:28:09.317434, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 41 [2012/08/30 15:28:09.317617, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x29 [2012/08/30 15:28:09.317759, 3] smbd/process.c:1662(process_smb) Transaction 291 of length 45 (0 toread) [2012/08/30 15:28:09.317878, 5] lib/util.c:332(show_msg) [2012/08/30 15:28:09.317940, 5] lib/util.c:342(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=65279 smb_uid=100 smb_mid=23690 smt_wct=3 smb_vwv[ 0]=17767 (0x4567) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2012/08/30 15:28:09.319254, 10] ../lib/util/util.c:415(dump_data) [2012/08/30 15:28:09.319328, 3] smbd/process.c:1467(switch_message) switch message SMBclose (pid 3054) conn 0x7fd50c011730 [2012/08/30 15:28:09.319451, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/08/30 15:28:09.320365, 3] smbd/reply.c:4848(reply_close) close fd=37 fnum=17767 (numopen=7) [2012/08/30 15:28:09.320526, 6] smbd/close.c:532(set_close_write_time) close_write_time: Sun Feb 7 01:28:15 2106 [2012/08/30 15:28:09.320707, 10] smbd/oplock_linux.c:154(linux_release_kernel_oplock) linux_release_kernel_oplock: file x64/3/HP_4515.ppd, file_id = 801:23ba6:0 gen_id = 1302153913 has kernel oplock state of 1. [2012/08/30 15:28:09.320882, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 0108000000000000A63B [2012/08/30 15:28:09.321042, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fd50c00d230 [2012/08/30 15:28:09.321191, 10] locking/locking.c:663(parse_share_modes) parse_share_modes: owrt: Thu Aug 30 15:15:20 2012 EDT, cwrt: Wed Dec 31 19:00:00 1969 EST, ntok: 0, num_share_modes: 1 [2012/08/30 15:28:09.321358, 10] locking/locking.c:725(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 3054, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0x3440, type= 0x3, gen_id = 1302153913, uid = 10000, flags = 0, file_id 801:23ba6:0, name_hash = 0xcfec0173 [2012/08/30 15:28:09.321507, 10] locking/locking.c:1657(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0xcfec0173 [2012/08/30 15:28:09.321653, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 0108000000000000A63B [2012/08/30 15:28:09.321805, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file x64/3/HP_4515.ppd = 0 [2012/08/30 15:28:09.322127, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file x64/3/HP_4515.ppd [2012/08/30 15:28:09.322278, 2] smbd/close.c:696(close_normal_file) administrator closed file x64/3/HP_4515.ppd (numopen=6) NT_STATUS_OK [2012/08/30 15:28:09.322420, 5] smbd/files.c:482(file_free) freed files structure 17767 (6 used) [2012/08/30 15:28:09.322561, 5] lib/util.c:332(show_msg) [2012/08/30 15:28:09.322640, 5] lib/util.c:342(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=2 smb_pid=65279 smb_uid=100 smb_mid=23690 smt_wct=0 smb_bcc=0 [2012/08/30 15:28:09.323556, 10] ../lib/util/util.c:415(dump_data) [2012/08/30 15:28:09.325122, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 41 [2012/08/30 15:28:09.325297, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x29 [2012/08/30 15:28:09.325483, 3] smbd/process.c:1662(process_smb) Transaction 292 of length 45 (0 toread) [2012/08/30 15:28:09.325619, 5] lib/util.c:332(show_msg) [2012/08/30 15:28:09.325694, 5] lib/util.c:342(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=65279 smb_uid=100 smb_mid=23754 smt_wct=3 smb_vwv[ 0]=17770 (0x456A) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2012/08/30 15:28:09.326893, 10] ../lib/util/util.c:415(dump_data) [2012/08/30 15:28:09.327007, 3] smbd/process.c:1467(switch_message) switch message SMBclose (pid 3054) conn 0x7fd50c011730 [2012/08/30 15:28:09.327138, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/08/30 15:28:09.327269, 3] smbd/reply.c:4848(reply_close) close fd=38 fnum=17770 (numopen=6) [2012/08/30 15:28:09.327398, 6] smbd/close.c:532(set_close_write_time) close_write_time: Sun Feb 7 01:28:15 2106 [2012/08/30 15:28:09.327573, 10] smbd/oplock_linux.c:154(linux_release_kernel_oplock) linux_release_kernel_oplock: file x64/3/ps5ui.dll, file_id = 801:23ba7:0 gen_id = 1302153916 has kernel oplock state of 1. [2012/08/30 15:28:09.327720, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 0108000000000000A73B [2012/08/30 15:28:09.327865, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fd50c04ae10 [2012/08/30 15:28:09.327983, 10] locking/locking.c:663(parse_share_modes) parse_share_modes: owrt: Wed Aug 15 16:54:38 2012 EDT, cwrt: Wed Dec 31 19:00:00 1969 EST, ntok: 0, num_share_modes: 1 [2012/08/30 15:28:09.328119, 10] locking/locking.c:725(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 3054, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0x3840, type= 0x3, gen_id = 1302153916, uid = 10000, flags = 0, file_id 801:23ba7:0, name_hash = 0xe1875e7e [2012/08/30 15:28:09.328303, 10] locking/locking.c:1657(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0xe1875e7e [2012/08/30 15:28:09.328431, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 0108000000000000A73B [2012/08/30 15:28:09.328622, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file x64/3/ps5ui.dll = 0 [2012/08/30 15:28:09.328750, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file x64/3/ps5ui.dll [2012/08/30 15:28:09.328875, 2] smbd/close.c:696(close_normal_file) administrator closed file x64/3/ps5ui.dll (numopen=5) NT_STATUS_OK [2012/08/30 15:28:09.328996, 5] smbd/files.c:482(file_free) freed files structure 17770 (5 used) [2012/08/30 15:28:09.329117, 5] lib/util.c:332(show_msg) [2012/08/30 15:28:09.329178, 5] lib/util.c:342(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=2 smb_pid=65279 smb_uid=100 smb_mid=23754 smt_wct=0 smb_bcc=0 [2012/08/30 15:28:09.330221, 10] ../lib/util/util.c:415(dump_data) [2012/08/30 15:28:09.331304, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 41 [2012/08/30 15:28:09.331471, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x29 [2012/08/30 15:28:09.331624, 3] smbd/process.c:1662(process_smb) Transaction 293 of length 45 (0 toread) [2012/08/30 15:28:09.332009, 5] lib/util.c:332(show_msg) [2012/08/30 15:28:09.332095, 5] lib/util.c:342(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=65279 smb_uid=100 smb_mid=23818 smt_wct=3 smb_vwv[ 0]=17773 (0x456D) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2012/08/30 15:28:09.335295, 10] ../lib/util/util.c:415(dump_data) [2012/08/30 15:28:09.335403, 3] smbd/process.c:1467(switch_message) switch message SMBclose (pid 3054) conn 0x7fd50c011730 [2012/08/30 15:28:09.335584, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/08/30 15:28:09.335821, 3] smbd/reply.c:4848(reply_close) close fd=39 fnum=17773 (numopen=5) [2012/08/30 15:28:09.335947, 6] smbd/close.c:532(set_close_write_time) close_write_time: Sun Feb 7 01:28:15 2106 [2012/08/30 15:28:09.336086, 10] smbd/oplock_linux.c:154(linux_release_kernel_oplock) linux_release_kernel_oplock: file x64/3/pscript.hlp, file_id = 801:23ba8:0 gen_id = 1302153919 has kernel oplock state of 1. [2012/08/30 15:28:09.336229, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 0108000000000000A83B [2012/08/30 15:28:09.336360, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fd50c00d230 [2012/08/30 15:28:09.336518, 10] locking/locking.c:663(parse_share_modes) parse_share_modes: owrt: Thu Aug 30 15:15:20 2012 EDT, cwrt: Wed Dec 31 19:00:00 1969 EST, ntok: 0, num_share_modes: 1 [2012/08/30 15:28:09.336670, 10] locking/locking.c:725(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 3054, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0x41ca, type= 0x3, gen_id = 1302153919, uid = 10000, flags = 0, file_id 801:23ba8:0, name_hash = 0x5179febe [2012/08/30 15:28:09.336794, 10] locking/locking.c:1657(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0x5179febe [2012/08/30 15:28:09.336919, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 0108000000000000A83B [2012/08/30 15:28:09.337052, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file x64/3/pscript.hlp = 0 [2012/08/30 15:28:09.337175, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file x64/3/pscript.hlp [2012/08/30 15:28:09.337307, 2] smbd/close.c:696(close_normal_file) administrator closed file x64/3/pscript.hlp (numopen=4) NT_STATUS_OK [2012/08/30 15:28:09.337435, 5] smbd/files.c:482(file_free) freed files structure 17773 (4 used) [2012/08/30 15:28:09.337570, 5] lib/util.c:332(show_msg) [2012/08/30 15:28:09.337633, 5] lib/util.c:342(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=2 smb_pid=65279 smb_uid=100 smb_mid=23818 smt_wct=0 smb_bcc=0 [2012/08/30 15:28:09.338620, 10] ../lib/util/util.c:415(dump_data) [2012/08/30 15:28:09.340633, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 41 [2012/08/30 15:28:09.340866, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x29 [2012/08/30 15:28:09.341003, 3] smbd/process.c:1662(process_smb) Transaction 294 of length 45 (0 toread) [2012/08/30 15:28:09.341284, 5] lib/util.c:332(show_msg) [2012/08/30 15:28:09.341361, 5] lib/util.c:342(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=65279 smb_uid=100 smb_mid=23882 smt_wct=3 smb_vwv[ 0]=17776 (0x4570) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2012/08/30 15:28:09.342397, 10] ../lib/util/util.c:415(dump_data) [2012/08/30 15:28:09.342493, 3] smbd/process.c:1467(switch_message) switch message SMBclose (pid 3054) conn 0x7fd50c011730 [2012/08/30 15:28:09.342624, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/08/30 15:28:09.342756, 3] smbd/reply.c:4848(reply_close) close fd=40 fnum=17776 (numopen=4) [2012/08/30 15:28:09.342886, 6] smbd/close.c:532(set_close_write_time) close_write_time: Sun Feb 7 01:28:15 2106 [2012/08/30 15:28:09.343036, 10] smbd/oplock_linux.c:154(linux_release_kernel_oplock) linux_release_kernel_oplock: file x64/3/pscript.ntf, file_id = 801:23ba9:0 gen_id = 1302153922 has kernel oplock state of 1. [2012/08/30 15:28:09.343184, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 0108000000000000A93B [2012/08/30 15:28:09.343321, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fd50c00d230 [2012/08/30 15:28:09.343440, 10] locking/locking.c:663(parse_share_modes) parse_share_modes: owrt: Thu Aug 30 15:15:20 2012 EDT, cwrt: Wed Dec 31 19:00:00 1969 EST, ntok: 0, num_share_modes: 1 [2012/08/30 15:28:09.343679, 10] locking/locking.c:725(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 3054, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0x45ca, type= 0x3, gen_id = 1302153922, uid = 10000, flags = 0, file_id 801:23ba9:0, name_hash = 0x7d40e663 [2012/08/30 15:28:09.343874, 10] locking/locking.c:1657(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0x7d40e663 [2012/08/30 15:28:09.344018, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 0108000000000000A93B [2012/08/30 15:28:09.344150, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file x64/3/pscript.ntf = 0 [2012/08/30 15:28:09.344272, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file x64/3/pscript.ntf [2012/08/30 15:28:09.344437, 2] smbd/close.c:696(close_normal_file) administrator closed file x64/3/pscript.ntf (numopen=3) NT_STATUS_OK [2012/08/30 15:28:09.344559, 5] smbd/files.c:482(file_free) freed files structure 17776 (3 used) [2012/08/30 15:28:09.344700, 5] lib/util.c:332(show_msg) [2012/08/30 15:28:09.344763, 5] lib/util.c:342(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=2 smb_pid=65279 smb_uid=100 smb_mid=23882 smt_wct=0 smb_bcc=0 [2012/08/30 15:28:09.345609, 10] ../lib/util/util.c:415(dump_data) [2012/08/30 15:28:15.265332, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 41 [2012/08/30 15:28:15.265569, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x29 [2012/08/30 15:28:15.265691, 3] smbd/process.c:1662(process_smb) Transaction 295 of length 45 (0 toread) [2012/08/30 15:28:15.265815, 5] lib/util.c:332(show_msg) [2012/08/30 15:28:15.265901, 5] lib/util.c:342(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=65279 smb_uid=100 smb_mid=23946 smt_wct=3 smb_vwv[ 0]=17779 (0x4573) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2012/08/30 15:28:15.266876, 10] ../lib/util/util.c:415(dump_data) [2012/08/30 15:28:15.266942, 3] smbd/process.c:1467(switch_message) switch message SMBclose (pid 3054) conn 0x7fd50c011730 [2012/08/30 15:28:15.267062, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/08/30 15:28:15.267183, 3] smbd/reply.c:4848(reply_close) close fd=41 fnum=17779 (numopen=3) [2012/08/30 15:28:15.267301, 6] smbd/close.c:532(set_close_write_time) close_write_time: Sun Feb 7 01:28:15 2106 [2012/08/30 15:28:15.267437, 10] smbd/oplock_linux.c:154(linux_release_kernel_oplock) linux_release_kernel_oplock: file x64/3/cups6.ini, file_id = 801:23baa:0 gen_id = 1302153925 has kernel oplock state of 1. [2012/08/30 15:28:15.267628, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 0108000000000000AA3B [2012/08/30 15:28:15.267764, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fd50c00d220 [2012/08/30 15:28:15.267922, 10] locking/locking.c:663(parse_share_modes) parse_share_modes: owrt: Thu Aug 30 15:15:20 2012 EDT, cwrt: Wed Dec 31 19:00:00 1969 EST, ntok: 0, num_share_modes: 1 [2012/08/30 15:28:15.268060, 10] locking/locking.c:725(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 3054, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0x51ca, type= 0x3, gen_id = 1302153925, uid = 10000, flags = 0, file_id 801:23baa:0, name_hash = 0x3d0916cb [2012/08/30 15:28:15.268185, 10] locking/locking.c:1657(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0x3d0916cb [2012/08/30 15:28:15.268311, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 0108000000000000AA3B [2012/08/30 15:28:15.268438, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file x64/3/cups6.ini = 0 [2012/08/30 15:28:15.268575, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file x64/3/cups6.ini [2012/08/30 15:28:15.268701, 2] smbd/close.c:696(close_normal_file) administrator closed file x64/3/cups6.ini (numopen=2) NT_STATUS_OK [2012/08/30 15:28:15.268825, 5] smbd/files.c:482(file_free) freed files structure 17779 (2 used) [2012/08/30 15:28:15.269129, 5] lib/util.c:332(show_msg) [2012/08/30 15:28:15.269203, 5] lib/util.c:342(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=2 smb_pid=65279 smb_uid=100 smb_mid=23946 smt_wct=0 smb_bcc=0 [2012/08/30 15:28:15.270506, 10] ../lib/util/util.c:415(dump_data) [2012/08/30 15:28:15.272280, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 35 [2012/08/30 15:28:15.272463, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x23 [2012/08/30 15:28:15.272582, 3] smbd/process.c:1662(process_smb) Transaction 296 of length 39 (0 toread) [2012/08/30 15:28:15.272701, 5] lib/util.c:332(show_msg) [2012/08/30 15:28:15.272762, 5] lib/util.c:342(show_msg) size=35 smb_com=0x71 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=100 smb_mid=24010 smt_wct=0 smb_bcc=0 [2012/08/30 15:28:15.273793, 10] ../lib/util/util.c:415(dump_data) [2012/08/30 15:28:15.273864, 3] smbd/process.c:1467(switch_message) switch message SMBtdis (pid 3054) conn 0x7fd50c02fa20 [2012/08/30 15:28:15.273983, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2012/08/30 15:28:15.274101, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2012/08/30 15:28:15.274219, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2012/08/30 15:28:15.274421, 5] smbd/uid.c:400(change_to_root_user) change_to_root_user: now uid=(0,0) gid=(0,0) [2012/08/30 15:28:15.274562, 4] smbd/vfs.c:780(vfs_ChDir) vfs_ChDir to /tmp [2012/08/30 15:28:15.274719, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2012/08/30 15:28:15.274838, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2012/08/30 15:28:15.274954, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2012/08/30 15:28:15.275130, 5] smbd/uid.c:400(change_to_root_user) change_to_root_user: now uid=(0,0) gid=(0,0) [2012/08/30 15:28:15.275251, 3] smbd/service.c:1378(close_cnum) panama (192.168.30.50) closed connection to service IPC$ [2012/08/30 15:28:15.275375, 3] smbd/connection.c:35(yield_connection) Yielding connection to IPC$ [2012/08/30 15:28:15.275535, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key EE0B0000FFFFFFFF00D9 [2012/08/30 15:28:15.275682, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fd50c00d150 [2012/08/30 15:28:15.275864, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key EE0B0000FFFFFFFF00D9 [2012/08/30 15:28:15.276162, 4] smbd/vfs.c:780(vfs_ChDir) vfs_ChDir to / [2012/08/30 15:28:15.276291, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2012/08/30 15:28:15.276410, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2012/08/30 15:28:15.276532, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2012/08/30 15:28:15.276716, 5] smbd/uid.c:400(change_to_root_user) change_to_root_user: now uid=(0,0) gid=(0,0) [2012/08/30 15:28:15.276885, 5] lib/util.c:332(show_msg) [2012/08/30 15:28:15.276949, 5] lib/util.c:342(show_msg) size=35 smb_com=0x71 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=1 smb_pid=65279 smb_uid=100 smb_mid=24010 smt_wct=0 smb_bcc=0 [2012/08/30 15:28:15.277729, 10] ../lib/util/util.c:415(dump_data) [2012/08/30 15:28:15.280728, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 41 [2012/08/30 15:28:15.280922, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x29 [2012/08/30 15:28:15.281084, 3] smbd/process.c:1662(process_smb) Transaction 297 of length 45 (0 toread) [2012/08/30 15:28:15.281202, 5] lib/util.c:332(show_msg) [2012/08/30 15:28:15.281263, 5] lib/util.c:342(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=65279 smb_uid=100 smb_mid=24074 smt_wct=3 smb_vwv[ 0]=17782 (0x4576) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2012/08/30 15:28:15.282301, 10] ../lib/util/util.c:415(dump_data) [2012/08/30 15:28:15.282366, 3] smbd/process.c:1467(switch_message) switch message SMBclose (pid 3054) conn 0x7fd50c011730 [2012/08/30 15:28:15.282489, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (10000, 513) - sec_ctx_stack_ndx = 0 [2012/08/30 15:28:15.282608, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (14): SID[ 0]: S-1-5-21-3266308635-3715972288-3547500332-1001 SID[ 1]: S-1-5-21-3266308635-3715972288-3547500332-513 SID[ 2]: S-1-5-21-3266308635-3715972288-3547500332-512 SID[ 3]: S-1-5-21-3266308635-3715972288-3547500332-514 SID[ 4]: S-1-5-21-3266308635-3715972288-3547500332-515 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-10000 SID[ 10]: S-1-22-2-513 SID[ 11]: S-1-22-2-512 SID[ 12]: S-1-22-2-514 SID[ 13]: S-1-22-2-515 Privileges (0x 1FFFFFF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Privilege[ 8]: SeSecurityPrivilege Privilege[ 9]: SeSystemtimePrivilege Privilege[ 10]: SeShutdownPrivilege Privilege[ 11]: SeDebugPrivilege Privilege[ 12]: SeSystemEnvironmentPrivilege Privilege[ 13]: SeSystemProfilePrivilege Privilege[ 14]: SeProfileSingleProcessPrivilege Privilege[ 15]: SeIncreaseBasePriorityPrivilege Privilege[ 16]: SeLoadDriverPrivilege Privilege[ 17]: SeCreatePagefilePrivilege Privilege[ 18]: SeIncreaseQuotaPrivilege Privilege[ 19]: SeChangeNotifyPrivilege Privilege[ 20]: SeUndockPrivilege Privilege[ 21]: SeManageVolumePrivilege Privilege[ 22]: SeImpersonatePrivilege Privilege[ 23]: SeCreateGlobalPrivilege Privilege[ 24]: SeEnableDelegationPrivilege Rights (0x 0): [2012/08/30 15:28:15.287780, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 10000 Primary group is 513 and contains 4 supplementary groups Group[ 0]: 513 Group[ 1]: 512 Group[ 2]: 514 Group[ 3]: 515 [2012/08/30 15:28:15.288210, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,10000), gid=(0,513) [2012/08/30 15:28:15.288335, 4] smbd/vfs.c:780(vfs_ChDir) vfs_ChDir to /var/lib/samba/printers [2012/08/30 15:28:15.288461, 3] smbd/reply.c:4848(reply_close) close fd=42 fnum=17782 (numopen=2) [2012/08/30 15:28:15.288578, 6] smbd/close.c:532(set_close_write_time) close_write_time: Sun Feb 7 01:28:15 2106 [2012/08/30 15:28:15.288713, 10] smbd/oplock_linux.c:154(linux_release_kernel_oplock) linux_release_kernel_oplock: file x64/3/cupsps6.dll, file_id = 801:23bab:0 gen_id = 1302153928 has kernel oplock state of 1. [2012/08/30 15:28:15.289895, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 0108000000000000AB3B [2012/08/30 15:28:15.290045, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fd50c00d290 [2012/08/30 15:28:15.290167, 10] locking/locking.c:663(parse_share_modes) parse_share_modes: owrt: Wed Aug 15 16:54:38 2012 EDT, cwrt: Wed Dec 31 19:00:00 1969 EST, ntok: 0, num_share_modes: 1 [2012/08/30 15:28:15.290305, 10] locking/locking.c:725(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 3054, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0x55ca, type= 0x3, gen_id = 1302153928, uid = 10000, flags = 0, file_id 801:23bab:0, name_hash = 0x8e4b266b [2012/08/30 15:28:15.290444, 10] locking/locking.c:1657(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0x8e4b266b [2012/08/30 15:28:15.290572, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 0108000000000000AB3B [2012/08/30 15:28:15.290701, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file x64/3/cupsps6.dll = 0 [2012/08/30 15:28:15.290822, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file x64/3/cupsps6.dll [2012/08/30 15:28:15.290947, 2] smbd/close.c:696(close_normal_file) administrator closed file x64/3/cupsps6.dll (numopen=1) NT_STATUS_OK [2012/08/30 15:28:15.291068, 5] smbd/files.c:482(file_free) freed files structure 17782 (1 used) [2012/08/30 15:28:15.291208, 5] lib/util.c:332(show_msg) [2012/08/30 15:28:15.291270, 5] lib/util.c:342(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=2 smb_pid=65279 smb_uid=100 smb_mid=24074 smt_wct=0 smb_bcc=0 [2012/08/30 15:28:15.292226, 10] ../lib/util/util.c:415(dump_data) [2012/08/30 15:28:15.293950, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 41 [2012/08/30 15:28:15.294133, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x29 [2012/08/30 15:28:15.294945, 3] smbd/process.c:1662(process_smb) Transaction 298 of length 45 (0 toread) [2012/08/30 15:28:15.295075, 5] lib/util.c:332(show_msg) [2012/08/30 15:28:15.295138, 5] lib/util.c:342(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=65279 smb_uid=100 smb_mid=24138 smt_wct=3 smb_vwv[ 0]=17785 (0x4579) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2012/08/30 15:28:15.296239, 10] ../lib/util/util.c:415(dump_data) [2012/08/30 15:28:15.296305, 3] smbd/process.c:1467(switch_message) switch message SMBclose (pid 3054) conn 0x7fd50c011730 [2012/08/30 15:28:15.296568, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/08/30 15:28:15.296692, 3] smbd/reply.c:4848(reply_close) close fd=43 fnum=17785 (numopen=1) [2012/08/30 15:28:15.296813, 6] smbd/close.c:532(set_close_write_time) close_write_time: Sun Feb 7 01:28:15 2106 [2012/08/30 15:28:15.296952, 10] smbd/oplock_linux.c:154(linux_release_kernel_oplock) linux_release_kernel_oplock: file x64/3/cupsui6.dll, file_id = 801:23bac:0 gen_id = 1302153931 has kernel oplock state of 1. [2012/08/30 15:28:15.297095, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 0108000000000000AC3B [2012/08/30 15:28:15.297226, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fd50c00d230 [2012/08/30 15:28:15.297351, 10] locking/locking.c:663(parse_share_modes) parse_share_modes: owrt: Wed Aug 15 16:54:38 2012 EDT, cwrt: Wed Dec 31 19:00:00 1969 EST, ntok: 0, num_share_modes: 1 [2012/08/30 15:28:15.297544, 10] locking/locking.c:725(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 3054, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0x59ca, type= 0x3, gen_id = 1302153931, uid = 10000, flags = 0, file_id 801:23bac:0, name_hash = 0x3ff5f0d4 [2012/08/30 15:28:15.297669, 10] locking/locking.c:1657(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0x3ff5f0d4 [2012/08/30 15:28:15.297792, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 0108000000000000AC3B [2012/08/30 15:28:15.297923, 10] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file x64/3/cupsui6.dll = 0 [2012/08/30 15:28:15.298042, 10] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file x64/3/cupsui6.dll [2012/08/30 15:28:15.298206, 2] smbd/close.c:696(close_normal_file) administrator closed file x64/3/cupsui6.dll (numopen=0) NT_STATUS_OK [2012/08/30 15:28:15.298329, 5] smbd/files.c:482(file_free) freed files structure 17785 (0 used) [2012/08/30 15:28:15.298453, 5] lib/util.c:332(show_msg) [2012/08/30 15:28:15.298517, 5] lib/util.c:342(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=2 smb_pid=65279 smb_uid=100 smb_mid=24138 smt_wct=0 smb_bcc=0 [2012/08/30 15:28:15.300227, 10] ../lib/util/util.c:415(dump_data) [2012/08/30 15:28:27.258547, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 35 [2012/08/30 15:28:27.258788, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x23 [2012/08/30 15:28:27.259046, 3] smbd/process.c:1662(process_smb) Transaction 299 of length 39 (0 toread) [2012/08/30 15:28:27.259187, 5] lib/util.c:332(show_msg) [2012/08/30 15:28:27.259260, 5] lib/util.c:342(show_msg) size=35 smb_com=0x71 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=65279 smb_uid=100 smb_mid=24202 smt_wct=0 smb_bcc=0 [2012/08/30 15:28:27.260345, 10] ../lib/util/util.c:415(dump_data) [2012/08/30 15:28:27.260424, 3] smbd/process.c:1467(switch_message) switch message SMBtdis (pid 3054) conn 0x7fd50c011730 [2012/08/30 15:28:27.260563, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2012/08/30 15:28:27.260702, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2012/08/30 15:28:27.260840, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2012/08/30 15:28:27.261058, 5] smbd/uid.c:400(change_to_root_user) change_to_root_user: now uid=(0,0) gid=(0,0) [2012/08/30 15:28:27.261213, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2012/08/30 15:28:27.261376, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2012/08/30 15:28:27.261513, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2012/08/30 15:28:27.261723, 5] smbd/uid.c:400(change_to_root_user) change_to_root_user: now uid=(0,0) gid=(0,0) [2012/08/30 15:28:27.261865, 1] smbd/service.c:1378(close_cnum) panama (192.168.30.50) closed connection to service print$ [2012/08/30 15:28:27.262012, 3] smbd/connection.c:35(yield_connection) Yielding connection to print$ [2012/08/30 15:28:27.262201, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key EE0B0000FFFFFFFF00D9 [2012/08/30 15:28:27.262353, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fd50c00d150 [2012/08/30 15:28:27.262500, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key EE0B0000FFFFFFFF00D9 [2012/08/30 15:28:27.262688, 4] smbd/vfs.c:780(vfs_ChDir) vfs_ChDir to / [2012/08/30 15:28:27.262829, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2012/08/30 15:28:27.262965, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2012/08/30 15:28:27.263101, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2012/08/30 15:28:27.263308, 5] smbd/uid.c:400(change_to_root_user) change_to_root_user: now uid=(0,0) gid=(0,0) [2012/08/30 15:28:27.263463, 5] lib/messages.c:332(messaging_deregister) Deregistering messaging pointer for type 784 - private_data=0x7fd50c02ea70 [2012/08/30 15:28:27.263760, 5] lib/util.c:332(show_msg) [2012/08/30 15:28:27.263833, 5] lib/util.c:342(show_msg) size=35 smb_com=0x71 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=2 smb_pid=65279 smb_uid=100 smb_mid=24202 smt_wct=0 smb_bcc=0 [2012/08/30 15:28:27.265362, 10] ../lib/util/util.c:415(dump_data) [2012/08/30 15:28:50.997440, 10] lib/events.c:221(run_events_poll) Running timed event "smbd_idle_event_handler" 0x7fd50c018940 [2012/08/30 15:28:50.997684, 10] smbd/process.c:863(smbd_idle_event_handler) smbd_idle_event_handler: idle_evt(deadtime) (nil) called [2012/08/30 15:28:50.997819, 2] smbd/process.c:2455(deadtime_fn) Closing idle connection [2012/08/30 15:28:50.998019, 10] lib/messages_local.c:255(messaging_tdb_store) messaging_tdb_store: [2012/08/30 15:28:50.998155, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) array: struct messaging_array num_messages : 0x00000001 (1) messages: ARRAY(1) messages: struct messaging_rec msg_version : 0x00000002 (2) msg_type : MSG_SHUTDOWN (13) dest: struct server_id pid : 0x00000bee (3054) vnn : 0xffffffff (4294967295) unique_id : 0xbe39e3eedeacd900 (13707237555956406528) src: struct server_id pid : 0x00000bee (3054) vnn : 0xffffffff (4294967295) unique_id : 0xbe39e3eedeacd900 (13707237555956406528) buf : DATA_BLOB length=0 [2012/08/30 15:28:50.999697, 10] smbd/process.c:867(smbd_idle_event_handler) smbd_idle_event_handler: idle_evt(deadtime) (nil) stopped [2012/08/30 15:28:50.999823, 10] lib/messages_local.c:74(messaging_tdb_signal_handler) messaging_tdb_signal_handler: sig[10] count[1] msgs[1] [2012/08/30 15:28:50.999942, 10] lib/messages_local.c:466(message_dispatch) message_dispatch: received_messages = 1 [2012/08/30 15:28:51.000077, 10] lib/messages_local.c:215(messaging_tdb_fetch) messaging_tdb_fetch: [2012/08/30 15:28:51.000203, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) result: struct messaging_array num_messages : 0x00000001 (1) messages: ARRAY(1) messages: struct messaging_rec msg_version : 0x00000002 (2) msg_type : MSG_SHUTDOWN (13) dest: struct server_id pid : 0x00000bee (3054) vnn : 0xffffffff (4294967295) unique_id : 0xbe39e3eedeacd900 (13707237555956406528) src: struct server_id pid : 0x00000bee (3054) vnn : 0xffffffff (4294967295) unique_id : 0xbe39e3eedeacd900 (13707237555956406528) buf : DATA_BLOB length=0 [2012/08/30 15:28:51.001183, 3] smbd/server.c:179(msg_exit_server) got a SHUTDOWN message [2012/08/30 15:28:51.001301, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2012/08/30 15:28:51.001420, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2012/08/30 15:28:51.001539, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2012/08/30 15:28:51.001722, 5] smbd/uid.c:400(change_to_root_user) change_to_root_user: now uid=(0,0) gid=(0,0) [2012/08/30 15:28:51.001846, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 49442F333035342F3130 [2012/08/30 15:28:51.001976, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fd50c02c3f0 [2012/08/30 15:28:51.002108, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 49442F333035342F3130 [2012/08/30 15:28:51.002574, 3] smbd/server_exit.c:181(exit_server_common) Server exit (normal exit)